Skip to main content

Release Notes

1.10#

1.10 - Oct 14, 2021#

Cloud Central Management

  • New Feature: All Firewalls Dashboard to list all connected firewalls displaying their system statuses, threat levels and top bandwidth consumer hosts and applications.
  • New Feature: Get important event notifications and alerts about your firewalls from the Cloud Portal
  • New Feature: Home, SOHO and Business Subscriptions are now available for the new Platforms
  • New Feature: MAC Address based Policies & Filtering
  • New Feature: Attach "tags" to firewalls to group them
  • New Feature: Better error reporting in the Cloud Portal
  • New Feature: Date Range and Total Number of Results added to Live Session Explorer
  • New Feature: Display Release Notes for updates
  • New Feature: Drill-down filters are now global. Same filtering criteria is persistent for both Live Session Explorer and Report Widgets
  • New Feature: Firewall hostname changes are instantly updated to the Cloud Portal
  • New Feature: If new app signatures are available, portal will notify you to update to the new release
  • New Feature: Interface Configuration now allows you to set the security zones (wan, lan, dmz...) for each of the interfaces
  • New Feature: Manual drill-down filters
  • New Feature: New filters for "hide local connections", "hide blocked connections"
  • New Feature: New screen themes for Cloud Portal: Dark, Light or Automatic (auto-selected according to your browser preferences)
  • New Feature: Search firewalls by name, ip and tag
  • New Feature: You can now set deployment size through the Cloud Portal
  • New Feature: You can start/stop/bypass packet engine from the All Firewalls Dashboard
  • New Feature: PDF and CSV Exports for Live Sessions Explorer and Reports
  • New Feature: Central policy global exclusions
  • Improvement: Automatically avoid duplicate records for VLAN, IP/Networks, Mac, Users, Groups
  • Improvement: Policy configuration now displays the number of blocked/allowed apps in each app category
  • Improvement: Updates now has a better progress indicator
  • Bug-fix: Token expired issue fixed in the Cloud Portal

Reporting

  • New Feature: Auto-delete elasticsearch system logs older than a week
  • New Feature: Better DNS Enrichment: IPv6 host addresses are now mapped to a hostname through MAC DNS enrichment
  • Improvement: Mongodb database performance tweaks
  • Bug-fix: Reporting: IPDR streamer file descriptor leak is fixed

Configuration

  • New Feature: L2 Bridge Mode - Deploy as a Secure Web Gateway alongside another firewall (L2 Bridge)
  • New Feature: Logging Level and Log rotation time can be configurable from the UI now.
  • Improvement: Configuration > About > View now shows the both subscription states (both installed/purchased)

Integrations

  • Bug-fix: AD Agent exclusion error fixed

Policies and Filtering

  • New Feature: Live Sessions Explorer Quick Actions: Hostname is now the default selection for quick Allow/Block operations (instead of category)
  • Bug-fix: Web Controls - Preset Profile Name not changing in the OPNsense Menu
  • Bug-fix: Fixed Block Details in Live Session Explorer on OPNsense GUI

Platforms

  • New Feature: Linux platforms can now use NFQ packet I/O mechanism as an alternative to netmap
  • Bug-fix: Centos 8: Fixed cloud agent migration error

Others

  • New Feature: New product name "Zenarmor" is now displayed in the user interfaces

1.9#

1.9.3 - July 25, 2021#

Integrations

  • Improvement: OPNsense 21.7 compatibility enhancements

1.9.2_1 - July 7, 2021#

A hotfix for compatibility for OPNsense 21.1.8. This fixes the database service being falsely reported as not running.

1.9.2 - July 6, 2021#

Attention all OPNsense users:

As the second phase for their migration to PHP 7.4, OPNsense will release 21.1.8 this week, upgrading its PHP software to version 7.4. This leaves some compatibility issues with Sensei 1.9.1 and prior releases.

Sensei 1.9.2 addresses this compatibility issues and it is compatible both with OPNsense 21.1.8 and the current and past 21.1.x releases.

You can install Sensei 1.9.2 now or let the OPNsense 21.1.8 updater do the job for you automatically. It will also update Sensei to 1.9.2 release as part of OPNsense 21.1.8 upgrade process.

We would like to thank OPNsense team for their cooperation to make this a smooth transition for Sensei users.

Cloud Central Management

  • New Feature: Policy Configuration: Both netmask and CIDR notation is allowed.
  • New Feature: Central Live Session Explorer for all managed firewalls .
  • Improvement: Auto scroll to top when query data gets an update.
  • Improvement: New Release notifications now have the "Update" button. Clicking on "Update" will start the update process..
  • Improvement: Added manual refresh option to refresh reports within a custom date range.
  • Improvement: Added custom date ranges
  • Improvement: Subscription updates are immediately reflected on the cloud portal
  • Bug-fix: Fixed cloud registrations which failed due to duplicate system id.

Backup & Restore

  • New Feature: Backup files can be restored via CLI on the console.

Integrations

  • Bug-Fix: OPNsense 21.1.8 php7.4 compatibility enhancements
  • Bug-Fix: OPNsense: Fixed os-sensei package contents mismatch error due to the newly introduced cloud policy id.

Reporting

  • Bug-Fix: Fixed VLAN drill-downs
  • Bug-Fix: SQLite Reporting Database tables are now retired automatically.
  • Bug-Fix: Remote Elasticsearch: reset reporting database configuration whenever ES is re-installed.

1.9.1 - June 15, 2021#

Attention all OPNsense users:

OPNsense will release 21.1.7 this week, upgrading its Phalcon library to version 4. This leaves some compatibility issues with Sensei 1.9 and prior releases.

Sensei 1.9.1 addresses this compatibility issues and it is compatible both with OPNsense 21.1.7 and the current and past 21.1.x releases.

You can install Sensei 1.9.1 now or let the OPNsense 21.1.7 updater do the job for you automatically. It will also update Sensei to 1.9.1 release as part of OPNsense 21.1.7 upgrade process.

We would like to thank OPNsense team for the timely heads-up and for their cooperation to make this a smooth transition for the Sensei users.

Cloud Central Management

  • New Feature: Live Session Explorer. View real-time connection activity through Cloud-Portal.
  • New Feature: Premium Subscriptions are now available for new platforms (Linux, FreeBSD)
  • New Feature: Cloud Engine Updates now displays "Release Notes"
  • New Feature: Subscriptions tab now displays the number of active devices
  • New Feature: "Remember me" option for Google Authentication
  • Improvement: Connections Report: Default Report Metric is now Volume
  • Bug-Fix: Top Block Reports bug resolved.
  • Bug-Fix: Time Overlapping issue in Home Throughput graphs resolved.
  • Bug-Fix: Reporting: Exclude filters bug resolved for report charts.
  • Bug-Fix: FreeBSD: Cloud Registration error because of concurrent SQlite access fixed.
  • Bug-Fix: Reporting: Added "interface" information for UDP flows.
  • Bug-Fix: Fixed the "exclude" functionality for DNS - Query Types Tag Cloud Report.

Reporting and Policies

  • Bug-Fix: Policies: Custom applications not appearing in the Applications tab.
  • Bug-Fix: Web Reports Live Explorer now has the "URL" column by default
  • Bug-Fix: Fixed an incompatibility issue with some themes (on "Cloud Threat Intel" tab)

Platforms.

  • Improvement: OPNsense 21.1.7 Release compatibility due to Phalcon 4 update.
  • Bug-Fix: Centos: Invalid Serial ID problem fixed.
  • Bug-Fix: Start-on-boot problems fixed for Linux-based platforms.
  • Bug-Fix: Installer checks if the OS has "sudo" command and asks to install first if not found.

Active Directory Agent

  • New Feature: AD Agent: Ability to set Logging Levels.
  • Improvement: AD Agent: Logs older than 7 days are deleted.
  • Improvement: Service Status Button updated to better display the active status.

Other

  • Improvement: New Documentation URLs have been updated throughout the whole User Interface.

Uninstall

  • New Feature: "senseictl uninstall" command line option introduced to uninstall all Sensei software.

1.9 - May 27, 2021#

New Platforms

  • FreeBSD 13
  • AlmaLinux 1

Cloud Central Management

  • New Feature: Centralized policy management of firewalls
  • New Feature: Per-firewall policy management
  • New Feature: Whitelist/blacklist exclusions
  • New Feature: Automatic policy synchronizations between on-prem and cloud.
  • New Feature: Policy Restore Points to backup and restore policy configurations
  • New Feature: Remember me option is added for Two Factor Authentication (2FA).
  • Improvement: Both purchased and installed Subscription information is displayed. You’ll get a warning if they are not the same.
  • Improvement: CPU information is now displayed in the CPU widget.

Policies

  • New Feature: You can now whitelist/blacklist IP/Network Addresses (CIDR format is accepted)
  • Improvement: Blacklists / Whitelists have been moved to a dedicated tab in Policy Configuration for better user experience
  • Improvement: Whitelist/Blacklist now takes precedence over Application Controlrules
  • Improvement: Policy Configuration: Time Schedules are now a distinguishing criteria between otherwise two identical policies.

Installation.

  • Bug-Fix: Elasticsearch service refusing to start due to an old config file.
  • Bug-Fix: Duplicate dependency error for the java packages is fixed.
  • Bug-Fix:Cloud node status info doesn’t appear in the wizard.

Reporting

  • Bug-Fix: Chart error in Interfaces & VLANs report fixed.
  • Bug-Fix: Live Blocked Session Explorer - Live Security Events Monitor filter area
  • Bug-Fix: Report filters appearing multiple times.

Configuration

  • Improvement: Batch blacklist/whitelist import from file: can now filter out invalid IP / Domain values.
  • Improvement: Cloud Threat Intel: You can now define multiple local domain to be excluded from cloud queries.
  • Improvement: Wizard: Stay in touch: Email address now uses a better regex filter to filter out fake domains.
  • Improvement: Child VLAN interfaces can be added along with their parent interfaces. You’ll now get a warning if we suspect a netmap incompatibility.
  • Bug-Fix: Missing cloud nodes status check is fixed.
  • Bug-Fix: Stream to the Elasticsearch: Empty values are properly handled and accepted where allowed.

Others

  • Improvement: Heartbeat mechanism now utilizes a more improved algorithm to handle hypervisor-originated time synchronization problems.
  • Bug-Fix: IMAP classifier error is fixed.
  • Bug-Fix: Empty password issue for encrypted backup file is fixed.
  • Bug-Fix: Sensei and Cloud agent health check error due to a missing file is fixed.

1.8#

1.8.2 - April 1, 2021#

Packet Engine

  • Bug- Fix: Engine is now compatible with wireguard kmod interfaces. The service start problem is fixed.
  • Bug- Fix: Service restart due to IMAP classifier problem is fixed.

Packet Management

  • Improvement: Plug-ins are now compatible with OPNsense's new plug-in system. Plug-in health warnings are handled.

1.8.1 - March 22, 2021#

Installation / Integration

  • Improvement: New OPNsense plugin semantics are adopted. This solves the "misconfigured" plug-in problem.
  • Improvement: Hardware detection timeout is increased to accommodate for low resource hardware.

Cloud Central Management

  • Improvement: Cloud-agent process restarts only after successful upgrades.

Policy

  • Improvement: Cloning of the Default policy is disabled.
  • Bug- Fix: IPv6 wrong policy matching problem is fixed.
  • Bug- Fix: Policy cloning is fixed.

Other

  • Bug- Fix: Handle out-of-bounds condition in DNS Processor.
  • Bug- Fix: High swap usage warning window now correctly shows the actual processes consuming the highest amount of resident memory
  • Bug- Fix: IPDR streamer new file creation error is fixed.

1.8 - March 11, 2021#

New Platforms

  • FreeBSD 11 / 12
  • Centos 7
  • Ubuntu 18.04 / 20.04
  • Debian 9 / 10
  • All these new platforms can be managed alongside OPNsense systems through your single pane of glass: Cloud Portal. Documentation to follow shortly.

Cloud Central Management

  • New Feature: Aggregated Central Reporting of Firewalls
  • New Feature: Grouping and Reporting of Firewalls by Projects.
  • New Feature: Ability to do packet engine updates through Cloud Portal
  • Improvement: Remote Database configuration can be made for a group of firewalls in the Project.
  • Improvement: Node names sorted by node names.
  • Improvement: Performance optimizations for Remote Elastic Database.
  • Bug- Fix: A few Cloud Agent service bugs are fixed.

Updates & Health

  • Improvement: The database version is shortened for convenience.

Reporting

  • New Feature: SQLite backend for low-end systems. (Cloud only for now)
  • Bug- Fix: Allow button problem is fixed in the Threats - Live Security Events Monitor.
  • Bug- Fix: Maximum value limitation for Connections in the Conn-Facts Reports and Schedule Reports is removed and now unlimited.

Configuration

  • Bug- Fix: Exempted Network IP field max character limit extended.

Policy

  • Bug- Fix: Custom Application definitions are now checked for formatting.
  • Bug- Fix: IP / Network field max character limit extended.

Report a Bug

  • Bug- Fix: Crash report creation is fixed.

1.7#

1.7.1 - February 15, 2021#

Cloud Central Management

  • Improvement: Two-factor authentication is made more visible in the Account settings menu.
  • Improvement: During registration, users who are using OPNsense Web UI on "HTTP" protocol are now advised to switch to "HTTPS".
  • Improvement: Metric values are now available with the Reports
  • Bug- Fix: A fix is introduced for a bug that caused some Cloud Registrations to fail.

Active Directory Agent

  • New Feature: AD agent can now stream user/group information to multiple firewalls simultaneously.
  • Improvement: Kerberos Authentications Support

Packet Engine

  • Improvement: Health watchdog value is adjusted to be able to accommodate low-end devices with weak CPU and slow disk speeds (e.g. apu2 devices)

Configuration

  • Improvement: TUN interfaces (Wireguard, OpenVPN) are now re-enabled in the available interface section.

Policy

  • Bug- Fix: A bug while editing a whitelist is fixed.

Report a Bug

  • Bug- Fix: Thank you Screen: bogus meta characters are removed.

1.7 - January 22, 2021#

Cloud Central Management

  • A feature long-awaited by our MSP partners, the First BETA release of Cloud Central Management is available to try with this release. To connect your firewall head to Sensei, Configuration, Cloud Management Portal.

Policy

  • Improvement: In the Free Edition, to provide a consistent User Experience; App, Web, and Security sub-menus have been merged into a "Default Policy".
  • Improvement: Time schedules are now distinguishing criteria for policy definitions. You can now have different policies if their time schedules are different and even all other criteria are the same.
  • Improvement: After an app database update, newly introduced applications can be displayed now. Just click on "Display recently added application only".
  • Bug- Fix: Custom app editing is fixed.

Reporting

  • Improvement: Hide Local Connections and Hide Blocked Connections selection is now remembered.
  • Improvement: IPDR Streamer (Reporting streaming) is now multithreaded and is able to scale to multiple CPUs.

Licensing

  • Improvement: Premium Subscription is renamed as Business Subscription.
  • Bug- Fix: 1000+ license configuration saving problem is fixed.

Enrichment

  • Improvement: Engine <-> UI communication has been migrated to a unix domain socket.
  • Bug- Fix: CIDR alias entries (/32) are now properly processed.

1.6#

1.6.2 - December 15, 2020#

Reporting

  • Improvement: All domain names are now converted to lower case to avoid duplicate reporting
  • Improvement: MongoDB backend is now able to keep reporting longer than 2 days
  • Bug- Fix: IPv6 matching is fixed for Exempted Networks/IP
  • Bug- Fix: Passive mode in/out stats view is fixed
  • Bug- Fix: IPv6 Top Local Hosts drill-down functionality is restored

Other

  • Improvement: Backup and Restore: handle browser auto-fill for password verification

1.6.1 - October 6, 2020#

Performance

  • Improvement: 2x performance boost with SSL/TLS downloads

Reporting

  • New Feature: Schedule Reports: Option to enable/disable TLS server certificate verification
  • Bug- Fix: Remote Elastic Search authentication problem is fixed

Other

  • Bug- Fix: Backup and Restore: password verification
  • Bug- Fix: Deployment Flavor correctly displayed now - Configuration - General

1.6 - September 17, 2020#

Policies and Content Filtering

  • Improvement: Firstly seen control is now applied only for Web Sites
  • Improvement: OPNSense Management IP Address is whitelisted by default
  • Improvement: The default policy is moved to the end of the policy list to be compatible with the engine policy matching order.
  • Improvement: A Domain can be added as global value to the Whitelist/Blacklist, so affects whole policies.
  • Improvement: Auto White/Block list import/export
  • Improvement: Cloning policies. Start a new policy by cloning an existing one and avoid having to configure all of the policy options.
  • Bug- Fix: Handling the case when a domain is being added to more than one policy
  • Bug- Fix: ccTLDs are better handled.

Reporting

  • Improvement: Top Threat Reports were added
  • Improvement: Show / Hide Local Connections in Reports
  • Improvement: Show / Hide Blocked Traffic in Reports
  • Improvement: Activity Explorer is more efficient with new time grouping and intervals
  • Improvement: Live Session Explorer now displays blocked and allowed connections in different colors so that you can more easily spot blocked connections.
  • Improvement: The number of Unique devices is displayed while purchasing a subscription so that you know which subscription will work for you best.
  • Improvement: It is possible to schedule reports for a specific day and hour and get weekly reports
  • Improvement: You can custom-define your firewall's index prefix in the remote Elasticsearch database so that you can better identify which indexes are for which firewalls.
  • Improvement: New fields were added in reporting values;
  • is_blocked {0,1} > 0 = Connection is not blocked, 1= Connection is blocked
  • is_local {0,1} > 0= Connection is not local, 1= Connection is local
  • security_tags {Security Category Names (Proxy, Phishing, Malware etc.)}
  • Bug- Fix: SNMP traffic was tagged as QUIC Protocol

High Availability

  • Improvement: Landing pages also get synced to the Passive Nodes

DNS Enrichment

  • Improvement: In-flight reverse DNS queries for unresolved local IP addresses
  • Improvement: OPNSense aliases can now be used for DNS Enrichment

External Reporting

  • Improvement: Syslog Streaming: You can now optionally select which reports are to be streamed to a remote Syslog server (i.e. all reports or just connections, threats, blocks)

Backup Restore

  • Bug- Fix: Fixed restoring only Policies & Rules

Configuration

  • Improvement: Passive Deployment mode is introduced.
  • Improvement: Routed Mode (L3 Mode, Reporting + Blocking) with netmap generic driver is made available for ethernet incompatible interfaces with netmap.
  • Netmap exclusive device access: prevent other applications (e.g. Suricata) to access the interface if sensei is running on the interface. This is to prevent possible network outages in case users start sensei and Suricata on the same interface.
  • Support for VPN connections
  • Vmx and vtnet re-enabled

1.5#

1.5.2 - June 26, 2020#

Cloud Portal and Licensing

  • Cloud Portal is now live!. You can manage your subscriptions from SVN Cloud Portal
  • My Account link added to Sensei UI for easy access to Cloud Portal
  • License Purchase Page now shows the number of unique devices protected so that you can decide on the correct license tier

Policies and Filtering

  • Bug- Fix: policy list not available after a factory reset
  • Bug- Fix: prevent custom web categories to be named as one of the existing SVN category names
  • Bug- Fix: prevent duplicate custom web categories

Application Database

  • Improvement: No need to restart the engine after Application Database Updates
  • Improvement: Application database updated to the latest version

Integrations

  • Bug- Fix: Syslog configuration bug

Other

  • Bug- Fix: cosmetic fixes for vicuna theme
  • Bug- Fix: user enrichment re-enable functionality
  • Other performance and reliability improvements

1.5.1 - June 1, 2020#

Filtering

  • Improvement: Whitelist local domains (.net, .home, .lan etc) and private IP addresses from for Cloud Queries
  • Bug- Fix: Handle floating CDN IP addresses with DNS Enrichment - filtering

Reporting

  • Improvement: User authentication support for Remote Elasticsearch Databases
  • Improvement: Scheduled Reports: Test email now sends an actual report instead of a blank test email
  • Improvement: Scheduled Reports: You can now easily add a chart to the scheduled reports by clicking on the "Envelope" icon on the chart
  • Bug- Fix: Scheduled Reports: Sorting Charts
  • Bug- Fix: Elasticsearch UTF8 encoding problem with remote databases
  • Bug- Fix: Inconsistency with the "Top" records checkbox in Firefox Browser
  • Bug- Fix: DB selection should not be bypassed
  • Bug- Fix: openmap links over HTTPS

Integrations

  • Bug- Fix: Active Directory IPv6 user enrichments

Other

  • Adjust netmap memory according to the available system memory
  • Bug- Fix: Fix a crash at Generic Proxy Parser
  • Bug- Fix: Fix a broken link in Problem Report screen
  • Other performance and reliability improvements

1.5_1 - May 20, 2020#

OPNsense 20.1.7 compatibility patch for MongoDB backend

  • This patch fixes a compatibility issue with OPNsense 20.1.7 if you're using Mongodb
  • Elasticsearch is fine. You might just ignore this update ;)

1.5 - May 7, 2020#

Application Control

Application Database is now a seperate package and can be updated independently and more frequently

  • New Feature: More frequent (e.g. weekly) application database updates
  • New Feature: User-defined application signatures
  • New Feature: Illegitimate Advertising app to block potentially harmful advertising campaigns
  • Improved app detection logic
  • 210+ new applications recognized

Privacy and Compliance

  • New Feature: Ability to anonymize local / remote IP addresses
  • New Feature: Ability to disable Username / DNS enrichments
  • New Feature: Ability to selectively delete reports for specified IP addresses

Policies and Filtering

  • New Feature: Multiple schedules for a single policy
  • New Feature: Tool tips for policy screens
  • New Feature: Policies can now match inbound/outbound flows selectively (You can specify flow direction for Policy Configuration)
  • New Feature: Ordering and prioritizing policies
  • New Feature: Sensei can now inspect and filter Proxy-ed connections (CONNECT method - Not transparent Proxy)
  • Improved Ad Blocking (Especially for Android mobile devices / Google Chrome mobile browsers)
  • Fix: Whitelisting for App Controls issue is fixed
  • Fix: Over-night time schedules
  • Fix: Engine reloading (during rule updates) issue is fixed
  • Fix: Mongodb Backend: Enlarged Charts can now pull data for all "Top" queries

Reporting

  • New Feature: You can now specify an external Elasticsearch instance for the main reporting database
  • New Feature: You can now select the Backend Database Engine during initial configuration
  • New Feature: Scheduled Reports: PDF Reports
  • New Feature: Ability to provide an "exclude filter" for "Add filter" functionality
  • New Feature: Ability to move Reporting Database to a different directory (To be able to move database from a tempfs e.g. /var partition)
  • New Feature: Read-only access to reports: you can now restrict a OPNsense UI user to only be able to view reports (Select Dashboard permission)
  • New Feature: Ability to re-order charts

Cloud

Improved feedback loop for Web Categorization.

When you submit an entry for re-classification we can now re-categorize it within as fast as 10 minutes. Re-categorized web sites may become available via Cloud as soon as 15 minutes. You can submit web sites for re-classification either through our Web site (https://www.sunnyvalley.io/site-classification/) or through the Sensei UI when you add a site to whitelist/blacklist or to a user defined category.

  • Optimized Cloud Query Caching
  • Fix: case sensitive queries

Integrations

  • Improved MS Active Directory caching performance

Other

  • New Feature: Configuration Backup and Restore
  • New Feature: Health: You can now specify your own threshold for SWAP high utilization ratio
  • New Feature: Health: Check and warn if reporting database is located on a tempfs
  • Improvement: Install/Configuration: You can now re-try hardware compatibility check in case first try fails
  • Other performance and reliability improvements

1.4#

1.4 - February 25, 2020#

High Availability

  • Automatic Sensei configuration synchronization between nodes (Premium feature)

Application Control

  • 74 new applications recognized (mostly for better Ad Blocking)

Cloud

  • Optimized Cloud Query Caching
  • Europe-2 cloud server has been deployed for additional capacity for Europe continent

Filtering

  • Tooltips for policy screens
  • Fixed an issue wherein some rare occasions rules were not communicated with the engine properly
  • Fixed Ad blocking for Android apps

Reporting

  • MongoDB: if indexes are broken, Sensei now tries to automatically fix them before reporting error
  • OPNsense Dashboard Widget: fixed caching bug
  • Fixed custom dates in reporting date filters
  • Fixed a few minor cosmetic issues with cicada theme

Other

  • Health: check and warn if /var directory is mounted on a tmpfs filesystem
  • Health: check and warn if the protected interface has jumbo frames (MTU larger than 1500)
  • Health: if a bypass event occurs due to CPU/Ram/Swap, Sensei now logs the top resource-intensive processes
  • Health: continuously check and warn if any Sensei interface is also in use by Suricata
  • Installer: re-try CPU check if it is not successful for the first time
  • Interface configuration widget Firefox/mobile browser compatibility is re-visited and fixed
  • Other performance and reliability improvements

1.3#

1.3.1 - January 30, 2020#

OPNsense 20.1/OpenSSL compatibility packages for Sensei MongoDB Backend

  • MongoDB backend and OpenSSL: Due to some dependency package upgrades, new MongoDB packages have been built and provided with this release (Because of OpenSSL 1.1.1 migration).
  • MongoDB backend and OpenSSL: Dropped support for OPNsense 19.7.x and prior releases

Reporting

  • OPNsense Dashboard Widget: performance optimizations
  • OPNsense Dashboard Widget: fixed bug occasionally causing raw JSON data appearing in the widget

Other

  • Reporting a bug is now a separate menu. Find it in the upper right-hand corner of the UI (Separated from Contact Sensei Team menu)
  • Interface configuration mobile compatibility is fixed
  • Other performance and reliability improvements

1.3_1 (Patch Level 1) - January 23, 2020#

  • This patch level addresses a browser compatibility issue

1.3 - January 17, 2020#

SOHO Subscription goes live

  • Sensei SOHO Subscription goes live
  • In-App purchase option for all subscription options. You can now purchase all Sensei Subscriptions easily through Sensei User Interface

Filtering

  • New Premium feature: Pause/Resume internet for a policy with a single click
  • User-defined lists: handle subdomain matching more intuitively. If you add domain.com, sensei will match all subdomains under this domain

Reporting

  • New Premium feature: Export PDF: You can export the charts or live session reports as PDF files
  • New Premium feature: Activity Report: A more condensed and brief version of the live connection activity report
  • New Premium feature: Fully Customizable Views. You can now add new fully configurable views
  • Security Reports renamed as "Block Reports"
  • Optimized time-based charts (Mongodb backend)
  • Fixed policy name in Security Reports

Other

  • Contact Sensei Team: improved to share more relevant information during bug-reports
  • Version history now shows feature history for all previous releases
  • API security tokens: ability to remove existing keys
  • Scheduled e-mails: fixed timing bug sometimes causing scheduled emails to fail
  • Wizard: initial configuration wizard now checks if your OPNsense is current and up to date
  • Dropped support for OPNsense 19.1.x and prior releases
  • Other performance and reliability improvements

1.2#

1.2.5 - January 8, 2020#

Important Message

With 1.3 release onwards, Sensei will drop supporting OPNsense releases 19.1.x and earlier. Please update to the latest OPNsense release to avoid any incompatibility issues

Convenience

  • Save Changes button is now more visible for Web/App Controls

Filtering

  • Fix: firewall reboots causing default policy rules being deleted

Reporting

  • Scheduled Reports: errors are now communicated through the user interface

Configuration

  • Fix: deployment size setting
  • Fix: re-assigning network interfaces

1.2.4 - December 27, 2019#

Important Message

With 1.3 release onwards, Sensei will drop supporting OPNsense releases 19.1.x and earlier. Please update to the latest OPNsense release to avoid any incompatibility issues

Premium

  • Fix: Modifying an existing Policy
  • Fix: Deleting Exempt VLAN/Networks

Application Database

  • New app signatures for TikTok, Discord App, GroupMe, Houseparty

Reporting

  • Fix: Drilling down to localhost (specifically IP addresses with hostnames associated with them)

Other

  • Fix: Reset factory defaults also resetting policies
  • Revert: netmap buf_num value to OPNsense default.
  • Other performance and reliability improvements

1.2.3 - December 15, 2019#

Premium

  • Convenience: warning message displayed when allowed number of policies reached for Home Edition
  • Fix: Policy refreshes

Reporting

  • Local Unique Devices information added to Conn - Facts chart in Connections View
  • Auto white/blacklist Hosts: remember user preference (sending categorization feedback)

Other

  • Fix: Increase netmap buf_num value to accommodate both Suricata and Sensei on high-end servers
  • Other performance and reliability improvements

1.2.2 - December 9, 2019#

Premium

  • A reminder message to advise using HTTPS if you're trying to purchase Sensei Premium from HTTP UI
  • Fix: Streaming Data to External Elastic Search Instance: a sanity check for the remote ES URL added

Reporting

  • Fix: Drilling down to BLANK category
  • Fix: Add 50 device option to Mongodb
  • Fix: Drilling down to Policy Session Details
  • Fix: Shortcut to Blocking an individual host/domain
  • Fix: Security Reports: Source GeoIP location fixed

Other

  • MongoDB and other dependency packages have been upgraded to their latest releases for OpenSSL flavor
  • Fix: Suricata interface check restored
  • Fix: Move Stripe JS loading to the "Upgrade Premium" page.
  • Fix: updating to new versions handles user-defined category migration more carefully
  • Other performance and reliability improvements

1.2.1 - December 4, 2019#

Premium

  • A reminder message to advise using HTTPS if you're trying to purchase Sensei Premium from HTTP UI
  • Fix: Streaming Data to External Elastic Search Instance: a sanity check for the remote ES URL added

Reporting

  • Fix: Drilling down to BLANK category
  • Fix: Add 50 device option to Mongodb
  • Fix: Drilling down to Policy Session Details
  • Fix: Shortcut to Blocking an individual host/domain
  • Fix: Security Reports: Source GeoIP location fixed

Other

  • MongoDB and other dependency packages have been upgraded to their latest releases for OpenSSL flavor
  • Fix: updating to new versions handles user-defined category migration more carefully
  • Other performance and reliability improvements

1.2 - November 26, 2019#

Home Premium Subscription

  • Sensei Home Subscription goes live
  • In-App purchase option. You can now purchase Sensei Subscription easily through Sensei User Interface

Performance

  • UI responsiveness has been increased considerably

Reporting

  • Fully Customizable Dashboard. You can now choose which Charts gets displayed in your Sensei Dashboard
  • Scheduled Reports are now available for MongoDB backend
  • Security Reports: "Block Message" added as a filter for Security Reports
  • Bug- Fix: Mongodb autostart problem resolved
  • Bug- Fix: Mongodb backend: Top Destinations Heatmap
  • Bug- Fix: OPNsense Sensei Dashboard Widget fixed to handle an error condition

Other

  • Shortcut to Contact Sensei Team directly and easily from Sensei User Interface
  • A better and user-friendly notification and warning interface
  • Bug- Fix: Handle Hardware Check falsely reporting a low-device in some cases
  • Other performance and reliability improvements

1.1#

1.1_4 (Patch Level 4) - November 19, 2019#

  • This patch level addresses policy sanity check, Elasticsearch and child VLAN issues.

Better low-end device support

  • Minimum RAM requirement lowered to 2GB
  • Support for less powerful CPUs. Try Sensei on your Deciso A10 devices: Yes! with reporting :)

More interface support

  • lagg(4) and bridge(4) interface members can be protected now
  • Interface Configurator now reports "Unassigned" OPNsense interfaces

New Cloud Servers Infrastructure goes live

  • New less-latency cloud servers for US-West, US-East, Asia1, Asia2 and Australia regions
  • New web category/threat intelligence database
  • Improved/faster cloud query mechanism
  • Better availability
  • The status screen now shows uptime in a prettier format

Security

  • Premium: Protection for newly detected malware campaigns (not older than 1 week)
  • Premium: New grey-listing categories for Dead, Newly Registered and Newly Recovered sites

Reporting

  • Reporting Performance Improvements (Reports load faster (a lot faster ;))

Other

  • Shortcut to whitelist/blacklist a domain/host from Live Session Explorers
  • Other performance and reliability improvements

1.1_3 (Patch Level 3) - November 8, 2019#

  • This patch level addresses Elasticsearch and child VLAN issues.

Better low-end device support

  • Minimum RAM requirement lowered to 2GB
  • Support for less powerful CPUs. Try Sensei on your Deciso A10 devices: Yes! with reporting :)

More interface support

  • lagg(4) and bridge(4) interface members can be protected now
  • Interface Configurator now reports "Unassigned" OPNsense interfaces

New Cloud Servers Infrastructure goes live

  • New less-latency cloud servers for US-West, US-East, Asia1, Asia2 and Australia regions
  • New web category/threat intelligence database
  • Improved/faster cloud query mechanism
  • Better availability
  • The status screen now shows uptime in a prettier format

Security

  • Premium: Protection for newly detected malware campaigns (not older than 1 week)
  • Premium: New grey-listing categories for Dead, Newly Registered and Newly Recovered sites

Reporting

  • Reporting Performance Improvements (Reports load faster (a lot faster ;))

Other

  • Shortcut to whitelist/blacklist a domain/host from Live Session Explorers
  • Other performance and reliability improvements

1.1_2 (Patch Level 2) - November 5, 2019#

  • This patch level addresses the Elasticsearch issue.

Better low-end device support

  • Minimum RAM requirement lowered to 2GB
  • Support for less powerful CPUs. Try Sensei on your Deciso A10 devices: Yes! with reporting :)

More interface support

  • lagg(4) and bridge(4) interface members can be protected now
  • Interface Configurator now reports "Unassigned" OPNsense interfaces

New Cloud Servers Infrastructure goes live

  • New less-latency cloud servers for US-West, US-East, Asia1, Asia2 and Australia regions
  • New web category/threat intelligence database
  • Improved/faster cloud query mechanism
  • Better availability
  • The status screen now shows uptime in a prettier format

Security

  • Premium: Protection for newly detected malware campaigns (not older than 1 week)
  • Premium: New grey-listing categories for Dead, Newly Registered and Newly Recovered sites

Reporting

  • Reporting Performance Improvements (Reports load faster (a lot faster ;))

Other

  • Shortcut to whitelist/blacklist a domain/host from Live Session Explorers
  • Other performance and reliability improvements

1.1_1 (Patch Level 1) - November 4, 2019#

Better low-end device support

  • Minimum RAM requirement lowered to 2GB
  • Support for less powerful CPUs. Try Sensei on your Deciso A10 devices: Yes! with reporting :)

More interface support

  • lagg(4) and bridge(4) interface members can be protected now
  • Interface Configurator now reports "Unassigned" OPNsense interfaces

New Cloud Servers Infrastructure goes live

  • New less-latency cloud servers for US-West, US-East, Asia1, Asia2 and Australia regions
  • New web category/threat intelligence database
  • Improved/faster cloud query mechanism
  • Better availability
  • The status screen now shows uptime in a prettier format

Security

  • Premium: Protection for newly detected malware campaigns (not older than 1 week)
  • Premium: New grey-listing categories for Dead, Newly Registered and Newly Recovered sites

Reporting

  • Reporting Performance Improvements (Reports load faster (a lot faster ;))

Other

  • Shortcut to whitelist/blacklist a domain/host from Live Session Explorers
  • Other performance and reliability improvements

1.1 - November 2, 2019#

Better low-end device support

  • Minimum RAM requirement lowered to 2GB
  • Support for less powerful CPUs. Try Sensei on your Deciso A10 devices: Yes! with reporting :)

More interface support

  • lagg(4) and bridge(4) interface members can be protected now
  • Interface Configurator now reports "Unassigned" OPNsense interfaces

New Cloud Servers Infrastructure goes live

  • New less-latency cloud servers for US-West, US-East, Asia1, Asia2 and Australia regions
  • New web category/threat intelligence database
  • Improved/faster cloud query mechanism
  • Better availability
  • The status screen now shows uptime in a prettier format

Security

  • Premium: Protection for newly detected malware campaigns (not older than 1 week)
  • Premium: New grey-listing categories for Dead, Newly Registered and Newly Recovered sites

Reporting

  • Reporting Performance Improvements (Reports load faster (a lot faster ;))

Other

  • Shortcut to whitelist/blacklist a domain/host from Live Session Explorers
  • Other performance and reliability improvements

1.0#

1.0.3 - September 25, 2019#

Application control & filtering

  • 22 new applications (Ad Tracking)
  • Fixed an issue affecting a block 172.16.0.0/16 being recognized as public IP addresses
  • Re-evaluation of policy rules when a policy is re-configured
  • Fixed an issue matching policies with a Captive Portal user group
  • Captive portal: provide user group information to Sensei

Reporting

  • Scheduled e-mail reports: now support STARTTLS method e-mail transport security
  • Scheduled e-mail reports: you can now specify a sender address for the e-mails
  • Reverse DNS lookups for local IP addresses

Performance

  • The output directory is now a tmpfs for higher file system performance

Cloud Threat Intelligence

  • new US-West Cloud servers (Test)
  • new Asia Cloud servers (Test)
  • You can now request web sites being re-categorized by sharing your custom lists with Sensei team

UI/UX

  • Important engine-related messages are communicated through UI
  • Now working with tucan/cicada themes (thanks to opnsense user of Team Rebellion for OPNsense commits)
  • During uninstall, you can now request to be contacted by the Sensei team about your problem
  • Fixed an issue preventing to select the whole application category
  • Better user feedback forms
  • Development features

Misc

  • Proper LibreSSL build and installation
  • The installer now does a CPU benchmark test to see if Sensei can run successfully on your hardware
  • Migrated to Python 3.7
  • More reliability and performance improvements

1.0.2 - August 9, 2019#

  • Installer/Updater: Fix LibreSSL install and update problem
  • New Feature: Live Authenticated Users View (Captive Portal/Active Directory)
  • UI fix: Delete policy time schedule button has been placed in a more appropriate section
  • UI fix: Fixed an issue which causes app/web category listing being incomplete during Policy creation
  • Convenience: Removed an unnecessary engine restart during policy creation
  • Filtering: Fixed a bug preventing Landing Page to display when blocking a connection
  • Policy filtering: Fixed a bug affecting daily schedules
  • Enable unmapping of user <-> IP addresses

1.0.1 - August 6, 2019#

  • Fix a bug preventing deletion of policy schedules
  • Handle bad formatting during policy creation
  • Enable unmapping of user <-> IP addresses

1.0.0 - August 4, 2019#

  • First stable release
  • Username Base and Enriched Report View

Active Directory Integration via Sensei AD Agent

Captive portal users displayed in reports

You can now customize whether to display IP addresses or hostnames in reports

  • Automatic Updates

Sensei can now be updated via OPNsense Firmware updater. OPNsense updates now check for Sensei updates and install them automatically.

  • Engine logs are not archived anymore
  • 11 more apps identified
  • Premium subscription features included in this release

0.8#

0.8.2 - June 22, 2019#

  • OPNsense 19.7 compatibility fix (Missing python 2.7 dependencies added)
  • Fixes block landing page not displayed correctly

0.8.1 - June 19, 2019#

  • Fix a bug preventing archive engine logs from being removed
  • OPNsense 19.7 compatibility fix

0.8.0 - June 18, 2019#

  • IPv6 Support

As promised - now Sensei has IPv6 support.

  • Virtio interface support

There were many requests that we make Sensei run on virtual interfaces like QEMU/KVM/Proxmox virtio. Sensei 0.8 combined with OPNsense 19.1.x new netmap enabled kernel, you can now run on virtio interfaces This is also a big enabler to run OPNsense and Sensei on most of the major Cloud and VPS operators. More info on that: https://forum.opnsense.org/index.php?topic=11477.0

  • Wireless interfaces support

Starting with OPNsense 19.1 and Sensei 0.8, you can now run Sensei on wireless interfaces.

  • VLAN interfaces support

Starting with OPNsense 19.1 and Sensei 0.8, you can now run Sensei on VLAN interfaces.

  • Better Cloud & Update Servers Availability
  • Users can now ignore the Hardware compatibility warning and install Sensei even if the HW resources are below what is advisable.
  • You'll now get reported via an informative message in the UI if Sensei health check automatically stops Sensei service due to an HW resource shortage. Up until now, Sensei was doing this quite silently ;)
  • The number of Elasticsearch dependencies decreased by 1/3: faster installs & updates
  • Better Reporting
  • IPv6 reporting
  • Ability to resolve local IP addresses to MDNS supplied hostnames
  • Source Hostname is now the default instead of IP address in Session Reports (IP is still available via a tooltip
  • Ability to specify start and end times for Session Explorer Reports
  • Ability to refresh Session Explorer Reports without having to close/re-open the report
  • Mobile devices UI improvements

0.7#

0.7.0 - December 26, 2018#

  • 350+ new applications identified.
  • Google applications browsed via Chrome are now being identified (QUIC over UDP protocol support).
  • Mobile browser compatibility: you can view reports from your mobile browser
  • Reports enhancement: Data retirement option introduced. With this option, you can define how long to keep your reports (days)
  • Reports enhancement: Option to erase all reporting data
  • Reports enhancement: Drill-down in Security reports is now available
  • Reports enhancement: Daily executive reports. Selected reports delivered via a daily e-mail.
  • You can easily add block/allow rules within Session Explorer based on Application and Application Category or SNI / hostname
  • User's Manual in English.
  • More deployment options for Home and Large scale users
  • Changelog between updates
  • Fixed Rebellion Theme compatibility issues.
  • Better Cloud Nodes availability
  • Better & smoother updates
  • We speak your language now, we added i18n support to match your OPNsense UI language. English and German are there, for now, more coming soon.
  • Removed some large dependencies in preparation for embedded devices & PIE (Position Independent Executable) support. More performance & stability improvements.