Sensei for OPNsense
Empower your open source firewall with Next Generation Features
OPNsense is an easy-to-use, open source firewall platform created by the Netherlands-based company Deciso. OPNsense started as a fork of pfSense® and m0n0wall in 2014, with its first official release in January 2015. The project has evolved quickly while still retaining aspects of both m0n0wall and pfSense. A strong focus on security and code quality drives the development of the project.
OPNsense includes advanced features such as forward caching proxy, traffic shaping, intrusion detection and easy OpenVPN client setup. The latest release is based upon HardenedBSD 11.2 for long-term support.
OPNsense came into existence as a pfSense fork with the foresight of providing a secure network for users and preventing them from upcoming risks and attacks. The platform comes with new add-ons and attributes like Sensei, which has a special place in the network security world.
The next-generation firewall capabilities of OPNsense includes intelligence for cloud application delivery, application awareness, and integrated intrusion prevention.
OPNsense Recommended Hardware
|Processor||1.5 GHz multi core CPU|
|Install method||Download or USB|
|Install target||120 GB SSD|
Next-generation vs. Traditional Firewalls
Next-generation firewalls utilize VPN support, plus dynamic and static packet filtering to make sure that connections between the internet, firewall, and network are secure.
NGFWs can also filter different types of packets depending on the use case. They provide network traffic visibility and controls for matching signatures and analysis. Additional features include IPS signatures or whitelists to tell the difference between traffic sources using SSL decryption, antivirus capabilities, filtering protocols, and data loss prevention with real-time, detailed traffic inspection.
Sensei is a plugin that provides next-generation firewall (NGFW) capabilities for the OPNsense HardenedBSD-based firewall and routing platform. The Sensei plugin enables packet classification and visibility as well as an advanced policy enforcement engine. The additional packet intelligence provided by Sensei helps organizations identify and defend against a wide range of cyber-attacks.
Sensei for OPNsense
The Sensei OPNsense plugin provides advanced persistent protection that includes the industry’s first packet inspection engine that can do native TLS inspection, packet classification and fine-grained policy enforcement for any type of internet traffic. Sense also includes a rich application database that identifies thousands of communication protocols and data attributes, creating the most accurate picture of real-time data activity and drill-downs to per-connection details.
Sensei can easily integrate with Microsoft Active Directory or Captive Portal to have user based reporting and filtering for anomaly detection. Cloud Application Controls provided by Sensei create granular access policies for Cloud services including Google, Dropbox, Amazon, and Twitter. Sensei’s commercial grade cloud-based web categorization database provides real-time classification for unknown sites in under five minutes. The plugin’s Web provides filtering policies for more than 140 Million web sites under 120+ different Web Categories and the ability to create custom categories to blacklist or whitelist sites.