While you were busy with upgrading to OPNsense’s latest release 20.7, we have been working hard to get your Next Generation Firewall Plug-in, Sensei 1.6 release ready for you.

This release comes with a lengthy list of new features and improvements, including Detailed Threats Reports, VPN and Link Aggregation Support, better DNS enrichment, improved web filtering experience; and many more…

We strongly advise that you also use new netmap kernel to be able to maximize your Sensei experience

Support for VPN interfaces (OpenVPN etc). 

You have remote workers accessing your firewall; or your users connect to the Internet through a Cloud-delivered OPNsense firewall. You want to protect them. Well, you can do it now 😉 Try it with your OpenVPN server. 

Reports – Threats View

Get detailed information about threats and vulnerable users & devices. Drill down to session details to spot which connections are causing them.

Real-time DNS reverse query for enriching local IP addresses:

You’ll be able to map local IP addresses to DNS hostnames. Sensei engine will query the IP address in real-time to find a mapping. This feature requires a subscription.

Also available is the ability to be able to map OPNsense host aliases to IP addresses. If you have an OPNsense host alias defined, on the fly, it will be used for hostname mapping. 

Reporting-only Deployment Mode (Passive)

Passive mode is like Suricata’s IDS mode. In this mode, Sensei grabs a copy of packets from the configured interfaces (via pcap) and provides you with a wealth of information through its reporting. 

If you’re having trouble with the Netmap subsystem and still want to make use of Sensei’s advanced reporting capabilities, this will be your best friend 😉

Ability to use netmap emulated driver in case your adapter is not compatible with netmap

If your ethernet driver has problems with the netmap subsystem, this new deployment option will allow you to enjoy Sensei’s filtering and blocking.

See more about the deployment options here: 

Weekly Scheduled Reports

It is possible to schedule reports for a specific day and hour and get weekly reports

With the new netmap kernel, QEMU and VMware support is back

Now available in conjunction with the new OPNsense Netmap kernel, you are now able to continue using vtnet and vmx interfaces with Sensei. This also applies to Suricata. Suricata will also be able to make use of VMware and QEMU native interfaces, vmx and vtnet. 

Remote Elasticsearch: new security related fields introduced

We’ve introduced some new information which is provided with the conn_* indexes:

  • Is_blocked : 0 = Connection is not blocked, 1= Connection is blocked
  • is_local : 0= Connection is not local, 1= Connection is local
  • security_tags : {Security Tags (Proxy, Phishing, Malware etc.)}

Newly introduced fields will be automatically created for the upcoming records; and you do not need to do anything for these changes to be put into production. All you are left to do is, modifying existing visualisations or creating new ones making use of the new information.

Apart from these, see below for an exhaustive list of features and improvements shipped with 1.6: 

Policies and Content Filtering

  • Improvement: Firstly seen control is now applied only for Web Sites
  • Improvement: OPNSense Management IP Address is whitelisted by default
  • Improvement: Default policy is moved to the end of the policy list to be compatible with the engine policy matching order. 
  • Improvement: A Domain can be added as global value to the Whitelist/Blacklist, so affects in whole policies.
  • Improvement: Auto White/Block list import/export
  • Improvement: Cloning policies. Start a new policy by cloning an existing one and avoid having to configure all of the policy options. 
  • Bug-fix: Handling the case when a domain is being added to more than one policy
  • Bug-fix: ccTLDs are better handled.

Reporting

  • Improvement: Top Threat Reports were added
  • Improvement: Show / Hide Local Connections in Reports
  • Improvement: Show / Hide Blocked Traffic in Reports
  • Improvement: Activity Explorer is more efficient with new time grouping and intervals
  • Improvement: Live Session Explorer now displays blocked and allowed connection in different colors so that you can more easily spot blocked connections. 
  • Improvement: Number of Unique devices are displayed while purchasing a subscription, so that you know which subscription will work for you best.
  • Improvement: It is possible to schedule reports for specific day and hour and get weekly reports
  • Improvement: You can custom-define your firewall’s index prefix in the remote Elasticsearch database so that you can better identify which indexes are for which firewalls.
  • Improvement: New fields are introduced for remote Elasticsearch reporting (conn_* indexes)
    • is_blocked {0,1} > 0 = Connection is not blocked, 1= Connection is blocked
    • is_local {0,1} > 0= Connection is not local-bound, 1= Connection is local-bound
    • security_tags {Security Tags (Proxy, Phishing, Malware etc.)}
  • Bug-Fix: SNMP traffic was tagged as QUIC Protocol

High Availability

  • Improvement: Landing pages also gets synced to the Passive Nodes

DNS Enrichment

  • Improvement: In-flight reverse dns queries for unresolved local ip addresses
  • Improvement: OPNSense aliases can now be used for DNS Enrichment

External Reporting

  • Improvement: Syslog Streaming: You can now optionally select which reports are to be streamed to a remote syslog server (i.e. all reports or just connections, threats, blocks)

Backup Restore

  • Bug-fix: Fixed restoring only Policies & Rules

Configuration

  • Improvement: Passive Deployment mode is introduced.
  • Improvement: Routed Mode (L3 Mode, Reporting + Blocking) with netmap generic driver is made available for ethernet incompatible interfaces with netmap.
  • Netmap exclusive device access: prevent other applications (e.g. suricata) to access interface if sensei is running on the interface. This is to prevent possible network outages in case users start sensei and suricata on the same interface.
  • Support for VPN connections
  • Vmx and vtnet re-enabled

Premium Features

Starting from $9.99/month for home users, and $39/month for commercial users, all of Sensei’s subscription options can be purchased right from within the Sensei User Interface.

For plans and prices, please see our Plans and Prices page.

Academic, educational, and non-profit organizations enjoy generous discounts. Details here: Edu discount

To learn how Premium Subscriptions compare to Free Features, see: Premium vs Free

Also, you may want to check out this review on Home Network Blog for an in-depth look and feature comparison.

What’s cooking for Sensei in 2020?

If you are curious to know what’s next for Sensei, we have an offer for you. Take 30 seconds to fill out the “Sensei Roadmap Survey” for the opportunity to shape Sensei’s future.

Link: Sensei 2020 Roadmap

Leave a Reply