While the world has been experiencing unprecedented events due to Coronavirus, the Sensei team has been busy working on Sensei’s next release. Today, we are happy to announce the public availability of Sensei 1.5 for OPNsense is Released.  We hope that everyone out there is in good health and staying safe at home.

With a lengthy list of new features and improvements, Release 1.5 introduces major improvements with regard to application database updates, ad blocking, filtering/policy management as well as reporting. 

Below are the key Release 1.5 improvements. You can also find the full Release Notes at the end of the post. 

Application Control

Application Control for OPNsense via Sensei

From Release 1.5 onwards, the Application Database will be updated more frequently and independent of the main os-sensei package.


User-defined app signatures is another exciting new feature. If you think we’re missing an app signature, you can create your own signature. Like user-defined web categories, these can be used for filtering and reporting. For now, this feature is most useful for web-based applications. 

A new application, Illegitimate Advertising has been introduced in order to provide blocking and protection from advertising campaigns that have the potential to be harmful (phishing, malicious advertising, etc). 

In addition, signatures for over 200+ applications have been added or updated.


Advanced Network Analytics on OPNsense via Sensei

On the reporting side, a new key feature is the ability to completely offload a backend reporting database to an external Elastic Search database.


This has several major advantages:

  1. Saving money on hardware resources. You can install Sensei on very low-end systems that have very little RAM available (down to 1GB). 
  2. You can create an infinite number of dashboards and charts on your own Elasticsearch system. 
  3. You can aggregate all of your Sensei reports onto a central reporting system, providing a single pane of glass over all your Sensei Reports (Requires Premium Subscription). 

Other reporting improvements include view-only reports and dashboard access, the ability to relocate the reporting directory, PDF-based scheduled reports, and the ability to provide read-only access to users. 

Policies & Filtering

Policy Configuration

Policies now have the ability to Filter inbound and outbound connections separately.

You can define policies either matching packets regardless of the flow direction or you can choose to match only outbound or inbound flows. 

Moreover, you can now define multiple time schedules for policies. E.g. Policies to be on effect only from 9 am to12 pm and 1:30 pm to 5:30 pm.  

Privacy & Compliance

With Privacy & Compliance, we’ve introduced the ability to anonymize IP addresses, disable user and DNS enrichments. You can also delete logs for particular IP addresses. 

Backup & Restore

Another long-awaited feature, Backup & Restore, is now available. You can backup all of your Sensei configuration and rules and restore back from the previous backup. You can also create encrypted backups. 

For all 1.5 features, scroll down to the end…

Premium Features

Starting from $9.99/month for home users, and $39/month for commercial users, all of Sensei’s subscription options can be purchased right from within the Sensei User Interface.

For plans and prices, please see Sensei Plans page.

Academic, educational and non-profit organizations enjoy generous discounts.

To learn how Premium Subscriptions compare to Free Features, see: Premium vs Free

Also, you may want to check out this review on Home Network Blog for an in-depth look and feature comparison.

What’s cooking for Sensei in 2020?

If you are curious to know what’s next for Sensei, we have an offer for you. Take 30 seconds to fill out the “Sensei Roadmap Survey” for the opportunity to shape Sensei’s future.

Sensei 1.5 for OPNsense Release Notes

Application Control

  • New feature: More frequent (e.g. weekly) application database updates
  • New feature: User-defined application signatures
  • New feature: Illegitimate advertising application for potentially harmful ad systems
  • Improved app detection logic
  • 200+ new applications recognized

Privacy & Compliance

  • New feature: Ability to anonymize local/remote IP addresses
  • New feature: Ability to disable Username / DNS enrichments
  • New feature: Ability to selectively delete reports for specified IP addresses
  • 74 new applications recognized (mostly for better Ad Blocking)

Policies & Filtering

  • New feature: Multiple schedules for a single policy
  • New feature: Tooltips for policy screens
  • New feature: Policies can now match inbound/outbound flows selectively (You can specify flow direction for Policy Configuration)
  • New feature: Ordering and prioritizing policies
  • New feature: Sensei can now inspect and filter Proxy-ed connections (CONNECT method – Not transparent Proxy)
  • Improved Ad Blocking (Especially for Android mobile devices / Google Chrome mobile browsers)
  • Fix: Whitelisting for App Controls issue is fixed
  • Fix: Over-night time schedules
  • Fix: Engine reloading (during rule updates) issue is fixed
  • Fix: Mongodb Backend: Enlarged Charts can now pull data for all “Top” queries

Reporting & Analytics

  • New feature: You can now specify an external Elasticsearch instance for the main reporting database
  • New feature: You can now select the Backend Database Engine during initial configuration
  • New feature: Scheduled Reports: PDF Reports
  • New feature: Ability to provide an “exclude filter” for “Add filter” functionality
  • New feature: Ability to move Reporting Database to a different directory (To be able to move a database from a tempfs e.g. /var partition)
  • New feature: Read-only access to reports: you can now restrict an OPNsense UI user to only be able to view reports (Select Dashboard permission)
  • New feature: Ability to re-order charts


Improved feedback loop for Web Categorization. When you submit an entry for re-classification, we can now re-categorize it within as fast as 10 minutes. Re-categorized web sites may become available via Cloud as soon as 15 minutes. You can submit web sites for re-classification either through our Web site (Site Classification) or through the Sensei UI when you add a site to whitelist/blacklist or to a user-defined category.

  • Optimized Cloud Query Caching
  • Fix: case sensitive queries


Improved MS Active Directory caching performance


  • New feature: Configuration Backup and Restore
  • New feature: Health: You can now specify your own threshold for SWAP high utilization ratio
  • New feature: Health: Check and warn if reporting database is located on a tempfs
  • Improvement: Install/Configuration: You can now re-try hardware compatibility check in case first try fails
  • Other performance and reliability improvements