Thanks for this video, I have been contemplating moving from Untangle to OPNsense with Zenarmor. After trying out OPNsense on updated hardware and various plugins such as Zenarmor it's doesn't come close a next generation firewall with the ability to enforce firewall and other actions based on device/owner/bandwidth and other characteristics and usage patterns. Since I am grandfathered in for the $50/year plan with Arista I am going to keep that plan and just migrate my license to that hardware.
Yeah I think calling Zenarmor a NGFW plugin is misleading I've used various vendor firewalls and Zenarmor doesn't come close to offering anything like they do It is useful for the traffic monitoring and basic threat protection, but that's about it
It depends on what you do with it I suppose I only use it as a firewall, which is how a firewall is best used from a security perspective Although it can do lots of other things, it's best they're done on other servers to make the firewall less susceptible to an exploit So for me it's just a matter of installing it and adding rules For that reason I did some more generic firewall rule videos as the idea behind adding firewall rules is pretty much the same whichever vendor you use
Good video, The nice thing about more then 1 policy is AKA Guest networks, where they need to be locked down more then the Local network. Or if you have Guest Local & admin, you can create different rules :) I just did a video on this also !
More than 1 policy is essential, but as I mentioned, you'd need to pay for a subscription; At least $99 per year for a home user I don't see any point in that myself as this is just an old fashioned Proxy/content filtering service and it didn't seem all that accurate to me A subscription would be better spent on a more modern SASE solution
@@TechTutorialsDavidMcKone It's 89$ a year, BTW i have an affiliate link that takes another 10% off that too! BTW it's still cheaper then Untangle Home pro at $150 a year !
Wonderful video kind sir. I am running opnsense on a dedicated mini pc and running Pi-hole Vm for dns on another mini pc ( don’t ask lol) will I have any conflicting issues with zen armor and my setup?
Two systems tends to complicate things and make it harder to fix problems I'd be more inclined to let Pi-Hole handle all the DNS requests and let those go direct to the Internet DNS servers Then let OPNsense and Zenarmor deal with the firewalling and other types of filtering/monitoring
Yeah, but I was really curious what was on the network trying to contact something in that country You need a baseline to know what your devices are up to, what external computers they connect to, including the country, company details, etc. Turns out the IP address is actually allocated to an ISP here in the UK But for some reason Zenarmor thought it was allocated to someone in Australia
They seem to want to collect allot of information from us, plus the software is developed in one of the five eyes nations. The Five Eyes (FVEY) is an intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States. Is it safe put that on our routers?
It's difficult to find decent alternatives I've lost interest in what these agencies get up to though They'll get what they want, even if it means breaking a country's laws Because if they get found out, the government just changes the laws
I haven't seen any functional changes or at least not for the free version There have been cosmetic changes and it does look better If they open it up a bit more in the free edition I might come back to it But it's not what I would call a Next Generation Firewall anyway It's useful for monitoring but it doesn't fully integrate with an existing firewall For instance, you can't add a rule like allow these users access to Office 365 You still have to create classic rules so I think it's better to just buy a more modern firewall
@@vn_loc7316 If you click the word default policy or the shield to its left, it takes you to a page with tabs One of which is Security and there you can change enable/disable some basic settings
It's amazing what these developers are providing Even Cisco contribute to open source projects, including the Linux Kernel And they use open source software as well But for most businesses it's worth paying the money for the technical support They just can't afford the down time and when things go wrong they go wrong big time so that safety net is useful I once had problems with a Check Point firewall and only the developers could have confirmed that what I'd run into was a bug
Thanks for this content. Since a few weeks (OPNsense 24.1.3_1-amd64; Zenarmor Engine 1.16.24021615) I can not use the filter "show blocked only" in the live sessions. Bevor I set the filter, I see blocked content. When I set this filter, nothing is shown. A few weeks ago, this worked just fine. Does anybody know how to solve this?
Thanks for this video, I have been contemplating moving from Untangle to OPNsense with Zenarmor. After trying out OPNsense on updated hardware and various plugins such as Zenarmor it's doesn't come close a next generation firewall with the ability to enforce firewall and other actions based on device/owner/bandwidth and other characteristics and usage patterns. Since I am grandfathered in for the $50/year plan with Arista I am going to keep that plan and just migrate my license to that hardware.
Yeah I think calling Zenarmor a NGFW plugin is misleading
I've used various vendor firewalls and Zenarmor doesn't come close to offering anything like they do
It is useful for the traffic monitoring and basic threat protection, but that's about it
Just found your channel today. I like the way you teach, but i sure wish you had more on OPNSense. Was looking for more about the firewall setup.
It depends on what you do with it I suppose
I only use it as a firewall, which is how a firewall is best used from a security perspective
Although it can do lots of other things, it's best they're done on other servers to make the firewall less susceptible to an exploit
So for me it's just a matter of installing it and adding rules
For that reason I did some more generic firewall rule videos as the idea behind adding firewall rules is pretty much the same whichever vendor you use
Good video, The nice thing about more then 1 policy is AKA Guest networks, where they need to be locked down more then the Local network. Or if you have Guest Local & admin, you can create different rules :) I just did a video on this also !
More than 1 policy is essential, but as I mentioned, you'd need to pay for a subscription; At least $99 per year for a home user
I don't see any point in that myself as this is just an old fashioned Proxy/content filtering service and it didn't seem all that accurate to me
A subscription would be better spent on a more modern SASE solution
@@TechTutorialsDavidMcKone It's 89$ a year, BTW i have an affiliate link that takes another 10% off that too! BTW it's still cheaper then Untangle Home pro at $150 a year !
Wonderful video kind sir. I am running opnsense on a dedicated mini pc and running Pi-hole Vm for dns on another mini pc ( don’t ask lol) will I have any conflicting issues with zen armor and my setup?
Two systems tends to complicate things and make it harder to fix problems
I'd be more inclined to let Pi-Hole handle all the DNS requests and let those go direct to the Internet DNS servers
Then let OPNsense and Zenarmor deal with the firewalling and other types of filtering/monitoring
@@TechTutorialsDavidMcKone thank you for your knowledge and advice.
Good video. Australia would be low on my threat list though 😅
Yeah, but I was really curious what was on the network trying to contact something in that country
You need a baseline to know what your devices are up to, what external computers they connect to, including the country, company details, etc.
Turns out the IP address is actually allocated to an ISP here in the UK
But for some reason Zenarmor thought it was allocated to someone in Australia
Thank you. Great video.
Thanks for the feedback, it's really appreciated
They seem to want to collect allot of information from us, plus the software is developed in one of the five eyes nations. The Five Eyes (FVEY) is an intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States. Is it safe put that on our routers?
It's difficult to find decent alternatives
I've lost interest in what these agencies get up to though
They'll get what they want, even if it means breaking a country's laws
Because if they get found out, the government just changes the laws
Nice video, please do a new with the new UI Interface
I haven't seen any functional changes or at least not for the free version
There have been cosmetic changes and it does look better
If they open it up a bit more in the free edition I might come back to it
But it's not what I would call a Next Generation Firewall anyway
It's useful for monitoring but it doesn't fully integrate with an existing firewall
For instance, you can't add a rule like allow these users access to Office 365
You still have to create classic rules so I think it's better to just buy a more modern firewall
@@TechTutorialsDavidMcKone new interface for free version removed everything in Policies tab. You can't even edit default policy.
@@vn_loc7316 If you click the word default policy or the shield to its left, it takes you to a page with tabs
One of which is Security and there you can change enable/disable some basic settings
Crazy how much you can do with open source… and people pay 💰 for Cisco :)
It's amazing what these developers are providing
Even Cisco contribute to open source projects, including the Linux Kernel
And they use open source software as well
But for most businesses it's worth paying the money for the technical support
They just can't afford the down time and when things go wrong they go wrong big time so that safety net is useful
I once had problems with a Check Point firewall and only the developers could have confirmed that what I'd run into was a bug
@@TechTutorialsDavidMcKone definitely enterprise does need TAC, so many bugs out there :D Cheers!
Thanks for this content. Since a few weeks (OPNsense 24.1.3_1-amd64; Zenarmor Engine 1.16.24021615) I can not use the filter "show blocked only" in the live sessions. Bevor I set the filter, I see blocked content. When I set this filter, nothing is shown. A few weeks ago, this worked just fine. Does anybody know how to solve this?
If it's a bug it would be worth checking the forum
Both OPNsense and Zenarmor have them
Tanks