ZenArmor (NGFW)
Next-Generation Firewall
- Setup and Installation
- Policies & Rules
- Cloud Management Portal
- Cloud Threat Intelligence
- Dashboards & Reporting
Setup and Installation
Plug-Ins on OPNsense
There are several ways to install and deploy ZenArmor and its utilities. I chose to install it's plug-ins via my OPNsense Web GUI. To install, navigate to through System --> Firmware --> Plugins and locate the os-sunnyvalley plugin. These are the plugins I currently have installed:
With the plugin installed, navigate to the Zenarmor tab within the OPNsense Web GUI and go through the initial installation wizard.
The wizard will first check and confirm your system meets the hardware requirements, and then ask you to select the interfaces you'd like to deploy to and also the database you'd like to use for reporting. I used MongoDB, but I may switch to Elasticsearch as I get more familiar with it.
Policies & Rules
ZenArmor has a robust set of rules and policies you can enforce. The free version they offer will enforce "essential" security rules for up to 100 devices. You can find the policies and configure them by navigating to the Policies tab under the ZenArmor section of the sidebar in your OPNsense Web GUI:
This will bring you to your Policy page. The free version allows for 1 set of default policies.
To configure these policies, click on default. The free version of this will let you configure the following policies:
After testing out the free version, I opted to pay for the Home edition for $9.99 a month. This unlocks additional configuration and reporting, along with daily updated rulesets. The security options unlocked are as follows:
More information about these security rules can be found in ZenArmor's documentation under the Managing Policies section.
Cloud Management Portal
ZenArmor allows you to also manage your firewall via their cloud console. Once configured and set up with your ZenArmor account, you can configure and manage several deployments of ZenArmor to the same extent as you could via OPNsense. Cloud Management can be enabled and configured via the Cloud Management Portal within the ZenArmor Settings.
Once configured, you can access your firewall via the web interface...
Your home dashboard on Zenconsole is quite similar to what you'll see in OPNsense, and can be configured to show you just about any statistic or metric you'd like to see!
Cloud Threat Intelligence
One of the best features of ZenArmor, is it's real-time Cloud Reputation and Threat Intelligence. These features are served through what they call ZenArmor Cloud, which is hosted by them, using a Google Cloud Infrastructure. ZenArmor Cloud is essentially a database that is continuously updated as new threats become realized. It allows for real time security threat intelligence, web site categorization, and site reputation/ranking which can be used for whitelisting or blacklisting.
ZenArmor sources it's data from their own database, their SOC, commercial threat intelligence feeds and public known threat databases, and several more reliable entities. With this large quantity of information, their AI-based threat intelligence can protect your network and devices from a large variety of attacks.
How it Works
Whenever a device within a protected network attempts to start a connection, the cloud data is queried in real time. The ZenArmor packet engine will process the flow and query the data from the nearest cloud server. Then, it will decide whether the connection is secure and decides how to proceed based on the policies and rules you have set up. As stated in their documentation, all communication between the packet engine and the cloud server uses proprietary encryption on UDP ports 5355 and 5356.
Configurations
You can configure Cloud Threat Intelligence via OPNsense Web GUI or Zenconsole. You can clear Cloud cache, exclude local domains, and also select their cloud servers that are closest to you to improve speed of connections and queries.
Dashboards & Reporting
One of the greatest features of next-generation firewalls, are it's reporting dashboards and visualization capabilities. Below you'll see some of the dashboards of my firewall after only having it running for 48 hours. These dashboards are available in both, the Cloud Management Portal as well as the OPNsense Web GUI.
