Versions Compared

Old Version 1

changes.mady.by.user Jean-luc KRIKER

Saved on

compared with

New Version Current

changes.mady.by.user Jean-luc KRIKER

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

NGFW Features Requiring Plugins/Add-ons:


Here’s the updated table highlighting which features are not free (like Zenarmor) and indicating which ones are native features of OPNsense:


NGFW FeaturePlugin/Add-on in OPNsenseFree/Not FreeNative Feature
1. Deep Packet Inspection (DPI)

...

  • Requires installing plugins like Suricata (Intrusion Detection System - IDS) for DPI and intrusion prevention.
SuricataFree
2. Intrusion Detection and Prevention

...

(IDPS)

...

  • Suricata is the plugin needed for IDPS, which provides both detection and prevention features.
SuricataFree
3. Application Awareness and Control

...

  • Requires plugins or custom configurations, such as setting up Suricata with rule sets that can recognize and control specific applications.
Zenarmor (Sensei)Not Free
4. Advanced Threat Protection (ATP)

...

  • Available through integration with Suricata or third-party services, but requires configuring it.
Suricata (with rulesets) and Zenarmor (Sensei)Partially Free (Suricata) / Not Free (Zenarmor)
5. SSL/TLS Decryption and Inspection

...

  • This is handled through the Web Proxy with the SSL Inspection plugin, which allows decryption and inspection of HTTPS traffic.
SSL Inspection (enabled via Web Proxy)Free
6. URL Filtering and Web Content Control

...

...

Web Proxy and Zenarmor (Sensei)

...

Partially Free (Web Proxy) / Not Free (Zenarmor)
7. Integrated Antivirus and Antimalware

...

  • Requires installing the ClamAV plugin for antivirus scanning in conjunction with the web proxy for malware detection.

...

Threat Intelligence Integration:

  • Can be integrated through plugins like ET (Emerging Threats) rule sets in Suricata or other third-party integrations.

Conclusion:

...

ClamAV (integrated with Web Proxy)Free
8. Identity-Based Access ControlsZenarmor (Sensei) or Active Directory integrationNot Free
9. Threat Intelligence IntegrationSuricata (ET Pro rulesets)Free
10. Cloud-based Threat DetectionNot natively supported without paid servicesNot Free
11. Centralized Management and ReportingOPNsense GUI, Zenarmor (Sensei) (advanced reporting)Free (OPNsense GUI) / Not Free (Zenarmor)
12. Policy Enforcement across Multiple LayersSuricata, Zenarmor (Sensei)Partially Free (Suricata) / Not Free (Zenarmor)
13. DNS SecurityUnbound DNS with custom configurations or Zenarmor (Sensei)Free (Unbound DNS) / Not Free (Zenarmor)
14. Virtualization and Cloud CompatibilityNative in OPNsense (no plugin needed)Free
15. IoT and BYOD SecurityZenarmor (Sensei)Not Free
16. Layer 7 (Application Layer) VisibilitySuricata, Zenarmor (Sensei)Partially Free (Suricata) / Not Free (Zenarmor)
17. Automatic Policy UpdatesSuricata (automatic rule updates)Free

Summary:

  • Not Free: Zenarmor (Sensei), which provides advanced features that are not available in the free version.
  • Native Features of OPNsense: SSL/TLS decryption, URL filtering (via Web Proxy), integrated antivirus (ClamAV), DNS security, and virtualization/cloud compatibility.