Configuring Exempted VLANs & Networks on OPNsense

Zenarmor allows you to define exempted Vlans and IP/Network addresses for your network. Exempted VLANs and Network addresses are bypassed from any Zenarmor processing. The difference from Policy-based whitelisting is that these do not enter any packet processing and are directly forwarded at the interface level. For that reason, for these addresses, you`ll also not see any activity reported in the reports.

tip

Devices in the exempted Vlans and networks are excluded from the Zenarmor license. They are not counted for license calculation.

note

Exempted VLANs & Networks feature is available for premium Zenarmor Editions.

To configure the Exempted VLANs & Networks options, follow the steps given below:

1. Click Zenarmor on your OPNsense web UI.
2. Click Settings menu on the left-hand sidebar.
3. Click Exempted VLANs & Networks menu.

Figure 1. Configuring Exempted VLANs & Networks

You may perform the following tasks on this page:

• Adding/Removing/Editing/Disabling Exempted VLANs
• Adding/Removing/Editing/Disabling Exempted IP and Network Addresses
• Adding/Removing/Editing/Disabling Exempted MAC Addresses

Adding Exempted VLANs

To exempt some VLANs from protection by Zenarmor, you need to enter VLAN IDs to this pane. By excluding VLAN, Zenarmor will bypass the traffic of that VLAN.

To define an exempted VLAN, you may follow the next steps given below:

1. Click Exempt Vlan ID button. This will open a dialog box.
2. Enter a valid VLAN ID between 1-4096.
3. Type a description, such as VLAN name Engineering Department VLAN.
4. Click Submit button to save the changes. This will add the VLAN ID to the Exempted VLANs list on the page.

Figure 2. Adding Exempted VLANs

Removing/Editing/Disabling Exempted VLANs

Zenarmor allows you to remove, edit, or disable the exempted VLANs. You can easily remove/edit/disable the exempted VLANs by following the steps:

1. Click on the Actions button with ... (3 dot) icon next to the VLAN ID you wish to remove/edit/disable. This will open a drop-down menu.
2. Select the action from the menu. This will open a dialog box to allow you to remove or edit the domain.
3. If you click on the Disable, Zenarmor starts to protect this VLAN traffic. If you click on Edit, make the required changes on the domain name and click the Submit button to save the changes. If you want to Remove the VLAN ID from the exempted VLANs list, confirm the removal of the VLAN.

Figure 3. Removing/Editing/Disabling Exempted VLANs

Adding Exempted IP and Network Addresses

Likewise, you can also exclude IP addresses or networks by entering them in CIDR format (IPv4). You may set a description optionally. To exempt some IP and Network Addresses from protection by Zenarmor, you need to enter IP and Network Addresses into this pane. By excluding IP and Network Addresses, Zenarmor will bypass the traffic of that VLAN.

To define an exempted IP and Network Address, you may follow the next steps given below:

1. Click Exempt IP / Network Address button. This will open a dialog box.
2. Enter an IP / Network Address.
3. Type a description, such as Engineering Department Network.
4. Click Submit button to save the changes. This will add the IP / Network Address to the Exempted IP / Network Address list on the page.

Figure 4. Adding Exempted IP & Network Address

Removing/Editing/Disabling Exempted IP and Network Addresses

Zenarmor allows you to remove, edit, or disable the exempted IP and Network Addresses. You can easily remove/edit/disable the exempted IP and Network Addresses by following the steps:

1. Click on the Actions button with ... (3 dot) icon next to the IP and Network Addresses you wish to remove/edit/disable. This will open a drop-down menu.
2. Select the action from the menu. This will open a dialog box to allow you to remove or edit the domain.
3. If you click on the Disable, Zenarmor starts to protect this IP and Network Addresses traffic. If you click on Edit, make the required changes on the domain name and click the Submit button to save the changes. If you want to Remove the IP and Network Addresses from the exempted IP and Network Addresses list, confirm the removal of the IP and Network Addresses.

Figure 5. Removing/Editing/Disabling Exempted IP and Network Address

Adding Exempted MAC Addresses

To exempt some devices from protection by Zenarmor, you need to enter their MAC Addresses to this pane. By excluding MAC Addresses, Zenarmor will bypass the traffic of that devices.

To define an exempted MAC addresses, you may follow the next steps given below:

1. Click Exempt MAC Addresses button. This will open a dialog box.
2. Enter a valid MAC address.
3. Type a description, such as name of the device, Michael Laptop.
4. Click Submit button to save the changes. This will add the MAC address to the Exempted MAC Addresses list on the page.

Figure 6. Adding MAC Address

Removing/Editing/Disabling MAC Addresses

Zenarmor allows you to remove, edit, or disable the exempted MAC address. You can easily remove/edit/disable the exempted MAC address by following the steps:

1. Click on the Actions button with ... (3 dot) icon next to the MAC address you wish to remove/edit/disable. This will open a drop-down menu.
2. Select the action from the menu. This will open a dialog box to allow you to remove or edit the domain.
3. If you click on the Disable, Zenarmor starts to protect this MAC address traffic. If you click on Edit, make the required changes on the domain name and click the Submit button to save the changes. If you want to Remove the MAC address from the exempted MAC addresses list, confirm the removal of the MAC address.

Figure 7. Removing/Editing/Disabling Exempted MAC address