Skip to main content

Configuring Privacy Settings on OPNsense

Your privacy is our highest priority. You may use the Privacy configuration page to find and adjust your data-sharing options at the granular level.

To configure the Privacy options, follow the steps given below:

  1. Click Zenarmor on your OPNsense web UI.
  2. Click Settings menu on the left-hand sidebar.
  3. Click Privacy menu.

Configuring Privacy Settings on Zenarmor

Figure 1. Configuring Privacy Settings

General

On the "General" pane you can view and set the general privacy settings explained below.

Heartbeat and License Check

Engine heartbeat health check is an internal health check mechanism that continuously checks the state of packet processing worker processes. Heartbeat is a required functionality for the correct operation of the software and cannot be disabled.

The Heartbeat Health Check feature enables the application to check continuously once an hour the utilization of the following system resources:

  • Memory
  • Swap
  • Disk
  • CPU

If the disk usage percentage is more than %90 and/or the swap usage percentage is more than the value specified by the user (default %60), the engine is stopped and the user is warned by displaying an error message on the screen.

Also, the status of the reporting database is checked periodically if any problem is determined, the user is warned by displaying a message on the screen. This feature provides the deletion of application logs older than 15 days automatically.

Heartbeat and License Check option is enabled by default.

Every zenarmor installation sends heartbeat information 3-8 times a day.

The information shared in a heartbeat message includes below:

  • Unique node identifier

  • IP address

  • Zenarmor software versions

  • Platform version info

  • Important zenarmor configuration parameters

  • Subscription-related information like active subscription plan and the number of devices in use.

Configuring General Privacy Settings on Zenarmor

Figure 2. * Configuring General Privacy Settings*

Sharing Statistics

This option is to share statistics such as Log files(error logs, crash logs), interface information, and unique local IP address, with Zenarmor team. Any system information shared by users with the product team is priceless for the improvement of the product.

This option is enabled by default.

To disable this feature, you may switch off the toggle button next to the Help us to improve Zenarmor and services by sharing health and system utilization statistics option. This will automatically stop data sharing.

You can easily enable this feature for data sharing by clicking on the toggle button next to the Help us to improve Zenarmor and services by sharing health and system utilization statistics option. New settings are automatically applied.

Updates and Health

"Updates and Health" pane provides you following options:

  • Check For Zenarmor Software Updates

  • Check For Zenarmor Signature Updates

  • Enable 'Core File' generation

Updates and Health options on Privacy Settings on Zenarmor

Figure 3. * Configuring General Privacy Settings*

Check For Zenarmor Software Updates

By default Check For Zenarmor Software Updates option is enabled and Zenarmor performs regular checks to see if there's a new Zenarmor software version available to download and install. When updates are available, the user is notified with a notification message about the update on the dashboard.

This check shares the IP address of the Zenarmor installation.

To disable/enable Check For Zenarmor Software Updates feature, you may click on the toggle button next to the Check For Zenarmor Software Updates option. This will automatically apply the changes.

Check For Zenarmor Signature Updates

By default Check For Zenarmor Signature Updates option is enabled and Zenarmor performs regular checks to see if there's a new Application Database version available to download and install. When updates are available, the user is notified with a notification message about the update on the dashboard.

This check shares the IP address of the Zenarmor installation.

To disable/enable Check For Zenarmor Signature Updates feature, you may click on the toggle next to the Check For Zenarmor Signature Updates option. This will automatically apply the changes.

tip

It is strongly recommended that you enable both the Check For Zenarmor Software Updates and the Check For Zenarmor Signature Updates options.

Enable Engine "Core File" Generation:

For troubleshooting purposes, Zenarmor can generate a core file that can help the Zenarmor team to pinpoint the root causes of engine problems.

warning

This may temporarily cease network connectivity for the Zenarmor-protected interface for about 30 seconds to up to a minute during core file creation. Only enable this option if you're debugging a software crash with the Zenarmor team

To enable this feature switch on the toggle button next to the Enable Engine Core File Generation option. This will automatically apply the changes.

If any engine error occurs, a core dump file will be generated under the /usr/local/sensei/support/crash_dumps folder. This file can be shared with Zenarmor Support team to get the issue analyzed and resolved.

Cloud Threat Intelligence

A significant portion of Zenarmor's security features and web categorization capabilities are delivered through Zenarmor's Cloud Threat Intelligence System.

Zenarmor and Cloud Threat Intelligence systems communicate in a way that the cloud queries are encrypted and fully anonymous.

In its current form, the information shared in a query is given below:

  • Anonymized node id of the Zenarmor installation

  • Hostname and IP address of the remote endpoint.

Collected & fully anonymized information in the Cloud servers is then aggregated to produce statistical information to detect zero-day attack campaigns. Raw data is immediately deleted after processing.

Cloud Threat Intelligence options on Privacy Settings on Zenarmor

Figure 4. Cloud Threat Intelligence options on Privacy Settings

By default Cloud Threat Intelligence option is enabled.

To disable/enable Cloud Threat Intelligence feature, you may click on the toggle next to the Enable Cloud Threat Intelligence option.

tip

It is strongly recommended not to disable Cloud Threat Intelligence option.

Zenconsole Cloud Management

"Zenconsole Cloud Management" pane provides you following options:

  • Enable Cloud-based Management

  • Report Infrastructure Errors

Cloud Management options on Privacy Settings on Zenarmor

Figure 5. Cloud Management options on Privacy Settings

Enable Cloud-based Management

Zenarmor enables the centralized management of your Zenarmor instances from anywhere and at any time. Upon enabling Zenconsole, your local instance of Zenarmor will interface with our Cloud-based infrastructure.

The messages are encrypted using encryption technologies that adhere to industry standards.

On-demand communication exists between Zenconsole and your Zenarmor instance. When you do not actively maintain your Zenarmor instances, the communication between them is quite restricted (i.e. ping messages). All vital information (i.e., reporting) is stored at the local node and is only sent upon user request.

Report Infrastructure Errors

This is an important parameter that will assist in keeping the cloud infrastructure operational at all times. This error is notified to the Zenarmor Cloud Operations Center whenever a Zenarmor instance identifies a potential infrastructure-related issue.

To enable/disable the "Report Infrastructure Errors" feature, you may click on the toggle next to the Report Infrastructure Errors option. This will automatically apply the changes.

Reporting and Data

"Reporting and Data" pane provides you with the following options:

  • Anonymize local IP address

  • Anonymize remote IP address

  • Enable DNS Enrichment

  • Enable User Enrichment

Reporting and Data options on Privacy Settings on Zenarmor

Figure 6. Reporting and Data options on Privacy Settings

Anonymize local IP address

You may anonymize your local IP addresses for security and privacy purposes.

If this option is enabled, Zenarmor will mask actual local IP addresses and instead display anonymized IP addresses in your Reports.

To enable the "Anonymize local IP address" feature, you may click on the toggle next to the Anonymize local IP address option. This will automatically apply the changes.

Anonymize remote IP address

If this option is enabled, Zenarmor will mask actual remote IP addresses and instead display anonymized IP addresses in your Reports.

To enable the "Anonymize remote IP address" feature, you may click on the toggle next to the Anonymize remote IP address option. This will automatically apply the changes.

Enable DNS Enrichment

Zenarmor analyzes DNS traffic and maps IP addresses to their DNS names. This will increase your filtering success rates and is highly recommended.

To enable the "DNS Enrichment" feature, you may click on the toggle next to the Enable DNS Enrichment option. This will automatically apply the changes.

Enable User Enrichment

In your policy configuration, you may associate IP addresses with users. If you've connected Zenarmor with an Identity Database such as Microsoft Active Directory, Zenarmor will map IP addresses to allowed users by default. This option enables the specified behavior. However, you may not be allowed to include usernames in your reports due to regulatory requirements.

To enable the User Enrichment feature, you may click on the toggle next to the Enable User Enrichment option. This will automatically apply the changes.

warning

Please be aware that Data Anonymization has no impact on how we acquire data. These configuration options impact how data is stored in your environment (i.e. reporting database).

info

Please be noted that shared data for individual settings might be updated from time to time. Please check this page occasionally to get updates.

Last updated on by Zenarmor