Skip to main content

Zenarmor Application Control on OPNsense

Zenarmor's Application Control engine uses App DB to understand and classify the application a particular connection packets carry. The database contains dynamic signatures which hint the packet engine to be able to classify the connections more accurately.

To define application control for a policy on your network, you may follow the steps given below:

  1. Navigate to the ZenarmorPolicies on OPNsense Web UI.
  2. Click the name of the policy that you want to define application control.
  3. Go to App Controls tab.
tip

It is important to note that web controls are given priority over application controls. As a result of blocking a connection based on web control rules, the corresponding sessions will not undergo application control processing, and related reports will not contain application control information.

Updating Application Database

APP DB is maintained by the Zenarmor team. You can easily check and update the installed Application database on your OPNsense by following the next steps:

  1. Navigate to the ZenarmorSettingsAbout on OPNsense Web UI.
  2. Click Check Update on the Software tab. This will check if there is a new Application database.
  3. Click Update Now button to install the available Application DB updates.

Check & Update Application Database

Figure 1.: Check & Update Application Database

Application Categorization

Applications are categorized by their type and listed in a click-to-open tree view for convenient access.

Application Categories on Zenarmor

Figure 2. Application Categories

Searching Applications to Filter

There are quite many applications on the App controls page and sometimes it might be hard to just scroll down and navigate through all individual application categories. You can use the Search field to search and find a specific application. To search for an application in the list just type the application name in the search form.

Dynamic search for Zenarmor application control

Figure 3. Dynamic search for Zenarmor application control

If you don’t remember the name of the application that you want blocked/allowed, you can locate it by browsing under the category folder. To browse, you must click on the Category Name in the All Categories list.

Browsing Under an Application Category

Figure 4. Browsing Under an Application Category

Blocking an Application or a Category

Zenarmor allows you to block an application individually as well as an entire application category.

Blocking an application

Zenarmor allows you to block individual applications by clicking on the toggle button located on the right side of each application.

Blocking Individual Application

Figure 5. Blocking an Application

When you block some of the applications in a category, the total number of blocked applications for that category is shown on the Category list. In the next Figure, for example, 44 applications in the Instant Messaging category are blocked.

Total number of blocked applications in the Instant Messaging category

Figure 6. Total number of blocked applications in the Instant Messaging category

Blocking an entire category

You can also block the entire category by clicking on the toggle button located on the right of the category name.

Blocking Entire Application Category

Figure 7: Blocking Entire Application Category (Ad Tracker, Ads, and Blogs categories are blocked)

Defining/Updating A Custom Application

If you want to filter an application that doesn’t exist in our database/list, you can define a custom application.

Define New Custom Application

To define a new custom application you may follow the steps listed below:

  1. Click on +Create Custom Apps button at the top right of the App Controls page.

  2. Enter the name of the application (mandatory field).

  3. Add a description for the application.

  4. Select the category of the application (mandatory field).

  5. Define the protocol type (mandatory field).

  6. Specify the IP Addresses.

  7. Specify the hostnames (hostname or IP is a mandatory field, one should be filled).

  8. Specify the Ports.

  9. After providing all necessary information for the new application, you need to accept sharing of this application signature with the Zenarmor team to improve App Database quality.

  10. Click on the Create button.

Define new custom application

Figure 8. Define New Custom Application

Update/Delete A Custom Application

On the Define new custom application pop-up page you can update or delete existing custom applications also.

To update/delete existing custom applications you may follow the next steps:

  1. Start typing the application name, such as myapp, in the search bar.

  2. Click Edit button with a pen icon next to the application name. Editing custom application

Figure 9. Editing Custom Application

  1. Update the required fields.

  2. Click the check box to accept the privacy policy of Zenarmor.

  3. Click Update Application or, click Delete Application to delete the application.

Updating Custom applications

Figure 10. Updating Custom Applications

For managing the application list easily you can use the Display custom applications only toggle button to show only the custom-created applications.

Updating existing applications

Figure 11. Displaying Custom Applications Only

Activating the rules

When you're ok with the changes you made, click on the Apply Changes button at the top right corner of the screen to activate the rules.

Testing the results

The rules go into action immediately after you hit the Apply Changes button. The request silently blackholed on the user's end.

Testing MSN before the Ads blocked

MSN homepage with ads

Figure 12. MSN homepage with ads

MSN Homepage after the Ads blocked by Zenarmor silently

MSN Homepage after the Ads blocked by Zenarmor

Figure 13. MSN homepage without ads

Last updated on by Zenarmor