NGFW for Homelab & Practitioners
Zenarmor gives IT, network, and security practitioners a full-featured NGFW to run in their homelab on OPNsense, pfSense CE, bare metal, or any Linux box. Deep inspection, real visibility, and a clear path to enterprise SASE when you're ready to take it to work.
Who it's built for
Whether you're stress-testing security architecture, locking down your home network, or evaluating Zenarmor before rolling it out at work, this is the right starting point.
Capabilities
The homelab version runs the same engine as the business product. You get every capability, not a stripped-down demo, so what you test is exactly what you'd deploy.
Category-based URL filtering backed by a cloud threat intelligence database covering hundreds of millions of sites, continuously updated against the latest threats, zero-days, and malicious domains. Set per-device rules for full household control. Block harmful content per device, from kids' tablets to IoT endpoints.
Identify and enforce policies on 5,000+ applications by name, not just port and protocol. Allow or block by app, category, or device, giving you precise control over what's communicating on your network at any given time. Know exactly what every device on your network is talking to and control it.
Full layer-7 inspection including encrypted TLS/SSL traffic inline, without proxy detours or performance penalties. See what's actually inside the packets traversing your network, not just metadata. No more black boxes, full visibility into every flow, including encrypted sessions.
Block malware, ransomware, phishing, and C2 traffic before it reaches your devices, powered by live global threat intelligence. Catches threats that DNS blocklists and basic firewalls miss entirely. Enterprise-grade threat prevention running on your homelab hardware.
Assign different security policies to different users or devices, kids get content filtering, adults get full access, IoT devices get isolated. No AD required for home use; simple local identity management built in. Granular per-user and per-device control, without enterprise overhead.
Automatically discover and categorize every device on your network by type, OS, and identity. Instantly see what's connected; smart TVs, IoT sensors, phones, laptops and assign policies accordingly. Full network inventory and policy assignment automatically, on first boot.
Industry's best-in-class analytics; 60+ visually rich, drill-down reports covering threats, application usage, device activity, and traffic patterns. Filter to the most granular level to understand exactly what's happening on your network. The visibility you've always wanted over your home network, finally available.
Manage your entire Zenarmor deployment from Zenconsole, a cloud-based dashboard accessible from anywhere. The same multi-tenant management interface used in business deployments, so what you learn here maps directly to production use. Manage your home deployment the same way you'd manage a business fleet.
Your lab today. Your business tomorrow.
Zenarmor is the only NGFW where your homelab becomes your proof of concept. The architecture you test at home is identical to what you'd deploy at work and when you're ready to scale, ZTNA, SWG, CASB, and SD-WAN are already in the same platform waiting for you.
Install on OPNsense, pfSense CE, any Linux box, or a VM. Full NGFW running in under 5 minutes. No licensing restrictions on features.
Learn the policy engine, explore the reporting, stress-test the architecture. The skills you build here transfer directly to a business deployment.
Scale to your organization on the same platform. Add ZTNA, SWG, and CASB when you're ready. No vendor change, no re-architecture, no wasted learning.
Runs on your stack
Zenarmor runs natively on the platforms practitioners actually use; no proprietary hardware, no forced cloud dependency.
Ubuntu, Debian, FreeBSD, CentOS, Amazon Linux, RedHat. If it runs Linux or BSD, it runs Zenarmor.
One-click plugin install on OPNsense or pfSense CE, full NGFW on your existing open-source firewall in minutes.
Run as a VM or directly on hardware. Works on everything from a Raspberry Pi to a rack server.
Native Syslog for log forwarding to your home SIEM or lab monitoring stack.
Stream firewall events and threat data into your observability setup.
Full API access for automation, scripting, and integration into your homelab workflows.
From the community
Real feedback from the homelab and security community; no PR, no fluff.
Zenarmor is an incredibly powerful network firewall, and I absolutely love it. Of all the software I've used in this realm, Suricata, CrowdSec, and others... Zenarmor turned out to be my favorite. It's a powerful tool that makes it very easy to control your network's firewall, with a great UI on top of it. I can't imagine not using it in the future.
Excellent product, been using the early version for a few years, recently upgraded to latest engine and premium. If you want actual control and analysis this is the way to go for your network ๐
Just released a quick new blog about @opnsense and @sunnyvalley's Sensei. I feel like not enough people know about these great products. #infosec #opnsense #NGFW
Super stuff. ๐ฏ๐ฏ Building a small SOC station is a dream in progress.
I am officially a fan of @opnsense @zenarmor @proofpoint running on inexpensive X86 #IPU445 i7 8GB RAM