DIY Firewall Solution
Looking for a firewall solution that doesn't break the bank?
Introducing Zenarmor®, it is an all-software instant firewall that can be deployed onto virtually anywhere.
Thanks to its appliance-free, all-in-one, all-software, light-weight and simple architecture, it can be instantly deployed onto any platform which has network access. Virtual or bare-metal. On-premise or Cloud. Any Cloud...
No HW Lock-In, all software architecture. Use Hardware of Your Choice while upgrading and scaling your network.
For open source firewalls; this technology delivers state-of-the-art, next-generation features not currently available in products such as OPNsense. If you are running an L4 firewall (all open source firewalls fall into this category) and need features such as Application Control, Network Analytics, and TLS Inspection, Zenarmor provides these features and more.
The underlying technology behind the product is a very light-weight yet powerful packet inspection core that can provide a wide variety of enterprise-grade network security functions.
Unique Appliance-free Technology
Lightweight and powerful appliance-free technology allows organizations to launch instant firewalls on demand and easily secure environments as small as home networks or scale to multi-cloud deployments. It's as easy as launching an application.
Packet inspection core is powerful enough to protect against encrypted threats while also being so lightweight and nimble that it can even fit in very resource-constrained environments.
Zero-latency Security Stack
Deploy zero-latency security without backhauling data packets back and forth between POPs and datacenters.
Zenarmor’s single-pass architecture processes packets once and for all security controls.
The same security stack runs wherever deployed for an unprecedented level of consistency when applying security policies.
Deploy Anywhere, Rule from the Cloud
Inspect locally, analyze and manage centrally.
Cloud-based management provides control for all policies and network deployments.
Design policies independent of locations and devices and enforce them across all IT environments.
Aggregate and visualize all security telemetry from a single pane of glass. Start from an enterprise-level view and drill down to per-connection details.
Next-generation Firewall Features
- Application Control
- Cloud Application Control (Web 2.0 Controls)
- Advanced Network Analytics
- Web Filtering and Security
- Cloud Threat Intelligence
- User-based Filtering and Reporting
- Active Directory Integration
- RESTful API
- Cloud based centralized management & Reporting
- Application / Web category based Traffic Shaping and Prioritization
- Policy based filtering and QoS
- Encrypted Threats Prevention
- All-ports full TLS Inspection (for every TCP port, not just HTTPS) *Coming soon
Zenarmor is currently available for:
- OPNsense® (OPNsense 19.x - 23.x, fully integrated into the OPNsense WebUI)
- FreeBSD® (FreeBSD 11,12,13)
- Ubuntu Linux (Ubuntu 18.04 LTS, 20.04 LTS, 22.04 LTS)
- CentOS Linux (Centos 7, 8)
- Debian Linux (Debian 10, 11)
- pfSense ® software (pfSense ® software 2.5.x-2.6.x)
- AlmaLinux (AlmaLinux 1)
- Rocky Linux (Rocky Linux 9)
- RedHat Enterprise Linux (RHEL 8.5-9)
- Amazon Linux (Amazon Linux 2)
Zenarmor deployments on all Linux platforms as well as on FreeBSD-based firewalls can be managed together and seamlessly from the same pane of glass: Centralized Cloud Management Portal
Zenarmor can deploy onto any Cloud environments either as a gateway or on a per-server basis.
Zenarmor is managed through the cloud based management interface, Zenconsole. For OPNsense, an on-premise management is available and fully integrated with the OPNsense web user interface.
Zenarmor Hardware Requirements for OPNsense Firewall
|Active Devices||Maximum WAN Bandwidth||Minimum Memory||Minimum CPU|
|0 - 50||300 Mbps||1 GB||A Dual-Core CPU (x86_64 compatible, single core PassMark score of 200) Note: Deciso A10s and AMD G-SERIES SOC GX Series, Protectli/Qotom Celeron J Series are compatible|
|50-100||500 Mbps 10 Kpps||4 GB||Intel Dual-Core i3 2.0 GHz (2 Cores, 4 Threads) or equivalent|
|100-250||1 Gbps 20 Kpps||8 GB||Intel Dual-Core i5 2.2 GHz (2 Cores, 4 Threads) or equivalent|
|250-1000||1-2 Gbps 40 Kpps||16 GB||Intel Dual-Core i5 3.20 GHz (2 Cores, 4 Threads) or equivalent|
|1000-2000||1-2 Gbps||32 GB||Intel Quad-Core i7 3.40 GHz (4 Cores, 8 Threads) or equivalent|
|2000+||2-4.5 Gbps||64GB||Intel Quad-Core i9 3.0 GHz (24 Cores, 48 Threads) or equivalent|
Zenarmor’s software defined architecture frees you from any kind of dependency on expensive hardware. You can simply use the off the shelf hardware or a MINI PC to deploy Zenarmor and easily upgrade the product as you go by simply reallocating the NGFW licenses
Cloud Centralized Policy Management
Create per-firewall or centralized policies and assign them to selected group of firewalls. All with a few clicks and without having to log in to individual firewalls.
Policy restore points provide you with the ability to create backups of policy configurations and revert to a specific configuration within seconds.
Figure 1. Centrally Managed Policies
All of your local and cloud policies are instantly synchronized so that you don't need to worry about manually configuring the other side when you do a policy configuration either in the cloud or in the local OPNsense user interface.
Centralized Reporting and Analytics
Aggregate and visualize all security telemetry from a single pane of glass. Start from the enterprise-level big picture. Drill down to per-connection details.
Trying to keep track of individual systems on a one-by-one basis is an arduous process that is highly likely to cause important alerts to be missed or ignored.
Just like central policy management, Cloud Central Management empowers you with the capability to stream all of your reports to a single project-specific reporting instance. Run your analytics starting from the even bigger picture. Drill down to specific firewalls, and even to individual connections wherever they are.
Figure 2. Centralized Networks Analytics and Reporting
Communication between your firewall and our Cloud servers are secured with 256 bit AES encryption. We employ 2048 bit RSA keys and Mutual TLS (mTLS) authentication to ensure that traffic is secure and trusted in both directions between the firewall and Sunny Valley Networks Cloud Servers.
The privacy-first design prioritizes that minimal possible information is stored in the backend servers and that all information is stored in your devices and be retrieved on-demand when you request to access them through the Cloud Interface.
For Centralized Reports, you can freely use your own Elasticsearch instances, since they do not have to be hosted in the Cloud. Alternatively, you can also utilize Cloud elastic.co cloud instances. Centralized Reports are also retrieved and displayed through one of your firewalls.
Moreover, you can create centralized reporting instances per project. What this means is that you can group Company A firewalls under a project and assign a single Elasticsearch instance configuration for these group of firewalls.
Zenarmor offers a Free Edition and three paid subscription plans depending on your needs and budget:
The Free Edition is free of charge.
- Home Edition
- SOHO Edition
- Business Edition
You can purchase a Business Edition through Sunny Valley Networks Cloud Portal or through our Store (MackTechBiz). MackTechBiz is the exclusive authorized reseller of Zenarmor for the Philippines' market.
For a complete feature comparison see: Subscription Plans.
For any inquiries or to request a quotation, please feel free to reach out to us at firstname.lastname@example.org.