Add Third-party section + Sunnyvalley / Sensei (#190)
* Added .vscode and source/_build folders to gitignore * Adding Vendor Plugins > Sensei section and related documentations * sensei, fix build errors * Third-party plugins, Sensei.pull/191/head
After Width: | Height: | Size: 280 KiB |
@ -0,0 +1,26 @@
|
|||||||
|
====================================
|
||||||
|
Third-party Plugins
|
||||||
|
====================================
|
||||||
|
|
||||||
|
.. image:: images/architecture-blue-sky-business-2599538.jpg
|
||||||
|
:width: 600px
|
||||||
|
:align: center
|
||||||
|
|
||||||
|
|
||||||
|
Like our community plugins in some cases software is delivered under a non-free license, the Third-party section contains
|
||||||
|
the documentation for these packages as provided by Deciso or one of its partners.
|
||||||
|
|
||||||
|
For support on this software, please consult the vendor as found below.
|
||||||
|
|
||||||
|
--------------------
|
||||||
|
Sunnyvalley
|
||||||
|
--------------------
|
||||||
|
|
||||||
|
.. toctree::
|
||||||
|
:maxdepth: 2
|
||||||
|
:titlesonly:
|
||||||
|
|
||||||
|
vendor/sunnyvalley/sensei
|
||||||
|
vendor/sunnyvalley/sensei_hardwarerequirements
|
||||||
|
vendor/sunnyvalley/sensei_prepareyourfirewall
|
||||||
|
vendor/sunnyvalley/sensei_install
|
After Width: | Height: | Size: 96 KiB |
After Width: | Height: | Size: 313 KiB |
After Width: | Height: | Size: 312 KiB |
After Width: | Height: | Size: 317 KiB |
After Width: | Height: | Size: 334 KiB |
After Width: | Height: | Size: 234 KiB |
After Width: | Height: | Size: 373 KiB |
After Width: | Height: | Size: 579 KiB |
After Width: | Height: | Size: 140 KiB |
After Width: | Height: | Size: 142 KiB |
After Width: | Height: | Size: 121 KiB |
After Width: | Height: | Size: 140 KiB |
After Width: | Height: | Size: 140 KiB |
After Width: | Height: | Size: 121 KiB |
After Width: | Height: | Size: 158 KiB |
After Width: | Height: | Size: 122 KiB |
After Width: | Height: | Size: 118 KiB |
After Width: | Height: | Size: 123 KiB |
After Width: | Height: | Size: 104 KiB |
After Width: | Height: | Size: 98 KiB |
After Width: | Height: | Size: 102 KiB |
After Width: | Height: | Size: 12 KiB |
@ -0,0 +1,88 @@
|
|||||||
|
===================
|
||||||
|
Sensei: Overview
|
||||||
|
===================
|
||||||
|
|
||||||
|
About
|
||||||
|
----------------------------
|
||||||
|
Sensei is a plugin for firewalls complementing them with state of the art next generation features. If you are running a L4 firewall (all open source firewalls fall into this category) and looking for features like Application Control, Network Analytics and TLS Inspection, Sensei is the product you're looking for.
|
||||||
|
|
||||||
|
.. raw:: html
|
||||||
|
|
||||||
|
<iframe width="560" height="315" src="https://www.youtube.com/embed/VQ7tlMUNPYA" frameborder="0" allowfullscreen></iframe>
|
||||||
|
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
Features
|
||||||
|
----------------------------
|
||||||
|
Sensei empowers your firewall with the following next generation features
|
||||||
|
|
||||||
|
1. Application Control
|
||||||
|
2. Cloud Application Control \(Web 2.0 Controls\)
|
||||||
|
3. Advanced Network Analytics
|
||||||
|
4. All-ports full TLS Inspection \(for every TCP port, not just HTTPS\)
|
||||||
|
5. Cloud Threat Intelligence
|
||||||
|
6. Encypted Threats Prevention
|
||||||
|
7. Web Filtering & Security
|
||||||
|
8. Active Directory Integration
|
||||||
|
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
Getting Started
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
- :doc:`sensei_hardwarerequirements`
|
||||||
|
- :doc:`sensei_prepareyourfirewall`
|
||||||
|
- :doc:`sensei_install`
|
||||||
|
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
User Manual
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
You can get detailed *How to* documents from Sensei's Documentation Site located at https://help.sunnyvalley.io/
|
||||||
|
|
||||||
|
* `Dashboard <https://help.sunnyvalley.io/hc/en-us/articles/360025097293-Dashboard>`_
|
||||||
|
* `Status <https://help.sunnyvalley.io/hc/en-us/articles/360025098033-Status>`_
|
||||||
|
* `Reports <https://help.sunnyvalley.io/hc/en-us/articles/360024939914-Reports>`_
|
||||||
|
* `Security <https://help.sunnyvalley.io/hc/en-us/articles/360024941254-Security>`_
|
||||||
|
* `Application Control <https://help.sunnyvalley.io/hc/en-us/articles/360024941394-Application-Control>`_
|
||||||
|
* `Web Control <https://help.sunnyvalley.io/hc/en-us/articles/360025100393-Web-Control>`_
|
||||||
|
* `Configuration <https://help.sunnyvalley.io/hc/en-us/articles/360024941814-Configuration>`_
|
||||||
|
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
Getting Support
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
|
||||||
|
**Support for Freemium Edition**
|
||||||
|
|
||||||
|
If you need help for anything; there is an active discussion about Sensei on OPNsense forum. Feel free to `click here <https://forum.opnsense.org/index.php?topic=9521.new;topicseen#new>`_ and join the conversation.
|
||||||
|
|
||||||
|
You can also issue bug reports from `Gitlab <https://gitlab.com/svn-community/opnsense-sensei-plugin/issues>`_
|
||||||
|
|
||||||
|
With its in-depth coverage, `Sensei Documentation <https://help.sunnyvalley.io/>`_ is always available for reference.
|
||||||
|
|
||||||
|
* `OPNsense Forum <https://forum.opnsense.org/index.php?topic=9521.new;topicseen#new>`_
|
||||||
|
* `Users' Manual <https://help.sunnyvalley.io/>`_
|
||||||
|
* `Report a problem <https://gitlab.com/svn-community/opnsense-sensei-plugin/issues>`_
|
||||||
|
|
||||||
|
**Premium Subscription Support**
|
||||||
|
|
||||||
|
When you buy a Sensei Premium Subscription, you are entitled to Sensei Basic Support.
|
||||||
|
Additional support plans are available on demand.
|
||||||
|
|
||||||
|
* `Compare Support Plans <https://www.sunnyvalley.io/support>`_
|
||||||
|
* `Access Support Center <https://help.sunnyvalley.io/hc/en-us>`_
|
||||||
|
|
||||||
|
|
||||||
|
**Support Options for Channel Partners**
|
||||||
|
|
||||||
|
Sunny Valley Networks provides Tier 3 Support Options for Sensei Channel Partners. To learn more about them, please contact **sensei-partnership -at- sunnyvalley.io** .
|
||||||
|
|
||||||
|
|
||||||
|
**Connect via Social Media**
|
||||||
|
|
||||||
|
* **Twitter**: `@sunnyvalley <https://twitter.com/sunnyvalley>`_
|
||||||
|
* **Youtube**: `Sunny Valley Networks Hands-on videos <https://www.youtube.com/channel/UCBmMJAnuUW5qxAN23kLPuPA>`_
|
||||||
|
* **Sunny Valley Blog**: https://sunnyvalley.io/blog/
|
@ -0,0 +1,55 @@
|
|||||||
|
========================================
|
||||||
|
Sensei: Hardware Requirements
|
||||||
|
========================================
|
||||||
|
|
||||||
|
Due to the nature of packet analysis and granular drill-down reporting features, Sensei require more horsepower than a standard L3-L4 firewall.
|
||||||
|
|
||||||
|
.. Note::
|
||||||
|
|
||||||
|
Sensei requires at least 4 GB of memory. Installer will not continue if you have less than 4 GB of RAM.
|
||||||
|
|
||||||
|
.. Note::
|
||||||
|
|
||||||
|
A roadmap feature - Cloud reporting - will enable you to install Sensei to devices which have limited amount of memory. E.g. you'll be able to install Sensei to a Raspberry Pi.
|
||||||
|
|
||||||
|
-----------------------------
|
||||||
|
|
||||||
|
CPU & Memory
|
||||||
|
------------
|
||||||
|
|
||||||
|
Because the analytics module relies on Elastic Search to do Big Data processing, amount of the memory available in the system is crucial for the performance of the whole product.
|
||||||
|
|
||||||
|
At least dual-core *(i5 or equivalent)* or preferably quad-core modern CPU *(i7 or equivalent)* would be advisable.
|
||||||
|
|
||||||
|
Recommended minimum hardware requirements for Sensei based on the number of users and the bandwidth:
|
||||||
|
|
||||||
|
======================= ===================== ==================== ====================================================================
|
||||||
|
**Number of Users** **WAN Bandwith** **Min. Memory** **Min. CPU**
|
||||||
|
<25 20 Mbps 8 GB Intel Dual-Core i3 2.0 GHz (2 Cores, 4 Threads) or equivalent
|
||||||
|
25-50 50 Mbps - 10 Kpps 8 GB Intel Dual-Core i5 2.0 GHz (2 Cores, 4 Threads) or equivalent
|
||||||
|
50-100 100 Mbps - 20 Kpps 16 GB Intel Dual-Core i5 2.2 GHz (2 Cores, 4 Threads) or equivalent
|
||||||
|
100-250 200 Mbps - 40 Kpps 16 GB Intel Dual-Core i7 2.0 GHz (2 Cores, 4 Threads) or equivalent
|
||||||
|
250-1000 500 Mbps - 100 Kpps 32 GB Intel Quad-Core i7 3.40 GHz (4 Cores, 8 Threads) or equivalent
|
||||||
|
======================= ===================== ==================== ====================================================================
|
||||||
|
|
||||||
|
-----------------------------
|
||||||
|
|
||||||
|
Disk Space
|
||||||
|
------------
|
||||||
|
|
||||||
|
.. Note::
|
||||||
|
|
||||||
|
Sensei uses `Elastic Search Engine <https://en.wikipedia.org/wiki/Elasticsearch>`_ as its backend to process the Big Data. Please spare at least 5 MB of disk space per hour per megabit/second throughput.
|
||||||
|
|
||||||
|
If you're running a 100 Mbps link \(about 100 users\) which is quite active during the daytime and idle rest of the day, you can calculate the space needed as follows:
|
||||||
|
|
||||||
|
.. code-block:: none
|
||||||
|
|
||||||
|
5 MB x 12 hours x 100 Mbps = 6 GB per day.
|
||||||
|
6 GB x 7 days a week = 42 GB per week.
|
||||||
|
42 x 4 weeks a month = 164 GB per month.
|
||||||
|
|
||||||
|
|
||||||
|
.. Note::
|
||||||
|
|
||||||
|
As of 0.7.0 ::italic::(`changelog <https://www.sunnyvalley.io/blog/what-s-cooking-for-0-7>`_) , Sensei retires reports data to open up space for the new coming data. After the configured timespan, existing reports data is automatically purged to save space for fresh data.
|
@ -0,0 +1,24 @@
|
|||||||
|
===============================
|
||||||
|
Sensei: Prepare Your Firewall
|
||||||
|
===============================
|
||||||
|
|
||||||
|
.. Note::
|
||||||
|
|
||||||
|
To install Sensei on your OPNsense firewall, you need to connect to it via ``ssh`` with ``root`` privileges.
|
||||||
|
|
||||||
|
-----------------------------
|
||||||
|
|
||||||
|
---------------------
|
||||||
|
Enable Secure Shell
|
||||||
|
---------------------
|
||||||
|
|
||||||
|
1. Login to your OPNsense firewall's dashboard
|
||||||
|
2. Head to the :menuselection:`System > Settings > Administrations` menu
|
||||||
|
3. Enable all three checkboxes
|
||||||
|
|
||||||
|
1. Enable Secure Shell
|
||||||
|
2. Permit root user login
|
||||||
|
3. Permit password login
|
||||||
|
|
||||||
|
.. image:: images/opnsense-admin-secure-shell-settings.png
|
||||||
|
:width: 100%
|