Has anyone on here setup zenarmor on a linux server and bridged the interfaces with vlans? Since pfsense+ doesn’t have the ability to install the zenarmor pkg I was curious if the layer 2 option would be worth implementing and if anyone is doing this.
Would the layer 2 bridge limit the zenarmor fw to layer 2 filtering only? I think so, but I haven’t played with that before. If so you could try enabling routing on it (not NAT) so you could play around with all the fancy ngfw stuff. If I am wrong let me know.
I would think it would still be able to filter all the traffic. No matter if it was layer 2 or 3. All of the traffic would just flow through a separate box. Basically an in-line setup. Once you bridge it you can set one side to the switch LAN and the other side to your firewall the WAN.
With that being said. I’m not sure I am convinced with the technology. I believe it is still the same ‘ol technologies. DNS/IP block lists and SSL inspection with certificates. Pfblocker already half of the capability and I can’t really use the ssl inspection on a lot of my devices because I’m not able to install certificates.
If I wanted SSL inspection I’d just build my own in python using the MITM libraries.
Yeah, I think you are right. After a little more googling it looks like the fw rules would be applied to the bridge, and I after looking at my own rules I realize I have layer 4 rules of my own that filter off the various bridges I have. Well that is embarrassing.
Hopefully you come back and post a followup report. I’d be curious what you find. I am doubtful about the efficacy of the tech too. The sun is setting on SNI inspection. Pretty charts, lots of buttons and switches to toggle, and good vibes feeling like something super serious is being done, but probably marginal returns at the end of the day. Maybe I am wrong.