Installing Sensei on OPNsense
In this blog post, we will show how to install Sensei on OPNsense. OPNsense, being developed and supported by Deciso B.V., is a very popular open source firewall happily used by many people around the world.
Sensei extends the capabilities of OPNsense so that it has the following Next Generation Firewall features:
Web 2.0 Controls
TLS Inspection (for every TCP port, not just HTTPS)
Advanced drill-down Reporting
Active Directory Integration
Sensei Community Edition is free-of-charge. So you can download it without a hassle.
After the installation, add-on module integrates its web management into the existing firewall Web UI, so you can manage the whole software from a single web interface.
You can get more information from the product’s web page.
1. HW Sizing to Install Sensei
To ensure your hardware is enough to work with Sensei please check CPU, RAM, CPU, disk space and bandwidth as follow:
CPU & RAM
Because the analytics module relies on Elastic Search to do Big Data processing, amount of the memory available in the system is crucial for the performance of the whole product.
At least dual-core (i5 and equivalent) and 4GB RAM or preferably quad-core modern CPU (i7 and equivalent) and 8 GB RAM would be advisable.
Recommended minimum hardware requirements for Sensei based on the number of users and the bandwidth:
|Number of Users||WAN Bandwidth||Recommended Minimum Memory||Recommended Minimum CPU Configuration|
|0-25||20 Mbps||8 GB||Intel Dual-Core i3 2.0 GHz(4 threads) or equivalent|
|25-50||50 Mbps10 Kpps||8 GB||Intel Dual-Core i5 2.0 GHz(4 threads) or equivalent|
|50-100||100 Mbps20 Kpps||16 GB||Intel Dual-Core i5 2.20 GHz(4 threads) or equivalent|
|100-250||200 Mbps40 Kpps||32 GB||Intel Dual-Core i7 2.0 GHz(4 threads) or equivalent|
|250-1000||500 Mbps100 Kpps||64 GB||Intel Dual-Core i7 3.4 GHz(8 threads) or equivalent|
Sensei uses Elastic Search Engine as its backend to process the Big Data. Please spare at least 5 MB of disk space per hour per megabit/second throughput.
If you’re running a 100 Mbps link (about 100 users) which is quite active during the daytime and idle rest of the day, you can calculate the space needed as follows:7
5 MB x 12 hours x 100 Mbps = 6 GB per day.
6 GB x 7 days a week = 42 GB per week.
42 x 4 weeks a month = 164 GB per month.
As of 0.7.0 (changelog), Sensei retires reports data to open up space for the new coming data. After the configured timespan, existing reports data is automatically purged to save space for fresh data.
Sensei requires at least 4 GB of memory. Installer will not continue if you have less than 4 GB of RAM.
A roadmap feature – Cloud reporting – will enable you to install Sensei to devices which have limited amount of memory. E.g. you’ll be able to install Sensei to a Raspberry Pi.
Sensei requires at leasat 4 GB of memory. Installer will not continue if you have less than 4 GB of Ram.
A roadmap feature – Cloud reporting – will enable you to install Sensei to Devices which have limited amount of memory. E.g. you’ll be able to install Sensei to a Raspberry Pi.
2. Installing OPNSense
Need help installing OPNSense?
Do you want to install it into a Virtual system. Read this blog post for instructions on how to do it: Install OPNsense virtualbox
Or else, if you want to install it into a PC or fan-less mini PC: read on: Installing OPNsense firewall to a fanless mini pc
3. Installing Sunny Valley Networks Packet Engine
This process is quite straight-forward and easy. Basically you don’t have to use ssh to connect and install Sensei. You can install Sensei via OPNsense web UI.
You can install with following instructions:
Go to your OPNsense web UI and login to it as a root user. And after that you can follow this path. On the left pane of the page, you can click System > Firmware > Plugins
After the opening of the Plugins page, you can view the installed and not installed plugins. You can search with Ctrl + F key combination with the “os-sunnyvalley” keyword then press the enter button to find out the Sensei plugin components.
- After that you should click the plus “+” button, than you will redirect to the Update menu tab.
- After the installation you can see the Sensei plugin in the Plugin menu bar. If you cannot see Sensei plugin, please refresh your web UI with F5 button.
- You also shoud install “os-sensei”. You can find out with Ctrl + F button combination, and you can click the plus “+” button to install it.
If you couldn’t see Sensei menu you may refresh web UI with the F5 button to verify installation.
After verifying the installation, you can follow this simple step to finish Sensei install.
When you click the Dashboard sub-menu under the Sensei menu, you will face with the “Welcome Page” of Sensei. This is the last step of installation. You should read the “END USER LICENSE AGREEMENT FOR SUBSCRIPTION SOFTWARE” and then you should accept and click the “I agree, let’s get going” button at end of the agreement to finish install.
After the acceptation you can see the summary of assessment of your computer’s system resources. If you see “low-end hardware” warning, please don’t worry about it if your system resources are above the minimum system requirements. Then clik the “Install Database & Proceed” button.
After the Database Installation you need to click “Next” button on the popup menu. Then you should select “Deployment Mode” as “Routed Mode” because other options is experimental. Then you should double click to the LAN interface under the “Available Interfaces” menu bar. You will see the LAN interface from “Available Intefaces” to the “Protected Interfaces” side. Then you should click “Next” button the bottom of right of web UI.
10.You can select and deselect cloud servers on the web page. After selection you should click the “Next” button. You can also write a local domain name to exclude queries
You can specify the TCP Service Password. This password protects the command line based CLI access to the packet engine. It is advisable to change this. After that you’ll be asked how you’d like to be receive updates to the software. Change these settings to your liking and you’re done.
You have some options about “Updates and Support” and Health Check. You can specify automatic update for plugin, and its database. You can enable/disable generation of support data automatically. You can also control “Health Check” and “Enable engine heartbeat monitoring” features. Then click the “Next” button.
At the next page you can select your deployment size as a user. After selection please click “Next” button. End of the installation you may enter your email to stay up to date. Then click the “Finish” button to finish installation. Depending on the speed of your computer and your Internet connection, it might take 2-4 minutes to complete the whole installation.
You can start enjoying your new Next Generation Firewall Plugin Sensei.
Visit our Youtube channel for more videos about Sensei’s exciting new features.