Articles in this section

Release Notes

Matt
  • Updated
Follow 
Announcement
Our new documentation site is alive!
You can view our latest documents here.

1.8.2 - April 1, 2021

 

Packet Engine

  • Bug-Fix: Engine is now compatible with wireguard kmod interfaces. The service start problem is fixed.
  • Bug-Fix: Service restart due to IMAP classifier problem is fixed.

Packet Management

  • Improvement: Plug-ins are now compatible with OPNsense’s new plug-in system. Plug-in health warnings are handled.

 

1.8.1 - March 22, 2021

 

Installation / Integration

  • Improvement: New OPNsense plugin semantics are adopted. This solves the ‘misconfigured’ plug-in problem.
  • Improvement: Hardware detection timeout is increased to accommodate for low resource hardware.

Cloud Central Management

  • Improvement: Cloud-agent process restarts only after successful upgrades.

Policy

  • Improvement: Cloning of the Default policy is disabled.
  • Bug-Fix: IPv6 wrong policy matching problem is fixed.
  • Bug-Fix: Policy cloning is fixed.

Other

  • Bug- Fix: Handle out-of-bounds condition in DNS Processor.
  • Bug-Fix: High swap usage warning window now correctly shows the actual processes consuming the highest amount of resident memory
  • Bug-Fix: IPDR streamer new file creation error is fixed.

 

1.8 - March 11, 2021

 

New Platforms

  • FreeBSD 11 / 12
  • Centos 7
  • Ubuntu 18.04 / 20.04
  • Debian 9 / 10
  • All these new platforms can be managed alongside OPNsense systems through your single pane of glass: Cloud Portal. Documentation to follow shortly.

Cloud Central Management

  • New Feature: Aggregated Central Reporting of Firewalls
  • New Feature: Grouping and Reporting of Firewalls by Projects. 
  • New Feature: Ability to do packet engine updates through Cloud Portal
  • Improvement: Remote Database configuration can be made for a group of firewalls in the Project.
  • Improvement: Node names sorted by node names.
  • Improvement: Performance optimizations for Remote Elastic Database.
  • Bug- Fix: A few Cloud Agent service bugs are fixed.

Updates & Health

  • Improvement: The database version is shortened for convenience.

Reporting

  • New Feature: SQLite backend for low-end systems. (Cloud only for now)
  • Bug-Fix: Allow button problem is fixed in the Threats - Live Security Events Monitor.
  • Bug-Fix: Maximum value limitation for Connections in the Conn-Facts Reports and Schedule Reports is removed and now unlimited.

Configuration

  • Bug-Fix: Exempted Network IP field max character limit extended.

Policy

  • Bug-Fix: Custom Application definitions are now checked for formatting. 
  • Bug-Fix: IP / Network field max character limit extended. 

Report a Bug

  • Bug-Fix: Crash report creation is fixed.

 

1.7.1 - February 15, 2021

 

Cloud Central Management

  • Improvement: Two-factor authentication is made more visible in the Account settings menu.
  • Improvement: During registration, users who are using OPNsense Web UI on “HTTP” protocol are now advised to switch to “HTTPS”.
  • Improvement: Metric values are now available with the Reports
  • Bug- Fix: A fix is introduced for a bug that caused some Cloud Registrations to fail.

Active Directory Agent

  • New feature: AD agent can now stream user/group information to multiple firewalls simultaneously.
  • Improvement: Kerberos Authentications Support

Packet Engine

  • Improvement: Health watchdog value is adjusted to be able to accommodate low-end devices with weak CPU and slow disk speeds (e.g. apu2 devices)

Configuration

  • Improvement: TUN interfaces (Wireguard, OpenVPN) are now re-enabled in the available interface section.

Policy

  • Bug-Fix: A bug while editing a whitelist is fixed.

Report a Bug

  • Bug-Fix: “Thank you” Screen: bogus meta characters are removed.

 

1.7 - January 22, 2021

 

Cloud Central Management

  • A feature long-awaited by our MSP partners, the First BETA release of Cloud Central Management is available to try with this release. To connect your firewall head to Sensei, Configuration, Cloud Management Portal.

Policy

  • Improvement: In the Free Edition, to provide a consistent User Experience; App, Web, and Security sub-menus have been merged into a “Default Policy”. 
  • Improvement: Time schedules are now distinguishing criteria for policy definitions. You can now have different policies if their time schedules are different and even all other criteria are the same. 
  • Improvement: After an app database update, newly introduced applications can be displayed now. Just click on “Display recently added application only”.
  • Bug-Fix: Custom app editing is fixed.

Reporting

  • Improvement: Hide Local Connections and Hide Blocked Connections selection is now remembered. 
  • Improvement: IPDR Streamer (Reporting streaming) is now multithreaded and is able to scale to multiple CPUs. 

Licensing

  • Improvement: Premium Subscription is renamed as Business Subscription.
  • Bug-Fix: 1000+ license configuration saving problem is fixed.

Enrichment

  • Improvement: Engine <-> UI communication has been migrated to a unix domain socket.
  • Bug-Fix: CIDR alias entries (/32) are now properly processed.

 

1.6.2 - December 15, 2020

Reporting

  • Improvement: All domain names are now converted to lower case to avoid duplicate reporting
  • Improvement: MongoDB backend is now able to keep reporting longer than 2 days
  • Bug-Fix: IPv6 matching is fixed for Exempted Networks/IP
  • Bug-Fix: Passive mode in/out stats view is fixed
  • Bug-Fix: IPv6 Top Local Hosts drill-down functionality is restored

Other

  • Improvement: Backup and Restore: handle browser auto-fill for password verification

 

1.6.1 - October 6, 2020

Performance

  • Improvement: 2x performance boost with SSL/TLS downloads

Reporting

  • New Feature: Schedule Reports: Option to enable/disable TLS server certificate verification
  • Bug-Fix: Remote Elastic Search authentication problem is fixed

Other

  • Bug-fix: Backup and Restore: password verification
  • Bug-Fix: Deployment Flavor correctly displayed now - Configuration - General

 

1.6 - September 17, 2020

 Policies and Content Filtering

  • Improvement: Firstly seen control is now applied only for Web Sites
  • Improvement: OPNSense Management IP Address is whitelisted by default
  • Improvement: The default policy is moved to the end of the policy list to be compatible with the engine policy matching order. 
  • Improvement: A Domain can be added as global value to the Whitelist/Blacklist, so affects whole policies.
  • Improvement: Auto White/Block list import/export
  • Improvement: Cloning policies. Start a new policy by cloning an existing one and avoid having to configure all of the policy options. 
  • Bug-fix: Handling the case when a domain is being added to more than one policy
  • Bug-fix: ccTLDs are better handled.

Reporting

  • Improvement: Top Threat Reports were added
  • Improvement: Show / Hide Local Connections in Reports
  • Improvement: Show / Hide Blocked Traffic in Reports
  • Improvement: Activity Explorer is more efficient with new time grouping and intervals
  • Improvement: Live Session Explorer now displays blocked and allowed connections in different colors so that you can more easily spot blocked connections. 
  • Improvement: The number of Unique devices is displayed while purchasing a subscription so that you know which subscription will work for you best.
  • Improvement: It is possible to schedule reports for a specific day and hour and get weekly reports
  • Improvement: You can custom-define your firewall’s index prefix in the remote Elasticsearch database so that you can better identify which indexes are for which firewalls.
  • Improvement: New fields were added in reporting values;
    • is_blocked {0,1} > 0 = Connection is not blocked, 1= Connection is blocked
    • is_local {0,1} > 0= Connection is not local, 1= Connection is local
    • security_tags {Security Category Names (Proxy, Phishing, Malware etc.)}
  • Bug-Fix: SNMP traffic was tagged as QUIC Protocol

High Availability

  • Improvement: Landing pages also get synced to the Passive Nodes

DNS Enrichment

  • Improvement: In-flight reverse DNS queries for unresolved local IP addresses
  • Improvement: OPNSense aliases can now be used for DNS Enrichment

External Reporting

  • Improvement: Syslog Streaming: You can now optionally select which reports are to be streamed to a remote Syslog server (i.e. all reports or just connections, threats, blocks)

Backup Restore

  • Bug-fix: Fixed restoring only Policies & Rules

Configuration

  • Improvement: Passive Deployment mode is introduced.
  • Improvement: Routed Mode (L3 Mode, Reporting + Blocking) with netmap generic driver is made available for ethernet incompatible interfaces with netmap.
  • Netmap exclusive device access: prevent other applications (e.g. Suricata) to access the interface if sensei is running on the interface. This is to prevent possible network outages in case users start sensei and Suricata on the same interface.
  • Support for VPN connections
  • Vmx and vtnet re-enabled

 

1.5.2 - June 26, 2020

Cloud Portal and Licensing

  • Cloud Portal is now live!. You can manage your subscriptions from SVN Cloud Portal
  • My Account link added to Sensei UI for easy access to Cloud Portal
  • License Purchase Page now shows the number of unique devices protected so that you can decide on the correct license tier

Policies and Filtering

  • Bug-fix: policy list not available after a factory reset
  • Bug-fix: prevent custom web categories to be named as one of the existing SVN category names
  • Bug-fix: prevent duplicate custom web categories

Application Database

  • Improvement: No need to restart the engine after Application Database Updates
  • Improvement: Application database updated to the latest version

Integrations

  • Bug-fix: Syslog configuration bug

Other

  • Bug-fix: cosmetic fixes for vicuna theme
  • Bug-fix: user enrichment re-enable functionality
  • Other performance and reliability improvements

 

1.5.1 - June 1, 2020

Filtering

  • Improvement: Whitelist local domains (.net, .home, .lan etc) and private IP addresses from for Cloud Queries
  • Bug-fix: Handle floating CDN IP addresses with DNS Enrichment - filtering

Reporting

  • Improvement: User authentication support for Remote Elasticsearch Databases
  • Improvement: Scheduled Reports: Test email now sends an actual report instead of a blank test email
  • Improvement: Scheduled Reports: You can now easily add a chart to the scheduled reports by clicking on the "Envelope" icon on the chart
  • Bug-fix: Scheduled Reports: Sorting Charts
  • Bug-fix: Elasticsearch UTF8 encoding problem with remote databases
  • Bug-fix: Inconsistency with the "Top" records checkbox in Firefox Browser
  • Bug-fix: DB selection should not be bypassed
  • Bug-fix: openmap links over HTTPS

Integrations

  • Bug-fix: Active Directory IPv6 user enrichments

Other

  • Adjust netmap memory according to the available system memory
  • Bug-fix: Fix a crash at Generic Proxy Parser
  • Bug-fix: Fix a broken link in Problem Report screen
  • Other performance and reliability improvements

 

1.5_1 - May 20, 2020

OPNsense 20.1.7 compatibility patch for MongoDB backend

  • This patch fixes a compatibility issue with OPNsense 20.1.7 if you're using Mongodb
  • Elasticsearch is fine. You might just ignore this update ;)

 

1.5 - May 7, 2020

Application Control

Application Database is now a seperate package and can be updated independently and more frequently

  • New feature: More frequent (e.g. weekly) application database updates
  • New feature: User-defined application signatures
  • New feature: Illegitimate Advertising app to block potentially harmful advertising campaigns
  • Improved app detection logic
  • 210+ new applications recognized

Privacy and Compliance

  • New feature: Ability to anonymize local / remote IP addresses
  • New feature: Ability to disable Username / DNS enrichments
  • New feature: Ability to selectively delete reports for specified IP addresses

Policies and Filtering

  • New feature: Multiple schedules for a single policy
  • New feature: Tool tips for policy screens
  • New feature: Policies can now match inbound/outbound flows selectively (You can specify flow direction for Policy Configuration)
  • New feature: Ordering and prioritizing policies
  • New feature: Sensei can now inspect and filter Proxy-ed connections (CONNECT method - Not transparent Proxy)
  • Improved Ad Blocking (Especially for Android mobile devices / Google Chrome mobile browsers)
  • Fix: Whitelisting for App Controls issue is fixed
  • Fix: Over-night time schedules
  • Fix: Engine reloading (during rule updates) issue is fixed
  • Fix: Mongodb Backend: Enlarged Charts can now pull data for all "Top" queries

Reporting

  • New feature: You can now specify an external Elasticsearch instance for the main reporting database
  • New feature: You can now select the Backend Database Engine during initial configuration
  • New feature: Scheduled Reports: PDF Reports
  • New feature: Ability to provide an "exclude filter" for "Add filter" functionality
  • New feature: Ability to move Reporting Database to a different directory (To be able to move database from a tempfs e.g. /var partition)
  • New feature: Read-only access to reports: you can now restrict a OPNsense UI user to only be able to view reports (Select Dashboard permission)
  • New feature: Ability to re-order charts

Cloud

Improved feedback loop for Web Categorization.

When you submit an entry for re-classification we can now re-categorize it within as fast as 10 minutes. Re-categorized web sites may become available via Cloud as soon as 15 minutes. You can submit web sites for re-classification either through our Web site (https://www.sunnyvalley.io/site-classification/) or through the Sensei UI when you add a site to whitelist/blacklist or to a user defined category.

  • Optimized Cloud Query Caching
  • Fix: case sensitive queries

Integrations

  • Improved MS Active Directory caching performance

Other

  • New feature: Configuration Backup and Restore
  • New feature: Health: You can now specify your own threshold for SWAP high utilization ratio
  • New feature: Health: Check and warn if reporting database is located on a tempfs
  • Improvement: Install/Configuration: You can now re-try hardware compatibility check in case first try fails
  • Other performance and reliability improvements

 

1.4 - February 25, 2020

High Availability

  • Automatic Sensei configuration synchronization between nodes (Premium feature)

Application Control

  • 74 new applications recognized (mostly for better Ad Blocking)

Cloud

  • Optimized Cloud Query Caching
  • Europe-2 cloud server has been deployed for additional capacity for Europe continent

Filtering

  • Tooltips for policy screens
  • Fixed an issue wherein some rare occasions rules were not communicated with the engine properly
  • Fixed Ad blocking for Android apps

Reporting

  • MongoDB: if indexes are broken, Sensei now tries to automatically fix them before reporting error
  • OPNsense Dashboard Widget: fixed caching bug
  • Fixed custom dates in reporting date filters
  • Fixed a few minor cosmetic issues with cicada theme

Other

  • Health: check and warn if /var directory is mounted on a tmpfs filesystem
  • Health: check and warn if the protected interface has jumbo frames (MTU larger than 1500)
  • Health: if a bypass event occurs due to CPU/Ram/Swap, Sensei now logs the top resource-intensive processes
  • Health: continuously check and warn if any Sensei interface is also in use by Suricata
  • Installer: re-try CPU check if it is not successful for the first time
  • Interface configuration widget Firefox/mobile browser compatibility is re-visited and fixed
  • Other performance and reliability improvements

 

1.3.1 - January 30, 2020

OPNsense 20.1/OpenSSL compatibility packages for Sensei MongoDB Backend

  • MongoDB backend and OpenSSL: Due to some dependency package upgrades, new MongoDB packages have been built and provided with this release (Because of OpenSSL 1.1.1 migration).
  • MongoDB backend and OpenSSL: Dropped support for OPNsense 19.7.x and prior releases
    •  

Reporting

  • OPNsense Dashboard Widget: performance optimizations
  • OPNsense Dashboard Widget: fixed bug occasionally causing raw JSON data appearing in the widget
    •  

Other

  • Reporting a bug is now a separate menu. Find it in the upper right-hand corner of the UI (Separated from Contact Sensei Team menu)
  • Interface configuration mobile compatibility is fixed
  • Other performance and reliability improvements
  •  

 

1.3_1 (Patch Level 1) - January 23, 2020

  • This patch level addresses a browser compatibility issue

 

1.3 - January 17, 2020

SOHO Subscription goes live

      • Sensei SOHO Subscription goes live
      • In-App purchase option for all subscription options. You can now purchase all Sensei Subscriptions easily through Sensei User Interface

Filtering

      • New Premium feature: Pause/Resume internet for a policy with a single click
      • User-defined lists: handle subdomain matching more intuitively. If you add domain.com, sensei will match all subdomains under this domain

Reporting

      • New Premium feature: Export PDF: You can export the charts or live session reports as PDF files
      • New Premium feature: Activity Report: A more condensed and brief version of the live connection activity report
      • New Premium feature: Fully Customizable Views. You can now add new fully configurable views
      • Security Reports renamed as "Block Reports"
      • Optimized time-based charts (Mongodb backend)
      • Fixed policy name in Security Reports

Other

    • Contact Sensei Team: improved to share more relevant information during bug-reports
    • Version history now shows feature history for all previous releases
    • API security tokens: ability to remove existing keys
    • Scheduled e-mails: fixed timing bug sometimes causing scheduled emails to fail
    • Wizard: initial configuration wizard now checks if your OPNsense is current and up to date
    • Dropped support for OPNsense 19.1.x and prior releases
    • Other performance and reliability improvements

 

1.2.5 - January 8, 2020

Important Message

With 1.3 release onwards, Sensei will drop supporting OPNsense releases 19.1.x and earlier. Please update to the latest OPNsense release to avoid any incompatibility issues

Convenience

      • Save Changes button is now more visible for Web/App Controls

Filtering

      • Fix: firewall reboots causing default policy rules being deleted

Reporting

      • Scheduled Reports: errors are now communicated through the user interface

Configuration

    • Fix: deployment size setting
    • Fix: re-assigning network interfaces

 

1.2.4 - December 27, 2019

Important Message

With 1.3 release onwards, Sensei will drop supporting OPNsense releases 19.1.x and earlier. Please update to the latest OPNsense release to avoid any incompatibility issues

Premium

      • Fix: Modifying an existing Policy
      • Fix: Deleting Exempt VLAN/Networks

Application Database

      • New app signatures for TikTok, Discord App, GroupMe, Houseparty

Reporting

      • Fix: Drilling down to localhost (specifically IP addresses with hostnames associated with them)

Other

    • Fix: Reset factory defaults also resetting policies
    • Revert: netmap buf_num value to OPNsense default.
    • Other performance and reliability improvements

 

1.2.3 - December 15, 2019

Premium

      • Convenience: warning message displayed when allowed number of policies reached for Home Edition
      • Fix: Policy refreshes

Reporting

      • Local Unique Devices information added to Conn - Facts chart in Connections View
      • Auto white/blacklist Hosts: remember user preference (sending categorization feedback)

Other

    • Fix: Increase netmap buf_num value to accommodate both Suricata and Sensei on high-end servers
    • Other performance and reliability improvements

 

1.2.2 - December 9, 2019

Premium

      • A reminder message to advise using HTTPS if you're trying to purchase Sensei Premium from HTTP UI
      • Fix: Streaming Data to External Elastic Search Instance: a sanity check for the remote ES URL added

Reporting

      • Fix: Drilling down to BLANK category
      • Fix: Add 50 device option to Mongodb
      • Fix: Drilling down to Policy Session Details
      • Fix: Shortcut to Blocking an individual host/domain
      • Fix: Security Reports: Source GeoIP location fixed

Other

    • MongoDB and other dependency packages have been upgraded to their latest releases for OpenSSL flavor
    • Fix: Suricata interface check restored
    • Fix: Move Stripe JS loading to the "Upgrade Premium" page.
    • Fix: updating to new versions handles user-defined category migration more carefully
    • Other performance and reliability improvements

 

1.2.1 - December 4, 2019

Premium

      • A reminder message to advise using HTTPS if you're trying to purchase Sensei Premium from HTTP UI
      • Fix: Streaming Data to External Elastic Search Instance: a sanity check for the remote ES URL added

Reporting

      • Fix: Drilling down to BLANK category
      • Fix: Add 50 device option to Mongodb
      • Fix: Drilling down to Policy Session Details
      • Fix: Shortcut to Blocking an individual host/domain
      • Fix: Security Reports: Source GeoIP location fixed

Other

    • MongoDB and other dependency packages have been upgraded to their latest releases for OpenSSL flavor
    • Fix: updating to new versions handles user-defined category migration more carefully
    • Other performance and reliability improvements

 

1.2 - November 26, 2019

Home Premium Subscription

      • Sensei Home Subscription goes live
      • In-App purchase option. You can now purchase Sensei Subscription easily through Sensei User Interface

Performance

      • UI responsiveness has been increased considerably

Reporting

      • Fully Customizable Dashboard. You can now choose which Charts gets displayed in your Sensei Dashboard
      • Scheduled Reports are now available for MongoDB backend
      • Security Reports: "Block Message" added as a filter for Security Reports
      • Bug-fix: Mongodb autostart problem resolved
      • Bug-fix: Mongodb backend: Top Destinations Heatmap
      • Bug-fix: OPNsense Sensei Dashboard Widget fixed to handle an error condition

Other

    • Shortcut to Contact Sensei Team directly and easily from Sensei User Interface
    • A better and user-friendly notification and warning interface
    • Bug-fix: Handle Hardware Check falsely reporting a low-device in some cases
    • Other performance and reliability improvements

 

1.1_4 (Patch Level 4) - November 19, 2019

  • This patch level addresses policy sanity check, Elasticsearch and child VLAN issues.

Better low-end device support

      • Minimum RAM requirement lowered to 2GB
      • Support for less powerful CPUs. Try Sensei on your Deciso A10 devices: Yes! with reporting :)

More interface support

      • lagg(4) and bridge(4) interface members can be protected now
      • Interface Configurator now reports "Unassigned" OPNsense interfaces

New Cloud Servers Infrastructure goes live

      • New less-latency cloud servers for US-West, US-East, Asia1, Asia2 and Australia regions
      • New web category/threat intelligence database
      • Improved/faster cloud query mechanism
      • Better availability
      • The status screen now shows uptime in a prettier format

Security

      • Premium: Protection for newly detected malware campaigns (not older than 1 week)
      • Premium: New grey-listing categories for Dead, Newly Registered and Newly Recovered sites

Reporting

      • Reporting Performance Improvements (Reports load faster (a lot faster ;))

Other

    • Shortcut to whitelist/blacklist a domain/host from Live Session Explorers
    • Other performance and reliability improvements

 

1.1_3 (Patch Level 3) - November 8, 2019

  •  This patch level addresses Elasticsearch and child VLAN issues.

Better low-end device support

      • Minimum RAM requirement lowered to 2GB
      • Support for less powerful CPUs. Try Sensei on your Deciso A10 devices: Yes! with reporting :)

More interface support

      • lagg(4) and bridge(4) interface members can be protected now
      • Interface Configurator now reports "Unassigned" OPNsense interfaces

New Cloud Servers Infrastructure goes live

      • New less-latency cloud servers for US-West, US-East, Asia1, Asia2 and Australia regions
      • New web category/threat intelligence database
      • Improved/faster cloud query mechanism
      • Better availability
      • The status screen now shows uptime in a prettier format

Security

      • Premium: Protection for newly detected malware campaigns (not older than 1 week)
      • Premium: New grey-listing categories for Dead, Newly Registered and Newly Recovered sites

Reporting

      • Reporting Performance Improvements (Reports load faster (a lot faster ;))

Other

    • Shortcut to whitelist/blacklist a domain/host from Live Session Explorers
    • Other performance and reliability improvements

 

1.1_2 (Patch Level 2) - November 5, 2019

  •  This patch level addresses the Elasticsearch issue.

Better low-end device support

      • Minimum RAM requirement lowered to 2GB
      • Support for less powerful CPUs. Try Sensei on your Deciso A10 devices: Yes! with reporting :)

More interface support

      • lagg(4) and bridge(4) interface members can be protected now
      • Interface Configurator now reports "Unassigned" OPNsense interfaces

New Cloud Servers Infrastructure goes live

      • New less-latency cloud servers for US-West, US-East, Asia1, Asia2 and Australia regions
      • New web category/threat intelligence database
      • Improved/faster cloud query mechanism
      • Better availability
      • The status screen now shows uptime in a prettier format

Security

      • Premium: Protection for newly detected malware campaigns (not older than 1 week)
      • Premium: New grey-listing categories for Dead, Newly Registered and Newly Recovered sites

Reporting

      • Reporting Performance Improvements (Reports load faster (a lot faster ;))

Other

    • Shortcut to whitelist/blacklist a domain/host from Live Session Explorers
    • Other performance and reliability improvements

 

1.1_1 (Patch Level 1) - November 4, 2019

Better low-end device support

      • Minimum RAM requirement lowered to 2GB
      • Support for less powerful CPUs. Try Sensei on your Deciso A10 devices: Yes! with reporting :)

More interface support

      • lagg(4) and bridge(4) interface members can be protected now
      • Interface Configurator now reports "Unassigned" OPNsense interfaces

New Cloud Servers Infrastructure goes live

      • New less-latency cloud servers for US-West, US-East, Asia1, Asia2 and Australia regions
      • New web category/threat intelligence database
      • Improved/faster cloud query mechanism
      • Better availability
      • The status screen now shows uptime in a prettier format

Security

      • Premium: Protection for newly detected malware campaigns (not older than 1 week)
      • Premium: New grey-listing categories for Dead, Newly Registered and Newly Recovered sites

Reporting

      • Reporting Performance Improvements (Reports load faster (a lot faster ;))

Other

    • Shortcut to whitelist/blacklist a domain/host from Live Session Explorers
    • Other performance and reliability improvements

 

1.1 - November 2, 2019

Better low-end device support

      • Minimum RAM requirement lowered to 2GB
      • Support for less powerful CPUs. Try Sensei on your Deciso A10 devices: Yes! with reporting :)

More interface support

      • lagg(4) and bridge(4) interface members can be protected now
      • Interface Configurator now reports "Unassigned" OPNsense interfaces

New Cloud Servers Infrastructure goes live

      • New less-latency cloud servers for US-West, US-East, Asia1, Asia2 and Australia regions
      • New web category/threat intelligence database
      • Improved/faster cloud query mechanism
      • Better availability
      • The status screen now shows uptime in a prettier format

Security

      • Premium: Protection for newly detected malware campaigns (not older than 1 week)
      • Premium: New grey-listing categories for Dead, Newly Registered and Newly Recovered sites

Reporting

      • Reporting Performance Improvements (Reports load faster (a lot faster ;))

Other

    • Shortcut to whitelist/blacklist a domain/host from Live Session Explorers
    • Other performance and reliability improvements

 

1.0.3 - September 25, 2019

Application control & filtering

  • 22 new applications (Ad Tracking)
  • Fixed an issue affecting a block 172.16.0.0/16 being recognized as public IP addresses
  • Re-evaluation of policy rules when a policy is re-configured
  • Fixed an issue matching policies with a Captive Portal user group
  • Captive portal: provide user group information to Sensei

Reporting

  • Scheduled e-mail reports: now support STARTTLS method e-mail transport security
  • Scheduled e-mail reports: you can now specify a sender address for the e-mails
  • Reverse DNS lookups for local IP addresses

Performance

  • The output directory is now a tmpfs for higher file system performance

Cloud Threat Intelligence

  • new US-West Cloud servers (Test)
  • new Asia Cloud servers (Test)
  • You can now request web sites being re-categorized by sharing your custom lists with Sensei team

UI/UX

  • Important engine-related messages are communicated through UI
  • Now working with tucan/cicada themes (thanks to opnsense user of Team Rebellion for OPNsense commits)
  • During uninstall, you can now request to be contacted by the Sensei team about your problem
  • Fixed an issue preventing to select the whole application category
  • Better user feedback forms
  • Development features

Misc

  • Proper LibreSSL build and installation
  • The installer now does a CPU benchmark test to see if Sensei can run successfully on your hardware
  • Migrated to Python 3.7
  • More reliability and performance improvements

 

1.0.2 - August 9, 2019

  • Installer/Updater: Fix LibreSSL install and update problem
  • New feature: Live Authenticated Users View (Captive Portal/Active Directory)
  • UI fix: Delete policy time schedule button has been placed in a more appropriate section
  • UI fix: Fixed an issue which causes app/web category listing being incomplete during Policy creation
  • Convenience: Removed an unnecessary engine restart during policy creation
  • Filtering: Fixed a bug preventing Landing Page to display when blocking a connection
  • Policy filtering: Fixed a bug affecting daily schedules
  • Enable unmapping of user <-> IP addresses

 

1.0.1 - August 6, 2019

  • Fix a bug preventing deletion of policy schedules
  • Handle bad formatting during policy creation
  • Enable unmapping of user <-> IP addresses

 

1.0.0 - August 4, 2019

  • First stable release
  • Username Base  and Enriched Report View

Active Directory Integration via Sensei AD Agent

Captive portal users displayed in reports

You can now customize whether to display IP addresses or hostnames in reports

  • Automatic Updates

Sensei can now be updated via OPNsense Firmware updater. OPNsense updates now check for Sensei updates and install them automatically.

  • Engine logs are not archived anymore
  • 11 more apps identified
  • Premium subscription features included in this release

 

0.8.2 - June 22, 2019

  • OPNsense 19.7 compatibility fix (Missing python 2.7 dependencies added)
  • Fixes block landing page not displayed correctly

 

0.8.1 - June 19, 2019

  • Fix a bug preventing archive engine logs from being removed
  • OPNsense 19.7 compatibility fix

 

0.8.0 - June 18, 2019

  • IPv6 Support

As promised - now Sensei has IPv6 support.

  • Virtio interface support

There were many requests that we make Sensei run on virtual interfaces like QEMU/KVM/Proxmox virtio. Sensei 0.8 combined with OPNsense 19.1.x new netmap enabled kernel, you can now run on virtio interfaces This is also a big enabler to run OPNsense and Sensei on most of the major Cloud and VPS operators. More info on that: https://forum.opnsense.org/index.php?topic=11477.0

  • Wireless interfaces support

Starting with OPNsense 19.1 and Sensei 0.8, you can now run Sensei on wireless interfaces.

  • VLAN interfaces support

Starting with OPNsense 19.1 and Sensei 0.8, you can now run Sensei on VLAN interfaces.

  • Better Cloud & Update Servers Availability
  • Users can now ignore the Hardware compatibility warning and install Sensei even if the HW resources are below what is advisable.
  • You'll now get reported via an informative message in the UI if Sensei health check automatically stops Sensei service due to an HW resource shortage. Up until now, Sensei was doing this quite silently ;)
  • The number of Elasticsearch dependencies decreased by 1/3: faster installs & updates
  • Better Reporting
  • IPv6 reporting
  • Ability to resolve local IP addresses to MDNS supplied hostnames
  • Source Hostname is now the default instead of IP address in Session Reports (IP is still available via a tooltip
  • Ability to specify start and end times for Session Explorer Reports
  • Ability to refresh Session Explorer Reports without having to close/re-open the report
  • Mobile devices UI improvements

 

0.7.0 - December 26, 2018

  • 350+ new applications identified.
  • Google applications browsed via Chrome are now being identified (QUIC over UDP protocol support).
  • Mobile browser compatibility: you can view reports from your mobile browser
  • Reports enhancement: Data retirement option introduced. With this option, you can define how long to keep your reports (days)
  • Reports enhancement: Option to erase all reporting data
  • Reports enhancement: Drill-down in Security reports is now available
  • Reports enhancement: Daily executive reports. Selected reports delivered via a daily e-mail.
  • You can easily add block/allow rules within Session Explorer based on Application and Application Category or SNI / hostname
  • User's Manual in English.
  • More deployment options for Home and Large scale users
  • Changelog between updates
  • Fixed Rebellion Theme compatibility issues.
  • Better Cloud Nodes availability
  • Better & smoother updates
  • We speak your language now, we added i18n support to match your OPNsense UI language. English and German are there, for now, more coming soon.
  • Removed some large dependencies in preparation for embedded devices & PIE (Position Independent Executable) support. More performance & stability improvements.

 

Related articles

Powered by Zendesk