Can you make some beginner friendly best practice guides for ZenArmor? Like what we should initially be blocking besides all the toggle switches and what applications and protocols we should block? How to interpret some of the logs in there so we know what to do with some of that information? Its hard to find something clear and concise like your tutorial for that!
Hi there, Sorry I don't see myself doing a ZenArmor guide any time soon. I tried ZenArmor in the passed and was never a fan of it. PS I'm not saying ZenArmor is bad, each to their own, however I personally prefer using the mix of "IPS/IDS (Suricata)", "Unbound Block lists" and custom firewall rules. Doing it this way, in a sense has "taught" me a lot more and I feel that I have more control over my network. Where with ZenArmor, I never felt like I had "Control" over my network.
Very nice tutorial, i have a question, in the second 352, the menu doesnt have Management, only wan, lan and loopback, im doing something wrong or the menu changed?
Hi there, Thank you so much for your kind words. Nope, you are not doing anything wrong. In the previous video of the series ruclips.net/video/dCRhCrokeSo/видео.html I created a new "management" network. If you don't want / need a "management" network, having just LAN, WAN and Loopback is correct.
@@jonomoss I just watched that video and I didn't see any instructions on setting up the "management" network (source) Do you have another video on that? Stuck at 6:18 as I can't select multiple interfaces. Looks like I'm adding an Alias but not sure as to what I'm adding to the alias. Just port 53 on WAN, LAN, Loop & VPN's?
Hi @davemck1936 Sorry my mistake, I have edited that comment, if you see this video from ruclips.net/video/dCRhCrokeSo/видео.html I renamed the default LAN network to "Management". If you are not worried about having a separate "Management" network, you will have a single "LAN" network. With regards to the "Portforwarding" section you are stuck on, If I understand your question correctly, you will only forward "Local" networks DNS, so for example if you have "WAN, LAN, VPN" networks, you will only use the "LAN" interface and "VPN" interface, that is if you want to also block websites / DNS on the VPN. You don't do it on the WAN. So you will then create two separate "Portforwarding" rules. One for "LAN" interface and one for "VPN" using port 53, you don't select multiple interfaces on one rule. I hope this make sense.
![[How To] Set up AdGuard Home on OPNsense](http://i.ytimg.com/vi/7RC7q5WOYC0/mqdefault.jpg)
Thanks for the excellent explanation on how to setup Unbound DNS. Very concise and easy to follow.
Thank you for the kind words, I'm really glad it helped.
Thanks for this informative series mate. Loads of content and very well explained.
Thank you very much for your kind words, I really do appreciate it.
Can you make some beginner friendly best practice guides for ZenArmor? Like what we should initially be blocking besides all the toggle switches and what applications and protocols we should block? How to interpret some of the logs in there so we know what to do with some of that information? Its hard to find something clear and concise like your tutorial for that!
Hi there, Sorry I don't see myself doing a ZenArmor guide any time soon. I tried ZenArmor in the passed and was never a fan of it. PS I'm not saying ZenArmor is bad, each to their own, however I personally prefer using the mix of "IPS/IDS (Suricata)", "Unbound Block lists" and custom firewall rules. Doing it this way, in a sense has "taught" me a lot more and I feel that I have more control over my network. Where with ZenArmor, I never felt like I had "Control" over my network.
Very nice tutorial, i have a question, in the second 352, the menu doesnt have Management, only wan, lan and loopback, im doing something wrong or the menu changed?
Hi there, Thank you so much for your kind words. Nope, you are not doing anything wrong. In the previous video of the series ruclips.net/video/dCRhCrokeSo/видео.html I created a new "management" network. If you don't want / need a "management" network, having just LAN, WAN and Loopback is correct.
@@jonomoss I just watched that video and I didn't see any instructions on setting up the "management" network (source) Do you have another video on that? Stuck at 6:18 as I can't select multiple interfaces. Looks like I'm adding an Alias but not sure as to what I'm adding to the alias. Just port 53 on WAN, LAN, Loop & VPN's?
Hi @davemck1936
Sorry my mistake, I have edited that comment, if you see this video from ruclips.net/video/dCRhCrokeSo/видео.html I renamed the default LAN network to "Management".
If you are not worried about having a separate "Management" network, you will have a single "LAN" network.
With regards to the "Portforwarding" section you are stuck on, If I understand your question correctly, you will only forward "Local" networks DNS, so for example if you have "WAN, LAN, VPN" networks, you will only use the "LAN" interface and "VPN" interface, that is if you want to also block websites / DNS on the VPN. You don't do it on the WAN.
So you will then create two separate "Portforwarding" rules. One for "LAN" interface and one for "VPN" using port 53, you don't select multiple interfaces on one rule. I hope this make sense.