Netify for OPNsense

Requirements

Netify is designed to run in tight spaces, so the memory requirements are modest and generally not a concern for OPNsense deployments. As for CPU, the underlying Netify deep packet inspection engine requires about the same amount of horsepower as an intrusion detection/prevention system - the busier the network, the more CPU cycles required.
Netify on Firewalls and Routers

Installation

Up-to-date Netify packages are maintained in our FreeBSD repository. To install the package, run:

OPNsense 64-bit - Versions 19.7, 20.1

pkg add http://pkg.freebsd.org/freebsd:11:x86:64/release_3/All/libunwind-20170615.txz
pkg add http://pkg.freebsd.org/freebsd:11:x86:64/release_3/All/google-perftools-2.7.txz
pkg add http://download.netify.ai/netify/freebsd/11.2/stable/netifyd-3.00_1.txz

OPNsense 64-bit - Versions 20.7

pkg add http://download.netify.ai/netify/freebsd/12.1/stable/netifyd-3.03_1.txz

OPNsense - Other versions

Sorry, we do not support other versions of OPNsense. Support is available for pfSense.

Configuration

Netify will automatically detect the network interfaces and roles defined in OPNsense.

Start

With the installation and setup completed, you can now start and enable Netify:

netifyd --enable-sink
echo 'netifyd_enable="YES"' > /etc/rc.conf.d/netifyd
service netifyd start

Provisioning

With the Netify service installed, configured and running, it is time to provision your unique install. You will first need to fetch the provision code from your Netify Agent install using the following command:

# netifyd -p
Agent UUID: AA-BB-CC-DD

Once you have the provisioning code, you will need to create a Netify account (if you don't have one already) and run through the simple provisioning wizard. Once complete, metadata and analysis will start to be available in under a minute.

Provision Agent


What is OPNsense

OPNsense

OPNsense is an open source, FreeBSD-based firewall and routing software solution. If you have or are thinking of using OPNsense as your firewall/gateway to the Internet, you can be up and running in under minutes!

OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources. OPNsense features include:

  • Web-based Interface
  • Firewall
  • VPN
  • IDS/IPS
  • Captive Portal
  • Traffic Shaping/QoS
  • High Availability
  • Load Balancing
  • and more