As I've built upon my existing home lab with new tools and security features, one of the most enjoyable aspects I've come across has been the networking side of things. Deploying OPNsense and having it communicate with my ISP to obtain an IP address over PPPoE felt like magic, and since then, I've spent hours looking into security solutions and improvements I can deploy. I ventured down the rabbit hole of Intrusion Detection and Prevention (IDS and IPS), and came across tools like CrowdSec, Suricata, and Zenarmor. Of all the software I've used in this realm, Zenarmor turned out to be my favorite.

In my case, I had initially deployed Suricata and CrowdSec, though I discovered that Suricata simply does not work with a PPPoE connection. This left me in a bit of a rough spot when it came to IPS, though I researched some more and found Zenarmor as a tool that was often touted as a Suricata alternative and worked with PPPoE. For the uninitiated, Zenarmor is a powerful plugin that turns my OPNsense deployment into a next-generation firewall (NGFW). It has advanced security features that can be applied on a per-device basis, detailed reporting and logs, and the ability to block new and emerging threats so that your devices can't communicate with them.

Taking things a step further, in an enterprise environment, Zenarmor also supports TLS inspection, which can decrypt traffic, inspect it, then reencrypt it and continue to send it on its way. You need some fairly beefy hardware to support it, and it's also not recommended in most contexts as it's essentially a man-in-the-middle attack that you control, though with a single point of failure. There are situations where a company may wish to deploy it, but by and large, most enthusiasts won't ever need or want to use this feature.

I recently received a trial of the highest tier of Zenarmor that includes the TLS inspection feature. Having used Zenarmor for quite a while now, I don't see any reason to stop using it.

About this article: I received a free trial of the SSE Zenarmor tier for testing. The company did not have any input into the contents of this article.

You get a lot of control, especially on higher tier subscriptions