ZedmsInline security engine for OPNsense
View docsContact team

Enterprise Security for OPNsense

Zedmos: Next-Gen DPI & TLS Inspection

Transform your OPNsense firewall into a robust Next-Generation Firewall (NGFW). Intercept encrypted traffic, enforce application control, and block advanced threats in real-time with zero-latency inline inspection.

Quick Install (OPNsense Shell)
fetch -o - http://www.zedmos.com/repo/install.sh | sh

TLS / SSL Inspection

Decrypts HTTPS and TLS-based protocols (SMTPS, FTPS) in real-time. Gain full visibility into encrypted flows to detect malware and enforce policies that traditional firewalls miss.

  • Man-in-the-Middle (MitM) decryption
  • Policy-based SNI bypass (Banking, Gov)
  • Supports TLS 1.2 and 1.3

Application Control

Identifies thousands of applications (BitTorrent, WhatsApp, Tor, YouTube) using nDPI deep packet inspection technology, regardless of the port.

  • Layer-7 Traffic Classification
  • Block P2P, VPNs, and Proxies
  • Granular category-based rules

Threat Intelligence

Blocks malicious domains, botnet C2s, and phishing sites instantly using integrated feeds from USOM, URLhaus, OpenPhish, and ThreatFox.

  • Automated feed updates
  • Zero-configuration protection
  • Real-time blocking of new threats

Inline File Scanning

Scans files transferred over HTTP, HTTPS, FTP, SMTP, and SMB using ClamAV antivirus. Blocks malicious downloads before they reach the endpoint.

  • Scan inside encrypted archives
  • MIME-type filtering
  • Optional ICAP & YARA support

Web & DNS Filtering

Enforce internet usage policies with URL filtering, DNS blacklisting, and control over DoH (DNS over HTTPS) and QUIC protocols.

  • Block Adware & Tracking
  • Prevent DNS Tunneling
  • Basic WAF protections

Identity & Device Aware

Apply policies based on User Identity, Device Type (IoT, Mobile), or GeoIP location. Isolate compromised devices automatically via Quarantine.

  • User-to-IP mapping
  • Device fingerprinting (MAC/OUI)
  • Runtime risk tagging

Seamless OPNsense Integration

Zedmos installs directly onto your existing OPNsense firewall as a native plugin. No external appliances, no complex routing changes. Manage everything from the familiar OPNsense Web UI.

01

Run the install command via SSH

02

Navigate to Services → Zedmos

03

Enable Policy Engine & TLS Proxy

OPNsense - Zedmos Dashboard