Getting startedGuide
Install on OPNsense 24.7
Step-by-step install, repo keys, and service validation checks.
Read guide →Documentation
Find every Zedmos answer without leaving the CLI.
Architecture diagrams, performance notes, and operational runbooks are indexed below. Search anything—from JA4 blocking to TLS proxy tuning—and jump straight to the right guide.
150+curated articles
12deployment blueprints
< 2 minmedian search-to-answer
Trending topics
Based on operator activityGetting started
License & activation
Bring-your-own license flow plus offline activation CLI.
Read guide →Getting started
Sanity tests
Run capture diagnostics and packet echo before enabling policies.
Read guide →ArchitectureDeep dive
Packet path diagram
From NIC rings to writerd queues — every hop explained.
Read guide →Architecture
Policy runtime
Suffix tries, TLS metadata, and synchronous enforcement design.
Read guide →Architecture
Writerd log plane
SQLite, Elastic, and Mongo targets with batching semantics.
Read guide →Getting started
Install Zedmos, license the engine, and verify inline capture in minutes.
Architecture
Dive into the packet path, DPI layers, and policy runtime internals.
Performance & tuning
Benchmarks, recommended BIOS flags, and profiling recipes.
Deployment & operations
Bootstrap production, automate policy delivery, and monitor health.
API & automation
Control plane RPC, policy exports, and integration blueprints.
Architecture poster
Inline pipeline reference
A printable poster that walks through NIC capture, DPI layers, policy evaluation, and writerd persistence without any mystery hops.
- Netmap zero-copy diagram
- TLS MITM control flow
- Writerd batching timeline
Performance methodology
Reproduce Zedmos benchmarks
Every throughput, latency, and CPU number published on the landing page is sourced from this methodology. Clone the test harness, capture your own traces, and compare results apples-to-apples.
Deployment playbooks
Ship Zedmos with predictable change windows
Use the change templates, GARP checklists, and takeover rehearsals to deploy without packet loss. Each playbook lists owners, timings, and rollback triggers.
Inline bridge mode
Interface prep, takeover plans, and rollback instructions.
Open playbook →Routed mode
Multi-interface flow, takeover lists, and TLS redirect rules.
Open playbook →Observability
Metrics endpoints, Prometheus exporters, and alerting hooks.
Open playbook →Release notes
Track the evolution of the engine
r2025.062025-06-18
- Introduced TLS cert cache eviction telemetry.
- Added CPU pinning helper to deployment CLI.
r2025.032025-03-02
- Writerd gained Mongo cluster failover support.
- Policy runtime can stream suffix trie stats.
r2024.122024-12-11
- Netmap routed mode auto-discovers takeover lists.
- New CLI to diff policies.json exports before deploy.
Need a human?
Direct lines to the engineering team
Whether you are planning a migration or debugging a policy edge case, you can escalate straight to the people who build and run Zedmos.