Zedmos
ENDE
Get Started
CONSOLE MODE · ON-PREM

Turn your OPNsense appliance into a full next-generation firewall.

Zedmos Console is a first-class OPNsense module. Inspection, policy, identity, and logging all execute locally — on silicon you control. No cloud dependency, no telemetry egress, no external data plane.

OPNsense moduleAir-gappableLocal data residencySingle-site
TOPOLOGY

Everything stays on the appliance

The Console deployment is deliberately simple: one appliance hosts the engine, the policy store, the event store, and the management UI. No orchestrator, no shared cloud, no cross-site overlay.

USER LAN · 10.0.0.0/24OPNSENSE APPLIANCE + ZEDMOSZedmos engineDPI · TLS · policy · actions · logsLocal UI:5000Local store/var/db/zedmos★ Nothing leaves the applianceNo cloud dependency · air-gappableINTERNETadminhttps
ADOPTION PATH

Five steps from platform validation to live enforcement

A guided adoption sequence. Every step is reversible and leaves the appliance in a known-good state.

01
Validate the platform

A preflight routine inspects the target interface for fast-path capability, multi-queue support, and driver maturity. Unsupported combinations surface a clear reason and a fallback path before anything is installed.

  • Automated hardware compatibility check
  • Driver and kernel module validation
  • Clear remediation guidance when a fallback is required
02
Install the appliance module

Zedmos ships as a signed OPNsense module that adds the engine, the log plane, the control plane, and the management UI as a single unit. Installation is unattended and fully reversible.

  • Signed package, reproducible build
  • Integrated engine · log plane · control socket · UI
  • Clean uninstall with state preservation
03
Pick an operating posture

Start in monitor posture to build a traffic baseline without any risk. Promote to bridge for inline enforcement, or to routed for policy-based steering. Promotion is a single setting — no re-configuration.

  • Monitor · observation with zero packet modification
  • Bridge · transparent inline enforcement at Layer 2
  • Routed · policy-based steering at Layer 3
04
Model your policy set

Policies are authored in the management UI — a structured editor with validation, diffing, and versioning. Every change is staged, reviewed, and applied as an atomic generation swap with zero packet loss.

  • Match by application, category, SNI, user, device, IP, geography, or TLS fingerprint
  • Fourteen action verbs from observe-only to escalation
  • Validated generations, atomic apply, one-click rollback
05
Operate from the local pane

The management UI runs on the appliance itself. Live traffic, events, threat intelligence, SLA, and device inventory all surface here. No call-home, no external console, no telemetry leaving the perimeter.

  • Live flow and event dashboard
  • Threat-intelligence and device-inventory views
  • Structured export to the on-prem SIEM of your choice
WHEN TO PICK CONSOLE

Best fit

Regulated single-site workloads
Financial services, healthcare, defence, and public sector — environments where traffic inspection, logs, and policy must remain within a controlled perimeter.
Air-gapped and operational networks
Manufacturing floors, SCADA segments, and isolated labs. Threat-intelligence and signature updates are imported and staged under operator control.
High-throughput perimeter
Carrier-class inspection on commodity hardware. Full DPI, TLS inspection, and policy at wire speed — without a cloud tax per gigabit.
Brownfield OPNsense operators
Integrates with the platform you already run for firewalling and HA. Keep the mental model; gain a next-generation data plane.