Install Zedmos on OPNsense in about ten minutes.

We start at the OPNsense console — the black-screen menu you see when you plug a monitor and keyboard into your firewall (or open the console of your virtual machine).

OPNsense shows a numbered list of options like Logout, Reboot system, Power off system and Shell. We want option 8) Shell so we can run a single install command.

Type 8 and press Enter. You should now see a prompt that looks like root@OPNsense:~ #. That's the shell — it's where we'll paste the installer in the next step.

Copy the install link from your Zedmos welcome email (or from your account page on zedmos.com), paste it into the shell, and let it run.

The command looks like this — yours will have a different long token at the end:

$ fetch -o - https://www.zedmos.com/install/<your-token> | sh

What this does, in plain English: it downloads the installer script over HTTPS and pipes it straight into the shell so it runs immediately. The token in the URL identifies your firewall and expires after first use, so it's safe to paste exactly as we provided it.

The installer prints a short notice on screen and then asks one yes/no question before it copies any files. You can scroll through the notice if you like, but the only thing you need to do is answer the final question.

At the bottom of the screen you'll see: “Do you want to install the Zedmos plugin from the Zedmos repository now? [y/N]”.

Type y and press Enter to start the installation.

The installer copies the Zedmos package onto OPNsense, writes a few sensible default config files, and registers your firewall in our free public threat-intelligence pool. You don’t have to type anything during this step.

You’ll see lines like:

• [Zedmos] Created policies.json (fresh install) — your starting policy file.
• [zedmos-auto-enroll] Hub minted token tier=free — your firewall just joined the free CTI hub.
• DONE — engine has CTI access (tier=free) — installation complete.

When the prompt comes back, the shell part of the installation is finished. You can close this window — everything else happens in your browser.

Switch to your browser, log in to the OPNsense web interface, and refresh the left navigation. A new red Zedmos entry appears, with sub-items like Dashboard, Live Sessions, Policies, Settings and Feedback. Click any one — the Setup Wizard opens automatically on first launch.

The Welcome screen on the right shows a short summary of what the wizard will configure: database, deployment mode, network interfaces and the subscription plan. On the right side you also see a System Overviewpanel summarising your hardware (CPU, RAM, interfaces). That's purely informational — nothing to fill in here.

Tick the box “I have read and accept the demo usage terms” and click Next → at the bottom right to begin.

The Zedmos Console (console.zedmos.com) is an optional cloud dashboard that lets you watch and configure several firewalls from one place. For a single home or small-office firewall, you can comfortably skip this step.

If you don't already have a Console account, leave the toggle off and click Next →. You can come back later via Settings → Console.

If you do want to register now, flip the toggle on, click create one now (opens console.zedmos.com in a new tab to sign up), then come back to the wizard.

Zedmos stores events, flow records and analytics locally on the firewall. This step asks where to put them.

You have three options on the screen:

• SQLite Database (default, recommended). A single file on disk, no setup, perfect for up to about 100 devices on the network. This is the right pick for almost every home and small-office install.
• Elasticsearch Local. Installs a local Elasticsearch — useful when you have many devices and want richer search.
• Elasticsearch (remote cluster). Point at an existing enterprise Elasticsearch you already operate.

If you're not sure: keep SQLite selected and click Next →.

This step has two parts: how Zedmos sits in the path (deployment mode), and which interfaces it should watch (and what each one means).

Deployment mode — pick one

• Monitor mode.Zedmos only watches, it never blocks. Good for a first run when you want to see what's on your network without changing anything.
• Routed mode (default). Zedmos forwards packets and can block bad ones. This is what most home and small-office users want — full protection, full visibility.
• Bridge mode. Zedmos sits transparently between two network cards (L2). Advanced; use it only if you know you need it.

Interfaces — which ones to protect

Tick every network card you want Zedmos to inspect. For each one, click Set Security Zone and pick a zone:

• WAN = the side that faces the internet (the cable from your modem / ISP).
• LAN = your trusted home or office network (PCs, phones, printers, Wi-Fi).

A typical home setup is: em0 = WAN, em1= LAN. Pick at least one interface — you can't move to the next step otherwise.

Choose how Zedmos talks to our threat-intelligence catalogue. Currently every install stays on Free.

• Free Plan (pre-selected). Every Zedmos firewall is automatically enrolled in the public CTI pool. You get basic monitoring, device discovery, simple reports and community support. Nothing to type.
• Licensed Plan — placeholder, not active. The field exists in the wizard, but Zedmos does not currently sell licences and the option is non-functional. In a future release this may unlock real-time blocking, custom policies, premium feeds and priority support — for now, please ignore it and leave Free selected.

Click Next → with Free Plan selected.

You made it. The final screen confirms your configuration is ready. All that's left is to apply it.

On the right you'll see a What's Next?panel pointing to the Dashboard, Policies, Devices and Settings pages — that's where you'll spend time after installation.

Click the big green Save & Apply Configuration button. Zedmos writes your choices to disk, starts the engine, and the wizard closes. After a few seconds, refreshing the page shows the live Dashboard.