Collaborative firewall on Turris OS 4.x.x

On Omnia, activating everything from Foris you will have the old Data Collection system and therefore it will act differently. MOX which inevitably has 4.x uses Sentinel, the new firewall and data collection system. The HaaS token should only be used on 4.x. You must take it from the site after registering the device and you must insert it in the file /etc/config/haas.

@lucenera describes that correctly.

Sorry for confusing state of TOS release and software.

TL;DR We are migrating from TOS 3.x to TOS 4.x and also from uCollect data collection system to Turris:Sentinel.

uCollect does not exist in TOS 4.x at all (and will never be) so, in this topic, we were talking about Turris:Sentinel DynFW and other components.

Original Omnia routers was shipped with TOS 3.x and if you did not migrate your router to 4.0 manually, you run something like TOS 3.11.12. MOX routers were shipped with 4.0 from the beginning. TOS 3.x never run on any MOX and new Omnia routers are produced with TOS 4.x as well

There are a lot of Omnia routers (and Turris 1.x routers) in TOS 3.x. Of course, the software differs in TOS 3.x and TOS 4.x and we want to migrate the routers automatically.

If you migrate your Omnia manually to TOS 4.0, it will run the same software as your MOX do.

You can also switch to Sentinel while stay in TOS 3.x, however if you let it on automatic migration to TOS 4.x upgrade, router will switch itself to Sentinel automatically.

We did not describe that anywhere as Sentinel is still somewhat in development and we want to do the migration automatic, so there will be no change for end users. Safe the web for looking into your data.

From high point of view, dynamic firewall in TOS 3.x (which is enabled by enabling data collection in TOS 3.x) is the same like Sentinel:DynFW (which is enabled by enabling data collection in TOS 4.x). It just uses different protocol, software and set of data. Nevertheless, principles are the same.

ufff… :sweat_smile: