OPNsense vs Sangfor NGAF comparison

OPNsense and Sangfor are both solutions in the Firewalls category. OPNsense is ranked #3 with an average rating of 8.3, while Sangfor is ranked #19 with an average rating of 7.9. OPNsense holds a 12.3% mindshare in Firewalls, compared to Sangfor’s 1.3% mindshare. Additionally, 97% of OPNsense users are willing to recommend the solution, compared to 90% of Sangfor users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Apr 6, 2025

OPNsense and Sangfor NGAF are both prominent in the network security solutions market. OPNsense may have an edge in cost-effectiveness and support, while Sangfor NGAF is favored for its comprehensive feature set that many find worth the investment.

Features: OPNsense is appreciated for its open-source framework, offering customization and regular updates. Key features include advanced firewalls, VPN support, and traffic shaping. Sangfor NGAF, on the other hand, excels in security management with features like intrusion prevention systems, malware detection, and a broad security approach.

Room for Improvement: OPNsense could benefit from enhanced professional support to complement its community-driven assistance, a more user-friendly interface for non-technical users, and streamlined deployment for less experienced administrators. Sangfor NGAF is noted for its higher costs, a possible need for improved configuration simplicity, and ensuring feature set relevance for smaller businesses.

Ease of Deployment and Customer Service: OPNsense's open-source nature allows flexible deployment but relies heavily on community support, which can lack immediacy. Sangfor NGAF offers a more streamlined deployment process with dedicated customer service, ensuring optimal user experience and problem resolution.

Pricing and ROI: OPNsense stands out as a budget-friendly option with minimal setup costs and strong community-driven improvements, providing a good ROI for budget-conscious organizations. Sangfor NGAF, while having higher upfront costs, justifies this with enterprise-grade features, potentially offering enhanced long-term ROI for organizations prioritizing security.

To learn more, read our detailed OPNsense vs. Sangfor NGAF Report (Updated: April 2025).

Buyer's Guide

OPNsense vs. Sangfor NGAF

April 2025

Download the complete report

Helped 847,862 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Fortinet FortiGate

Mindshare comparison

As of April 2025, in the Firewalls category, the mindshare of Fortinet FortiGate is 21.1%, up from 17.7% compared to the previous year. The mindshare of OPNsense is 12.3%, down from 17.6% compared to the previous year. The mindshare of Sangfor NGAF is 1.3%, up from 0.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Firewalls

Featured Reviews

EhabAli

Sr. Cybersecurity Solutions Architect at BMB

Efficient, user-friendly, and affordable

In the past, NSS Labs was utilized to test files and verify the numbers and datasheets. It would be beneficial to have an organization or testing lab that can verify the numbers in our datasheets since changes are frequently made, which can be inconvenient for review. For instance, when comparing different competitors such as Forcepoint, Palo Alto, and Check Point, the throughput or numbers in the datasheet may be lower than the actual numbers. Conversely, Fortinet typically reports very high numbers, but they cannot be replicated in the real world. Therefore, it would be advantageous for them to partner with a neutral testing organization such as NSS Labs to validate these numbers, thus providing more credibility and comfort to everyone regarding the accuracy of the datasheets. For the migration, everyone has a firewall in use and I am selling Fortinet. Typically, I am replacing another firewall. Previously, there was a tool available to convert configurations from one firewall, such as Palo Alto, to Fortinet, but this tool is no longer free. If it could be made free again, it would be very beneficial. This tool shows a lot of promise and is very good. Making it free would help many companies deliver their products in a more efficient and integrated way. It would also be more valuable to include the tool with the firewall package or license instead of having to pay extra for it. Paying extra puts more pressure on small companies to deliver the firewall and complete the configuration, especially if they have hundreds or thousands of policies. It's very painful to move through these policies line by line. The stability has room for improvement. When it comes to Secure SD-WAN, everything is fine. They are going the right way. SD-WAN is very promising. They can provide the SD-WAN solution separately, but they will not take this approach because even the smallest firewall can support the features, so there is no need to have a separate service or appliance. They are following the right steps, and there is nothing to be improved. Feature-wise, I'm really satisfied with the new release, and the features they have added. For now, it's fine.

Read full review

Eddy Ramirez

IT Security Director at a financial services firm with 1,001-5,000 employees

Good interface and firewall capabilities and overall easy to use

The security has improved as we can isolate the network. We can do attrition prevention via a tool that comes with the solution. We can have a VPN solution in place for those that work from home, outside the network, in a secure manner. We also like that it offers good authentication. It offers radius-based authentication, which has been useful for the company. The main platform is under the Open VPN firewall. The solution has high availability. When we have different ISPs, we can actually load balance those links or actually put some priority or even classify the traffic that might go into one ISP or another.

Read full review

Zaid Farooqui

CIO at Indus Motor Company

Enhanced threat detection with integrated security features and good support

We are using application firewalling, WAF, and SD-WAN. The capabilities are mostly within the box. For example, you will get web application firewall WAF as part and parcel of this. SD-WAN is also bundled. It integrates with their SIEM and SOAR solutions very nicely. Lastly, the pricing point is very cost-efficient as well.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"UTM/NGFW features and FortiCloud for logs and backups are awesome."

"The most valuable features of Fortinet FortiGate are the ease of use and there are several operating systems that can include the hardware capacities. In the newer releases, the resources were more useful because they were included in the operating system."

"The user interface is relatively easy. The devices are easy to deploy and figure out when you have experience with other security appliances."

"It blocks the vulnerabilities that can negatively impact us."

"Easy to implement, and it is also reliable."

"We can detect any attack of viruses or malware at the first point of contact."

"It performs very well."

"FortiGate is very simple to manage and easy to use."

More Fortinet FortiGate pros

"The initial implementation process is simple."

"It has firewall and VPN capabilities, which are very valuable features."

"It has an open license. It works very well, and there is an update every month."

"We have been operating here in our lab for several months, and everything appears to be extremely stable."

"We can open a new VPN connection easily. It's much easier than with Fortinet in our experience."

"The DNS-level filtering is impressive for thwarting time scanners."

"I find the solution to be user-friendly. It has a lot of reports and easy settings."

"The initial setup is easy. It only takes 15-30 minutes to deploy."

More OPNsense pros

"The most valuable feature of Sangfor NGAF is its integration."

"While the features are not dissimilar to other brands, configuration is much more simple, which works out great for Indonesian people."

"Particularly good in the DPI where we can inspect inbound and outbound traffic."

"SSL VPN is the best feature."

"The product is very fast and reliable."

"The stability of Sangfor NGAF is good."

"You might try Sangfor if you are on a tight budget. The price is affordable, and Sangfor offers a lot of features. We don't have any complaints about Sangfor."

"The tool's performance is good."

More Sangfor NGAF pros

Cons

"Fortinet FortiGate can be integrated with different platforms. They have integrations in place, but I can't say they're 100%."

"It would be a benefit if Fortinet would release a one-stop solution that is better integrated with other products and an automated emergency response system."

"We would like to see an upgrade to the VPN feature, we are using the VPN from outside of our office and there is a limitation to 10 connections, more connections would be suitable."

"The logging details need to be improved."

"The feature which gives us a lot of pain is ASIC architecture."

"They need faster serviceability and more security features."

"I could not configure sFlow from the FortiGate graphical user interface. I realized that the sFlow configuration is available only from the CLI, and discovered that sFlow is not supported on virtual interfaces, such as VDOM links, IPsec, or GRE."

"There are some problems that support cannot give you a logical reason as to why it happened. For example, I had a case where I was dealing with a WhatsApp application that was giving issues. Technical support gave more than one reason it could be giving issues, but none of them solved the problem. Eventually I solved the problem, but it was far from the solutions that support had given."

More Fortinet FortiGate cons

"SD-WAN (software-defined wide area network) is integrated into some restricted service providers for OPNSense."

"I would like to see better SD-WAN performance."

"The user interface could be improved, and the DNS section should be more intuitive."

"The interface isn't so friendly user. But we have some technicians here who are quite confident with this tool. OPNSense could maybe add sets of rules so it's simpler to manage different groups with particular needs."

"There are a few weaknesses. For example, there is a lack of some features that I have in certain commercial products."

"I would like better documentation concerning the provided packages and their integration."

"The interface needs to be simplified. It is not user-friendly."

"We did not like the fact that you have to configure everything with the graphic user interface. We have used other firewalls, such as FortiGate, that you can configure via code. OPNsense is not easy to integrate. When you are deploying via GitHub or another source repository, this is not possible. That's one thing we didn't like much."

More OPNsense cons

"There is room for improvement in dependency on certain infrastructure, like the DNS dependency on the current DNS server that the company has. It should be standalone. It should not depend on any other DNS server."

"Scalability for any network device is not very easy in terms of vertical scalability."

"Sangfor could improve their interface capacity on the 5100 series model and upgrade their hardware from one gig to 10 gig. This would improve the overall throughput."

"The interface and user experience are horrible."

"The web interface needs to be improved, making it more user-friendly."

"The firewall system needs gradual improvements because there are more threats and challenges every day."

"Occasional issues with breaches which are dealt with expediently."

"It has an issue with the Sangfor Cloud Platform rather than the firewall. When we run a virtual machine, the window tabs display Chinese characters."

More Sangfor NGAF cons

Pricing and Cost Advice

"Licensing is usually on a three-year period."

"I would say that all things considered, the pricing is pretty good."

"We find the most valuable aspect of this solution is the price. It is affordable, and cheaper than other firewalls."

"The main reason we chose Fortinet FortiGate was that the price was better than the competition."

"The price range is quite acceptable and normal."

"Easy to understand licensing requirements."

"The pricing is justified. It's a little pricey, but what you pay for is what you get."

"There is a license to use Fortinet FortiGate."

More Fortinet FortiGate pricing and cost advice

"It is open source and free."

"I would rate the pricing a nine out of ten, especially considering the availability of a free community edition."

"It's not expensive."

"I would rate the pricing three out of ten."

"I'm using the free version of OPNsense. I didn't check the pricing for the solution because I still need to test it before getting the approval to purchase OPNsense, and it isn't easy to get approval from the higher-ups."

"As an appliance, it's in the medium price range."

"The solution is not expensive."

"OPNsense is a well known open-source tool."

More OPNsense pricing and cost advice

"The price falls in the mid-range, neither exceptionally low nor high."

"The pricing is reasonable."

"The product is very cost-effective compared to other brands or vendors."

"The price could be more competitive."

"For four to five physical appliances for a licensed firewall, it costs approximately $4,000."

"Price-wise, I would not consider Sangfor NGAF to be a cheap product. It is an expensive firewall solution, though not as expensive as something like Palo Alto, which is costly. However, the higher price point is justifiable given the feature set the tool provides that other firewalls may not offer in a single dedicated appliance."

"If one is very cheap and ten is very expensive, I rate the tool's price as three out of ten."

"When it comes to the price of firewall solutions, Sangfor NGAF takes the cake."

More Sangfor NGAF pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Firewalls solutions are best for your needs.

See recommendations

847,862 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Educational Organization

21%

Computer Software Company

14%

Comms Service Provider

Manufacturing Company

Computer Software Company

16%

Comms Service Provider

13%

Government

Educational Organization

Computer Software Company

13%

Manufacturing Company

10%

Financial Services Firm

Educational Organization

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?

When you compare these firewalls you can identify them with different features, advantages, practices and usage a...

See all answers

What is the biggest difference between Sophos XG and FortiGate?

From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...

See all answers

What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?

As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...

See all answers

What is the difference between PfSense and OPNsense?

Two of the most common and well recognized firewalls, PfSense and OPNsense both support site-to-site IPsec VPN and cl...

See all answers

What do you like most about OPNsense?

What I like the most about OPNsense is that it offers an easy-to-use dashboard for device management and control.

See all answers

What is your experience regarding pricing and costs for OPNsense?

I consider the pricing of OPNsense to be high when compared with other market products. However, as a free firewall p...

See all answers

What do you like most about Sangfor NGAF?

I think Sangfor NGAF is more valuable than Cisco products because of its simplicity and ease of management. If I comp...

See all answers

What is your experience regarding pricing and costs for Sangfor NGAF?

The licensing cost is quite high compared to other available firewalls in the market.

See all answers

What needs improvement with Sangfor NGAF?

The cost of licensing is very high compared to other firewalls available here. There should be improvements in hardwa...

See all answers

Comparisons

Sophos XG vs Fortinet FortiGate

Compared 22% of the time

Netgate pfSense vs Fortinet FortiGate

Compared 13% of the time

Cisco Secure Firewall vs Fortinet FortiGate

Compared 11% of the time

WatchGuard Firebox vs Fortinet FortiGate

Compared 5% of the time

Sophos UTM vs Fortinet FortiGate

Compared 2% of the time

More Fortinet FortiGate Competitors

Netgate pfSense vs OPNsense

Compared 40% of the time

IPFire vs OPNsense

Compared 12% of the time

Sophos XG vs OPNsense

Compared 8% of the time

Untangle NG Firewall vs OPNsense

Compared 4% of the time

Sophos XGS vs OPNsense

Compared 4% of the time

More OPNsense Competitors

Sophos XG vs Sangfor NGAF

Compared 16% of the time

Sophos XGS vs Sangfor NGAF

Compared 4% of the time

Palo Alto Networks NG Firewalls vs Sangfor NGAF

Compared 4% of the time

Netgate pfSense vs Sangfor NGAF

Compared 4% of the time

Fortinet FortiOS vs Sangfor NGAF

Compared 2% of the time

More Sangfor NGAF Competitors

Product Reports

Buyer's Guide

Fortinet FortiGate

April 2025

Download Fortinet FortiGate product report

Buyer's Guide

OPNsense

March 2025

Download OPNsense product report

Buyer's Guide

Sangfor NGAF

March 2025

Download Sangfor NGAF product report

Also Known As

FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate, Fortinet Firewall

No data available

Sangfor NGAF Firewall Platform

Overview

Fortinet FortiGate offers comprehensive network security and firewall protection across multiple locations. It effectively manages data traffic and secures environments with features like VPN, intrusion prevention, and UTM controls.

Organizations rely on Fortinet FortiGate for its robust integration with advanced security policies, ensuring significant protection for enterprises, cloud environments, and educational sectors. It facilitates network segmentation, application-level security, and authentication management, securing communication within and between locations such as branches and data centers. Its efficient SD-WAN and UTM features enable streamlined data management and enhanced threat protection capabilities. Users appreciate its centralized management, facilitating seamless operations across diverse environments.

What are the key features of Fortinet FortiGate?

VPN Capabilities: Ensure secure remote access for users and seamless site-to-site connections.
Intrusion Prevention System (IPS): Detect and prevent security threats and vulnerabilities.
Advanced Firewall: Offers robust firewalling with application control and web filtering.
SD-WAN: Optimizes application performance and enhances bandwidth management.
SSL VPN: Provides reliable and secure access for remote workers.

What benefits should users expect from Fortinet FortiGate?

High-performance Security: Delivers effective threat mitigation with high availability.
Centralized Management: Simplifies network operations with cloud-based management tools.
Detailed Analytics: Provides comprehensive insights into network activity and security threats.
Load Balancing: Ensures optimal resource distribution and traffic management.

Fortinet FortiGate is crucial in sectors like education, offering robust networks for secure data flow between campuses and facilitating remote learning. In enterprise environments, it allows efficient management of application traffic and security across multiple branches, while in the cloud, it seamlessly integrates with diverse platforms to enhance security infrastructure.

Fortinet

OPNsense is widely used for firewall functionalities, intrusion detection, VPN and IPSec, content filtering, securing network traffic, and remote access. It protects internal networks and manages servers securely, suitable for small to medium-sized businesses.

OPNsense is a comprehensive firewall solution leveraging open-source technology. It integrates with third-party modules like WireGuard and CrowdSec, enhancing its security capabilities. Offering on-premises and cloud deployment, it features an intuitive graphical interface, advanced reporting, VPN functionality, IDS/IPS features, and high scalability. Users find it ideal for small businesses and home networks due to its stability and ease of use. Frequent updates and an active community support its continuous improvement. However, it needs advancements in VPN selection, scalability, and technical documentation. Enhanced high availability, threat intelligence, and integration with virtualization platforms are required. User feedback suggests improvements in connectivity, alerting, traffic monitoring, and antivirus protection.

What are the key features of OPNsense?

Strong Firewall: Robust firewall capabilities for securing network traffic.
Intrusion Detection and Prevention: Effective IDS/IPS for threat mitigation.
VPN Functionality: Comprehensive VPN support including WireGuard.
Content Filtering: DNS-level filtering for enhanced security.
Advanced Reporting: In-depth traffic analysis and reporting features.
High Scalability: Supports growing network demands.
Integration Capabilities: Works with third-party modules like CrowdSec.
Intuitive GUI: User-friendly graphical interface enhances usability.

What benefits should users look for in OPNsense reviews?

Security: High level of protection for internal networks.
Manageability: Easy management of servers and network traffic.
Cost-Effective: Open-source nature reduces costs.
Reliability: Stable performance suitable for small and medium-sized businesses.
Community Support: Active community and frequent updates.

OPNsense is implemented across various industries to secure network infrastructure and ensure reliable connectivity. In fintech, it safeguards sensitive financial data while maintaining compliance. Educational institutions deploy it to protect student information and enable secure remote learning environments. Healthcare organizations use it to secure patient data and comply with HIPAA regulations. By integrating with tools like WireGuard and CrowdSec, businesses enhance their cybersecurity posture and streamline network management, making OPNsense a versatile choice for diverse operational needs.

OPNsense

Sangfor Next Generation Firewall (also known as NGAF) is a converged security solution providing protection against advanced threat, malware, viruses, ransomware and web-based attacks using integrated security features like firewall, IPS, anti-virus, anti-malware, APT, URL filtering, Cloud Sandbox, and WAF. As the world's first AI-enabled and fully integrated Next Generation Firewall & Web Application Firewall (WAF), NGAF offering the security visibility, real-time detection and response, simplified operation and maintenance and high-performance application layer security needed to operate an enterprise network in total security. Tested and proven to provide cutting-edge network security by ICSA Labs and endorsed by Gartner Inc., NGAF harnesses the power of Sangfor’s Neural-X threat intelligence and analytics platform and Engine Zero’s innovative malware detection to provide next-generation protection for today’s enterprise.

Sangfor

Sample Customers

Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya

1. Deciso B.V. 2. iXsystems, Inc. 3. EuroBSDCon 4. Netgate 5. Claranet 6. Voleatech 7. Open Systems AG 8. Securebit AG 9. Proxmox Server Solutions GmbH 10. AVM Computersysteme Vertriebs GmbH Additional customers include: T-Systems International GmbH, Deutsche Telekom AG, Vodafone GmbH, 1&1 IONOS SE, OVHcloud, Hetzner Online GmbH, Strato AG, PlusServer GmbH, Host Europe GmbH, United Internet AG, 1&1 Versatel Deutschland GmbH, QSC AG, Bechtle AG, Cancom SE, Computacenter AG & Co. oHG, T-Systems Multimedia Solutions GmbH, Atos SE, Capgemini SE, Accenture plc, IBM Corporation, Hewlett Packard Enterprise Company, Cisco Systems, Inc.

The Ministry of Science, Technology, and Innovation (Indonesia), Lawson, Inc. (Philippines), Universiti Sultan Zainal Abidin (Indonesia), TEK Automotive (Italy), etc.

Buyer's Guide

OPNsense vs. Sangfor NGAF

April 2025

Free Report: OPNsense vs. Sangfor NGAF

Find out what your peers are saying about OPNsense vs. Sangfor NGAF and other solutions. Updated: April 2025.

DOWNLOAD NOW

847,862 professionals have used our research since 2012.

See our OPNsense vs. Sangfor NGAF report.

See our list of best Firewalls vendors.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.