I use OPNsense primarily for network security. It involves basic firewall operations and GeoIP location functionalities. I've got multiple versions running, some on hardware purchased and some on VPSs.
Senior Network Engineer at a comms service provider with 11-50 employees
Enhancing network security with reliable firewall functionality and GeoIP features
Pros and Cons
- "OPNsense is very stable, easy to upgrade, and maintain."
- "OPNsense struggles to handle large volumes of voice traffic, indicating scalability issues in that specific use case."
What is our primary use case?
What is most valuable?
The most valuable features include the basic firewall functionality and the GeoIP location services. OPNsense is very stable, easy to upgrade, and maintain. I can work efficiently, knowing it does what it needs to do.
What needs improvement?
OPNsense should improve its performance in handling large volumes of voice traffic. It needs more support for Vigoroute and extensive VPN technologies. Enhancing its performance for significant amounts of data traffic would make it closer to a perfect solution.
For how long have I used the solution?
I've been working with OPNsense for about five years.
Buyer's Guide
OPNsense
December 2024
Learn what your peers think about OPNsense. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
What do I think about the stability of the solution?
I rate OPNsense's stability as very high. I would give it a nine out of ten. The only challenge faced was its inadequacy to manage large voice traffic effectively, even with dedicated hardware. It couldn't keep up with the packet per second for voice load, requiring a revert in our setup.
What do I think about the scalability of the solution?
OPNsense struggles to handle large volumes of voice traffic, indicating scalability issues in that specific use case.
How are customer service and support?
I haven't used technical support. I rely on forums and manage the setup independently.
Which solution did I use previously and why did I switch?
The only other similar product I can compare is FortiGate. Overall, I find OPNsense more user-friendly.
What's my experience with pricing, setup cost, and licensing?
I consider the pricing of OPNsense to be high when compared with other market products. However, as a free firewall product, it is one of the best available currently.
Which other solutions did I evaluate?
I only evaluated FortiGate alongside OPNsense, as they are the two offerings from my company.
What other advice do I have?
For small to medium businesses, I recommend OPNsense. I'd rate it eight point five out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Nov 26, 2024
Flag as inappropriateOwner at Networks srl
Provides good network intrusion detection and prevention
Pros and Cons
- "I mostly rely on the solution's network intrusion detection and prevention system, along with other systems, CMs, and log management."
- "SD-WAN (software-defined wide area network) is integrated into some restricted service providers for OPNSense."
What is most valuable?
I mostly rely on the solution's network intrusion detection and prevention system, along with other systems, CMs, and log management. We are currently satisfied with the solution's threat intelligence. It's a pretty much in-house developed solution because it's in a Wazuh server. We have several scripts around it, allowing us to improve our posture on threats.
What needs improvement?
SD-WAN (software-defined wide area network) is integrated into some restricted service providers for OPNSense.
I pretty much like the solution's APIs, but it's somehow limited. I would like the APIs to be more mature and more developed and have more options to automate threat hunting. Also, I would like to see more drill-down possibilities.
We have to rely on specific hardware for the in-depth analysis of NetFlow. Although we have an interface on OPNsense, it's not as easy to use on the security side as other solutions.
For how long have I used the solution?
I have been using OPNsense since 2016.
What do I think about the stability of the solution?
I rate the solution ten out of ten for stability.
What do I think about the scalability of the solution?
OPNsense is an extremely scalable solution. I played on one network with CARP, and I was pretty happy with what I achieved there.
Which solution did I use previously and why did I switch?
Before OPNsense, we worked with the Cisco ASA 5505 product for three years. Although it included the FirePOWER part, it was quite a poor experience.
What was our ROI?
OPNsense has helped reduce the speed of threat detection and containment from 50 minutes to 15 minutes.
Which other solutions did I evaluate?
I have quite a background in Berkeley Software Distribution (BSD) systems. I was looking into BSD, especially for the packet filter side. While evaluating, OPNsense was the most solid solution. I was also considering pfSense as my first option, but it is not so strong on the file system side.
What other advice do I have?
OPNsense is a strong and solid solution that is easy to interact with. I don't see much on the new generation of firewalls, and only a few solutions are available for OPNsense. OPNsense handles network traffic much faster during peak loads because it's on dedicated hardware. I would recommend OPNsense when no specific topic prevents me from recommending OpenSense.
Overall, I rate the solution an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Jul 30, 2024
Flag as inappropriateBuyer's Guide
OPNsense
December 2024
Learn what your peers think about OPNsense. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
Security Consultant at Bank Meli Exchange
Simple initial setup, reliable, and open source
Pros and Cons
- "OPNsense is highly stable."
- "The support for OPNsense is good because we have documents available on the internet. The support could improve a little."
What is our primary use case?
OPNsense can be deployed in the cloud and on-premises.
I have used OPNsense in many different types of companies, such as financial and metropolitan.
For how long have I used the solution?
I have been using OPNsense for approximately six years.
What do I think about the stability of the solution?
OPNsense is highly stable.
What do I think about the scalability of the solution?
The scalability of OPNsense is very good.
I have approximately 15 customer companies using this solution.
How are customer service and support?
The support for OPNsense is good because we have documents available on the internet. The support could improve a little.
I rate the support from OPNsense a four out of five.
How was the initial setup?
The initial setup of OPNsense is straightforward. It took us a while to deploy the solution.
I rate the initial setup of OPNsense a nine out often.
What about the implementation team?
I did the implementation of OPNsense in-house.
What's my experience with pricing, setup cost, and licensing?
OPNsense is an open-source solution and it does not require a license.
What other advice do I have?
I recommend this solution to others because in my country we have a limitation for buying any firewall.
I rate OPNsense a nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Network and Programming Specialist at Twentytwo Integration
A FreeBSD system that has a nice library of add-ons
Pros and Cons
- "The tool's integration is more like a button press."
- "pfSense has better performance and quicker updates."
What is most valuable?
The tool's integration is more like a button press.
What needs improvement?
pfSense has better performance and quicker updates.
For how long have I used the solution?
I have been working with the product for six months.
What do I think about the stability of the solution?
The tool is more stable than pfSense because it has the drivers for my network card, Realtek. I didn't know at the time because manufacturers sometimes don't advertise what network cards they come with. I bought a computer with Realtek, and pfSense says immediately, out of the box, that it doesn't work with Realtek cards. OPNsense is the same, but it does have a way of installing the Realtek drivers, which gives you a lot more stability overall on the system.
How are customer service and support?
I didn't contact the tool's technical team yet.
How was the initial setup?
The tool's deployment is easy. Apart from Cisco firewalls and Fortinet, if we talk about Untangle, pfSense, OPNsense, and so on, they are fairly quick to set up. It's not something you spend too much time on. It's a firewall, so you can spend months tweaking the system. If you know what you're doing, you can spend forever on logs, checking and tweaking the system because there's always a new update or feature coming up. Then you start playing with them, tweaking settings, checking logs, blocking or unblocking different things.
You can stay in that loop forever. But for a startup, the initial configuration is fairly easy and quick. It can be completed in 30 minutes.
What's my experience with pricing, setup cost, and licensing?
I've used the free version. My computer with two network cards at home allows me to try as many different software options as I want. I did pay for the license, but it was for the Zenarmor license, which is the packet inspection tool. They use AI for packet inspection, which integrates with OPNsense and pfSense.
What other advice do I have?
I'm not using OPNsense at the moment. I work with many different technologies and keep testing various setups. Currently, I've gone fully customized. I'm using a Linux server configured as my router and firewall, and I'm using Zenarmor for packet inspection.
This setup allowed me to easily configure SSL VPN and port forwarding for specific ports, which isn't as straightforward with other systems. I've tried several, including Untangle, pfSense, and OPNsense, but found them somewhat restrictive.
OpenSense is quite good. I like it. It has many services and is somewhat similar to the WatchGuard system. I honestly have no complaints; it was a very good experience. It's easy to set up, especially if you know what you're doing. It also offers a nice library of add-ons.
However, if you have appliances with Intel network cards, I would probably go for pfSense instead. Firmware updates and other updates come a bit faster, making it a more reliable service than OPNsense.
Everything that comes up on OPNsense appears first on pfSense. Some features are not yet available on OPNsense, and they haven't announced a release date. However, I'm confident they will eventually release these features, as they have previously done.
Ultimately, choosing between pfSense and OPNsense is more of a personal preference since they are very similar. Both are FreeBSD systems, operating in similar situations and offering comparable functionality.
Now, I'm just using a Linux server. I can monitor the system, reboot the card, install Apache, and redirect web servers within my home directly to the firewall. This eliminates the need for third-party boxes or other connected computers, allowing me to do everything in the same box. It gives me a lot more freedom.
That's the main reason I stopped using the other systems. I used OPNsense for about six months, which shows I've tried various solutions to find the best one. Despite all the good things I'm saying about OPNsense, I did stay with it longer than pfSense.
I traveled to China, so I used my home as my VPN instead of paying for one. They block VPN services in China, so I was using OpenVPN at home. OpenVPN is a known service, but it gets blocked there. The only way to do it was through SSL VPN, which worked fine. But, talking about OPNsense, everything was working fine. I had no problems. I just had to move away because I needed to use port 443 for something else on my web server, and I can't have a web server together with other stuff. It's a bit more complicated to configure because I use Nginx and Apache, too. You can install these tools on OPNsense, but I found it more complicated than just going onto the command line and doing it.
If you want to use something like OPNsense for FreeBSD, use pfSense instead. Unless, obviously, like me, the person in question has some hardware incompatibility with pfSense. Only then would I go for OPNsense. Because, I mean, they're the same systems, but pfSense is a bit better in terms of overall performance, and security updates come quicker and more often.
I rate the overall product an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Jun 13, 2024
Flag as inappropriateIT infrastructure manager at a tech services company with 51-200 employees
Has an excellent dashboard and provides good security
Pros and Cons
- "What I like the most about OPNsense is that it offers an easy-to-use dashboard for device management and control."
- "In terms of improvement, the performance could be enhanced."
What is our primary use case?
I use OPNsense for network security.
What is most valuable?
What I like the most about OPNsense is that it offers an easy-to-use dashboard for device management and control. It also provides good security.
What needs improvement?
In terms of improvement, the performance could be enhanced.
For how long have I used the solution?
I have been using OPNsense for a year.
What other advice do I have?
Overall, I would rate OPNsense as a ten out of ten. I would recommend it to others.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Apr 17, 2024
Flag as inappropriateIT Manager at Pride in Azure
Reliable and secure solution with community edition best-suited for small businesses and home networks
Pros and Cons
- "The most valuable feature is the Dual WAN in OPNSense, which offers advanced capabilities."
- "I would like better documentation concerning the provided packages and their integration."
What is most valuable?
The most valuable feature is the Dual WAN in OPNSense, which offers advanced capabilities. It has cost-effective communication options and the flexibility to deploy on your hardware. I like the security aspects, particularly through package managers. It allows for subscription-based enhancements, providing an additional layer of security to the network.
What needs improvement?
I would like better documentation concerning the provided packages and their integration. Improved guidance on package usage and integration beyond relying on external tutorials or community support would be beneficial. Additionally, having community support available for the free edition, which is suitable for home users, would be valuable.
For how long have I used the solution?
I have been using the solution for the past two months.
What do I think about the stability of the solution?
The solution is stable. I rate it an eight out of ten.
What do I think about the scalability of the solution?
In terms of scalability, I rate it around eight out of ten because it excels in handling various tasks. Beyond security features, it supports routing, VPN setups, and traffic monitoring with additional packages like Snort and Suricata. This flexibility allows for a wide range of functionalities. I have 200 users for the solution.
How was the initial setup?
The initial setup was straightforward for me. It took me approximately two days to set up the system initially. Subsequently, I began testing by progressively increasing the number of connections, deploying it through the unified features, and carefully monitoring specific ports while observing how it handles DHCP releases, IPs, and overall traffic. This process extended over about a week.
To begin the initial setup, you need to search for and download the ISO to initiate the process, followed by a two-step procedure. Afterwards, you proceed with command-line configurations, including setting up IP addresses. Once this initial phase is complete, navigation through the graphical user interface (GUI) becomes more straightforward. However, certain commands and configurations may still pose challenges. I rate it a seven out of ten.
What's my experience with pricing, setup cost, and licensing?
I would rate the pricing a nine out of ten, especially considering the availability of a free community edition. This makes it an excellent solution for small businesses, home use, or scenarios with around fifty connections or computers.
Which other solutions did I evaluate?
I have worked with MikroTik and Ubiquiti Networks EdgeRouter.
What other advice do I have?
I would recommend testing the solution. It’s good for security features. For the community version of the solution, I rate it an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Infrastructure and Enterprise Systems Director at Orascom Investment Holding
Provides network checking, firewall, and web filtering capabilities
Pros and Cons
- "One of the most valuable features is the network checking. Additionally, the firewall and web filtering functionalities are highly useful."
- "There are some add-ons that need enhancements to make management easier for users, especially the reporting features. Some reports don't show the level of detail I'm looking for, and I've had trouble installing certain add-ons, especially for Internet bandwidth shaping within my company."
What is our primary use case?
I'm using it as a proxy in several scenarios.
What is most valuable?
There are a lot of features I like. One of the most valuable features is the network checking. Additionally, the firewall and web filtering functionalities are highly useful.
What needs improvement?
There are some add-ons that need enhancements to make management easier for users, especially the reporting features. Some reports don't show the level of detail I'm looking for, and I've had trouble installing certain add-ons, especially for Internet bandwidth shaping within my company. So, this is an area of improvement for me.
For how long have I used the solution?
I have been using OPNsense for more than six years. I currently use the latest version.
What do I think about the stability of the solution?
I would rate stability a seven out of ten. I've encountered some instability after a recent update.
It just doesn't respond, so I have to restart it over and over again to try to figure out what the problem is. I haven't been able to find the problem yet.
What do I think about the scalability of the solution?
I would rate the scalability a nine out of ten. There is room for improvement.
In my organization, there are 400 users, and OPNsense serves as our gateway and proxy for all of them. Therefore, all the users go through the gateway.
How was the initial setup?
The initial setup is very easy. The installation just takes minutes, but setting up everything may take a couple of hours.
What's my experience with pricing, setup cost, and licensing?
It's reasonably priced. It's not expensive.
What other advice do I have?
Overall, I would rate the solution an eight out of ten. I just want to say that it's the best open-source firewall. Strongly recommended.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cloud Architect at infotek-software GmbH
Unbeatable pricing and easy to configure and use, but it can be configured only through the GUI, and the integration with Azure cloud is difficult
Pros and Cons
- "The IDS and IPS features are valuable. From the usability perspective, there is a lot of good documentation. As IT professionals, we found it very easy to configure the firewall. It was easy to configure and use."
- "We did not like the fact that you have to configure everything with the graphic user interface. We have used other firewalls, such as FortiGate, that you can configure via code. OPNsense is not easy to integrate. When you are deploying via GitHub or another source repository, this is not possible. That's one thing we didn't like much."
What is our primary use case?
We are using it for intrusion detection and prevention. The firewall comes with a lot of third-party modules, and we also use proxy functionalities.
In our company, we are using it as an appliance, but we are bringing companies to the cloud. We ourselves do not have an Azure layer, but we have got a contract from a customer to bring them to the cloud. So, we are installing it there and monitoring it, but it is not owned by our company. OPNsense is available on appliances, but we have made a special integration with Azure. There is a special mechanism in Azure to deploy firewalls, and we have installed three or four of them.
We always have the latest version on the firewalls. One should run the updates very frequently.
How has it helped my organization?
We are onboarding cloud solutions for customers. We are on Azure. Especially on Azure, when the customers start, they always have small environments. We were looking for the best firewall solution for small environments, not big environments. We needed a small firewall, and we came across OPNsense. For small customers, we will use OPNsense in the future due to cost reasons. These are small installations, and Azure Firewall is very expensive.
What is most valuable?
The IDS and IPS features are valuable. From the usability perspective, there is a lot of good documentation. As IT professionals, we found it very easy to configure the firewall. It was easy to configure and use.
What needs improvement?
The difficult part was the integration with Azure because OPNsense, in most cases, is not used on public clouds. It is on appliances that run on-prem.
We did not like the fact that you have to configure everything with the graphic user interface. We have used other firewalls, such as FortiGate, that you can configure via code. OPNsense is not easy to integrate. When you are deploying via GitHub or another source repository, this is not possible. That's one thing we didn't like much.
For how long have I used the solution?
Within our own company, we have been using it for three or four years as an appliance, and on Azure, we have been using it for three months.
What do I think about the stability of the solution?
We have run it for three months in production, and we haven't had any problems in three months.
What do I think about the scalability of the solution?
We run it as an NVA cluster with Azure, and it has good scalability, but when we have bigger deployments, we would use another firewall. I'm not sure if it makes sense to scale up. OPNsense has a very good niche market in comparison to FortiGate, Azure Firewall, or other firewalls. If a customer is starting in the cloud and has 100 or 200 users, I would always recommend OPNsense, but if you have a big installation, and you have a good DevOps team that deploys via source code and things like this, then I would not recommend it. So, the software itself may be scalable, but I wouldn't call it an enterprise-scale firewall.
In terms of people working with this solution, I'm an architect, and we've got two people for monitoring and setup. Its usage is increasing. It has not been that long since we started using OPNsense, and it fills a gap. Not everybody needs a full-scaled enterprise firewall. So, it will be a part of our business. We've found a niche there.
How are customer service and support?
We were in touch with Microsoft support for special networking considerations. The firewall itself was easy for us, and we had no need to reach out to tech support of OPNsense. The heavy part was the Azure part, and we are specialists there.
How was the initial setup?
OPNsense deploys it on the Azure marketplace. So, you can download it directly via the Azure marketplace. You do not have to be a partner. From our perspective, it's easy to configure and it's intuitive. We have a background with a lot of firewalls, and we were just looking for a small one.
We found that not many people have used it on Azure. The firewall itself is not bad, but the support around Azure in terms of documentation and the required infrastructure is not so good, but because we are Azure specialists, we found a very good solution. We would not recommend it for a beginner in Azure.
In terms of the implementation strategy, there is a cloud adaptation framework. There is a white paper from Microsoft containing best practices for deploying firewalls on Azure, and we had to provide a setup for this, which took some time because it was not easy. It took at least two weeks, but it was only a one-time job. After that, for each firewall, you only have to adapt the rules, which takes two days, but it also depends on the complexity of the infrastructure. If a customer has hundreds of endpoints, it takes longer for sure.
What's my experience with pricing, setup cost, and licensing?
Its pricing is unbeatable in comparison to other firewalls. You can have a small instance that could be €80 a month with the hardware underneath. Azure Firewall and FortiGate are out of the question at this price.
If you are on a public cloud, you need the underlying infrastructure. Other than that, there is no additional cost. If you have it on-prem, you have to buy the server or the appliance. The hardware cost is replaced with the infrastructure cost in the cloud. You also have costs for the public IPs and underlying VMs, but that's not related to OPNsense. It would be the same for a FortiGate deployment on Azure. You need a FortiGate license, and you need the underlying infrastructure that scales up depending on your needs.
What other advice do I have?
We use it on-prem, and we can recommend it for a standard, typical IT engineer with a networking background. We have had a good experience with it. It is good in terms of functionality and resource usage. It is easy, and we would recommend it, but for implementing it on the Azure cloud, you need good knowledge of Azure. When it comes to public clouds, you do not have your own hardware, and you need deep knowledge of the public cloud on which you are deploying it. It is a good solution if your installation is not too big. We would recommend it for small customers or companies that are starting in the cloud.
I would rate it a seven out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Download our free OPNsense Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
FirewallsPopular Comparisons
Fortinet FortiGate
Netgate pfSense
Cisco Secure Firewall
Sophos XG
Palo Alto Networks NG Firewalls
Azure Firewall
Check Point NGFW
WatchGuard Firebox
SonicWall TZ
Juniper SRX Series Firewall
Untangle NG Firewall
Fortinet FortiGate-VM
SonicWall NSa
Sophos XGS
Fortinet FortiOS
Buyer's Guide
Download our free OPNsense Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the difference between PfSense and OPNsense?
- Can you recommend any good documentation on OPNsense NGINX plug-in (WAF rules)?
- Why is pfSense's firewall better than OPNsense's?
- What do you recommend for a corporate firewall implementation?
- Comparison of Barracuda F800, SonicWall 5600 and Fortinet
- Sophos XG 210 vs Fortigate FG 100E
- Which is the best network firewall for a small retailer?
- When evaluating Firewalls, what aspect do you think is the most important to look for?
- Cyberoam or Fortinet?
- Fortinet, Palo Alto or Check Point?