I mostly rely on the solution's network intrusion detection and prevention system, along with other systems, CMs, and log management. We are currently satisfied with the solution's threat intelligence. It's a pretty much in-house developed solution because it's in a Wazuh server. We have several scripts around it, allowing us to improve our posture on threats.
Owner at Networks srl
Provides good network intrusion detection and prevention
Pros and Cons
- "I mostly rely on the solution's network intrusion detection and prevention system, along with other systems, CMs, and log management."
- "SD-WAN (software-defined wide area network) is integrated into some restricted service providers for OPNSense."
What is most valuable?
What needs improvement?
SD-WAN (software-defined wide area network) is integrated into some restricted service providers for OPNSense.
I pretty much like the solution's APIs, but it's somehow limited. I would like the APIs to be more mature and more developed and have more options to automate threat hunting. Also, I would like to see more drill-down possibilities.
We have to rely on specific hardware for the in-depth analysis of NetFlow. Although we have an interface on OPNsense, it's not as easy to use on the security side as other solutions.
For how long have I used the solution?
I have been using OPNsense since 2016.
What do I think about the stability of the solution?
I rate the solution ten out of ten for stability.
Buyer's Guide
OPNsense
March 2025

Learn what your peers think about OPNsense. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
What do I think about the scalability of the solution?
OPNsense is an extremely scalable solution. I played on one network with CARP, and I was pretty happy with what I achieved there.
Which solution did I use previously and why did I switch?
Before OPNsense, we worked with the Cisco ASA 5505 product for three years. Although it included the FirePOWER part, it was quite a poor experience.
What was our ROI?
OPNsense has helped reduce the speed of threat detection and containment from 50 minutes to 15 minutes.
Which other solutions did I evaluate?
I have quite a background in Berkeley Software Distribution (BSD) systems. I was looking into BSD, especially for the packet filter side. While evaluating, OPNsense was the most solid solution. I was also considering pfSense as my first option, but it is not so strong on the file system side.
What other advice do I have?
OPNsense is a strong and solid solution that is easy to interact with. I don't see much on the new generation of firewalls, and only a few solutions are available for OPNsense. OPNsense handles network traffic much faster during peak loads because it's on dedicated hardware. I would recommend OPNsense when no specific topic prevents me from recommending OpenSense.
Overall, I rate the solution an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Jul 30, 2024
Flag as inappropriate
IT Infrastructure and Enterprise Systems Director at Orascom Investment Holding
Provides network checking, firewall, and web filtering capabilities
Pros and Cons
- "One of the most valuable features is the network checking. Additionally, the firewall and web filtering functionalities are highly useful."
- "There are some add-ons that need enhancements to make management easier for users, especially the reporting features. Some reports don't show the level of detail I'm looking for, and I've had trouble installing certain add-ons, especially for Internet bandwidth shaping within my company."
What is our primary use case?
I'm using it as a proxy in several scenarios.
What is most valuable?
There are a lot of features I like. One of the most valuable features is the network checking. Additionally, the firewall and web filtering functionalities are highly useful.
What needs improvement?
There are some add-ons that need enhancements to make management easier for users, especially the reporting features. Some reports don't show the level of detail I'm looking for, and I've had trouble installing certain add-ons, especially for Internet bandwidth shaping within my company. So, this is an area of improvement for me.
For how long have I used the solution?
I have been using OPNsense for more than six years. I currently use the latest version.
What do I think about the stability of the solution?
I would rate stability a seven out of ten. I've encountered some instability after a recent update.
It just doesn't respond, so I have to restart it over and over again to try to figure out what the problem is. I haven't been able to find the problem yet.
What do I think about the scalability of the solution?
I would rate the scalability a nine out of ten. There is room for improvement.
In my organization, there are 400 users, and OPNsense serves as our gateway and proxy for all of them. Therefore, all the users go through the gateway.
How was the initial setup?
The initial setup is very easy. The installation just takes minutes, but setting up everything may take a couple of hours.
What's my experience with pricing, setup cost, and licensing?
It's reasonably priced. It's not expensive.
What other advice do I have?
Overall, I would rate the solution an eight out of ten. I just want to say that it's the best open-source firewall. Strongly recommended.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
OPNsense
March 2025

Learn what your peers think about OPNsense. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
Machine designer at La Poste
An open-source firewall that works very well and gets updated every month
Pros and Cons
- "It has an open license. It works very well, and there is an update every month."
- "Its interface should be a little bit better."
What is our primary use case?
I use it for firewall purposes and OpenVPN. Another use is to protect the servers inside my company.
I am using its latest version. It is deployed on my own server.
What is most valuable?
It has an open license. It works very well, and there is an update every month.
What needs improvement?
Its interface should be a little bit better.
For how long have I used the solution?
I have been using this solution for three years.
What do I think about the stability of the solution?
It is stable. A month ago, I had an issue for two weeks, but other than that, it has been stable.
What do I think about the scalability of the solution?
I don't need scalability. It is a small company. It is a small network. I just need a small firewall at the entrance of the network. I don't need to expand it.
In terms of its users, it is the firewall to protect the company, and I am the only one to touch this product.
How are customer service and support?
I have never contacted their support.
Which solution did I use previously and why did I switch?
I used another one a long time ago. I don't remember the name. I went for this because it has an open license and a lot of people use it. I don't remember why, but I prefer this one over pfSense.
How was the initial setup?
It is not so difficult to set up. You need to know the minimum things. I do it myself, and I am not an IT person. It is not my job.
What's my experience with pricing, setup cost, and licensing?
It is open source and free.
What other advice do I have?
I can recommend this product but only to people who are able to use it. It is not for everybody. You need to know how to manage it.
I would rate it a 10 out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Project Manager at CC GmbH
Has valuable VPN capabilities, but the scalability needs improvement
Pros and Cons
- "It has firewall and VPN capabilities, which are very valuable features."
- "The scalability needs improvement."
What is our primary use case?
It is a firewall.
How has it helped my organization?
The VPN has helped us a lot.
What is most valuable?
It has firewall and VPN capabilities, which are very valuable features.
What needs improvement?
The scalability needs improvement.
For how long have I used the solution?
I have been working with OPNsense for the past five years.
What do I think about the stability of the solution?
I would rate the stability a six out of ten because we've encountered issues with OPNsense when establishing a side-to-side VPN using IPSec.
What do I think about the scalability of the solution?
I would rate the scalability a five out of ten.
Which solution did I use previously and why did I switch?
The configuration and access VPN functionality in OPNsense are satisfactory and work well. Currently, I prefer using Azure Firewall for my firewall needs, even though it might not be the absolute best option. My preference is due to a lack of experience with other Windows-based solutions.
How was the initial setup?
The deployment process takes almost an hour. The installation process involves several steps. First, you need to install the software. Then, configure the interfaces as needed. After that, establish the necessary rules for the software to function correctly. Finally, configure the VPN settings to ensure secure communication. I rate the solution a seven out of ten.
What's my experience with pricing, setup cost, and licensing?
I would rate the pricing a three out of ten.
What other advice do I have?
It's easy to configure, and it's good. I rate it a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Founder - Director (Technology Business) at a tech services company with 1-10 employees
There are lots of capabilities built-in: Few would be High Availability, Proxy, DNS, Intrusion detection/prevention, content filtering, traffic and bandwidth management with 2factor autn.
Pros and Cons
- "We have been operating here in our lab for several months, and everything appears to be extremely stable."
- "I think the most important thing is that it should be easily accessible, but currently, that doesn't seem to be the case. We need a hardware platform that's based on common standards and open computing principles, which would be like a commodity and benefit us greatly."
What is our primary use case?
We started working with a tier-four data center cloud service provider company, and we wish to develop our cloud instance/VM hosted.
We use OPNsense for content filtering, securing networks through DNSs and overcoming the challenges of ransomware, and securing different types of malware-virus attacks.
This is causing a lot of issues because we are focusing more and more on securing our customers' data.
It includes backup, recovery, archival, and now coming up with securing cloud instances/VMs. It is really essential for us.
Example: a firewall as a service can be provided to those who mainly work from home or Soho, Freelancers - clients.
How has it helped my organization?
OpNsense has given the most fundamental security service/support to our clients in an unstructured world like freelancers, consultants, soho users, etc. That is based on NIST guidelines, so, overall basic security postures are in place.
What is most valuable?
The most valuable features are content filtering, DNS level filtering and blocking unwanted Global IPs, built-in scanners and authentication capabilities, HA, etc.
What needs improvement?
I think that the most important aspect is a step-by-step run-book for its installation and deployment on small as well as on commodity hardware. Plus, clubbing the services into several (pre-configured) modules, detailing a BASIC, STANDARD, RATIONALIZED, and DYNAMIC (Enterprise ready) modules, and then custom configurable module, in that case even novice users can configure and start experiencing its benefits. On the same, documentation should be developed keeping the above five modules in mind.
The initial installation menu should clearly identify the existing IP class/subnet and suggest its challenges and benefits in configuration, and the respective error log should be shown on a screen on the same panel. They should also provide "modules" wise installation video links and their changes with previous versions for reference.
Our primary focus is to ensure the protection of customers' and consumers' data and critical IT/Dynamic infrastructure, for the same we have to do critical tunings, though, we practiced it in such a way that we have developed a habit of tuning things using a checklist based on clients "Mutual Value Discussions" (assessment session).
Added capabilities of add-ons/filters/extensions and its tunable help us detecting and alerting clients in sensitive environments when a malicious URL is detected in the traffic (e.g. messaging services/emails and/or other communications on the fly). This additional layer of protection helps in further safeguarding user data and preventing potentially damaging malware from being transmitted within the LAN environment.
For how long have I used the solution?
We started using OPNsense in the last three or four years. Now they are pretty mature.
When we demonstrated this software and the firewall, the main thing is the customer's confidence.
If I remember correctly, it was 19.x version.
What do I think about the stability of the solution?
We have been operating here in our lab for several months, and everything appears to be extremely stable.
We also attempted a different method of providing the load factor, adjusting the various parameters, cross-checking the network jitters, detected security threats or not by other third-party software/hardware equivalents. It appears to be rather reliable, though, with the stated data points above, it is not yet ready for the enterprise yet.
What do I think about the scalability of the solution?
Most of the BSD/FreeBAS or Linux-based software-defined firewalls support vertical and horizontal scaling 'scaling out and scaling up'(this all depends on how it has been architecture) based on the requirements.
Keeping Technology and Architecture governance with the leading practice of security, availability, and scalability as critical elements in mind. Few stated features make these products scalable and highly available, though, based on load and constant monitoring would require tuning from time to time.
How are customer service and support?
To date, we managed to support clients ourselves and whenever we received feedback we come to know that support cost is very high, it is not as local as we are, for small soho, WFH, freelancers, and young startups they prefer locally available partners and hence they are not even interested in talking on those factors.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
A few years back, cybersecurity was not a problem for small and micro businesses, but since 2019 or so, that has seen a massive uphill, then, we were using built-in features of different types of OS-level firewalls with basic filtering, blocking the ports, orchestrating based on local FQDN based filtering, NATing, few BIND/DNS based filtering, implementing proxy's like Squid, etc. Best since these techniques are not good for business, we have to find other methodologies to protect clients' environments. Till recently, we also tried using Hardware firewalls, which most of our clients did not like because of known/unknown reasons.
How was the initial setup?
A few years back when we first began using it, we were unable to find a proper document detailing different network scenarios for IP allocations for 2NIC cards. We went through aggressive discussion, reading blogs, and setting-up labs we started getting the knack for all possible configurable elements and started running several tests, packet forwarding, bombarding networks in the most ethical way possible, and verifying results. e.g. We created two separate networks, with WAN and LAN networks assigned to different classes. The menu-driven setup process is relatively easy, but you must know which IP address to define in the router, WAN section, and LAN sections. If this is clearly explained, the basic and fundamental aspects of your network will be in place, allowing you to set it up quickly.
Then we recommend clients purchase easily available commodity hardware-based motherboards with two NIC/Ethernet cards built-in, it simplified our tasks and so on.
What about the implementation team?
We took some help from our old industry connections, and systems integrators, and later our lab practices and tests started solving most of the issues.
What was our ROI?
It is now organic, and growing (hope to improve better - though accidents do happen, e.g, COVID, Share market / Financial institution meltdown, the war between nations, and now CyberWarFare picked up!) these are the few key factors which disturb the business one way or other.
What's my experience with pricing, setup cost, and licensing?
The best is to read through the terms and conditions, and fine-prints, and to spend time identifying support and operational cost, most of these elements are covered on the website, etc.
Which other solutions did I evaluate?
What other advice do I have?
We made an attempt, but it appears that forming a partnership would not be done as the other party is requesting a significant amount of money, which we find to be very expensive to start with.
We are exploring the possibility of locating a domestic partner who has a partnership with either PfSense or OPNsense to partner with.
Subsequently, if we are successful in finding a suitable domestic partner, they would be able to offer these services to us.
While this software is certainly capable of getting used by masses, it is important to have the pragmatic knowledge to support and operate the system effectively and keep key parameters monitored for new cyber challenges.
It is crucial to have a clear understanding of exactly what you are looking to accomplish and to have access to the necessary data in order to effectively configure and use the system.
pfsense - Software-defined firewalls have been around for a while. Whereas, OPNsense came later into business.
I would rate OPNsense a seven out of ten.
Which deployment model are you using for this solution?
On-premises
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network and Programming Specialist at Twentytwo Integration
A FreeBSD system that has a nice library of add-ons
Pros and Cons
- "The tool's integration is more like a button press."
- "pfSense has better performance and quicker updates."
What is most valuable?
The tool's integration is more like a button press.
What needs improvement?
pfSense has better performance and quicker updates.
For how long have I used the solution?
I have been working with the product for six months.
What do I think about the stability of the solution?
The tool is more stable than pfSense because it has the drivers for my network card, Realtek. I didn't know at the time because manufacturers sometimes don't advertise what network cards they come with. I bought a computer with Realtek, and pfSense says immediately, out of the box, that it doesn't work with Realtek cards. OPNsense is the same, but it does have a way of installing the Realtek drivers, which gives you a lot more stability overall on the system.
How are customer service and support?
I didn't contact the tool's technical team yet.
How was the initial setup?
The tool's deployment is easy. Apart from Cisco firewalls and Fortinet, if we talk about Untangle, pfSense, OPNsense, and so on, they are fairly quick to set up. It's not something you spend too much time on. It's a firewall, so you can spend months tweaking the system. If you know what you're doing, you can spend forever on logs, checking and tweaking the system because there's always a new update or feature coming up. Then you start playing with them, tweaking settings, checking logs, blocking or unblocking different things.
You can stay in that loop forever. But for a startup, the initial configuration is fairly easy and quick. It can be completed in 30 minutes.
What's my experience with pricing, setup cost, and licensing?
I've used the free version. My computer with two network cards at home allows me to try as many different software options as I want. I did pay for the license, but it was for the Zenarmor license, which is the packet inspection tool. They use AI for packet inspection, which integrates with OPNsense and pfSense.
What other advice do I have?
I'm not using OPNsense at the moment. I work with many different technologies and keep testing various setups. Currently, I've gone fully customized. I'm using a Linux server configured as my router and firewall, and I'm using Zenarmor for packet inspection.
This setup allowed me to easily configure SSL VPN and port forwarding for specific ports, which isn't as straightforward with other systems. I've tried several, including Untangle, pfSense, and OPNsense, but found them somewhat restrictive.
OpenSense is quite good. I like it. It has many services and is somewhat similar to the WatchGuard system. I honestly have no complaints; it was a very good experience. It's easy to set up, especially if you know what you're doing. It also offers a nice library of add-ons.
However, if you have appliances with Intel network cards, I would probably go for pfSense instead. Firmware updates and other updates come a bit faster, making it a more reliable service than OPNsense.
Everything that comes up on OPNsense appears first on pfSense. Some features are not yet available on OPNsense, and they haven't announced a release date. However, I'm confident they will eventually release these features, as they have previously done.
Ultimately, choosing between pfSense and OPNsense is more of a personal preference since they are very similar. Both are FreeBSD systems, operating in similar situations and offering comparable functionality.
Now, I'm just using a Linux server. I can monitor the system, reboot the card, install Apache, and redirect web servers within my home directly to the firewall. This eliminates the need for third-party boxes or other connected computers, allowing me to do everything in the same box. It gives me a lot more freedom.
That's the main reason I stopped using the other systems. I used OPNsense for about six months, which shows I've tried various solutions to find the best one. Despite all the good things I'm saying about OPNsense, I did stay with it longer than pfSense.
I traveled to China, so I used my home as my VPN instead of paying for one. They block VPN services in China, so I was using OpenVPN at home. OpenVPN is a known service, but it gets blocked there. The only way to do it was through SSL VPN, which worked fine. But, talking about OPNsense, everything was working fine. I had no problems. I just had to move away because I needed to use port 443 for something else on my web server, and I can't have a web server together with other stuff. It's a bit more complicated to configure because I use Nginx and Apache, too. You can install these tools on OPNsense, but I found it more complicated than just going onto the command line and doing it.
If you want to use something like OPNsense for FreeBSD, use pfSense instead. Unless, obviously, like me, the person in question has some hardware incompatibility with pfSense. Only then would I go for OPNsense. Because, I mean, they're the same systems, but pfSense is a bit better in terms of overall performance, and security updates come quicker and more often.
I rate the overall product an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Network Architect at Virtua Technologies
Cost-effective with good reporting and firewall capabilities, but the SD-WAN needs to be enhanced
Pros and Cons
- "The most valuable features are reporting, the Sensei plugin, and firewall capabilities."
- "I would like to see better SD-WAN performance."
What is our primary use case?
I am currently working with OPNsense to see if I can learn it. This product is used in small to medium-sized businesses for security, UTM, and other similar operations. We are a solution provider and this is one of the security solutions that we implement for our clients.
How has it helped my organization?
Offering this solution has provided some of our clients with firewall protection and UTM, which basically just protects them from the internet.
What is most valuable?
The most valuable features are reporting, the Sensei plugin, and firewall capabilities.
What needs improvement?
The vendor should offer compatibility-approved boxes, or at least stock one with OPNsense already installed. This would make it a one-stop-shop, and people would not have to worry about sourcing the hardware separately.
I would like to see better SD-WAN performance. I think that could be a very good bonus because SD-WAN is all the rage these days. That is probably the big thing that people need to improve upon, in terms of combining two, three, or four links.
The interface should continue to improve, which would make things a bit easier. For me, it was already easy, but nonetheless, it is quicker to install a FortiGate firewall.
For how long have I used the solution?
I have been working with OPNsense for approximately one year.
What do I think about the stability of the solution?
This is a very stable product and I've had no issues with it.
What do I think about the scalability of the solution?
This product is very scalable. I always buy hardware that can handle a lot of connections and a lot of users. So, in terms of scalability, all you have to do is upgrade your hardware. Or, it is especially scalable if you use the VM version because you only have to provision more resources.
We regularly have between 20 and 50 users, although sometimes it is as little as 5 or 10.
How are customer service and technical support?
I have not been in contact with technical support. So far, everything has been good because I just use Google to find all of the answers and all of my solutions.
Which solution did I use previously and why did I switch?
I primarily work with FortiGate, but I am currently dabbling in OPNSense to see if I can learn it. I've also installed Cisco in the past, as well as Sophos.
FortiGate is a better firewall but that is commercial software that you have to buy a license for. OPNsense is suitable for small to medium-sized businesses. FortiGate is definitely quicker to install because you just buy the appliance. It's also more user-friendly.
If you dabble a bit with OPNsense, it can do about 90% of what FortiGate can do, but FortiGate is more user-friendly. Of course, with OPNsense being open-source, it will always beat FortiGate on price.
I think that with FortiGate, it is easier to log a support call. I haven't really needed technical support for OPNsense, but I know that FortiGate has the score logging facility, whereby you can just quickly log a call. There's also support in South Africa and I know company people that I can just call for help with FortiGate. But with OPNsense, I haven't really had a complicated setup, so for me, it has been okay and it hasn't been an issue.
The SD-WAN is also better on FortiGate. I think that they are heavily focused on security, so they might have better application profiles and other things, such as application threat detections.
Although about 80% of our clients ask for FortiGate, some of our clients ask for Sophos instead. For example, there are some banks and commercial institutions that ask for Sophos.
How was the initial setup?
The initial setup is straightforward and quite simplified. I work in a Linux environment so for me, it will be a bit easier.
What's my experience with pricing, setup cost, and licensing?
OPNsense is an open-source solution and it is free to use. You need only purchase the hardware.
What other advice do I have?
The suitability of this product often depends on the size of the company, although sometimes there are clients that just want FortiGate and they're not open for negotiation. Personally, I like open-source and it's always a bonus if I can get stuff for free.
I would rate this solution a seven out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Cloud Projects Director at France Compétences
An easy-to-use and open source solution that helps secure our network
Pros and Cons
- "OPNsense is easy to use and open source."
- "The user interface could be improved, and the DNS section should be more intuitive."
What is our primary use case?
We use the solution to secure our network and kid’s Internet usage. Since COVID-19, remote work has become relatively standard.
What is most valuable?
OPNsense is easy to use and open source. When the setup is complete, you can forget about the software itself. You can check the logs occasionally and set up some automatic reporting.
What needs improvement?
The user interface could be improved, and the DNS section should be more intuitive.
For how long have I used the solution?
I have been using OPNsense for a few days. We use the updated version of the solution.
What do I think about the stability of the solution?
I rate the solution’s stability a ten out of ten.
What do I think about the scalability of the solution?
I rate the solution’s scalability a nine out of ten.
Which solution did I use previously and why did I switch?
I’ve used pfSense and openWRT before.
How was the initial setup?
The initial setup is straightforward. Being an engineer myself, I have no issues with systems on networks. The installation took around two hours to complete. When you download a system, it takes time. I’ve also installed one package named Zenarmor.
What other advice do I have?
Overall, I rate the solution a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free OPNsense Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Product Categories
FirewallsPopular Comparisons
Fortinet FortiGate
Netgate pfSense
Sophos XG
Cisco Secure Firewall
Palo Alto Networks NG Firewalls
Check Point NGFW
Azure Firewall
WatchGuard Firebox
SonicWall TZ
Juniper SRX Series Firewall
Fortinet FortiGate-VM
SonicWall NSa
Sophos XGS
Untangle NG Firewall
Fortinet FortiOS
Buyer's Guide
Download our free OPNsense Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the difference between PfSense and OPNsense?
- Can you recommend any good documentation on OPNsense NGINX plug-in (WAF rules)?
- Why is pfSense's firewall better than OPNsense's?
- What do you recommend for a corporate firewall implementation?
- Comparison of Barracuda F800, SonicWall 5600 and Fortinet
- Sophos XG 210 vs Fortigate FG 100E
- Which is the best network firewall for a small retailer?
- When evaluating Firewalls, what aspect do you think is the most important to look for?
- Cyberoam or Fortinet?
- Fortinet, Palo Alto or Check Point?