Try our new research platform with insights from 80,000+ expert users
Consultant at INCONSYS GmbH
Reseller
Has good performance but I want to see a friendlier user interface
Pros and Cons
  • "The feature I find most valuable, is that the program helped me to realize all the requested functionality that was needed."

    What is our primary use case?

    Our primary use case of this solution is for VPN connections. We are currently supporting an SAP company, which has many customers, and most customers need a site-to-site active set connection for maintaining the SAP systems. We currently have round about 200 VPNs.

    What is most valuable?

    The feature I find most valuable is that the program helped me to realize all the requested functionality that was needed:

    - IPsec VPN connections to remote gateways from various Vendors

    - IPsec VPN connections with SNAT (our local network in use at remote site)

    - IPsec connections with DNAT (remote network in use at our local site)

    - Let's Encrypt certificate for WebGUI

    - SSH Access by Putty to the device

    What needs improvement?

    Something that needs to improve is the translation. This comes into play when you have a remote and a local site and you have to work with two different transfer networks for each direction. What I'm missing is user portal for downloading the configurations for SSL VPN clients. It's still not implemented so it seems that this product is still in a developing process. 

    Sometimes it's a little difficult to find some examples for special scenarios. But we have to keep trying and I believe it is possible. It's quite a suitable possibility to use it for VPN connections.

    The monitoring is a little complicated and I have tried to use a plug-in, but it's quite complicated to configure. I had to write my own script.

    With the VPN solutions, it is possible  to cover up all the scenarios which we have. For instance, if you have a customer and your local network is already in use, you have to work with source nat. It is possible and it works. Another issue that customers sometimes have Networks, which are already in use on out local site. It means you have to work with a destination nat but it is possible to create. 

    I would, therefore, like to see the monitoring of the firewall being easier to configure, or to have more templates for this so that you can download the configurations for each scenario and get more detailed descriptions like how all the available plug-ins are performing.

    What do I think about the stability of the solution?

    I am currently running it on Hyper-V and so far I have had no problems. It is currently stable enough.

    Buyer's Guide
    OPNsense
    December 2024
    Learn what your peers think about OPNsense. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
    824,053 professionals have used our research since 2012.

    What do I think about the scalability of the solution?

    We have 250 people in our company using this program who are able to run the SAP systems with side-to-side connections between the company and the customers. We have six people for deployment and maintenance. I am responsible for the networking. 

    How are customer service and support?

    There is no technical team in the Netherlands, but so far I fixed my own issues by reading up on the internet.

    Which solution did I use previously and why did I switch?

    We are using several VPN gateways. We are using our primary solutions in our company, making all the IT for the complete caller group. The caller group has around about 1,600 people in 10 companies. They are part of this group. We have one, main office and several branch offices.

    We are using Juniper SSG Firewalls for Site2Site IPsec connections to customers and this Equipment is working really good. Unfortunately this devices will be running out og supprot soon, so we have to look for some alternatives.

    The central equipment we use is Sophos UTM/SG and Sophos XG configured as high availability. The branch offices are connected by Sophos RED and we mainly use Sophos RED 50 with the AP 55 access points configured as WPA2 Enterprise. For central management, everything is managed in the main office. We are using SMTP proxy with anti-span and anti-virus on SG solutions. This is the only one that doesn't work because we have a problem in that our exchange users are too many, and there are too many accounts - this fact caused the Appache runnig out of ressources.

    An example would be if you have one workstation with two smartphones, and each person has maybe three or four sessions opened on the exchange. If you have 1,400 accounts, you can reach 8,000 sessions. If the Appache message scoreboard is full is comming up, no further users can connect. We have contacted Sophos support to solve this but they were not able to do this - the only effect was a correction of the sizing guide from Sophos. 

    How was the initial setup?

    The setup was straightforward and the only mistake you can make is not to log in at the installer during the setup. I made this mistake once and configured a lot of features. After doing this I could not save the configurations on a disc. Generally, it was quite easy to install and to configure. 

    The initial deployment took about two hours but figuring out how it works in detail and to run a roundabout took two or three days. 

    What's my experience with pricing, setup cost, and licensing?

    There are no licensing costs for OPNsense.

    Which other solutions did I evaluate?

    We had to evaluate other solutions because our primary solution was Juniper SRX, but we were not happy with the features. So we had no other choice and we were forced to look for something else. We use the Sophos XG firewall because we can configure it directly from Azure

    We found the OPNsense solution interesting because there are no costs. In Azure, you only pay for the virtual machine. 

    What other advice do I have?

    My advice would be to compare all the solutions because they all offer something different. Find out what's available and get a feeling for the product and look at the configurations on the firewall. 

    In the next version, I would like a friendlier user interface where the users can look at and download the configurations for the OPNsense clients.

    My rating for this solution is a seven out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
    PeerSpot user
    Anwar Sleem - PeerSpot reviewer
    Regional Director at Ceitcon
    Real User
    Top 10
    A simple and free solution requiring no maintenance while providing stability to its users
    Pros and Cons
    • "I feel that its valuable features are that it is simple and free."
    • "The interface of the solution is an area with shortcomings."

    What is our primary use case?

    We use OPNsense in our company to secure our servers.

    What is most valuable?

    To be honest with you, I feel that its valuable features are that it is simple and free.

    What needs improvement?

    The interface of the solution is an area with shortcomings. The interface of the solution could be made better.

    The user experience when we create policies can be made easier. Also, maybe some features should be added to the cloud.

    For how long have I used the solution?

    I have been using OPNsense for around six years. Also, I don't remember the version of the solution I am using.

    What do I think about the stability of the solution?

    Stability-wise, I rate the solution a ten out of ten.

    What do I think about the scalability of the solution?

    We have 25 users who are all technical people using OPNsense in my organization.

    Scalability-wise, I rate the solution a seven out of ten.

    Which solution did I use previously and why did I switch?

    As technical people, we have used many solutions previously for our company and customers. For customers, we have used Fortinet, Palo Alto, and others.

    I didn't switch from Palo Alto to OPNsense. I use OPNsense because Palo Alto is used for enterprises. For me, I prefer open-source products. It's more flexible for us.

    How was the initial setup?

    I believe the setup phase was a fusion of straightforwardness and complexity. It's not complicated, so it's fine.

    It's deployed on-premises because we put it on our server, and it is hosted in Germany.

    What's my experience with pricing, setup cost, and licensing?

    It's a free solution.

    What other advice do I have?

    The solution requires no maintenance.

    I would recommend OPNsense to others.

    Overall, I rate the solution between seven to eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    OPNsense
    December 2024
    Learn what your peers think about OPNsense. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
    824,053 professionals have used our research since 2012.
    Raj Ashish - PeerSpot reviewer
    Founder - Director (Technology Business) at a tech services company with 1-10 employees
    Real User
    Top 5
    There are lots of capabilities built-in: Few would be High Availability, Proxy, DNS, Intrusion detection/prevention, content filtering, traffic and bandwidth management with 2factor autn.
    Pros and Cons
    • "We have been operating here in our lab for several months, and everything appears to be extremely stable."
    • "I think the most important thing is that it should be easily accessible, but currently, that doesn't seem to be the case. We need a hardware platform that's based on common standards and open computing principles, which would be like a commodity and benefit us greatly."

    What is our primary use case?

    We started working with a tier-four data center cloud service provider company, and we wish to develop our cloud instance/VM hosted.

    We use OPNsense for content filtering, securing networks through DNSs and overcoming the challenges of ransomware, and securing different types of malware-virus attacks.

    This is causing a lot of issues because we are focusing more and more on securing our customers' data.

    It includes backup, recovery, archival, and now coming up with securing cloud instances/VMs. It is really essential for us.

    Example: a firewall as a service can be provided to those who mainly work from home or Soho, Freelancers - clients.

    How has it helped my organization?

    OpNsense has given the most fundamental security service/support to our clients in an unstructured world like freelancers, consultants, soho users, etc. That is based on NIST guidelines, so, overall basic security postures are in place.

    What is most valuable?

    The most valuable features are content filtering, DNS level filtering and blocking unwanted Global IPs, built-in scanners and authentication capabilities, HA, etc.

    What needs improvement?

    I think that the most important aspect is a step-by-step run-book for its installation and deployment on small as well as on commodity hardware. Plus, clubbing the services into several (pre-configured) modules, detailing a BASIC, STANDARD, RATIONALIZED, and DYNAMIC (Enterprise ready) modules, and then custom configurable module, in that case even novice users can configure and start experiencing its benefits. On the same, documentation should be developed keeping the above five modules in mind.

    The initial installation menu should clearly identify the existing IP class/subnet and suggest its challenges and benefits in configuration, and the respective error log should be shown on a screen on the same panel. They should also provide "modules" wise installation video links and their changes with previous versions for reference.

    Our primary focus is to ensure the protection of customers' and consumers' data and critical IT/Dynamic infrastructure, for the same we have to do critical tunings, though, we practiced it in such a way that we have developed a habit of tuning things using a checklist based on clients "Mutual Value Discussions" (assessment session).

    Added capabilities of add-ons/filters/extensions and its tunable help us detecting and alerting clients in sensitive environments when a malicious URL is detected in the traffic (e.g. messaging services/emails and/or other communications on the fly). This additional layer of protection helps in further safeguarding user data and preventing potentially damaging malware from being transmitted within the LAN environment.

    For how long have I used the solution?

    We started using OPNsense in the last three or four years. Now they are pretty mature.

    When we demonstrated this software and the firewall, the main thing is the customer's confidence.

    If I remember correctly, it was 19.x version.

    What do I think about the stability of the solution?

    We have been operating here in our lab for several months, and everything appears to be extremely stable.

    We also attempted a different method of providing the load factor, adjusting the various parameters, cross-checking the network jitters, detected security threats or not by other third-party software/hardware equivalents. It appears to be rather reliable, though, with the stated data points above, it is not yet ready for the enterprise yet.

    What do I think about the scalability of the solution?

    Most of the BSD/FreeBAS or Linux-based software-defined firewalls support vertical and horizontal scaling 'scaling out and scaling up'(this all depends on how it has been architecture) based on the requirements.

    Keeping Technology and Architecture governance with the leading practice of security, availability, and scalability as critical elements in mind. Few stated features make these products scalable and highly available, though, based on load and constant monitoring would require tuning from time to time.

    How are customer service and support?

    To date, we managed to support clients ourselves and whenever we received feedback we come to know that support cost is very high, it is not as local as we are, for small soho, WFH, freelancers, and young startups they prefer locally available partners and hence they are not even interested in talking on those factors.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    A few years back, cybersecurity was not a problem for small and micro businesses, but since 2019 or so, that has seen a massive uphill, then, we were using built-in features of different types of OS-level firewalls with basic filtering, blocking the ports, orchestrating based on local FQDN based filtering, NATing, few BIND/DNS based filtering, implementing proxy's like Squid, etc. Best since these techniques are not good for business, we have to find other methodologies to protect clients' environments. Till recently, we also tried using Hardware firewalls, which most of our clients did not like because of known/unknown reasons.

    How was the initial setup?

    A few years back when we first began using it, we were unable to find a proper document detailing different network scenarios for IP allocations for 2NIC cards. We went through aggressive discussion, reading blogs, and setting-up labs we started getting the knack for all possible configurable elements and started running several tests, packet forwarding, bombarding networks in the most ethical way possible, and verifying results. e.g. We created two separate networks, with WAN and LAN networks assigned to different classes. The menu-driven setup process is relatively easy, but you must know which IP address to define in the router, WAN section, and LAN sections. If this is clearly explained, the basic and fundamental aspects of your network will be in place, allowing you to set it up quickly.

    Then we recommend clients purchase easily available commodity hardware-based motherboards with two NIC/Ethernet cards built-in, it simplified our tasks and so on.

    What about the implementation team?

    We took some help from our old industry connections, and systems integrators, and later our lab practices and tests started solving most of the issues.

    What was our ROI?

    It is now organic, and growing (hope to improve better - though accidents do happen, e.g, COVID, Share market / Financial institution meltdown, the war between nations, and now CyberWarFare picked up!) these are the few key factors which disturb the business one way or other.

    What's my experience with pricing, setup cost, and licensing?

    The best is to read through the terms and conditions, and fine-prints, and to spend time identifying support and operational cost, most of these elements are covered on the website, etc.

    Which other solutions did I evaluate?


    What other advice do I have?

    We made an attempt, but it appears that forming a partnership would not be done as the other party is requesting a significant amount of money, which we find to be very expensive to start with.

    We are exploring the possibility of locating a domestic partner who has a partnership with either PfSense or OPNsense to partner with.

    Subsequently, if we are successful in finding a suitable domestic partner, they would be able to offer these services to us.

    While this software is certainly capable of getting used by masses, it is important to have the pragmatic knowledge to support and operate the system effectively and keep key parameters monitored for new cyber challenges.

    It is crucial to have a clear understanding of exactly what you are looking to accomplish and to have access to the necessary data in order to effectively configure and use the system.

    pfsense - Software-defined firewalls have been around for a while. Whereas, OPNsense came later into business.

    I would rate OPNsense a seven out of ten.

    Which deployment model are you using for this solution?

    On-premises

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Gregor Godler - PeerSpot reviewer
    DevOps at Halcom
    Real User
    Top 10
    Useful GUI, frequent updates, and free to use
    Pros and Cons
    • "The most valuable features of OPNsense are the GUI and frequent updates."
    • "When using the solution at the beginning was difficult. There was a steep learning curve."

    What is our primary use case?

    OPNsense is a firewall.

    How has it helped my organization?

    The solution has helped our organization because we are able to easily set up IPSec and VPN tunnels.

    What is most valuable?

    The most valuable features of OPNsense are the GUI and frequent updates.

    What needs improvement?

    When using the solution at the beginning was difficult. There was a steep learning curve.

    In a feature release, it would be helpful to have some features that the new generation firewalls have, such as IPS.

    For how long have I used the solution?

    I used OPNsense within the last 12 months.

    What do I think about the stability of the solution?

    I rate the stability of OPNsense a ten out of ten.

    What do I think about the scalability of the solution?

    We have approximately two large customers using this solution.

    I rate the scalability of OPNsense a seven out of ten.

    How are customer service and support?

    I needed to use the support twice. They could improve the support.

    I rate the support of OPNsense a seven out of ten.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    I use Fortinet before in another company.

    How was the initial setup?

    The deployment took approximately two hours.

    I rate the initial setup of OPNsense a seven out of ten.

    What's my experience with pricing, setup cost, and licensing?

    We are using the free open-source version of the solution. There is a paid version that has additional features.

    I rate the price of OPNsense a five out of ten.

    What other advice do I have?

    I would recommend using this solution.

    I rate OPNsense a nine out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    ENOCH AMARH ANNOR ATTOH - PeerSpot reviewer
    Cyber Defense Incident Responder at The Quantum Group, Ltd
    Real User
    Top 10
    A monitoring solution that is user friendly and easy to configure
    Pros and Cons
    • "The solution is user-friendly and easy to configure."
    • "You will need additional training before you can actually start to use it."

    What is our primary use case?

    The solution is being used for monitoring and as a firewall. 

    What is most valuable?

    The solution is user-friendly and easy to configure. 

    What needs improvement?

    You will need additional training before you can actually start to use it. You will need to gain some extensive knowledge. 

    For how long have I used the solution?

    I have been using OPNsense for one year. 

    What do I think about the scalability of the solution?

    It is a scalable solution. Approximately fifty people are using the solution. 

    Which solution did I use previously and why did I switch?

    I have used FortiGate. For security reasons, we moved to OPNsense.

    How was the initial setup?

    The initial setup is straightforward. The deployment took a couple of minutes. 

    What's my experience with pricing, setup cost, and licensing?

    We are using the paid version. 

    What other advice do I have?

    I rate the overall solution an eight out of ten. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Key Client Manager at O2
    Real User
    Rock-solid stability and open source tool
    Pros and Cons
    • "It's open source."
    • "There are a few weaknesses. For example, there is a lack of some features that I have in certain commercial products."

    What is most valuable?

    It's open source.

    What needs improvement?

    There are a few weaknesses. For example, there is a lack of some features that I have in certain commercial products.

    Some of the features include classified traffic and better blocking of newly registered DNS domains.

    For how long have I used the solution?

    I have been working with OPNsense for about three years. I use it both in my company and at home.

    What do I think about the stability of the solution?

    OPNsense is very stable, rock-solid.

    What do I think about the scalability of the solution?

    It is a scalable solution. We haven't encountered any performance issues.

    How was the initial setup?

    The initial setup was easy. 

    What other advice do I have?

    Overall, I would rate OPNsense an eight out of ten. There is still some room for improvement.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Zbigniew Żelazek - PeerSpot reviewer
    Head of IT and Automation department at PGB Service
    Real User
    A multi-platform operating system with an easy setup
    Pros and Cons
    • "The technical support is very good."
    • "They should improve IPEs for security in the future."

    How has it helped my organization?

    OPNsense it's a multi-platform operating system. So we can install it on PC platforms and do not need dedicated hardware.

    What is most valuable?

    The WireGuard VPN is the most valuable feature.

    What needs improvement?

    They should improve IPEs for security in the future.

    For how long have I used the solution?

    We have been using this solution for about three years and are using the latest version. It is deployed on-premises.

    What do I think about the stability of the solution?

    It is a stable solution.

    What do I think about the scalability of the solution?

    It is a scalable solution. We have 20 connections between sites, and about 100 users use the solution.

    How are customer service and support?

    The technical support is very good.

    Which solution did I use previously and why did I switch?

    Before using OPNsense, we used Cisco Fortinet. Other solutions are more expensive than OPNsense.

    How was the initial setup?

    The initial setup was easy. There are no issues with performance.

    What other advice do I have?

    I rate this solution a nine out of ten and recommend it to others.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    reviewer1372230 - PeerSpot reviewer
    Cloud and Infrastrcture manager at a tech services company with 11-50 employees
    Real User
    Easy to scale, easy to setup, and reasonably priced
    Pros and Cons
    • "OPNsense is easy to scale when running on the hardware."
    • "The interface needs to be simplified. It is not user-friendly."

    What is our primary use case?

    We upgrade our clients when they are ready for the newer versions of OPNsense.

    We are one of the local cloud providers in Indonesia. We implement OPNsense for the VPN and IPSec. We also collaborate with Zerotier to provide SD-WAN.  

    Our customers have solutions that integrate between on-premises and our cloud.

    We provide this solution for several clients, in multi-location offices. We have several retail customers in the city and we provide OPNsense with plug-in remote access. 

    We also use OPNsense for remote access, and IPSec gives them access to a cloud environment as well as on-premises.

    What is most valuable?

    OPNsense is easy to scale when running on the hardware.

    What needs improvement?

    The interface needs to be simplified. It is not user-friendly.

    The bandwidth management is easy to use, but very hard to implement. The multi-provider internet is protected by OPNsence but the features are limited, and not stable.

    The high availability feature is not feasible when the hardware fails.

    For how long have I used the solution?

    I have been working with OPNsense since 2008.

    Internally we are using the latest version. 

    What do I think about the stability of the solution?

    The stability of OPNsense needs improvement.

    What do I think about the scalability of the solution?

    OPNsense is commonly used in large enterprise companies.

    How are customer service and technical support?

    We have not yet contacted technical support. All of the technical issues are resolved within our company.

    Which solution did I use previously and why did I switch?

    We are also using pfSense.

    How was the initial setup?

    The initial setup is straightforward. It's an easy process.

    It takes one hour to deploy.

    We provide maintenance for our clients at a cost, however, 90% of our clients are familiar with the product and able to maintain the solution themselves.

    What about the implementation team?

    We are implementors, and we provide this solution for our clients.

    What's my experience with pricing, setup cost, and licensing?

    As an appliance, it's in the medium price range.

    What other advice do I have?

    OPNsense is suitable for Small to Medium-sized companies.

    I would recommend this solution to others who are interested in using it.

    I would rate OPNsense an eight out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
    PeerSpot user
    Buyer's Guide
    Download our free OPNsense Report and get advice and tips from experienced pros sharing their opinions.
    Updated: December 2024
    Product Categories
    Firewalls
    Buyer's Guide
    Download our free OPNsense Report and get advice and tips from experienced pros sharing their opinions.