• Home
  • KerioControl vs. OPNsense

KerioControl vs OPNsense comparison

Cancel
You must select at least 2 products to compare!
Cisco Logo

Cisco Secure Firewall

Read 91 Cisco Secure Firewall reviews
96,842 views|63,474 comparisons
GFI Logo

KerioControl

Read 12 KerioControl reviews
11,158 views|6,871 comparisons
OPNsense Logo

OPNsense

Read 12 OPNsense reviews
85,126 views|74,260 comparisons
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
KerioControl vs. OPNsense
January 2023
Executive Summary

We performed a comparison between KerioControl and OPNsense based on real PeerSpot user reviews.

Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed KerioControl vs. OPNsense Report (Updated: January 2023).
Download the complete report
672,411 professionals have used our research since 2012.
Featured Review
Anonymous User
Security solution that offers a broad range of protection and has given us better control over securing our organization
This solution made our organization more secure and gave us better control.
Timur Assembayev
Easy to configure, user-friendly, and useful online information
There were some issues with our main firewall and it went down. In a short time, I deployed KerioControl and save our business.
Tahir Siddique
It helps control the bandwidth, is scalable, easy to set up, and has a lot of data available on how to set it up
OPNsense improved my organization in terms of controlling the bandwidth. Limiting the bandwidth is the primary purpose of the solution in the... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The Packet Tracer is a really good tool. If someone calls because they're having problems, you can easily create fake traffic without having to do an extended packet capture. You can see, straight away, if there's a firewall rule allowing that traffic in the direction you're trying to troubleshoot.""We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government.""The VPN feature is the most valuable to us because it accomplishes the task well. We're able to do everything we need to do.""The most valuable feature is the anti-malware protection. It protects the endpoints on my network.""Its Snort 3 IPS has better flexibility as far as being able to write rules. This gives me better granularity.""The most valuable feature would be ASDM. The ability to go in, visualize and see the world base in a clear and consistent manner is very powerful.""If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly.""I have access to the web version of Cisco Talos to see the reputation of IP addresses. I find this very helpful. It provides important information for my company to obtain the reputation of IP addresses. The information in Talos is quite complete."

More Cisco Secure Firewall Pros →

"I have found the most valuable features of Kerio Control to be the IPS and firewall.""The solution is easy to manage. Kerio Control is unique compared to other firewalls because it has been around since 2000 when we switched and the name it started with was WinRoute, and then later became Kerio Control. It evolved over time and it is more of a proprietary firewall on its own and has been developed through open source.""The most valuable features of KerioControl are ease of configuration, user-friendliness, and comfortable to use. It is an all-in-one solution, it comes with many features, such as a firewall, antivirus software, and network protection.""The most valuable features of Kerio Control are the IPS and traffic rules. The traffic rules are very user-friendly and the IPS is working well. Additionally, the anti-virus is effective with quick options, such as filtering.""I like intrusion detection and prevention and bandwidth management. The routing part is also awesome. It is a good firewall. We never had a major breach from outside. We've never been impacted by ransomware, and our systems have never been infiltrated.""It is very comprehensive and simple. It has all the active protections. It's updated. We love that you can set how often it is updated so you can work what is right for you. A large company with a lot of bandwidth can update the virus definitions and security definitions hourly, if they want. A smaller site that's remote, where maybe updating the definitions will eat into the bandwidth, we can schedule those more to go later at night. It's very flexible and works for us in all types of situations. This is great because then we don't have to learn seven different products to be able to work with seven different scenarios.""Kerio Control can be scaled easily.""The installation is straightforward."

More KerioControl Pros →

"The system in general is quite flexible.""OPNsense could improve by making the configuration more web-based rather than shell or command-line-based.""It's more secure and more reliable.""It has an open license. It works very well, and there is an update every month.""OPNsense is highly stable.""We have found pretty much all the features of the solution to be valuable.""The initial implementation process is simple.""The technical support is very good."

More OPNsense Pros →

Cons
"One issue with Firepower Management Center is deployment time. It takes seven to 10 minutes and that's a long time for deployment. In that amount of time, management or someone else can ask me to change something or to provide permissions, but during that time, doing so is not possible. It's a drawback with Cisco. Other vendors, like Palo Alto or Fortinet do not have this deployment time issue.""The operation of the ASA is good but the problem is that whenever you require an upgrade, there are multiple pieces of software that you have to upgrade. Extensive planning is required, because if you upgrade one piece of the software it has to be compatible with the others as well. You always need to check the compatibility metrics.""Cisco should work on ASDM. One of the biggest drawbacks of Cisco ASA is ASDM GUI. Cisco should improve the ASDM GUI. The configuration through ASDM is really difficult as compared to CLI. Sometimes when you are doing the configuration in ASDM, it suddenly crashes. It also crashes while pushing a policy. Cisco should really work on this.""The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second.""Recently, we have been having an issue with the ASA firewall. We haven't found the root cause yet and are still working on it. We failed over the firewall from active to passive and suddenly that resolved the issue. We are now working to find the root cause.""There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility.""The ability to better integrate with other tools would be an improvement.""I'm not a big fan of the FDM (Firepower Device Manager) that comes with Firepower. I found out that you need to use the Firepower Management Center, the FMC, to manage the firewalls a lot better. You can get a lot more granular with the configuration in the FMC, versus the FDM that comes out-of-the-box with it. FDM is like Firepower for dummies."

More Cisco Secure Firewall Cons →

"They don't provide content filtering when it comes to search engine results. We had an incident on the network where a blocked site was showing up in search results. We are in a school environment, so we have blocked a site with some of the explicit content so that kids wouldn't see it. When one of them did a search, the results came on the search engine part. When you try to drill down to the website, it blocks, but when you search by image, it brings up all the images. That's one of the reasons why we are looking at Juniper.""Kerio Control could improve content filtering.""The GUI should be changed because it remains the same consistency across versions. However, those who have been using KerioControl for a long time may be accustomed to the current interface. Installing a new version in the same location makes it easy to find, but overall, there are no notable changes between versions.""The solution should offer more dashboards.""I would like to see a little improvement in their technical support when you have a problem. I may be a little jaded because I came from Kerio when we could call and get a person on the phone who worked on the product. Every tech had their own demo setup. They had instant messaging capability with the developers. If we found a problem, then we could get a result for it quickly. Now, the product seems to be 24 hours. They have also gone to the model that if you need quicker support, then they now charge you additional for the exact same level of support that they used to give. I am assuming it's the exact same level of support that they say it is. I'm not paying extra for it. That's the biggest flaw with the product.""The Kerio hardware devices look cheap and could be improved. Some of our clients are switching to Sophos because their hardware has a more sleek design.""My experience with the solutions technical support is fine but they could be faster in responding.""The solution can be improved to create the capability for larger bandwidths that support our business needs."

More KerioControl Cons →

"The solution could be more secure.""The support for OPNsense is good because we have documents available on the internet. The support could improve a little.""While they do have paid options that actually gives better features, for most of the clients, if they tend to take a paid option will instead opt for Fortinet.""The IPS solution could be more reliable.""They should improve IPEs for security in the future.""The interface needs to be simplified. It is not user-friendly.""We did not like the fact that you have to configure everything with the graphic user interface. We have used other firewalls, such as FortiGate, that you can configure via code. OPNsense is not easy to integrate. When you are deploying via GitHub or another source repository, this is not possible. That's one thing we didn't like much.""An area for improvement in OPNsense is the hardware, which needs to be updated more frequently. DNS blocking is another good feature I want to be added to the solution. pfSense has a peer-blocking feature that I also want to see in OPNsense."

More OPNsense Cons →

Pricing and Cost Advice
  • "The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case."
  • "I know that licensing for some of the advanced solutions, like Intrusion Prevention and Secure Malware Analytics, are nominal costs."
  • "It is affordable. The hardware is not that expensive anymore. It is a matter of licensing these days."
  • "Cisco is not for a small mom-and-pop shop because of the cost, but if you're in a regulated industry where a breach could cost you a million dollars, it's a bargain."
  • "I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way."
  • "We are happy with its price. Licensing is on a yearly basis for technical support. There is one license for technical support. There is another license for IP Version 2 VPN and IPS."
  • "I am happy with the product in general, including the pricing."
  • "Their pricing is very aggressive and good. Even a small company can afford it. I am happy with its pricing. Its licensing is on a yearly basis."

    • More Cisco Secure Firewall Pricing and Cost Advice →

  • "The price of the solution is reasonable. For additional costs, you can add on more features such as antivirus."
  • "The price is fine."
  • "The price of Kerio Control could be better, it is a bit overpriced compared to other solutions."
  • "I am living in Iran and we cannot buy the product from Kerio because of sanctions."
  • "Its price is fair. There are no additional costs."
  • "I pay approximately $50 for the solution on an annual basis."
  • "Its licensing is yearly. You renew every year. Its price is all-inclusive."
  • "It is priced low enough for entry-level, but it has the power to grow with a company without them having to replace it."

    • More KerioControl Pricing and Cost Advice →

  • "The solution is not expensive."
  • "As an appliance, it's in the medium price range."
  • "Its pricing is unbeatable in comparison to other firewalls. You can have a small instance that could be €80 a month with the hardware underneath. Azure Firewall and FortiGate are out of the question at this price. If you are on a public cloud, you need the underlying infrastructure. Other than that, there is no additional cost. If you have it on-prem, you have to buy the server or the appliance. The hardware cost is replaced with the infrastructure cost in the cloud. You also have costs for the public IPs and underlying VMs, but that's not related to OPNsense. It would be the same for a FortiGate deployment on Azure. You need a FortiGate license, and you need the underlying infrastructure that scales up depending on your needs."
  • "It is open source and free."
  • "The price of OPNsense is good."
  • "I'm using the free version of OPNsense. I didn't check the pricing for the solution because I still need to test it before getting the approval to purchase OPNsense, and it isn't easy to get approval from the higher-ups."

    • More OPNsense Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    See Recommendations
    672,411 professionals have used our research since 2012.
    Questions from the Community
    Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?
    Top Answer: When you compare these firewalls you can identify them with different features, advantages, practices and… more »
    Read all 3 answers   →
    Which is better - Fortinet FortiGate or Cisco ASA Firewall?
    Top Answer:One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet… more »
    Read all 4 answers   →
    How does Cisco's ASA firewall compare with the Firepower NGFW?
    Top Answer:It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
    What do you like most about Kerio Control?
    Top Answer:The reporting needs to be improved. It is hard to get a domain.
    Read all 35 answers   →
    What is your experience regarding pricing and costs for Kerio Control?
    Top Answer:The price of the solution is reasonable. For additional costs, you can add on more features such as antivirus.
    Read all 31 answers   →
    What needs improvement with Kerio Control?
    Top Answer:1. More detailed reporting. 2. Sometimes you get a few challenges joining to a domain. 3. Improved and simplified User… more »
    Read all 33 answers   →
    What is the difference between PfSense and OPNsense?
    Top Answer:Two of the most common and well recognized firewalls, PfSense and OPNsense both support site-to-site IPsec VPN and… more »
    What do you like most about OPNsense?
    Top Answer:What I like best about OPNsense is that, as a firewall, it's pretty good. I'm quite impressed with it. I had an… more »
    Read all 21 answers   →
    What is your experience regarding pricing and costs for OPNsense?
    Top Answer:I'm using the free version of OPNsense. I didn't check the pricing for the solution because I still need to test it… more »
    Read all 18 answers   →
    Comparisons
    Also Known As
    Cisco ASA Firewall, Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
    Learn More
    Cisco
    GFI
    OPNsense
    Video Not Available
    Overview

    The Cisco Secure Firewall portfolio delivers greater protections for your network against an increasingly evolving and complex set of threats. With Cisco, you’re investing in a foundation for security that is both agile and integrated- leading to the strongest security posture available today and tomorrow.

      From your data center, branch offices, cloud environments, and everywhere in between, you can leverage the power of Cisco to turn your existing network infrastructure into an extension of your firewall solution, resulting in world class security controls everywhere you need them.

      Investing in a Secure Firewall appliance today gives you robust protections against even the most sophisticated threats without compromising performance when inspecting encrypted traffic. Further, integrations with other Cisco and 3rd party solutions provides you with a broad and deep portfolio of security products, all working together to correlate previously disconnected events, eliminate noise, and stop threats faster.

      Kerio Control is a popular security product for small and medium-sized businesses. It is a next-generation firewall that provides unified threat management without complexity. Kerio Control provides advanced anti-virus protection and industry-leading web and content application filtering, and has a secure VPN.

      With Kerio Control you can:

      • Preserve the integrity of your network.
      • Manage bandwidth to streamline traffic flows.
      • Improve productivity with filtering capabilities.

      Kerio Control Features

      Some of Kerio Control’s most valuable features include:

      High availability, deployment flexibility, deep packet inspection, advanced routing, usage reporting, quick administering, intrusion detection and prevention (IPS), gateway anti-virus, VPN, web and content application filtering, and centralized administration with MyKerio.

      Kerio Control Benefits

      • Eliminate downtime risks: Because Kerio Control offers high availability and failover protection, you can eliminate the risk and cost of connectivity or threat protection downtime.

      • Detailed reports: Kerio Control makes it easy to view individual users’ internet activity through detailed reports.

      • Traffic monitoring: Traffic monitoring allows you to manage bandwidth and makes it possible for you to control access to streaming video and peer-to-peer networks.

      • Server protection: Using Kerio Control’s advanced networking routing and deep packet inspection, you can protect servers.

      • Easily create policies: With Kerio Control, you can create both inbound and outbound traffic policies, and can also restrict communication by specific URLs, applications, traffic type, content category, or even time of day.

      • Snort-based analysis: Kerio Control gives you the ability to add a transparent layer of intrusion prevention with snort-based analysis along with a database of rule and blacklisted IP addresses that is regularly refreshed.

      • Optionally integrated anti-virus: WIth this feature, you can prevent viruses, Trojans, or spyware from entering your networks.

      Reviews from Real Users

      Here is some feedback from some of our users who are currently using the solution:

      PeerSpot user Brian C., Senior Technology Specialist, VP at Unified Technology Solutions, writes "It is very comprehensive and simple. It has all the active protections. It's updated. We love that you can set how often it is updated so you can work on what is right for you. A large company with a lot of bandwidth can update the virus definitions and security definitions hourly, if they want. A smaller site that's remote, where maybe updating the definitions will eat into the bandwidth, we can schedule those more to go later at night. It's very flexible and works for us in all types of situations. This is great because then we don't have to learn seven different products to be able to work with seven different scenarios."

      Andy D., IT Manager at Flare Technologies, praises how easy it is to use and says, "One thing we use quite a lot, as well, is the DHCP Server, because we do a lot of work where all our devices need to have static IP addresses. Rather than going around and configuring every box, we do it all through DHCP reservations. It's easier. We've got a record of it. We can manipulate it if we need to change something or change some hardware. It's all easy. Even guys who are not used to using it can pick it up quite quickly."



      OPNsense is a user-friendly, fast-track, open-source FreeBSD-based firewall and routing platform. This software offers features that are generally available from costly commercial firewalls, with the added benefit of open and verifiable sources. The firewall provides users, developers, and organizations with an advantageous environment through transparency. The development of this project is driven by a strong focus on security and code quality.

      The solution offers a variety of components, such as:

      • Weekly security updates. These updates provide the user with the ability to reach new emerging threats in a timely manner through small increments.

      • Two major releases every year. These yearly releases are on a fixed release cycle and provide organizations with the ability to plan ahead of an upcoming upgrade.

      • A roadmap of instructions. Each major release provides a guide and a set of clear goals.

      A team of professionals developed OPNsense. Other professional and experienced software architects, engineers, and developers are encouraged to join in the development of the solution to make it as successful as possible. OPNsense offers a variety of rich features with each release. Each upgrade is based on FreeBSD for continual, long-term support and utilizes a freshly advanced MVC framework based on Phalcon. OPNsense is committed to helping businesses, school networks, remote offices, hotels, and other markets in keeping their data protected.

      OPNsense Core Features

      OPNsense continually offers a free, complete, high-end security platform with new releases and features. With each release, OPNsense focuses on providing more unique and better security features in a timely manner. These features include:

      • Captive Portal
      • Built-in reporting and monitoring tools including RRD Graphs
      • Network Flow Monitoring
      • Traffic Shaper
      • Support for Plugins
      • Granular Control Over State Table
      • Dynamic DNS
      • Two-factor authentication throughout the system
      • Netflow Exporter
      • Encrypted Configuration Backup to Google Drive
      • Forward Caching Proxy (transparent) with Blacklist Support
      • Stateful inspection firewall
      • DNS Server & DNS Forwarder
      • High Availability & Hardware Failover (with configuration synchronization & synchronized state tables)
      • DHCP Server and Relay
      • Virtual Private Network (site to site & road warrior, IPsec, OpenVPN & legacy PPTP support)
      • Intrusion Detection and Prevention
      • 802.1Q VLAN support

      Reviews from Real Users

      OPNsense is a favorite security solution among reviewers for a number of reasons. Two of those reasons include the user-friendliness of the solution, which makes it easy to use, and its ability to easily scale.

      For many, a user-friendly solution is essential. FiorindoDi A., a system administration specialist at a tech vendor, says, "The graphic user interface is very good and it is user-friendly, which makes the product easy-to-use."

      Peerspot reviewers speak of the scalability of the solution. For example, an anonymous cloud and infrastructure manager at a venture capital and private equity firm reviewer notes, "OPNsense is easy to scale when running on the hardware."

      Offer
      Learn more about Cisco Secure Firewall
      Learn More
      Learn more about KerioControl
      Learn More
      Learn more about OPNsense
      Learn More
      Sample Customers
      There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
      Triton Technical, McDonald's
      CompuNet Systems GmbH,
      Top Industries
      REVIEWERS
      Financial Services Firm16%
      Comms Service Provider13%
      Computer Software Company9%
      Government8%
      VISITORS READING REVIEWS
      Computer Software Company20%
      Comms Service Provider17%
      Government8%
      Educational Organization5%
      REVIEWERS
      Computer Software Company20%
      Manufacturing Company10%
      Financial Services Firm10%
      Comms Service Provider10%
      VISITORS READING REVIEWS
      Comms Service Provider24%
      Computer Software Company21%
      Educational Organization7%
      Government5%
      REVIEWERS
      Comms Service Provider30%
      Logistics Company20%
      Aerospace/Defense Firm10%
      Financial Services Firm10%
      VISITORS READING REVIEWS
      Comms Service Provider22%
      Computer Software Company16%
      Government9%
      Educational Organization6%
      Company Size
      REVIEWERS
      Small Business35%
      Midsize Enterprise25%
      Large Enterprise40%
      VISITORS READING REVIEWS
      Small Business28%
      Midsize Enterprise18%
      Large Enterprise53%
      REVIEWERS
      Small Business83%
      Midsize Enterprise13%
      Large Enterprise4%
      VISITORS READING REVIEWS
      Small Business34%
      Midsize Enterprise22%
      Large Enterprise45%
      REVIEWERS
      Small Business67%
      Midsize Enterprise10%
      Large Enterprise24%
      VISITORS READING REVIEWS
      Small Business27%
      Midsize Enterprise20%
      Large Enterprise53%
      Buyer's Guide
      KerioControl vs. OPNsense
      January 2023
      Free Report: KerioControl vs. OPNsense
      Find out what your peers are saying about KerioControl vs. OPNsense and other solutions. Updated: January 2023.
      DOWNLOAD NOW
      672,411 professionals have used our research since 2012.

      KerioControl is ranked 24th in Firewalls with 12 reviews while OPNsense is ranked 7th in Firewalls with 12 reviews. KerioControl is rated 7.8, while OPNsense is rated 8.2. The top reviewer of KerioControl writes "Through the ease of how quickly we could roll out the VPN to everybody, we had whole companies remotely working overnight". On the other hand, the top reviewer of OPNsense writes "Unbeatable pricing and easy to configure and use, but it can be configured only through the GUI, and the integration with Azure cloud is difficult". KerioControl is most compared with pfSense, Fortinet FortiGate, Sophos UTM, Sophos XG and WatchGuard Firebox, whereas OPNsense is most compared with pfSense, Untangle NG Firewall, Sophos XG, Fortinet FortiGate and WatchGuard Firebox. See our KerioControl vs. OPNsense report.

      See our list of best Firewalls vendors.

      We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.