Try our new research platform with insights from 80,000+ expert users

Netgate pfSense vs OPNsense comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jul 28, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Fortinet FortiGate
Sponsored
Ranking in Firewalls
2nd
Average Rating
8.4
Reviews Sentiment
7.2
Number of Reviews
317
Ranking in other categories
Software Defined WAN (SD-WAN) Solutions (1st), WAN Edge (1st)
Netgate pfSense
Ranking in Firewalls
1st
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
206
Ranking in other categories
No ranking in other categories
OPNsense
Ranking in Firewalls
3rd
Average Rating
8.2
Reviews Sentiment
7.2
Number of Reviews
39
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of January 2025, in the Firewalls category, the mindshare of Fortinet FortiGate is 20.3%, up from 17.4% compared to the previous year. The mindshare of Netgate pfSense is 17.6%, down from 23.3% compared to the previous year. The mindshare of OPNsense is 14.5%, down from 18.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Firewalls
 

Q&A Highlights

Apr 03, 2023
 

Featured Reviews

EhabAli - PeerSpot reviewer
Efficient, user-friendly, and affordable
In the past, NSS Labs was utilized to test files and verify the numbers and datasheets. It would be beneficial to have an organization or testing lab that can verify the numbers in our datasheets since changes are frequently made, which can be inconvenient for review. For instance, when comparing different competitors such as Forcepoint, Palo Alto, and Check Point, the throughput or numbers in the datasheet may be lower than the actual numbers. Conversely, Fortinet typically reports very high numbers, but they cannot be replicated in the real world. Therefore, it would be advantageous for them to partner with a neutral testing organization such as NSS Labs to validate these numbers, thus providing more credibility and comfort to everyone regarding the accuracy of the datasheets. For the migration, everyone has a firewall in use and I am selling Fortinet. Typically, I am replacing another firewall. Previously, there was a tool available to convert configurations from one firewall, such as Palo Alto, to Fortinet, but this tool is no longer free. If it could be made free again, it would be very beneficial. This tool shows a lot of promise and is very good. Making it free would help many companies deliver their products in a more efficient and integrated way. It would also be more valuable to include the tool with the firewall package or license instead of having to pay extra for it. Paying extra puts more pressure on small companies to deliver the firewall and complete the configuration, especially if they have hundreds or thousands of policies. It's very painful to move through these policies line by line. The stability has room for improvement. When it comes to Secure SD-WAN, everything is fine. They are going the right way. SD-WAN is very promising. They can provide the SD-WAN solution separately, but they will not take this approach because even the smallest firewall can support the features, so there is no need to have a separate service or appliance. They are following the right steps, and there is nothing to be improved. Feature-wise, I'm really satisfied with the new release, and the features they have added. For now, it's fine.
Vincent Hamm - PeerSpot reviewer
I appreciate the depth of what the solution can do and the simplicity of the initial setup
We do a lot of managed services and are currently trying to get people off of L2TP VPN. Apparently, we can download a mobile config file from a configured NetGate device, and we're primarily Apple. We've experimented with it on a device that's not a production device, and we can't seem to get the phase one IPSec set correctly so that the Apple config will accept it. We've tried looking at the documentation but haven't found anything. While it's not the highest priority, it is rather frustrating. We'd like to do this, and the feature is right there, but we can't get it configured. We certainly don't want to try it on a production machine because it will break the current VPN. I would like to download the Apple mobile config so that I can tell it to configure my VPN connection to do that. We have some cross-platform things. So there's also a Windows VPN. You can download a script or a PowerShell, put it on a Windows machine, and it can connect to the VPN. It would be nice if I could say I want Mac only, Windows only, or both. I wish it could configure the IPSec phase one and phase two, or at least give me solid instructions on how to configure that. It doesn't supply out-of-the-box visibility to drive decisions. You get 75 log lines, so if you're trying to troubleshoot something, you have to look at one log and then another. It integrates with SysLog systems, but our customers are not at the level where they want to pay for some third-party SysLog system. Usually, we can get things taken care of fairly quickly. I would like to have the ability to control all my devices from one place. With Ubiquiti, you can get a controller that allows you to control all of your Wi-Fi devices, switches, and routers. From one area, you can switch to that customer and see what's happening in their environment. That's not part of pfSense. I understand why it's not because pfSense is open source and community supported. That's something that someone in the community needs to pick up and run with. It's not something the pfSense can easily implement. If they could, that'd be great.
Eddy Ramirez - PeerSpot reviewer
Good interface and firewall capabilities and overall easy to use
The security has improved as we can isolate the network. We can do attrition prevention via a tool that comes with the solution. We can have a VPN solution in place for those that work from home, outside the network, in a secure manner. We also like that it offers good authentication. It offers radius-based authentication, which has been useful for the company. The main platform is under the Open VPN firewall. The solution has high availability. When we have different ISPs, we can actually load balance those links or actually put some priority or even classify the traffic that might go into one ISP or another.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The flexibility and ease of configuration are the most valuable features."
"Fortinet offers the latest versions to cater to the needs of enterprises."
"It is user friendly, and has all the features you need."
"Overall, the pricing of the solution is very good. The product offers good value."
"One of the nice things about FortiGate is that it can be deployed on the cloud or on-premises. You can actually do both. That's the biggest reason why I stick with this solution as opposed to something like Cisco Meraki. Another nice thing is that I can log directly into a FortiGate or get to it through their FortiCloud access products. They're pretty reliable and consistent. One of the reasons why I started using the product was their single pane of management. I can deploy their line of firewalls in conjunction with their switching and access points, and I can manage the entire network from one interface. I don't have to log into one interface for the firewall, another one for the access points, and another one for the switches. These firewalls have access point controller functionality built right into the system, so I don't even have to purchase additional devices to manage them."
"The ease of setting the solution up is a valuable aspect for us."
"FortiGate improved our security. It's one of the best hardware firewalls."
"FortiGate Secure SD-WAN includes best-of-breed next-generation firewall (NGFW) security, SD-WAN, advanced routing, and WAN optimization capabilities, delivering a security-driven networking WAN edge transformation in a unified offering."
"It is a very good solution for enterprises that need a VPN for their employees. It is the best way to provide a remote work facility to employees at a very low cost. Other solutions that I have had in the past were very expensive. Enterprises don't always have that kind of money to invest."
"It has a good web cache. I used to use a DHCP server and DNS server. For my company, I use pfSense as a load balancing application."
"As a first-time NetGate pfSense user, I've been impressed by several features: easy integration for blocking traffic by country, straightforward creation and management of firewall rules, and the ability to extend functionality through plugins."
"It is a stable solution."
"Its reliability and cost-effectiveness stand out."
"The visibility in pfSense helps you to optimize performance."
"Content protection, content inspection, and the application level firewall."
"pfSense helped us during COVID-19 because we used OpenVPN to connect from home."
"It has firewall and VPN capabilities, which are very valuable features."
"OPNsense is easy to use and open source."
"It has an open license. It works very well, and there is an update every month."
"The system in general is quite flexible."
"We can open a new VPN connection easily. It's much easier than with Fortinet in our experience."
"The solution is good for a basic firewall for a small business or for home use."
"The initial setup is easy. It only takes 15-30 minutes to deploy."
"It is a very good solution. I like the dashboard. I can see what is going on and manage it as I like it."
 

Cons

"I think there could be more QoS features"
"The solution is very expensive."
"There is one big configuration file with no separations for the unique VDOMs. Maybe they could separate individual VDOM configuration files with the root VDOM configuration file referencing the individual VDOM config files.​"
"Fortinet FortiGate is a stable solution. However, my issue is the performance only. When I use all the profiles, this affects the performance. From the beginning, I should have had a better sizing of the box."
"Fortinet FortiGate could improve by adding FortiAnalyzer to its solution, we should not have to use another solution. FortiAnalyzer can provide more detailed information."
"In the future, I would like to see improvements made to cloud-based management."
"Fortigate's hardware capacities could be improved."
"The performance could be a bit better. Right now, I find it to be lacking. Having good performance is very important for our work."
"Needs services on additional features, such as managing inventory and generating reports."
"Snort or Suricata don't block things they should out of the box. It's always been a pain point of pfSense. If you turn on Snort or Suricata for IPS or IDS, no setting is effectively set and forget. Turning any commercial firewall to the lowest setting will provide you with a decent amount of security with almost zero false positives, but pfSense is not that way. You've got a babysit Snort and Suricata to the point where sometimes you turn it off."
"User interface is a little clumsy."
"As an open-source solution, there are so many loopholes happening within the product. By design, no one is taking ownership of it, and that is worrisome to me."
"The learning curve is a little long."
"I would like to see different graphs available in the reporting."
"It should integrate with LDAP, Active Directory, etc, to improve the way in which the traces and connections of each IP, or user connected through the firewall, are shown."
"I would like to see multiple DNS servers running on individual interfaces."
"You will need additional training before you can actually start to use it."
"While they do have paid options that actually gives better features, for most of the clients, if they tend to take a paid option will instead opt for Fortinet."
"SD-WAN (software-defined wide area network) is integrated into some restricted service providers for OPNSense."
"We did not like the fact that you have to configure everything with the graphic user interface. We have used other firewalls, such as FortiGate, that you can configure via code. OPNsense is not easy to integrate. When you are deploying via GitHub or another source repository, this is not possible. That's one thing we didn't like much."
"On the customer-side, because I'm a small business, I need a cheaper or free solution option."
"OPNsense could improve by making the configuration more web-based rather than shell or command-line-based."
"The logging could improve in OPNsense."
"The user interface could be improved, and the DNS section should be more intuitive."
 

Pricing and Cost Advice

"The value is the capability of having multiple services with one unique license, not having the limitation per user licensing schema, like other vendors."
"Here in Brazil, we're going through difficult economic times and the tax on the dollar is high. All the solutions from minor competitors are growing in the market. The prices have come more competitive."
"We pay for the solution annually."
"Other firewalls are more expensive than Fortinet FortiGate, such as the Azure firewall."
"The product pricing is reasonable."
"Pricing is good. They offer a lot of things, the most important is the support. Every time you upgrade your license, you also get insurance for the equipment. If you have any problem with equipment, they send in new equipment."
"The price of Fortinet FortiGate is reasonable."
"The pricing is justified. It's a little pricey, but what you pay for is what you get."
"It is free. It is open source."
"It is an open source firewall."
"It's a very good solution, but it's a bit too expensive for private use."
"Compared to other business routers, pfSense's pricing is reasonable."
"It's open-source and it's free. Anything for free is good."
"We are using the open-source version, not the commercial one."
"Netgate pfSense is fairly priced."
"It's not too expensive considering all of the features on offer. It's about $1700 a year."
"It is not an expensive product. Basically, I deployed it because it was the fastest solution to satisfy our needs in open source."
"OPNsense is open source software so at this time it is free for us to use."
"I've used the free version. My computer with two network cards at home allows me to try as many different software options as I want. I did pay for the license, but it was for the Zenarmor license, which is the packet inspection tool. They use AI for packet inspection, which integrates with OPNsense and pfSense."
"Its pricing is unbeatable in comparison to other firewalls. You can have a small instance that could be €80 a month with the hardware underneath. Azure Firewall and FortiGate are out of the question at this price. If you are on a public cloud, you need the underlying infrastructure. Other than that, there is no additional cost. If you have it on-prem, you have to buy the server or the appliance. The hardware cost is replaced with the infrastructure cost in the cloud. You also have costs for the public IPs and underlying VMs, but that's not related to OPNsense. It would be the same for a FortiGate deployment on Azure. You need a FortiGate license, and you need the underlying infrastructure that scales up depending on your needs."
"We are using the paid version."
"As an appliance, it's in the medium price range."
"I would rate the pricing three out of ten."
"It's a free solution."
report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
831,265 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
22%
Computer Software Company
14%
Comms Service Provider
6%
Manufacturing Company
6%
Computer Software Company
15%
Comms Service Provider
10%
Government
8%
Educational Organization
7%
Computer Software Company
16%
Comms Service Provider
11%
Government
8%
Educational Organization
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?
When you compare these firewalls you can identify them with different features, advantages, practices and usage a...
What is the biggest difference between Sophos XG and FortiGate?
From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...
What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?
As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...
Help me find the best open source router
You don't really specify what type of router you are looking for but if you are talking about a gateway router I reco...
How do I choose between Fortinet FortiGate and pfSense?
Fortinet’s Fortigate is a firewall solution we use and are very much satisfied with its performance. We find Fortigat...
What is the difference between PfSense and OPNsense?
Two of the most common and well recognized firewalls, PfSense and OPNsense both support site-to-site IPsec VPN and cl...
What do you like most about OPNsense?
What I like the most about OPNsense is that it offers an easy-to-use dashboard for device management and control.
What is your experience regarding pricing and costs for OPNsense?
I consider the pricing of OPNsense to be high when compared with other market products. However, as a free firewall p...
What needs improvement with OPNsense?
OPNsense should improve its performance in handling large volumes of voice traffic. It needs more support for Vigorou...
 

Also Known As

FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate, Fortinet Firewall
No data available
No data available
 

Overview

 

Sample Customers

Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya
Nerds On Site Inc., RKC Development Inc., Expertech, Fisher's Technology, Ncisive, Consulting, CPURX, Vaughn's Computer House Calls, Imeretech LLC, Digital Crisis, Carolina Digital Phone, Technigogo Technology Services, The Simple Solution, SwiftecITInc, Rocky Mountain Tech Team, Free Range Geeks, Alaska Computer Geeks, Lark Information Technology, Renaissance Systems Inc., Cutting Edge Computers, Caretech LLC, GoVanguard, Network Touch Ltd, P.C. Solutions.Net, Vision Voice and Data Systems LLC, Montgomery Technologies, Techforce, Concero Networks, ASONInc, CPS Electronics and Consulting, Darkwire.net LLC, IT Specialists, MBS-Net Inc., VOICE1 LLC, Advantage Networking Inc., Powerhouse Systems, Doxa Multimedia Inc., Pro Computer Service, Virtual IT Services, A&J Computers Inc., Envision IT LLC, CommunicaONE Inc., Bone Computer Inc., Amax Engineering Corporation, QPG Ltd. Co., IT 101 Inc., Perfect Cloud Solutions, Applied Technology Group Inc., The Digital Sun Group LLC, Firespring
1. Deciso B.V. 2. iXsystems, Inc.  3. EuroBSDCon  4. Netgate  5. Claranet  6. Voleatech  7. Open Systems AG  8. Securebit AG  9. Proxmox Server Solutions GmbH  10. AVM Computersysteme Vertriebs GmbH  Additional customers include: T-Systems International GmbH, Deutsche Telekom AG, Vodafone GmbH, 1&1 IONOS SE, OVHcloud, Hetzner Online GmbH, Strato AG, PlusServer GmbH, Host Europe GmbH, United Internet AG, 1&1 Versatel Deutschland GmbH, QSC AG, Bechtle AG, Cancom SE, Computacenter AG & Co. oHG, T-Systems Multimedia Solutions GmbH, Atos SE, Capgemini SE, Accenture plc, IBM Corporation, Hewlett Packard Enterprise Company, Cisco Systems, Inc.
Find out what your peers are saying about Netgate pfSense vs. OPNsense and other solutions. Updated: January 2025.
831,265 professionals have used our research since 2012.