OPNsense vs Palo Alto Networks NG Firewalls comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between OPNsense and Palo Alto Networks NG Firewalls based on real PeerSpot user reviews.

Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed OPNsense vs. Palo Alto Networks NG Firewalls Report (Updated: January 2023).
672,411 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The technical support is excellent. I would rate it as 10 out of 10. When there has been an issue, we have had a good response from them.""The remote VPN and IPsec VPN or site-to-site VPN features are valuable. The clustering feature is also valuable. We have two ISP links. Whenever there is a failover, users don't even get to know. The transition is very smooth, and the users don't notice any latency. So, remote VPN, site-to-site VPN, and failover are three very powerful features of Cisco ASA.""I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection.""The content filtering is good.""One of the best features is the ease of use. It's also easy to teach new engineers to use the ASA CLI.""The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic.""Even in very big environments, Cisco comes in handy with configuration and offers reliability when it comes to managing multiple items on one platform.""One of the most valuable features is the GUI front end, which is very easy to use. But I'm also a command-line guy, and being able to access the device via command-line for advanced troubleshooting is quite important."

More Cisco Secure Firewall Pros →

"OPNsense is highly stable.""It's more secure and more reliable.""The system in general is quite flexible.""What I like best about OPNsense is that, as a firewall, it's pretty good. I'm quite impressed with it. I had an excellent experience with OPNsense, which helped me achieve the targets I wanted.""We have found pretty much all the features of the solution to be valuable.""The initial implementation process is simple.""I have found the solution has some great features overall, such as guest access capabilities, dashboards, and ease of use. There is plenty of documentation and support and it has the plugins that I needed.""The IDS and IPS features are valuable. From the usability perspective, there is a lot of good documentation. As IT professionals, we found it very easy to configure the firewall. It was easy to configure and use."

More OPNsense Pros →

"DNS Security is a good feature because, in the real world with web threats, you can block all web threats and bad sites. DNS Security helps to prevent those threats. It's also very helpful with Zero-day attacks because DNS Security blocks all DNS requests before any antivirus would know that such requests contain a virus or a threat to your PC or your network.""I'm using most of its features such as antivirus, anti-spam, and WAF. I'm also using its DNS Security and DNS sinkhole features, as well as the URL filtering and application security features.""It has a unique approach to packet processing. It has single-pass architecture. We can easily perform policy lookups, application decoding, and integration or merging. This can be all done with a single pass. It effectively reduces the amount of processing required to perform multiple actions. This is the main advantage of using Palo Alto.""It has a solid network security with some robust tools. We can block unexpected attacks, especially zero-day attacks. Since they use the Pan-OS engine, they can collect attacks from all over the world and analyze them. They can then protect against zero-day attacks and unexpected attacks.""The solution is user-friendly. It's secure and easy to understand your network visibility, control the network, and prevent attacks.""The most valuable features are the power of the threat prevention and the WildFire service. Its strength comes from the huge number of sensors all over the world. The firewalls have a rich library of signatures.""IoT security is most valuable in the current version. Content IDs, DDoS protection, zone protection, and DLP are the most prominent features in Palo Alto Networks NG Firewall. It is easier to configure than other solutions.""I like the sandbox feature, and it's very good. It kills each malware deployment in the sense of signatures within five minutes. So, we can secure our network and infrastructure very well within the stipulated time. The WildFire functionality is very good because a few files are also getting blocked. It's critical as malware attacks are also getting ignored, and the logging is very well maintained in this firewall. The most valuable solutions in this field are application-based firewalls. That is the main criteria of the firewall and functionality. We can get all the logs related to this and each and every packet. I like that the firewall is working as an application. The application-based entity we have deployed is well maintained and working very well. We were able to find lots of vulnerabilities when we deployed it, but we could not disclose all. But there were vulnerabilities we could block by updating the firewall and taking actions on clientside machines. So, we got to know that we have lots of vulnerabilities inside the organization too, and we took lots of steps and resolved the number of vulnerabilities. Palo Alto Networks NG Firewalls is an all-in-one solution. It provides every entity log, which is a very good functionality of this firewall. It gives every packet and aspect that the firewall is performing through its logs, and it does it very well. This firewall's unified platform helped eliminate multiple network security tools. If anyone uses P2P sites, cryptocurrency websites, or any illegal sites, we can block it easily. It gives us a proper alert for these kinds of sites, and it properly secures our network. Monitoring is the best thing we are doing here, and we can block this kind of vulnerability as soon as it comes to us."

More Palo Alto Networks NG Firewalls Pros →

Cons
"We have more than one Cisco firewall and it is difficult for me to integrate both on the single UI.""Nowadays, nobody is in the office, so I need to figure out how to put the firewall outside. If I could have a centralized firewall that also receives information from external locations, like peoples' home offices, that would help us consolidate everything into one appliance.""There is huge scope for improvement in URL filtering. The database that they have is not accurate. Their content awareness and categorization for URL filtering are not that great. We faced many challenges with their categorization and content awareness. They should improve these categorization issues.""Most of the features don't work well, and some features are missing as well.""The visibility for VPN is one big part. The policy administration could be improved in terms of customizations and flexibility for changing it to our needs.""I would like to see them update the GUI so that it doesn't look like it was made in 1995.""The maturity needs to be better.""Other products are becoming easier to access and configure. They are providing UI interfaces to configure, take backup, synchronize redundant machines, and so on. It is very easy to take backup and upgrade the images in those products. Cisco ASA should have such features. If one redundant machine is getting upgraded, the technology and support should be there to upgrade other redundant machines. In a single window, we should be able to do more in terms of backups, restores, and upgrades."

More Cisco Secure Firewall Cons →

"We did not like the fact that you have to configure everything with the graphic user interface. We have used other firewalls, such as FortiGate, that you can configure via code. OPNsense is not easy to integrate. When you are deploying via GitHub or another source repository, this is not possible. That's one thing we didn't like much.""The interface isn't so friendly user. But we have some technicians here who are quite confident with this tool. OPNSense could maybe add sets of rules so it's simpler to manage different groups with particular needs.""The IPS solution could be more reliable.""Its interface should be a little bit better.""The support for OPNsense is good because we have documents available on the internet. The support could improve a little.""OPNsense could improve by making the configuration more web-based rather than shell or command-line-based.""While they do have paid options that actually gives better features, for most of the clients, if they tend to take a paid option will instead opt for Fortinet.""The solution could be more secure."

More OPNsense Cons →

"The areas that need to improve are network protection and user identification.""There are some advanced features that we aren't able to use, which include active IP authentication and app ID. We are facing challenges with implementing those two features.""Over the past one or two years, Palo Alto Networks has added a lot of features into the NG Firewall products. I think this is becoming more complicated for our customers. Therefore, we could use some best practices, best practice tools, and implementation guides for some of the complicated features.""Unfortunately, Palo Alto Networks products aren't cheap, but you have to pay the price for good security technology. I don't know the exact price, but it's about $10,000 to $15,000 without a subscription. Cisco is priced similarly. FortiGate is inexpensive in Poland, so a lot of customers prefer that.""Support should be improved, wait times can be long.""The solution has normal authentication, but does not have two-factor or multi-factor authentication. There is room for development there.""The price could be more friendly, which would be good for Palo Alto and us. If the price were a little lower, then it would be a viable option for mid-level businesses, who may not be able to deploy at the current price point.""We would like to see improvement in the web interface for this solution, so that it can handle updates without manual intervention to put the data in order."

More Palo Alto Networks NG Firewalls Cons →

Pricing and Cost Advice
  • "The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case."
  • "I know that licensing for some of the advanced solutions, like Intrusion Prevention and Secure Malware Analytics, are nominal costs."
  • "It is affordable. The hardware is not that expensive anymore. It is a matter of licensing these days."
  • "Cisco is not for a small mom-and-pop shop because of the cost, but if you're in a regulated industry where a breach could cost you a million dollars, it's a bargain."
  • "I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way."
  • "We are happy with its price. Licensing is on a yearly basis for technical support. There is one license for technical support. There is another license for IP Version 2 VPN and IPS."
  • "I am happy with the product in general, including the pricing."
  • "Their pricing is very aggressive and good. Even a small company can afford it. I am happy with its pricing. Its licensing is on a yearly basis."
  • More Cisco Secure Firewall Pricing and Cost Advice →

  • "The solution is not expensive."
  • "As an appliance, it's in the medium price range."
  • "Its pricing is unbeatable in comparison to other firewalls. You can have a small instance that could be €80 a month with the hardware underneath. Azure Firewall and FortiGate are out of the question at this price. If you are on a public cloud, you need the underlying infrastructure. Other than that, there is no additional cost. If you have it on-prem, you have to buy the server or the appliance. The hardware cost is replaced with the infrastructure cost in the cloud. You also have costs for the public IPs and underlying VMs, but that's not related to OPNsense. It would be the same for a FortiGate deployment on Azure. You need a FortiGate license, and you need the underlying infrastructure that scales up depending on your needs."
  • "It is open source and free."
  • "The price of OPNsense is good."
  • "I'm using the free version of OPNsense. I didn't check the pricing for the solution because I still need to test it before getting the approval to purchase OPNsense, and it isn't easy to get approval from the higher-ups."
  • More OPNsense Pricing and Cost Advice →

  • "It is an expensive solution."
  • "Paul Alto is the most expensive solution in this category."
  • "On the lower end, it's likely to cost $15,000 for renovation and support."
  • "We pay for the licensing annually and the price could be cheaper."
  • "After the hardware and software are procured, it is the AMC support that has to be renewed yearly."
  • "Compared to other solutions, it's very expensive to set up and maintain."
  • "It is expensive."
  • "This solution is quite expensive."
  • More Palo Alto Networks NG Firewalls Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    672,411 professionals have used our research since 2012.
    Questions from the Community
    Top Answer: When you compare these firewalls you can identify them with different features, advantages, practices and… more »
    Top Answer:One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet… more »
    Top Answer:It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
    Top Answer:Two of the most common and well recognized firewalls, PfSense and OPNsense both support site-to-site IPsec VPN and… more »
    Top Answer:What I like best about OPNsense is that, as a firewall, it's pretty good. I'm quite impressed with it. I had an… more »
    Top Answer:I'm using the free version of OPNsense. I didn't check the pricing for the solution because I still need to test it… more »
    Top Answer:Azure Firewall Vs. Palo Alto Network NG Firewalls Both solutions provide stellar stability and security. Azure… more »
    Top Answer:In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it… more »
    Top Answer:Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat… more »
    Comparisons
    Also Known As
    Cisco ASA Firewall, Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
    Palo Alto NGFW, Palo Alto Networks Next-Generation Firewall, Palo Alto Networks PA-Series
    Learn More
    Overview

    The Cisco Secure Firewall portfolio delivers greater protections for your network against an increasingly evolving and complex set of threats. With Cisco, you’re investing in a foundation for security that is both agile and integrated- leading to the strongest security posture available today and tomorrow.

      From your data center, branch offices, cloud environments, and everywhere in between, you can leverage the power of Cisco to turn your existing network infrastructure into an extension of your firewall solution, resulting in world class security controls everywhere you need them.

      Investing in a Secure Firewall appliance today gives you robust protections against even the most sophisticated threats without compromising performance when inspecting encrypted traffic. Further, integrations with other Cisco and 3rd party solutions provides you with a broad and deep portfolio of security products, all working together to correlate previously disconnected events, eliminate noise, and stop threats faster.

      OPNsense is a user-friendly, fast-track, open-source FreeBSD-based firewall and routing platform. This software offers features that are generally available from costly commercial firewalls, with the added benefit of open and verifiable sources. The firewall provides users, developers, and organizations with an advantageous environment through transparency. The development of this project is driven by a strong focus on security and code quality.

      The solution offers a variety of components, such as:

      • Weekly security updates. These updates provide the user with the ability to reach new emerging threats in a timely manner through small increments.

      • Two major releases every year. These yearly releases are on a fixed release cycle and provide organizations with the ability to plan ahead of an upcoming upgrade.

      • A roadmap of instructions. Each major release provides a guide and a set of clear goals.

      A team of professionals developed OPNsense. Other professional and experienced software architects, engineers, and developers are encouraged to join in the development of the solution to make it as successful as possible. OPNsense offers a variety of rich features with each release. Each upgrade is based on FreeBSD for continual, long-term support and utilizes a freshly advanced MVC framework based on Phalcon. OPNsense is committed to helping businesses, school networks, remote offices, hotels, and other markets in keeping their data protected.

      OPNsense Core Features

      OPNsense continually offers a free, complete, high-end security platform with new releases and features. With each release, OPNsense focuses on providing more unique and better security features in a timely manner. These features include:

      • Captive Portal
      • Built-in reporting and monitoring tools including RRD Graphs
      • Network Flow Monitoring
      • Traffic Shaper
      • Support for Plugins
      • Granular Control Over State Table
      • Dynamic DNS
      • Two-factor authentication throughout the system
      • Netflow Exporter
      • Encrypted Configuration Backup to Google Drive
      • Forward Caching Proxy (transparent) with Blacklist Support
      • Stateful inspection firewall
      • DNS Server & DNS Forwarder
      • High Availability & Hardware Failover (with configuration synchronization & synchronized state tables)
      • DHCP Server and Relay
      • Virtual Private Network (site to site & road warrior, IPsec, OpenVPN & legacy PPTP support)
      • Intrusion Detection and Prevention
      • 802.1Q VLAN support

      Reviews from Real Users

      OPNsense is a favorite security solution among reviewers for a number of reasons. Two of those reasons include the user-friendliness of the solution, which makes it easy to use, and its ability to easily scale.

      For many, a user-friendly solution is essential. FiorindoDi A., a system administration specialist at a tech vendor, says, "The graphic user interface is very good and it is user-friendly, which makes the product easy-to-use."

      Peerspot reviewers speak of the scalability of the solution. For example, an anonymous cloud and infrastructure manager at a venture capital and private equity firm reviewer notes, "OPNsense is easy to scale when running on the hardware."

      Palo Alto Networks NG Firewalls is a firewall solution designed for security teams that provides them with full visibility and control over all networks via powerful traffic identification, malware prevention, and threat intelligence technologies. In order to determine which applications, users, and content traversing the network are safe, the solution offers companies a variety of advanced security tools and strategies.

      Palo Alto Networks NG Firewalls Features

      Palo Alto Networks NG Firewalls has many valuable key features. Some of the most useful ones include:

      • Secure Application Enablement (App-ID, User-ID, Content-ID)
      • Malware Detection and Prevention (threat prevention service, buffer overflows and port scans, anti-malware capabilities, command-and-control protection, and WildFire)
      • DNS Security (URL filtering, predict and block malicious domains, signature-based protection, extensible cloud-based architecture)
      • Panorama Security Management (including graphical views and analytics, manage rules and dynamic updates, customizable application command center (ACC), log collection mode, physical or virtual appliance)
      • Threat Intelligence (high-fidelity threat intelligence, priority alerts, automatic extraction and sharing of prevention indicators, native integration with Palo Alto Networks products)

      Palo Alto Networks NG Firewalls Benefits

      There are several benefits to implementing Palo Alto Networks NG Firewalls. Some of the biggest advantages the solution offers include:

      • Dedicated management interface for managing and initial configuration of the device
      • Regular threat signatures and updates
      • Import addresses and URL objects from the external server
      • Configure and manage with REST API integration
      • Great throughput and connection speed is fair even in high traffic load
      • Deep visibility into the network activity through Application and Command Control
      • Easy to manage and very user friendly

      Reviews from Real Users

      Below are some reviews and helpful feedback written by Palo Alto Networks NG Firewalls users.

      A Solutions Architect at a communications service provider says, “The product stability and level of security are second to none in the industry. We value the security of our client's infrastructure so these features are valuable to us. An example of a very valuable feature behind Palo Alto is the application-aware identifiers that help the firewall know what its users are trying to do. It can block specific activities instead of just blocking categories. For example, you can block an application, or all unknown applications.”

      PeerSpot user Gerry H., CyberSecurity Network Engineer at a university, mentions that the solution has a “Nice user interface, good support, is stable, and has extensive logging capabilities.” He also adds, “Wildfire has been a very good feature. This solution provides a unified platform that natively integrates all security capabilities, which is 100% important to us. This is a great feature.”

      Eric S., Network Analyst at a recreational facilities/services company, states, "With its single pane of glass, it makes monitoring and troubleshooting a bit more homogeneous. We are not looking at multiple platforms and monitoring management tools. It is more efficient from that perspective. It is more of a common monitoring and control system for multiple aspects of what used to be different systems. It provides efficiency and time savings."

      Offer
      Learn more about Cisco Secure Firewall
      Learn more about OPNsense
      Learn more about Palo Alto Networks NG Firewalls
      Sample Customers
      There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
      CompuNet Systems GmbH,
      SkiStar AB, Ada County, Global IT Services PSF, Southern Cross Hospitals, Verge Health, University of Portsmouth, Austrian Airlines, The Heinz Endowments
      Top Industries
      REVIEWERS
      Financial Services Firm16%
      Comms Service Provider13%
      Computer Software Company9%
      Government8%
      VISITORS READING REVIEWS
      Computer Software Company20%
      Comms Service Provider17%
      Government8%
      Educational Organization5%
      REVIEWERS
      Comms Service Provider30%
      Logistics Company20%
      Aerospace/Defense Firm10%
      Financial Services Firm10%
      VISITORS READING REVIEWS
      Comms Service Provider22%
      Computer Software Company16%
      Government9%
      Educational Organization6%
      REVIEWERS
      Comms Service Provider19%
      Computer Software Company17%
      Financial Services Firm13%
      Educational Organization9%
      VISITORS READING REVIEWS
      Computer Software Company20%
      Comms Service Provider11%
      Government7%
      Financial Services Firm6%
      Company Size
      REVIEWERS
      Small Business35%
      Midsize Enterprise25%
      Large Enterprise40%
      VISITORS READING REVIEWS
      Small Business28%
      Midsize Enterprise18%
      Large Enterprise53%
      REVIEWERS
      Small Business67%
      Midsize Enterprise10%
      Large Enterprise24%
      VISITORS READING REVIEWS
      Small Business27%
      Midsize Enterprise20%
      Large Enterprise53%
      REVIEWERS
      Small Business36%
      Midsize Enterprise27%
      Large Enterprise37%
      VISITORS READING REVIEWS
      Small Business25%
      Midsize Enterprise17%
      Large Enterprise58%
      Buyer's Guide
      OPNsense vs. Palo Alto Networks NG Firewalls
      January 2023
      Find out what your peers are saying about OPNsense vs. Palo Alto Networks NG Firewalls and other solutions. Updated: January 2023.
      672,411 professionals have used our research since 2012.

      OPNsense is ranked 7th in Firewalls with 12 reviews while Palo Alto Networks NG Firewalls is ranked 5th in Firewalls with 71 reviews. OPNsense is rated 8.2, while Palo Alto Networks NG Firewalls is rated 8.8. The top reviewer of OPNsense writes "Unbeatable pricing and easy to configure and use, but it can be configured only through the GUI, and the integration with Azure cloud is difficult". On the other hand, the top reviewer of Palo Alto Networks NG Firewalls writes "Provides zero trust implementation, more visibility, and eliminated security holes". OPNsense is most compared with pfSense, Untangle NG Firewall, Sophos XG, Fortinet FortiGate and SonicWall TZ, whereas Palo Alto Networks NG Firewalls is most compared with Azure Firewall, Check Point NGFW, Fortinet FortiGate, Meraki MX and Palo Alto Networks VM-Series. See our OPNsense vs. Palo Alto Networks NG Firewalls report.

      See our list of best Firewalls vendors.

      We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.