Try our new research platform with insights from 80,000+ expert users

OPNsense vs Sangfor NGAF comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 6, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Fortinet FortiGate
Sponsored
Ranking in Firewalls
2nd
Average Rating
8.4
Reviews Sentiment
7.2
Number of Reviews
330
Ranking in other categories
Software Defined WAN (SD-WAN) Solutions (1st), WAN Edge (1st)
OPNsense
Ranking in Firewalls
3rd
Average Rating
8.4
Reviews Sentiment
6.7
Number of Reviews
40
Ranking in other categories
No ranking in other categories
Sangfor NGAF
Ranking in Firewalls
19th
Average Rating
8.0
Reviews Sentiment
6.5
Number of Reviews
36
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of May 2025, in the Firewalls category, the mindshare of Fortinet FortiGate is 21.4%, up from 17.7% compared to the previous year. The mindshare of OPNsense is 11.5%, down from 17.6% compared to the previous year. The mindshare of Sangfor NGAF is 1.3%, up from 0.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Firewalls
 

Featured Reviews

EhabAli - PeerSpot reviewer
Efficient, user-friendly, and affordable
In the past, NSS Labs was utilized to test files and verify the numbers and datasheets. It would be beneficial to have an organization or testing lab that can verify the numbers in our datasheets since changes are frequently made, which can be inconvenient for review. For instance, when comparing different competitors such as Forcepoint, Palo Alto, and Check Point, the throughput or numbers in the datasheet may be lower than the actual numbers. Conversely, Fortinet typically reports very high numbers, but they cannot be replicated in the real world. Therefore, it would be advantageous for them to partner with a neutral testing organization such as NSS Labs to validate these numbers, thus providing more credibility and comfort to everyone regarding the accuracy of the datasheets. For the migration, everyone has a firewall in use and I am selling Fortinet. Typically, I am replacing another firewall. Previously, there was a tool available to convert configurations from one firewall, such as Palo Alto, to Fortinet, but this tool is no longer free. If it could be made free again, it would be very beneficial. This tool shows a lot of promise and is very good. Making it free would help many companies deliver their products in a more efficient and integrated way. It would also be more valuable to include the tool with the firewall package or license instead of having to pay extra for it. Paying extra puts more pressure on small companies to deliver the firewall and complete the configuration, especially if they have hundreds or thousands of policies. It's very painful to move through these policies line by line. The stability has room for improvement. When it comes to Secure SD-WAN, everything is fine. They are going the right way. SD-WAN is very promising. They can provide the SD-WAN solution separately, but they will not take this approach because even the smallest firewall can support the features, so there is no need to have a separate service or appliance. They are following the right steps, and there is nothing to be improved. Feature-wise, I'm really satisfied with the new release, and the features they have added. For now, it's fine.
Eddy Ramirez - PeerSpot reviewer
Good interface and firewall capabilities and overall easy to use
The security has improved as we can isolate the network. We can do attrition prevention via a tool that comes with the solution. We can have a VPN solution in place for those that work from home, outside the network, in a secure manner. We also like that it offers good authentication. It offers radius-based authentication, which has been useful for the company. The main platform is under the Open VPN firewall. The solution has high availability. When we have different ISPs, we can actually load balance those links or actually put some priority or even classify the traffic that might go into one ISP or another.
Zaid Farooqui - PeerSpot reviewer
Enhanced threat detection with integrated security features and good support
We are using application firewalling, WAF, and SD-WAN. The capabilities are mostly within the box. For example, you will get web application firewall WAF as part and parcel of this. SD-WAN is also bundled. It integrates with their SIEM and SOAR solutions very nicely. Lastly, the pricing point is very cost-efficient as well.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The network security and cloud security are most valuable."
"The integration with Active Directory is one of the good features. Most of the customers are now looking for the Single Sign-on feature. So, being able to integrate Active Directory with the firewall is useful. It is also easy."
"Fortinet FortiGate is easy to use."
"The security on offer is very good."
"The IPsec tunnels are very easily created, and quite interoperable with devices from other vendors."
"The application control features, such as Facebook blocking and Spotify blocking, are the most valuable."
"The solution has very good threat and content filtering switches."
"Advanced routing (RIP, OSPF, BGP, PBR). It gives you a seamless and simple integration into a large network."
"It's more secure and more reliable."
"The most valuable features are reporting, the Sensei plugin, and firewall capabilities."
"It has firewall and VPN capabilities, which are very valuable features."
"I mostly rely on the solution's network intrusion detection and prevention system, along with other systems, CMs, and log management."
"I have found the solution has some great features overall, such as guest access capabilities, dashboards, and ease of use. There is plenty of documentation and support and it has the plugins that I needed."
"We have been operating here in our lab for several months, and everything appears to be extremely stable."
"The system in general is quite flexible."
"The IDS and IPS features are valuable. From the usability perspective, there is a lot of good documentation. As IT professionals, we found it very easy to configure the firewall. It was easy to configure and use."
"I think the tool has the feature to detect and kill ransomware in three seconds."
"The stability of Sangfor NGAF is good."
"We've found the technical support to be helpful."
"The level of support provided to local companies is good. They transform their application control and other settings according to that country."
"Particularly good in the DPI where we can inspect inbound and outbound traffic."
"Sangfor NGAF's standout feature is its powerful application control, enabling precise restrictions on mobile user access to approved applications."
"It's a very simple to use product."
"The top functionality is the reporting feature."
 

Cons

"NGN, reporting and controls."
"Bandwidth usage in reporting could be improved for Fortinet FortiGate."
"The solution could be more secure and stable."
"The solution could be more evenly structured."
"I would like reporting to be improved and should offer a lot more tools to monitor the products."
"One of the features that I would like to have is to do with endpoint production, it should be integrated. For example, the firewall gets notified of any kind of forensic event that needs to be done, such as if there is a ransomware attack and how it originated, all those records have to be available from the firewall, which is not."
"With the standard support subscription, if the device goes down, the customer has to first ship the box, and then Fortinet sends the replacement. With the higher support, the customer has to ship the device after they have the replacement. It would be better for customers to get immediate replacements even with a standard subscription."
"The command line is complicated, and the interface could be better."
"When using the solution at the beginning was difficult. There was a steep learning curve."
"An area for improvement in OPNsense is the hardware, which needs to be updated more frequently. DNS blocking is another good feature I want to be added to the solution. pfSense has a peer-blocking feature that I also want to see in OPNsense."
"I would like better documentation concerning the provided packages and their integration."
"I think the most important thing is that it should be easily accessible, but currently, that doesn't seem to be the case. We need a hardware platform that's based on common standards and open computing principles, which would be like a commodity and benefit us greatly."
"OPNsense showed me some problems when using it in different environments. The problem is integration with a virtual server."
"The interface of the solution is an area with shortcomings."
"OPNsense struggles to handle large volumes of voice traffic, indicating scalability issues in that specific use case."
"There is room for improvement in SSL inspection."
"The tool is expensive."
"The cost of licensing is very high compared to other firewalls available here."
"The web interface needs to be improved, making it more user-friendly."
"Our experience with its customer support was quite challenging."
"Occasional issues with breaches which are dealt with expediently."
"The solution should be able to work in a hybrid setup."
"The product must provide more IPS features."
"Sangfor NGAF could improve by refining its application control policies, especially in addressing challenges with certain types of applications."
 

Pricing and Cost Advice

"It's a very full-featured and it's priced well solution."
"The price of Fortinet FortiGate is reasonable for an SME."
"As far as I'm aware, in our case, it's just a yearly pricing arrangement with no additional licensing costs."
"It was probably about $2,500 per firewall. It was all included. It included support, services, threat management software, and 24/7 FortiCare on it. Cisco products are more expensive."
"It's very competitive."
"Setup costs and pricing depends on many variables, but it's mostly affordable."
"The price is fine."
"Fortinet FortiGate as a less expensive solution than Palo Alto."
"Its pricing is unbeatable in comparison to other firewalls. You can have a small instance that could be €80 a month with the hardware underneath. Azure Firewall and FortiGate are out of the question at this price. If you are on a public cloud, you need the underlying infrastructure. Other than that, there is no additional cost. If you have it on-prem, you have to buy the server or the appliance. The hardware cost is replaced with the infrastructure cost in the cloud. You also have costs for the public IPs and underlying VMs, but that's not related to OPNsense. It would be the same for a FortiGate deployment on Azure. You need a FortiGate license, and you need the underlying infrastructure that scales up depending on your needs."
"We are using the paid version."
"It's a free solution."
"I've used the free version. My computer with two network cards at home allows me to try as many different software options as I want. I did pay for the license, but it was for the Zenarmor license, which is the packet inspection tool. They use AI for packet inspection, which integrates with OPNsense and pfSense."
"OPNsense is open source software so at this time it is free for us to use."
"I would rate the pricing three out of ten."
"It is free."
"It's not expensive."
"The price is unmatcheable."
"In my opinion, the price of the tool is good in the Pakistani market. We can easily get discounts if needed."
"For over 2000 users, the cost is around 5000 to 6000 USD. If you want a web application firewall, you have to purchase an additional license for it."
"-"
"If you know you have around 200+ computer users on your network, then the Sangfor NGAF 5200-F-I model would be the minimum recommended model for that amount of users. This model includes modules for packet filtering, deep packet inspection, malware scanning, DSCP filtration, and many other features."
"The pricing is reasonable."
"Price-wise, I would not consider Sangfor NGAF to be a cheap product. It is an expensive firewall solution, though not as expensive as something like Palo Alto, which is costly. However, the higher price point is justifiable given the feature set the tool provides that other firewalls may not offer in a single dedicated appliance."
"It costs about 8 to 10 thousand dollars per year for 500 users, standard licensing fees included."
report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
849,963 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
20%
Computer Software Company
14%
Comms Service Provider
7%
Manufacturing Company
6%
Computer Software Company
16%
Comms Service Provider
13%
Government
7%
Educational Organization
6%
Computer Software Company
13%
Manufacturing Company
10%
Financial Services Firm
9%
Educational Organization
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?
When you compare these firewalls you can identify them with different features, advantages, practices and usage a...
What is the biggest difference between Sophos XG and FortiGate?
From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...
What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?
As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...
What is the difference between PfSense and OPNsense?
Two of the most common and well recognized firewalls, PfSense and OPNsense both support site-to-site IPsec VPN and cl...
What do you like most about OPNsense?
What I like the most about OPNsense is that it offers an easy-to-use dashboard for device management and control.
What is your experience regarding pricing and costs for OPNsense?
I consider the pricing of OPNsense to be high when compared with other market products. However, as a free firewall p...
What do you like most about Sangfor NGAF?
I think Sangfor NGAF is more valuable than Cisco products because of its simplicity and ease of management. If I comp...
What is your experience regarding pricing and costs for Sangfor NGAF?
The licensing cost is quite high compared to other available firewalls in the market.
What needs improvement with Sangfor NGAF?
The cost of licensing is very high compared to other firewalls available here. There should be improvements in hardwa...
 

Also Known As

FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate, Fortinet Firewall
No data available
Sangfor NGAF Firewall Platform
 

Overview

 

Sample Customers

Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya
1. Deciso B.V. 2. iXsystems, Inc.  3. EuroBSDCon  4. Netgate  5. Claranet  6. Voleatech  7. Open Systems AG  8. Securebit AG  9. Proxmox Server Solutions GmbH  10. AVM Computersysteme Vertriebs GmbH  Additional customers include: T-Systems International GmbH, Deutsche Telekom AG, Vodafone GmbH, 1&1 IONOS SE, OVHcloud, Hetzner Online GmbH, Strato AG, PlusServer GmbH, Host Europe GmbH, United Internet AG, 1&1 Versatel Deutschland GmbH, QSC AG, Bechtle AG, Cancom SE, Computacenter AG & Co. oHG, T-Systems Multimedia Solutions GmbH, Atos SE, Capgemini SE, Accenture plc, IBM Corporation, Hewlett Packard Enterprise Company, Cisco Systems, Inc.
The Ministry of Science, Technology, and Innovation (Indonesia), Lawson, Inc. (Philippines), Universiti Sultan Zainal Abidin (Indonesia), TEK Automotive (Italy), etc.
Find out what your peers are saying about OPNsense vs. Sangfor NGAF and other solutions. Updated: April 2025.
849,963 professionals have used our research since 2012.