We performed a comparison between OPNsense and SonicWall NSa based on real PeerSpot user reviews.Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic."
"The most valuable features of this solution are advanced malware protection, IPS, and IDS."
"Cisco tech is always good and helpful. I would rate them as 10 out of 10."
"We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government."
"With the pandemic, people began working from home. That was a pretty big move, having all our users working from a home. More capacity needed to be added to our remote VPN. ASA did this very well."
"Cisco has the best documentation. You can easily find multiple documents by searching the web. Even a child can go online and find the required information."
"We definitely feel more secure. We have more control over things going in and out of our network."
"The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands."
"OPNsense is highly stable."
"It has an open license. It works very well, and there is an update every month."
"The technical support is very good."
"What I like best about OPNsense is that, as a firewall, it's pretty good. I'm quite impressed with it. I had an excellent experience with OPNsense, which helped me achieve the targets I wanted."
"The IDS and IPS features are valuable. From the usability perspective, there is a lot of good documentation. As IT professionals, we found it very easy to configure the firewall. It was easy to configure and use."
"OPNsense could improve by making the configuration more web-based rather than shell or command-line-based."
"I have found the solution has some great features overall, such as guest access capabilities, dashboards, and ease of use. There is plenty of documentation and support and it has the plugins that I needed."
"We have found pretty much all the features of the solution to be valuable."
"SonicWall has all the usual functions, like LAN configurations, security features, word filters, etc., but it also has the CFS agent, which isn't available in any other firewall. Reporting port support is also there."
"The product is working okay. The product is working feature-wise."
"SonicWall has USCS and anti-virus at the gateway level. Everything is filtered, and if it detects an intruder, it drops the line."
"The filtering is excellent."
"Easy to scale solution that provides advanced threat protection. Their technical support is very good, very knowledgeable, and easy to reach."
"The solution can scale."
"They offer good antivirus solutions."
"One of the main features is the built-in storage capacity."
"A feature that would allow me to load balance among multiple ISPs, especially since we have deployed it as a perimeter firewall, would be a great addition."
"We're getting support but there's a big delay until we get a response from their technical team. They're in the USA and we're in Africa, so that's the difficulty. When they're in the office, they respond."
"Cisco Firepower is not completely integrated with Active Directory. We are trying to use Active Directory to restrict users by using some security groups that are not integrated within the Cisco Firepower module. This is the main issue that we are facing."
"If they want to add better features to the current Cisco ASA, they can start by increasing the encryption. That is the only thing they need to improve."
"One of the challenges we've had with the Cisco ASA is the lack of a strong controller or central management console that is dependable and reliable all the time."
"When you make any changes, irrespective of whether they are big or small, Firepower takes too much time. It is very time-consuming. Even for small changes, you have to wait for 60 seconds or maybe more, which is not good. Similarly, when you have many IPS rules and policies, it slows down, and there is an impact on its performance."
"We are still running the original ASAs. The software that you are running for the ASDM software and Java application has never been a lot of fun to operate. It would have been nice to see that change update be redesigned with modern systems, which don't play nicely with Java sometimes. Cybersecurity doesn't seem to love how that operates. For us, a fresher application, taking advantage of the hardware, would have been a better approach."
"Web filtering needs improvement because sometimes the URL is miscategorized."
"The logging could improve in OPNsense."
"The IPS solution could be more reliable."
"While they do have paid options that actually gives better features, for most of the clients, if they tend to take a paid option will instead opt for Fortinet."
"The solution could be more secure."
"The interface needs to be simplified. It is not user-friendly."
"An area for improvement in OPNsense is the hardware, which needs to be updated more frequently. DNS blocking is another good feature I want to be added to the solution. pfSense has a peer-blocking feature that I also want to see in OPNsense."
"OPNsense could improve by making the configuration more web-based rather than shell or command-line-based."
"Its interface should be a little bit better."
"I would like to have a built-in vulnerability scanner in the firewall. It would be great to have such functionality. Its price could also be better. It would also be good to have a local warehouse. It doesn't get damaged a lot, but if a customer needs a replacement, currently, it has to come from Miami or Mexico, which can take a few days. It would be better if they have a local warehouse from where we can just pick replacements and quickly solve a client's needs in terms of replacing equipment. It would be great to have it locally instead of waiting for it from Mexico or the USA."
"When it comes to security I think all of the features are currently open to improvement."
"The logging, reporting, and storage capacity size could improve in a future release."
"I would like to see better integration."
"The user interface could be better."
"The content ID needs to be improved."
"Some of the configurations could be better."
"I'd like to see integration with Microsoft 365 for authentication."
The Cisco Secure Firewall portfolio delivers greater protections for your network against an increasingly evolving and complex set of threats. With Cisco, you’re investing in a foundation for security that is both agile and integrated- leading to the strongest security posture available today and tomorrow.
From your data center, branch offices, cloud environments, and everywhere in between, you can leverage the power of Cisco to turn your existing network infrastructure into an extension of your firewall solution, resulting in world class security controls everywhere you need them.
Investing in a Secure Firewall appliance today gives you robust protections against even the most sophisticated threats without compromising performance when inspecting encrypted traffic. Further, integrations with other Cisco and 3rd party solutions provides you with a broad and deep portfolio of security products, all working together to correlate previously disconnected events, eliminate noise, and stop threats faster.
OPNsense is a user-friendly, fast-track, open-source FreeBSD-based firewall and routing platform. This software offers features that are generally available from costly commercial firewalls, with the added benefit of open and verifiable sources. The firewall provides users, developers, and organizations with an advantageous environment through transparency. The development of this project is driven by a strong focus on security and code quality.
The solution offers a variety of components, such as:
A team of professionals developed OPNsense. Other professional and experienced software architects, engineers, and developers are encouraged to join in the development of the solution to make it as successful as possible. OPNsense offers a variety of rich features with each release. Each upgrade is based on FreeBSD for continual, long-term support and utilizes a freshly advanced MVC framework based on Phalcon. OPNsense is committed to helping businesses, school networks, remote offices, hotels, and other markets in keeping their data protected.
OPNsense Core Features
OPNsense continually offers a free, complete, high-end security platform with new releases and features. With each release, OPNsense focuses on providing more unique and better security features in a timely manner. These features include:
Reviews from Real Users
OPNsense is a favorite security solution among reviewers for a number of reasons. Two of those reasons include the user-friendliness of the solution, which makes it easy to use, and its ability to easily scale.
For many, a user-friendly solution is essential. FiorindoDi A., a system administration specialist at a tech vendor, says, "The graphic user interface is very good and it is user-friendly, which makes the product easy-to-use."
Peerspot reviewers speak of the scalability of the solution. For example, an anonymous cloud and infrastructure manager at a venture capital and private equity firm reviewer notes, "OPNsense is easy to scale when running on the hardware."
SonicWall NSa dispenses advanced threat protection using a high-performance security platform. The NSa series implements intuitive deep learning technologies in the SonicWall Capture Cloud Platform to dispatch the automated real-time threat detection and deterrence enterprise organizations need today. SonicWall Network Security appliance (NSa) series is best for mid-sized organizations to distributed enterprises and data centers.
SonicWall NSa series next-generation firewalls (NFGWS) combine two very robust security ideologies to deliver advanced threat protection to keep users’ networks safe. Boosting SonicWall’s multi-engine advanced threat protection (ATP) is their Real-time Deep Memory Inspection (RTDMI™). The RTDMI intuitively identifies and stops aggressive zero-day threats and vicious malware by investigating memory directly. This real-time process allows SonicWall RTDMI to be accurate, lessen false positives and discover and alleviate malicious threats and attacks. SonicWall’s single-pass Reassembly-Free Deep Packet Inspection (RFDPI) will audit every byte of each and every packet by investigating both outbound and inbound traffic on the firewall. By combining the SonicWall Capture Cloud Platform along with on-box offerings such as intrusion prevention, web/URL filtering, and anti-malware, the NSa series is able to block the most malicious and dangerous threats at the gateway.
Additionally, SonicWall firewalls supply absolute protection by executing complete inspection and decryption of SSH and TLS/SSL encryption connections - no matter the port or protocol. The firewall takes a deep dive into each and every packet (the header and data) routing out any anomalies, zero-day intrusions, threats, and protocol non-compliance. Users can also define unique criteria specific to their organization to ensure their networks remain safe. This aggressive deep packet inspection is able to identify and block malicious attacks, stop dangerous malware downloads, prevent the spread of infections, and defeat command and control (C&C) communications and data exfiltration. Protocols involving inclusion and exclusion allow users complete control to decide, based on specific governance policies, organizational policies, or government or legal compliance, which traffic is to be investigated for decryption or inspection.
SonicWall Nsa offers enterprise organizations the network control and fluid flexibility they desire using an intrusion prevention system (IPS), VPN, real-time visualization, and other advanced powerful security features, making it a popular firewall solution in today's marketplace.
Reviews from Real Users
“The features that I have found most valuable are the firewalling, which is very good, and the GUI which is very intuitive. It is easy to use and provides great security.” - Network Engineer at a maritime company
“What's valuable in SonicWall NSa is the ATP (advanced threat protection). It can protect users from malicious links. SonicWall NSa also has a Sandboxing service that is very helpful for us, especially when end users accidentally click on malicious links. Another valuable feature of this solution is that it is very useful for site-to-site VPN connectivity issues. SonicWall NSa has very good hardware. I also love that SonicWall has very good technical support, who are very knowledgeable, provide good suggestions, and they're easy to reach.” - Mohammed M., Network Administrator at Transgulf Readymix
OPNsense is ranked 7th in Firewalls with 12 reviews while SonicWall NSa is ranked 15th in Firewalls with 37 reviews. OPNsense is rated 8.2, while SonicWall NSa is rated 7.8. The top reviewer of OPNsense writes "Unbeatable pricing and easy to configure and use, but it can be configured only through the GUI, and the integration with Azure cloud is difficult". On the other hand, the top reviewer of SonicWall NSa writes "Easy to scale advanced threat protection solution with knowledgeable technical support, but has occasional bugs". OPNsense is most compared with pfSense, Untangle NG Firewall, Sophos XG, Fortinet FortiGate and Fortinet FortiGate-VM, whereas SonicWall NSa is most compared with Fortinet FortiGate, SonicWall TZ, Meraki MX, Sophos XG and Zyxel Unified Security Gateway. See our OPNsense vs. SonicWall NSa report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.