OPNsense vs WatchGuard Firebox comparison

Cancel
You must select at least 2 products to compare!
Cisco Logo
96,842 views|63,474 comparisons
OPNsense Logo
85,126 views|74,260 comparisons
WatchGuard Logo
22,887 views|18,995 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between OPNsense and WatchGuard Firebox based on real PeerSpot user reviews.

Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed OPNsense vs. WatchGuard Firebox Report (Updated: January 2023).
672,411 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The Packet Tracer is a really good tool. If someone calls because they're having problems, you can easily create fake traffic without having to do an extended packet capture. You can see, straight away, if there's a firewall rule allowing that traffic in the direction you're trying to troubleshoot.""The remote VPN and IPsec VPN or site-to-site VPN features are valuable. The clustering feature is also valuable. We have two ISP links. Whenever there is a failover, users don't even get to know. The transition is very smooth, and the users don't notice any latency. So, remote VPN, site-to-site VPN, and failover are three very powerful features of Cisco ASA.""It helped us a lot with our VPNs for the home office during COVID. There has been more security and flexibility for VPNs and other applications.""Cisco has the best documentation. You can easily find multiple documents by searching the web. Even a child can go online and find the required information.""We find all of its features very useful. Its main features are policies and access lists. We use both of them, and we also use routing.""ASA integrates with FirePOWER, IPS functionality, malware filtering, etc. This functionality wasn't there in the past. With its cloud architecture, Cisco can filter traffic at the engine layer. Evasive encryptions can be entered into the application, like BitTorrent or Skype. This wasn't possible to control through a traditional firewall.""It brings us the ability to work from anywhere and has allowed us to work remotely without having to incur a lot of other costs. If we didn't have this type of solution, since we have so many on-prem services that are required, we would have likely lost money and been unable to deliver. We have a video services team who helped build the content for our sporting events. When you are watching a Leaf game and those swipes come by as well as the clips and things, those are all generated in-house. Without the ability to access our on-premise resources, we would have been dead in the water. So, the return on that is pretty impressive.""I like the ASDM for the firewall because it is visual. With the command line, it is harder to visualize what is going on. A picture is worth a thousand words."

More Cisco Secure Firewall Pros →

"The system in general is quite flexible.""We have found pretty much all the features of the solution to be valuable.""OPNsense is highly stable.""OPNsense is easy to scale when running on the hardware.""It's more secure and more reliable.""I have found the solution has some great features overall, such as guest access capabilities, dashboards, and ease of use. There is plenty of documentation and support and it has the plugins that I needed.""The technical support is very good.""What I like best about OPNsense is that, as a firewall, it's pretty good. I'm quite impressed with it. I had an excellent experience with OPNsense, which helped me achieve the targets I wanted."

More OPNsense Pros →

"The solution has a useful traffic monitor.""What I found most valuable in WatchGuard Firebox is that it's a functional platform that works, and each of its features works well. The solution also has good reporting and dashboard capabilities. I also find the overall performance of WatchGuard Firebox great.""The most valuable feature of WatchGuard Firebox is the VPN. It's easy to connect to the VPN.""From my experience with their customer service team, I would say that they seem quite knowledgeable and fairly quick to respond.""There are no problems with the technical support. If a problem occurs it gets resolved immediately with our technical support partners.""All of the features have been valuable. There's nothing on my M270 that I'm not using. If you have remote access, you can see how many users are coming from the outside world to be connected to the systems, through the virus systems that we have behind the firewall, in order to gain access to their files and do their work. We can also see how long they stay online and whether these connections are closed forcefully or for any other reasons, such as a glitch or some kind of misbehavior, to see if internet traffic is optimized and if that particular traffic is under company policies, concerning which websites were visited.""I like that this product has very few issues.""This product offers great protection using the default settings."

More WatchGuard Firebox Pros →

Cons
"We are still running the original ASAs. The software that you are running for the ASDM software and Java application has never been a lot of fun to operate. It would have been nice to see that change update be redesigned with modern systems, which don't play nicely with Java sometimes. Cybersecurity doesn't seem to love how that operates. For us, a fresher application, taking advantage of the hardware, would have been a better approach.""I would like to see them add more next-generation features so that you don't need a lot of appliances to do just one task. It should be a single solution.""The application detection feature of this solution could be improved as well as its integration with other solutions.""Setting firewall network rules should be more straightforward with a clearer graphical representation. The rule-setting method seems old-fashioned. The firewall and network rules are separate from the Firepower and web access rules.""I think the ASA layer is thin. It's always Layer 3 or Layer 4 source controller and doesn't control the Layer 7 traffic. It's important, and you'll need an additional firewall.""The main problem we have is that things work okay until we upgrade the firmware, at which point, everything changes, and the net stops working.""Most of the features don't work well, and some features are missing as well.""It is hard to control the bandwidth of end-users with a Cisco Firewall. That is the main issue I've faced. I used Mikrotik for many years for this very reason. Mikrotik has the option to set a bandwidth restriction for a single IP or complete segments. Cisco should add this option to their firewall."

More Cisco Secure Firewall Cons →

"The interface isn't so friendly user. But we have some technicians here who are quite confident with this tool. OPNSense could maybe add sets of rules so it's simpler to manage different groups with particular needs.""While they do have paid options that actually gives better features, for most of the clients, if they tend to take a paid option will instead opt for Fortinet.""OPNsense could improve by making the configuration more web-based rather than shell or command-line-based.""The interface needs to be simplified. It is not user-friendly.""We did not like the fact that you have to configure everything with the graphic user interface. We have used other firewalls, such as FortiGate, that you can configure via code. OPNsense is not easy to integrate. When you are deploying via GitHub or another source repository, this is not possible. That's one thing we didn't like much.""An area for improvement in OPNsense is the hardware, which needs to be updated more frequently. DNS blocking is another good feature I want to be added to the solution. pfSense has a peer-blocking feature that I also want to see in OPNsense.""The IPS solution could be more reliable.""The support for OPNsense is good because we have documents available on the internet. The support could improve a little."

More OPNsense Cons →

"The UI and web view aren't nice.""The user interface for WatchGuard Firebox has room for improvement. Right now, it's a bit complex to work with and could be easier.""They are working on cloud-based options. However, they do not have the options fully functional in their solution at this time.""What could use some significant improvement in WatchGuard Firebox would be its interface and policy management. An additional feature I'd like to see in the next release of WatchGuard Firebox is the ability to modify an existing policy instead of having to recreate a policy when changes are necessary. At the moment, there's no possibility to modify the policy. You have to delete the policy and recreate it.""This is a great product and offers great protection but they don't hear the customers' needs. They don't make improvements as per the customers' requests.""The area where I think this product can be improved is the user interface and the reporting. It can be quite difficult to find the correct logs and to actually find out what is going on. The digging can be time-consuming.""Firebox would be improved with integration for endpoint protection solutions.""There is room for improvement in the threat protection, data packet inspection, and performance of the solution. Generally, it's just a lower-end product. It does the job but doesn't do it very well."

More WatchGuard Firebox Cons →

Pricing and Cost Advice
  • "The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case."
  • "I know that licensing for some of the advanced solutions, like Intrusion Prevention and Secure Malware Analytics, are nominal costs."
  • "It is affordable. The hardware is not that expensive anymore. It is a matter of licensing these days."
  • "Cisco is not for a small mom-and-pop shop because of the cost, but if you're in a regulated industry where a breach could cost you a million dollars, it's a bargain."
  • "I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way."
  • "We are happy with its price. Licensing is on a yearly basis for technical support. There is one license for technical support. There is another license for IP Version 2 VPN and IPS."
  • "I am happy with the product in general, including the pricing."
  • "Their pricing is very aggressive and good. Even a small company can afford it. I am happy with its pricing. Its licensing is on a yearly basis."
  • More Cisco Secure Firewall Pricing and Cost Advice →

  • "The solution is not expensive."
  • "As an appliance, it's in the medium price range."
  • "Its pricing is unbeatable in comparison to other firewalls. You can have a small instance that could be €80 a month with the hardware underneath. Azure Firewall and FortiGate are out of the question at this price. If you are on a public cloud, you need the underlying infrastructure. Other than that, there is no additional cost. If you have it on-prem, you have to buy the server or the appliance. The hardware cost is replaced with the infrastructure cost in the cloud. You also have costs for the public IPs and underlying VMs, but that's not related to OPNsense. It would be the same for a FortiGate deployment on Azure. You need a FortiGate license, and you need the underlying infrastructure that scales up depending on your needs."
  • "It is open source and free."
  • "The price of OPNsense is good."
  • "I'm using the free version of OPNsense. I didn't check the pricing for the solution because I still need to test it before getting the approval to purchase OPNsense, and it isn't easy to get approval from the higher-ups."
  • More OPNsense Pricing and Cost Advice →

  • "I find the solution to be very affordable."
  • "It's fair pricing, but it could always be reduced."
  • "It has a very good price. It is not the most expensive one, and it is also not the cheapest one. It is just spot-on in terms of price."
  • "They have an annual subscription license. Initially, we had opted for three years. After that, we went for another three years, and after that, we have been doing it yearly. They also have a license for five years."
  • "The licensing contract we have is on a three-year basis. There aren't any costs in addition to the standard licensing fees—usually, every three years, we just purchase or renew the same license and we are okay. Every six years, we completely change the firewall, but that's the usual schema. So after three years, we just renew the licenses for another three years, and then after that particular period of time, we just purchase another firewall equivalent to the ones that we currently use."
  • "The licensing costs are comparatively lower than other providers, and I would rate the pricing as five out of five."
  • "The price of the WatchGuard Firebox is reasonable."
  • "It is an entry-level product, so the price is cheap."
  • More WatchGuard Firebox Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    672,411 professionals have used our research since 2012.
    Questions from the Community
    Top Answer: When you compare these firewalls you can identify them with different features, advantages, practices and… more »
    Top Answer:One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet… more »
    Top Answer:It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
    Top Answer:Two of the most common and well recognized firewalls, PfSense and OPNsense both support site-to-site IPsec VPN and… more »
    Top Answer:What I like best about OPNsense is that, as a firewall, it's pretty good. I'm quite impressed with it. I had an… more »
    Top Answer:I'm using the free version of OPNsense. I didn't check the pricing for the solution because I still need to test it… more »
    Top Answer:We are providing our services to all WatchGuard customers in the region. 
    Top Answer:We just use it as a secondary WiFi device. We're a small office and we needed to set up a WiFi device for a few of our… more »
    Top Answer:We're a hospital and we use it for developing our incoming and outgoing policies, and we also use it for VPN.
    Comparisons
    Also Known As
    Cisco ASA Firewall, Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
    Learn More
    OPNsense
    Video Not Available
    Overview

    The Cisco Secure Firewall portfolio delivers greater protections for your network against an increasingly evolving and complex set of threats. With Cisco, you’re investing in a foundation for security that is both agile and integrated- leading to the strongest security posture available today and tomorrow.

      From your data center, branch offices, cloud environments, and everywhere in between, you can leverage the power of Cisco to turn your existing network infrastructure into an extension of your firewall solution, resulting in world class security controls everywhere you need them.

      Investing in a Secure Firewall appliance today gives you robust protections against even the most sophisticated threats without compromising performance when inspecting encrypted traffic. Further, integrations with other Cisco and 3rd party solutions provides you with a broad and deep portfolio of security products, all working together to correlate previously disconnected events, eliminate noise, and stop threats faster.

      OPNsense is a user-friendly, fast-track, open-source FreeBSD-based firewall and routing platform. This software offers features that are generally available from costly commercial firewalls, with the added benefit of open and verifiable sources. The firewall provides users, developers, and organizations with an advantageous environment through transparency. The development of this project is driven by a strong focus on security and code quality.

      The solution offers a variety of components, such as:

      • Weekly security updates. These updates provide the user with the ability to reach new emerging threats in a timely manner through small increments.

      • Two major releases every year. These yearly releases are on a fixed release cycle and provide organizations with the ability to plan ahead of an upcoming upgrade.

      • A roadmap of instructions. Each major release provides a guide and a set of clear goals.

      A team of professionals developed OPNsense. Other professional and experienced software architects, engineers, and developers are encouraged to join in the development of the solution to make it as successful as possible. OPNsense offers a variety of rich features with each release. Each upgrade is based on FreeBSD for continual, long-term support and utilizes a freshly advanced MVC framework based on Phalcon. OPNsense is committed to helping businesses, school networks, remote offices, hotels, and other markets in keeping their data protected.

      OPNsense Core Features

      OPNsense continually offers a free, complete, high-end security platform with new releases and features. With each release, OPNsense focuses on providing more unique and better security features in a timely manner. These features include:

      • Captive Portal
      • Built-in reporting and monitoring tools including RRD Graphs
      • Network Flow Monitoring
      • Traffic Shaper
      • Support for Plugins
      • Granular Control Over State Table
      • Dynamic DNS
      • Two-factor authentication throughout the system
      • Netflow Exporter
      • Encrypted Configuration Backup to Google Drive
      • Forward Caching Proxy (transparent) with Blacklist Support
      • Stateful inspection firewall
      • DNS Server & DNS Forwarder
      • High Availability & Hardware Failover (with configuration synchronization & synchronized state tables)
      • DHCP Server and Relay
      • Virtual Private Network (site to site & road warrior, IPsec, OpenVPN & legacy PPTP support)
      • Intrusion Detection and Prevention
      • 802.1Q VLAN support

      Reviews from Real Users

      OPNsense is a favorite security solution among reviewers for a number of reasons. Two of those reasons include the user-friendliness of the solution, which makes it easy to use, and its ability to easily scale.

      For many, a user-friendly solution is essential. FiorindoDi A., a system administration specialist at a tech vendor, says, "The graphic user interface is very good and it is user-friendly, which makes the product easy-to-use."

      Peerspot reviewers speak of the scalability of the solution. For example, an anonymous cloud and infrastructure manager at a venture capital and private equity firm reviewer notes, "OPNsense is easy to scale when running on the hardware."

      WatchGuard Firebox is a unified security platform that offers organizations protection from cyber threats through a powerful network security device that controls all traffic between an external network and a trusted network. The solution is ideal for small and midsize businesses as well as for distributed enterprises. WatchGuard Firebox protects the entire network from intrusions, phishing attempts, malware, and ransomware by using cloud and virtual firewalls, AI-powered malware protection, and enhanced network visibility.

      WatchGuard Firebox Features

      WatchGuard Firebox has many valuable key features, including:

      • Policy management
      • Strong security
      • High performance
      • Network configuration for multiple clients
      • Built-in SD-WAN
      • Application control
      • Threat detection and response
      • Network discovery
      • Intuitive interface

      WatchGuard Firebox Benefits

      Some of the benefits of using WatchGuard Firebox include:

      • IT administrators can create and implement policies for content filtering, VPNs, and network inspections.
      • The solution is easy to set up, manage, and maintain.

      Reviews from Real Users

      Below are some reviews and helpful feedback written by WatchGuard Firebox users.

      PeerSpot user Kelly C., IT Manager at a hospitality company, mentions, “One of the most valuable features is the Gateway AntiVirus. We scan all traffic as it's coming through. We also use spamBlocker to scrub spam. We use content filtering, which is critical in any corporate environment to make sure that people don't surf things they're not supposed to. WatchGuard has a very easy VPN and branch office VPN setup, so we use those pretty extensively too.It's very easy to use. In terms of performance, WatchGuard has always worked well for us. Regarding the reporting, I was in the Dimension server earlier today. It's very powerful. I like it. And the management features are easy to use. I like the fact that I can open up the System Manager client or I can just do it through the web if I'm making a quick change.”

      A Director of Information Technology at a retailer says, “Among the most valuable features is the ease of use — love the interface — of both the web interface and of the WatchGuard System Manager. It's a stable platform. The devices are pretty rock-solid.”

      Jason M., IT Director at a healthcare company, explains, “The policy monitoring and allowing different traffic flows are the most useful features for us; regulating which traffic comes in and out. In terms of the throughput and performance, we don't have a problem or any bottleneck there. We downgraded the size of our appliance because we're a small facility, and what we had before was actually too big. The one we are now going with seems to be doing a great job.” He also adds, “The management feature is pretty nice.”

      Steve R., President and Owner at Peak Communication Systems, Inc., comments, "It saves us time in the respect that we now have the template built for it so we can get in and get it done. We've had much less problems supporting Voice over IP technologies from different companies. Because our client base has grown over the years, we're probably saving 20 to 30 man-hours a month now that we've got this on a good stable level."

      Offer
      Learn more about Cisco Secure Firewall
      Learn more about OPNsense
      Learn more about WatchGuard Firebox
      Sample Customers
      There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
      CompuNet Systems GmbH,
      Ellips, Diecutstickers.com, Clarke Energy, NCR, Wrest Park, Homeslice Pizza, Fortessa Tableware Solutions, The Phoenix Residence
      Top Industries
      REVIEWERS
      Financial Services Firm16%
      Comms Service Provider13%
      Computer Software Company9%
      Government8%
      VISITORS READING REVIEWS
      Computer Software Company20%
      Comms Service Provider17%
      Government8%
      Educational Organization5%
      REVIEWERS
      Comms Service Provider30%
      Logistics Company20%
      Aerospace/Defense Firm10%
      Financial Services Firm10%
      VISITORS READING REVIEWS
      Comms Service Provider22%
      Computer Software Company16%
      Government9%
      Educational Organization6%
      REVIEWERS
      Manufacturing Company17%
      Construction Company11%
      Computer Software Company9%
      Real Estate/Law Firm6%
      VISITORS READING REVIEWS
      Computer Software Company18%
      Comms Service Provider18%
      Government6%
      Retailer5%
      Company Size
      REVIEWERS
      Small Business35%
      Midsize Enterprise25%
      Large Enterprise40%
      VISITORS READING REVIEWS
      Small Business28%
      Midsize Enterprise18%
      Large Enterprise53%
      REVIEWERS
      Small Business67%
      Midsize Enterprise10%
      Large Enterprise24%
      VISITORS READING REVIEWS
      Small Business27%
      Midsize Enterprise20%
      Large Enterprise53%
      REVIEWERS
      Small Business64%
      Midsize Enterprise25%
      Large Enterprise10%
      VISITORS READING REVIEWS
      Small Business39%
      Midsize Enterprise20%
      Large Enterprise42%
      Buyer's Guide
      OPNsense vs. WatchGuard Firebox
      January 2023
      Find out what your peers are saying about OPNsense vs. WatchGuard Firebox and other solutions. Updated: January 2023.
      672,411 professionals have used our research since 2012.

      OPNsense is ranked 7th in Firewalls with 12 reviews while WatchGuard Firebox is ranked 4th in Unified Threat Management (UTM) with 23 reviews. OPNsense is rated 8.2, while WatchGuard Firebox is rated 8.2. The top reviewer of OPNsense writes "Unbeatable pricing and easy to configure and use, but it can be configured only through the GUI, and the integration with Azure cloud is difficult". On the other hand, the top reviewer of WatchGuard Firebox writes "Easy to deploy and it provides useful data on threats ". OPNsense is most compared with pfSense, Untangle NG Firewall, Sophos XG, Fortinet FortiGate and Azure Firewall, whereas WatchGuard Firebox is most compared with Fortinet FortiGate, pfSense, Sophos XG, Meraki MX and SonicWall NSa. See our OPNsense vs. WatchGuard Firebox report.

      We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.