OPNsense alternatives and competitors

We are a small consulting company. We have around 100 employees. We don't use advanced firewalls because we don't really have important data that can be hacked. Nobody is going to care about our data because it's only the HR department's timesheet data on our on-premise systems. The firewall is protecting remote access, allowing the employees to access our office environment. So sometimes employees connect to our systems which have some test systems on it. They run some tests about the consulting we've given to clients. That's all. We just have basic things on our firewall. Just two things are important for us - the site to site VPN, which we have with some customers, and the government site. That is important. That's why I want to change the firewall to a new and up-to-date one so maybe it will be an improvement to prevent some hackers.

After I made up my mind to migrate it to another solution, I was kind of checking all the other firewalls, the FortiGate, Check Point, pfSense and OPNsense, and Check Point has pretty simple solutions, like the virtual appliance which you just download and it is imported into VMware and you just start using it. You just have to know Check Point's GUI so you can manage your IP addresses and access rules and stuff. But as I said, Check Point is really advanced and the GUI is kind of advanced, which the customer reports actually prove.

In terms of what could be improved, we have no support with the current Check Point environment. It ended maybe three or four years ago. Because it's an appliance you have to have support. That's a problem for us because I cannot update it at the moment. We have to have another support. We have to subscribe to another support so I can update it. I think it's a good amount of money and our boss does not want to pay that kind of money for firewall solutions. It's not a hardware solution, which by the way, if it would be up to me, I would migrate it to a hardware FortiGate system because all our customers at the moment are migrating their environments to FortiGate hardware solutions. They say it's a really good improvement from their previous firewall solution because it's easy to manage and they're very happy with it.

But as I said before, my boss does not want to pay a lot of money for a firewall solution since we don't have much data to protect and the data is not very important. It's not a big use for us. So we will just probably try pfSense or OPNsense. I can patch it to an up-to-date version, like the 2021 patch. We have the open source solution because my boss does not want to pay for it. It's my approach to migrate the firewall, actually. If it was up to me, I'd probably migrate it to a FortiGate system.

I'm not very experienced with Check Point. But what I would like to see is a step-by-step initial installation of the firewall. That would be really helpful. Like in Oracle appliances, when you start it asks you, what's your current IP address? An initial setup should be a step by step and intuitive process. You click on "begin," it asks you some simple questions. You fill in the blanks - your current IP address, what you want to do, if you want to set up a site to site VPN, for example, that kind of thing. That would be the smartest thing to have.

I can't give it any review about Check Point technical support because I am only working here for about three years and by the time I started at the company it already did not have support.

I have no idea about the initial setup, but it seems like it's not so complex. The initial set up is probably not that hard, but not that easy, either. If I were to delegate the firewall system to a junior guy, I think that he's not going to manage Check Point, but he'll probably manage FortiGate.

In the past, my clients were all using Check Point Systems. When I reviewed it at that time, back 10 years ago, Check Point was number one, as far as I remember, meaning FortiGate wasn't a major solution in Turkey. Nobody was talking about FortiGate then. Now FortiGate, is a major player in the firewall industry in Turkey. Most of our clients are migrating to FortiGate because they say it's cheaper than Check Point. So when I see the Check Point's GUI, it's really complicated. My recommendation would be for Check Point customers to first learn about Check Point's GUI, which is pretty advanced, for me at least.

But when I talk to my friends who are managing IT, they are migrating to FortiGate. They say, FortiGate is very easy to manage and I should really think about it now. When I was first introduced to Check Point it was really advanced. I didn't understand when I first looked into it. I just wanted a solution. pfSense has the same problem. By the way, according to your report, some customers said that pfSense needs improvement on the management and the GUI and aspects like that, so maybe I'll need another review of OPNsense versus Check Point and FortiGate etc...

We didn't have any problems at all. Just in one case, actually. We have a rule that pops up from nowhere which we didn't create. When we restart our Virtual System firewall, it creates a rule which messes up all our internet connection. So if I were to give a number from one to 10, I would probably say Check Point is a nine out of 10. Other than that, we haven't had any problems. Check Point is pretty reliable. I think it's our company's problem that we couldn't patch it after it froze. Maybe an up to date, patched version doesn't have this problem. 

Overall, it's really working for us. I don't have any problems other than it's just outdated.

We are a solution provider and this is one of the security solutions that we implement for our clients. The primary use for Sophos XG is to secure the internet for an organization. It does a bit of antivirus scanning, application filtering, web filtering, and normal firewalling. Security, obviously.

Some of our clients also have Sophos UAP and access points are also included in Sophos, which is the same with FortiGate.

Sophos XG is easy to manage. You've got the cloud logging and you can manage all of your Sophos firewalls from one cloud, the Sophos Central Portal.

The most valuable feature is endpoint security. If you want to install antivirus and firewalling on endpoints, then Sophos is the best option.

What I don't like about Sophos is that applying policies can sometimes take longer, and there can even be a bit of a network interruption. With FortiGate, it's just one click and then you go, but with Sophos, sometimes the wheel keeps spinning for several seconds.

The SD-WAN capability is not as good as it is in FortiGate, and is something that should be improved.

I have been working with Sophos XG for approximately two and a half years.

Stability-wise, it's almost as good as FortiGate.

I've been selling FortiGate for 10 years and Sophos for two and a half years. I think that Sophos is just about on par with FortiGate. We just had a small thing with a client, but I don't know if that's really going to be reason enough. In terms of stability, I think they are quite good. The issue we had was the locks, and it was causing slowness or interruptions, but that was really not an issue. It's a small thing.

Sophos XG is very scalable. You can go from small to large-sized use cases.

I think that the technical support is very good, and similar to FortiGate,

I actually dealt directly with a Sophos engineer and I must admit, they've been very fortunate that the guy can help even on the weekends and so forth. I'm very impressed with that.

I primarily work with FortiGate, but I am currently dabbling in OPNSense to see if I can learn it. I've also installed Cisco in the past, as well as Sophos.

Although about 80% of our clients ask for FortiGate, some of our clients ask for Sophos instead. For example, there are some banks and commercial institutions that ask for Sophos.

Sophos is better than FortiGate with respect to endpoint protection.

The initial setup is as easy as it is with FortiGate. These products are definitely easier to install than a solution like OPNsense because it is just a hardware appliance.

The price of this solution is mid-range. Obviously, it will never beat OPNsense because that product is available free of charge. Sophos XG is not expensive for a firewall, especially when you compare it with Check Point. Check Point is a really expensive product.

Sophos XG is a bit more expensive than companies like BitDefender and Kaspersky, but their endpoint software is very good.

The suitability of this product depends on the use case. If somebody wants to have full endpoint protection then Sophos is the best choice. If they just want a normal UTM without endpoint software, then FortiGate is slightly better, but only slightly because of the SD-WAN capabilities. 

I would rate this solution an eight out of ten.

It has a very nice web interface, and it is very simple to use. The way policies are working is also good.

I have been using WireGuard VPN because it is a lot faster and more secure than an open VPN. However, in the latest version of pfSense, they have removed this feature, which is one of the main features that I need. They should include this feature.

I have been using this solution for probably ten years. As the head of IT, I have used pfSense for the French infrastructure for around ten years.

It is working fine for me. I never had any problem with this firewall.

I never had to contact their support because everything has been working fine.

I have a lot of experience with pfSense but not much with OPNsense. Both OPNsense and pfSense are very easy, but pfSense is a bit more friendly. pfSense is simple to use with a nice web interface. OPNsense is more tricky.

OPNsense has the remote access functionality, which is the main functionality that I need. OPNsense is very easy to set up and very easy to manage. It is also very fast.

Its initial setup is very easy. 

In France, we have less than five engineers. That's why we try to do everything by ourselves. We chose pfSense because it is user-friendly.

Its price is pretty fair.

If you don't need WireGuard VPN, pfSense is better because it is easier to use than OPNsense. It is a very good platform. Its web administration interface has been working fine.

I would rate pfSense an eight out of ten. A couple of months ago, I would have rated it a ten out of ten because of the WireGuard VPN feature.

We are working with VMware and we are using virtual machines for Kerio Control.

The most valuable features of Kerio Control are the IPS and traffic rules. The traffic rules are very user-friendly and the IPS is working well. Additionally, the anti-virus is effective with quick options, such as filtering.

Kerio Control could improve by having higher availability and adding a mobile VPN channel. These additions are needed. The VPN is working fine on the Kerio Control but there needs to be a VPN client on the mobile phones, both for iOS and Android. This would be very good for us.

In a future release, SD-WAN features would be very useful.

I have been using Kerio Control for approximately seven years.

The solution is stable. However, we have had some problems, and we want to receive some updates for the IPS module. Sometimes we have errors downloading the IPS updates.

I have not contacted technical support. When I have an issue I search the internet and solve the problem. When I search Google, I find solutions for my problem.

Previously I was using OPNsense and pfSense. However, Kerio Control is more user-friendly and stable than pfSense and OPNsense.

The deployment of Kerio Control was easy and user-friendly. We have no problems deploying the Kerio Control, Kerio Portal, and Kerio Connect for our customers.

I am living in Iran and we cannot buy the product from Kerio because of sanctions.

I rate Kerio Control an eight out of ten.