OPNsense alternatives and competitors

We are a small consulting company. We have around 100 employees. We don't use advanced firewalls because we don't really have important data that can be hacked. Nobody is going to care about our data because it's only the HR department's timesheet data on our on-premise systems. The firewall is protecting remote access, allowing the employees to access our office environment. So sometimes employees connect to our systems which have some test systems on it. They run some tests about the consulting we've given to clients. That's all. We just have basic things on our firewall. Just two things are important for us - the site to site VPN, which we have with some customers, and the government site. That is important. That's why I want to change the firewall to a new and up-to-date one so maybe it will be an improvement to prevent some hackers.

After I made up my mind to migrate it to another solution, I was kind of checking all the other firewalls, the FortiGate, Check Point, pfSense and OPNsense, and Check Point has pretty simple solutions, like the virtual appliance which you just download and it is imported into VMware and you just start using it. You just have to know Check Point's GUI so you can manage your IP addresses and access rules and stuff. But as I said, Check Point is really advanced and the GUI is kind of advanced, which the customer reports actually prove.

In terms of what could be improved, we have no support with the current Check Point environment. It ended maybe three or four years ago. Because it's an appliance you have to have support. That's a problem for us because I cannot update it at the moment. We have to have another support. We have to subscribe to another support so I can update it. I think it's a good amount of money and our boss does not want to pay that kind of money for firewall solutions. It's not a hardware solution, which by the way, if it would be up to me, I would migrate it to a hardware FortiGate system because all our customers at the moment are migrating their environments to FortiGate hardware solutions. They say it's a really good improvement from their previous firewall solution because it's easy to manage and they're very happy with it.

But as I said before, my boss does not want to pay a lot of money for a firewall solution since we don't have much data to protect and the data is not very important. It's not a big use for us. So we will just probably try pfSense or OPNsense. I can patch it to an up-to-date version, like the 2021 patch. We have the open source solution because my boss does not want to pay for it. It's my approach to migrate the firewall, actually. If it was up to me, I'd probably migrate it to a FortiGate system.

I'm not very experienced with Check Point. But what I would like to see is a step-by-step initial installation of the firewall. That would be really helpful. Like in Oracle appliances, when you start it asks you, what's your current IP address? An initial setup should be a step by step and intuitive process. You click on "begin," it asks you some simple questions. You fill in the blanks - your current IP address, what you want to do, if you want to set up a site to site VPN, for example, that kind of thing. That would be the smartest thing to have.

I can't give it any review about Check Point technical support because I am only working here for about three years and by the time I started at the company it already did not have support.

I have no idea about the initial setup, but it seems like it's not so complex. The initial set up is probably not that hard, but not that easy, either. If I were to delegate the firewall system to a junior guy, I think that he's not going to manage Check Point, but he'll probably manage FortiGate.

In the past, my clients were all using Check Point Systems. When I reviewed it at that time, back 10 years ago, Check Point was number one, as far as I remember, meaning FortiGate wasn't a major solution in Turkey. Nobody was talking about FortiGate then. Now FortiGate, is a major player in the firewall industry in Turkey. Most of our clients are migrating to FortiGate because they say it's cheaper than Check Point. So when I see the Check Point's GUI, it's really complicated. My recommendation would be for Check Point customers to first learn about Check Point's GUI, which is pretty advanced, for me at least.

But when I talk to my friends who are managing IT, they are migrating to FortiGate. They say, FortiGate is very easy to manage and I should really think about it now. When I was first introduced to Check Point it was really advanced. I didn't understand when I first looked into it. I just wanted a solution. pfSense has the same problem. By the way, according to your report, some customers said that pfSense needs improvement on the management and the GUI and aspects like that, so maybe I'll need another review of OPNsense versus Check Point and FortiGate etc...

We didn't have any problems at all. Just in one case, actually. We have a rule that pops up from nowhere which we didn't create. When we restart our Virtual System firewall, it creates a rule which messes up all our internet connection. So if I were to give a number from one to 10, I would probably say Check Point is a nine out of 10. Other than that, we haven't had any problems. Check Point is pretty reliable. I think it's our company's problem that we couldn't patch it after it froze. Maybe an up to date, patched version doesn't have this problem. 

Overall, it's really working for us. I don't have any problems other than it's just outdated.

Our company uses the solution for perimeter security. We are distributors in the Middle East and Africa. We look for competitive analysis against Fortinet and Sophos. 

The price versus value is good because the solution is less expensive than Sophos, Fortinet, or SonicWall. 

The interface and user experience are horrible. To perform simple things, you need to jump between many screens. There is no simplicity, everything is complex. 

The available information is lacking. I'm struggling to give my coworker information about how to configure. The public information available is too old and hasn't been updated. 

The solution is not out-of-the-box because it requires a mandatory license. 

Outside of China, the solution does not offer active-active, virtual domains, or concurrent sessions. The CCB or UTB sessions and BPM channels are very low. The solution is a Chinese product and that side is different from the rest of the world. China has version 8.0.59 but the rest of the world has 8.0.47 only. 

The solution has very, very slow hardware performance. 

I have been using the solution for one year. 

The solution is stable so I rate stability an nine out of ten. 

The solution is not really scalable because it is limited by the capability of the box. You cannot scale out or up because there are hardware limitations. 

Scalability is rated a zero out of ten. 

In Asia, technical support is good but it is very weak in our region. When you are looking for information from technical support, it will take ages for them to respond but chances are good that they won't respond at all. 

Even presale support is not good. 

I rate support a two out of ten. 

Negative

The setup is complex because the interface is not good. 

For someone who is already a professional with another product, the setup is rated a five out of ten. For someone with security experience only, the setup is rated a one out of ten. 

We implemented the solution in-house. One experienced person can deploy. 

Setup for someone who is experienced with other products will take a day for configuration.

Someone who knows security but doesn't know other products like Fortinet, Sophos, or SonicWall will struggle. It takes days to fetch out between sequences and you have to jump between screens for things like ABI, email security, and DLP. It takes time to figure out the proper sequence. 

The solution has a total cost of ownership that is 32% to 50% less than Sophos, Fortinet, and SonicWall. Licenses are also less expensive than Sophos. 

The solution is not out-of-the box because a license is mandatory. You cannot operate the device by itself. This makes no sense because you should be able to use the default features or operate it without a license. Even if the device is capable, you still need a license. 

The four categories of licenses are features, hardware, software updates or technical support, and advanced features. The vendor insists it is mandatory to buy the minimum features license. This license mandate is very strange. 

The solution might raise its prices because Fortinet is increasing between 5% to 20% depending on the product and the solution competes with Fortinet. If the leader in the industry increases prices, other vendors will likely follow. 

The pricing right now is an eight out of ten because it is good.

Fortinet is one of the best products so I recommend its use instead. There is continuous development and good R&D for the product.

I would not recommend use of the solution at all. There has not been one single improvement or feature update in the last year. The solution is very bad at R&D. 

The solution also keeps changing names and product positioning. It used to be called Butler, then Cloud Platforms. 

There is not a single Sangfor employee right now outside of China who can give an explanation of their products. They don't know how the products even work. For example, they can't explain who can book the NGAF with Neural-X, with Engine Zero, or with a Platform-X or Butler cyber command. 

I rate the solution a four out of ten. 

Our company uses the solution as intrusion protection for customers. It fully integrates with the BMA and ISE. We manage all traffic in data centers to protect them from internal users and outside traffic.

The solution effectively integrates with Umbrella which has an intelligent background and is very helpful in tech analysis or discovery. 

The solution is not user friendly and it is hard to manage the GUI interface. This is an ongoing CISCO problem. 

The solution needs Active/Active firewalls to have good load balance with high availability. The firewalls should work simultaneously, not just as failovers. 

I have been using the solution for ten years. 

The solution is very stable if configured properly. I rate stability a nine out of ten. 

The solution is very highly scalable and other products really don't compete with its scalability. The solution can easily be used for small companies or big enterprises with thousands of users. I rate scalability an eight out of ten. 

Technical support does not have a broad knowledge base, so I rate them a six out of ten. 

Neutral

The setup is better than before but still not easy or clear like Palo Alto. If you want to configure the solution, then you need to study how to do it. 

The setup is difficult so I rate it a six out of ten. 

We implement the solution for customers on our own unless we have an issue or bug. It takes one expert staff person for deployment. Depending on the customer's policies and the network's complexity, deployment might take from three to seven days. 

Our process includes verifying the license and setting up the firewall, hardware, FMC, and the failover when there is more than one firewall. We then define or set up the configurable interfaces and the IP addresses. Finally, we define the VLAN of the customer and policies for each VLAN. 

The solution does not require ongoing maintenance if it is configured properly. 

Our ROI is that the solution saves time because it reduces attacks and helps with ongoing protection. The subscription model is also very helpful for ROI. 

I rate ROI at 1800%. 

The pricing is average and includes all features with support. I rate pricing a six out of ten. 

Palo Alto has a better GUI interface for handling all features and is easier to configure. 

I recommend the solution and rate it an eight out of ten. 

It has a very nice web interface, and it is very simple to use. The way policies are working is also good.

I have been using WireGuard VPN because it is a lot faster and more secure than an open VPN. However, in the latest version of pfSense, they have removed this feature, which is one of the main features that I need. They should include this feature.

I have been using this solution for probably ten years. As the head of IT, I have used pfSense for the French infrastructure for around ten years.

It is working fine for me. I never had any problem with this firewall.

I never had to contact their support because everything has been working fine.

I have a lot of experience with pfSense but not much with OPNsense. Both OPNsense and pfSense are very easy, but pfSense is a bit more friendly. pfSense is simple to use with a nice web interface. OPNsense is more tricky.

OPNsense has the remote access functionality, which is the main functionality that I need. OPNsense is very easy to set up and very easy to manage. It is also very fast.

Its initial setup is very easy. 

In France, we have less than five engineers. That's why we try to do everything by ourselves. We chose pfSense because it is user-friendly.

Its price is pretty fair.

If you don't need WireGuard VPN, pfSense is better because it is easier to use than OPNsense. It is a very good platform. Its web administration interface has been working fine.

I would rate pfSense an eight out of ten. A couple of months ago, I would have rated it a ten out of ten because of the WireGuard VPN feature.

We are working with VMware and we are using virtual machines for Kerio Control.

The most valuable features of Kerio Control are the IPS and traffic rules. The traffic rules are very user-friendly and the IPS is working well. Additionally, the anti-virus is effective with quick options, such as filtering.

Kerio Control could improve by having higher availability and adding a mobile VPN channel. These additions are needed. The VPN is working fine on the Kerio Control but there needs to be a VPN client on the mobile phones, both for iOS and Android. This would be very good for us.

In a future release, SD-WAN features would be very useful.

I have been using Kerio Control for approximately seven years.

The solution is stable. However, we have had some problems, and we want to receive some updates for the IPS module. Sometimes we have errors downloading the IPS updates.

I have not contacted technical support. When I have an issue I search the internet and solve the problem. When I search Google, I find solutions for my problem.

Previously I was using OPNsense and pfSense. However, Kerio Control is more user-friendly and stable than pfSense and OPNsense.

The deployment of Kerio Control was easy and user-friendly. We have no problems deploying the Kerio Control, Kerio Portal, and Kerio Connect for our customers.

I am living in Iran and we cannot buy the product from Kerio because of sanctions.

I rate Kerio Control an eight out of ten.