What is our primary use case?
We started working with a tier-four data center cloud service provider company, and we wish to develop our cloud instance/VM hosted.
We use OPNsense for content filtering, securing networks through DNSs and overcoming the challenges of ransomware, and securing different types of malware-virus attacks.
This is causing a lot of issues because we are focusing more and more on securing our customers' data.
It includes backup, recovery, archival, and now coming up with securing cloud instances/VMs. It is really essential for us.
Example: a firewall as a service can be provided to those who mainly work from home or Soho, Freelancers - clients.
How has it helped my organization?
OpNsense has given the most fundamental security service/support to our clients in an unstructured world like freelancers, consultants, soho users, etc. That is based on NIST guidelines, so, overall basic security postures are in place.
What is most valuable?
The most valuable features are content filtering, DNS level filtering and blocking unwanted Global IPs, built-in scanners and authentication capabilities, HA, etc.
What needs improvement?
I think that the most important aspect is a step-by-step run-book for its installation and deployment on small as well as on commodity hardware. Plus, clubbing the services into several (pre-configured) modules, detailing a BASIC, STANDARD, RATIONALIZED, and DYNAMIC (Enterprise ready) modules, and then custom configurable module, in that case even novice users can configure and start experiencing its benefits. On the same, documentation should be developed keeping the above five modules in mind.
The initial installation menu should clearly identify the existing IP class/subnet and suggest its challenges and benefits in configuration, and the respective error log should be shown on a screen on the same panel. They should also provide "modules" wise installation video links and their changes with previous versions for reference.
Our primary focus is to ensure the protection of customers' and consumers' data and critical IT/Dynamic infrastructure, for the same we have to do critical tunings, though, we practiced it in such a way that we have developed a habit of tuning things using a checklist based on clients "Mutual Value Discussions" (assessment session).
Added capabilities of add-ons/filters/extensions and its tunable help us detecting and alerting clients in sensitive environments when a malicious URL is detected in the traffic (e.g. messaging services/emails and/or other communications on the fly). This additional layer of protection helps in further safeguarding user data and preventing potentially damaging malware from being transmitted within the LAN environment.
Buyer's Guide
OPNsense
May 2023
Learn what your peers think about OPNsense. Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
706,951 professionals have used our research since 2012.
For how long have I used the solution?
We started using OPNsense in the last three or four years. Now they are pretty mature.
When we demonstrated this software and the firewall, the main thing is the customer's confidence.
If I remember correctly, it was 19.x version.
What do I think about the stability of the solution?
We have been operating here in our lab for several months, and everything appears to be extremely stable.
We also attempted a different method of providing the load factor, adjusting the various parameters, cross-checking the network jitters, detected security threats or not by other third-party software/hardware equivalents. It appears to be rather reliable, though, with the stated data points above, it is not yet ready for the enterprise yet.
What do I think about the scalability of the solution?
Most of the BSD/FreeBAS or Linux-based software-defined firewalls support vertical and horizontal scaling 'scaling out and scaling up'(this all depends on how it has been architecture) based on the requirements.
Keeping Technology and Architecture governance with the leading practice of security, availability, and scalability as critical elements in mind. Few stated features make these products scalable and highly available, though, based on load and constant monitoring would require tuning from time to time.
How are customer service and support?
To date, we managed to support clients ourselves and whenever we received feedback we come to know that support cost is very high, it is not as local as we are, for small soho, WFH, freelancers, and young startups they prefer locally available partners and hence they are not even interested in talking on those factors.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
A few years back, cybersecurity was not a problem for small and micro businesses, but since 2019 or so, that has seen a massive uphill, then, we were using built-in features of different types of OS-level firewalls with basic filtering, blocking the ports, orchestrating based on local FQDN based filtering, NATing, few BIND/DNS based filtering, implementing proxy's like Squid, etc. Best since these techniques are not good for business, we have to find other methodologies to protect clients' environments. Till recently, we also tried using Hardware firewalls, which most of our clients did not like because of known/unknown reasons.
How was the initial setup?
A few years back when we first began using it, we were unable to find a proper document detailing different network scenarios for IP allocations for 2NIC cards. We went through aggressive discussion, reading blogs, and setting-up labs we started getting the knack for all possible configurable elements and started running several tests, packet forwarding, bombarding networks in the most ethical way possible, and verifying results. e.g. We created two separate networks, with WAN and LAN networks assigned to different classes. The menu-driven setup process is relatively easy, but you must know which IP address to define in the router, WAN section, and LAN sections. If this is clearly explained, the basic and fundamental aspects of your network will be in place, allowing you to set it up quickly.
Then we recommend clients purchase easily available commodity hardware-based motherboards with two NIC/Ethernet cards built-in, it simplified our tasks and so on.
What about the implementation team?
We took some help from our old industry connections, and systems integrators, and later our lab practices and tests started solving most of the issues.
What was our ROI?
It is now organic, and growing (hope to improve better - though accidents do happen, e.g, COVID, Share market / Financial institution meltdown, the war between nations, and now CyberWarFare picked up!) these are the few key factors which disturb the business one way or other.
What's my experience with pricing, setup cost, and licensing?
The best is to read through the terms and conditions, and fine-prints, and to spend time identifying support and operational cost, most of these elements are covered on the website, etc.
Which other solutions did I evaluate?
What other advice do I have?
We made an attempt, but it appears that forming a partnership would not be done as the other party is requesting a significant amount of money, which we find to be very expensive to start with.
We are exploring the possibility of locating a domestic partner who has a partnership with either PfSense or OPNsense to partner with.
Subsequently, if we are successful in finding a suitable domestic partner, they would be able to offer these services to us.
While this software is certainly capable of getting used by masses, it is important to have the pragmatic knowledge to support and operate the system effectively and keep key parameters monitored for new cyber challenges.
It is crucial to have a clear understanding of exactly what you are looking to accomplish and to have access to the necessary data in order to effectively configure and use the system.
pfsense - Software-defined firewalls have been around for a while. Whereas, OPNsense came later into business.
I would rate OPNsense a seven out of ten.
Which deployment model are you using for this solution?
On-premises
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.