OPNsense OverviewUNIXBusinessApplication

OPNsense is the #6 ranked solution in best firewalls. PeerSpot users give OPNsense an average rating of 8.4 out of 10. OPNsense is most commonly compared to pfSense: OPNsense vs pfSense. OPNsense is popular among the large enterprise segment, accounting for 52% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a comms service provider, accounting for 17% of all views.
OPNsense Buyer's Guide

Download the OPNsense Buyer's Guide including reviews and more. Updated: May 2023

What is OPNsense?

OPNsense is a user-friendly, fast-track, open-source FreeBSD-based firewall and routing platform. This software offers features that are generally available from costly commercial firewalls, with the added benefit of open and verifiable sources. The firewall provides users, developers, and organizations with an advantageous environment through transparency. The development of this project is driven by a strong focus on security and code quality.

The solution offers a variety of components, such as:

  • Weekly security updates. These updates provide the user with the ability to reach new emerging threats in a timely manner through small increments.

  • Two major releases every year. These yearly releases are on a fixed release cycle and provide organizations with the ability to plan ahead of an upcoming upgrade.

  • A roadmap of instructions. Each major release provides a guide and a set of clear goals.

A team of professionals developed OPNsense. Other professional and experienced software architects, engineers, and developers are encouraged to join in the development of the solution to make it as successful as possible. OPNsense offers a variety of rich features with each release. Each upgrade is based on FreeBSD for continual, long-term support and utilizes a freshly advanced MVC framework based on Phalcon. OPNsense is committed to helping businesses, school networks, remote offices, hotels, and other markets in keeping their data protected.

OPNsense Core Features

OPNsense continually offers a free, complete, high-end security platform with new releases and features. With each release, OPNsense focuses on providing more unique and better security features in a timely manner. These features include:

  • Captive Portal
  • Built-in reporting and monitoring tools including RRD Graphs
  • Network Flow Monitoring
  • Traffic Shaper
  • Support for Plugins
  • Granular Control Over State Table
  • Dynamic DNS
  • Two-factor authentication throughout the system
  • Netflow Exporter
  • Encrypted Configuration Backup to Google Drive
  • Forward Caching Proxy (transparent) with Blacklist Support
  • Stateful inspection firewall
  • DNS Server & DNS Forwarder
  • High Availability & Hardware Failover (with configuration synchronization & synchronized state tables)
  • DHCP Server and Relay
  • Virtual Private Network (site to site & road warrior, IPsec, OpenVPN & legacy PPTP support)
  • Intrusion Detection and Prevention
  • 802.1Q VLAN support

Reviews from Real Users

OPNsense is a favorite security solution among reviewers for a number of reasons. Two of those reasons include the user-friendliness of the solution, which makes it easy to use, and its ability to easily scale.

For many, a user-friendly solution is essential. FiorindoDi A., a system administration specialist at a tech vendor, says, "The graphic user interface is very good and it is user-friendly, which makes the product easy-to-use."

Peerspot reviewers speak of the scalability of the solution. For example, an anonymous cloud and infrastructure manager at a venture capital and private equity firm reviewer notes, "OPNsense is easy to scale when running on the hardware."

OPNsense Customers

CompuNet Systems GmbH,

OPNsense Pricing Advice

What users are saying about OPNsense pricing:
  • "Its pricing is unbeatable in comparison to other firewalls. You can have a small instance that could be €80 a month with the hardware underneath. Azure Firewall and FortiGate are out of the question at this price. If you are on a public cloud, you need the underlying infrastructure. Other than that, there is no additional cost. If you have it on-prem, you have to buy the server or the appliance. The hardware cost is replaced with the infrastructure cost in the cloud. You also have costs for the public IPs and underlying VMs, but that's not related to OPNsense. It would be the same for a FortiGate deployment on Azure. You need a FortiGate license, and you need the underlying infrastructure that scales up depending on your needs."
  • "I'm using the free version of OPNsense. I didn't check the pricing for the solution because I still need to test it before getting the approval to purchase OPNsense, and it isn't easy to get approval from the higher-ups."
  • "As an appliance, it's in the medium price range."
  • "It is open source and free."
  • OPNsense Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Founder - Director at a tech services company with 1-10 employees
    Real User
    Top 5Leaderboard
    There are lots of capabilities built-in: Few would be High Availability, Proxy, DNS, Intrusion detection/prevention, content filtering, traffic and bandwidth management with 2factor autn.
    Pros and Cons
    • "We have been operating here in our lab for several months, and everything appears to be extremely stable."
    • "I think the most important thing is that it should be easily accessible, but currently, that doesn't seem to be the case. We need a hardware platform that's based on common standards and open computing principles, which would be like a commodity and benefit us greatly."

    What is our primary use case?

    We started working with a tier-four data center cloud service provider company, and we wish to develop our cloud instance/VM hosted.

    We use OPNsense for content filtering, securing networks through DNSs and overcoming the challenges of ransomware, and securing different types of malware-virus attacks.

    This is causing a lot of issues because we are focusing more and more on securing our customers' data.

    It includes backup, recovery, archival, and now coming up with securing cloud instances/VMs. It is really essential for us.

    Example: a firewall as a service can be provided to those who mainly work from home or Soho, Freelancers - clients.

    How has it helped my organization?

    OpNsense has given the most fundamental security service/support to our clients in an unstructured world like freelancers, consultants, soho users, etc. That is based on NIST guidelines, so, overall basic security postures are in place.

    What is most valuable?

    The most valuable features are content filtering, DNS level filtering and blocking unwanted Global IPs, built-in scanners and authentication capabilities, HA, etc.

    What needs improvement?

    I think that the most important aspect is a step-by-step run-book for its installation and deployment on small as well as on commodity hardware. Plus, clubbing the services into several (pre-configured) modules, detailing a BASIC, STANDARD, RATIONALIZED, and DYNAMIC (Enterprise ready) modules, and then custom configurable module, in that case even novice users can configure and start experiencing its benefits. On the same, documentation should be developed keeping the above five modules in mind.

    The initial installation menu should clearly identify the existing IP class/subnet and suggest its challenges and benefits in configuration, and the respective error log should be shown on a screen on the same panel. They should also provide "modules" wise installation video links and their changes with previous versions for reference.

    Our primary focus is to ensure the protection of customers' and consumers' data and critical IT/Dynamic infrastructure, for the same we have to do critical tunings, though, we practiced it in such a way that we have developed a habit of tuning things using a checklist based on clients "Mutual Value Discussions" (assessment session).

    Added capabilities of add-ons/filters/extensions and its tunable help us detecting and alerting clients in sensitive environments when a malicious URL is detected in the traffic (e.g. messaging services/emails and/or other communications on the fly). This additional layer of protection helps in further safeguarding user data and preventing potentially damaging malware from being transmitted within the LAN environment.

    Buyer's Guide
    OPNsense
    May 2023
    Learn what your peers think about OPNsense. Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
    706,951 professionals have used our research since 2012.

    For how long have I used the solution?

    We started using OPNsense in the last three or four years. Now they are pretty mature.

    When we demonstrated this software and the firewall, the main thing is the customer's confidence.

    If I remember correctly, it was 19.x version.

    What do I think about the stability of the solution?

    We have been operating here in our lab for several months, and everything appears to be extremely stable.

    We also attempted a different method of providing the load factor, adjusting the various parameters, cross-checking the network jitters, detected security threats or not by other third-party software/hardware equivalents. It appears to be rather reliable, though, with the stated data points above, it is not yet ready for the enterprise yet.

    What do I think about the scalability of the solution?

    Most of the BSD/FreeBAS or Linux-based software-defined firewalls support vertical and horizontal scaling 'scaling out and scaling up'(this all depends on how it has been architecture) based on the requirements.

    Keeping Technology and Architecture governance with the leading practice of security, availability, and scalability as critical elements in mind. Few stated features make these products scalable and highly available, though, based on load and constant monitoring would require tuning from time to time.

    How are customer service and support?

    To date, we managed to support clients ourselves and whenever we received feedback we come to know that support cost is very high, it is not as local as we are, for small soho, WFH, freelancers, and young startups they prefer locally available partners and hence they are not even interested in talking on those factors.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    A few years back, cybersecurity was not a problem for small and micro businesses, but since 2019 or so, that has seen a massive uphill, then, we were using built-in features of different types of OS-level firewalls with basic filtering, blocking the ports, orchestrating based on local FQDN based filtering, NATing, few BIND/DNS based filtering, implementing proxy's like Squid, etc. Best since these techniques are not good for business, we have to find other methodologies to protect clients' environments. Till recently, we also tried using Hardware firewalls, which most of our clients did not like because of known/unknown reasons.

    How was the initial setup?

    A few years back when we first began using it, we were unable to find a proper document detailing different network scenarios for IP allocations for 2NIC cards. We went through aggressive discussion, reading blogs, and setting-up labs we started getting the knack for all possible configurable elements and started running several tests, packet forwarding, bombarding networks in the most ethical way possible, and verifying results. e.g. We created two separate networks, with WAN and LAN networks assigned to different classes. The menu-driven setup process is relatively easy, but you must know which IP address to define in the router, WAN section, and LAN sections. If this is clearly explained, the basic and fundamental aspects of your network will be in place, allowing you to set it up quickly.

    Then we recommend clients purchase easily available commodity hardware-based motherboards with two NIC/Ethernet cards built-in, it simplified our tasks and so on.

    What about the implementation team?

    We took some help from our old industry connections, and systems integrators, and later our lab practices and tests started solving most of the issues.

    What was our ROI?

    It is now organic, and growing (hope to improve better - though accidents do happen, e.g, COVID, Share market / Financial institution meltdown, the war between nations, and now CyberWarFare picked up!) these are the few key factors which disturb the business one way or other.

    What's my experience with pricing, setup cost, and licensing?

    The best is to read through the terms and conditions, and fine-prints, and to spend time identifying support and operational cost, most of these elements are covered on the website, etc.

    Which other solutions did I evaluate?


    What other advice do I have?

    We made an attempt, but it appears that forming a partnership would not be done as the other party is requesting a significant amount of money, which we find to be very expensive to start with.

    We are exploring the possibility of locating a domestic partner who has a partnership with either PfSense or OPNsense to partner with.

    Subsequently, if we are successful in finding a suitable domestic partner, they would be able to offer these services to us.

    While this software is certainly capable of getting used by masses, it is important to have the pragmatic knowledge to support and operate the system effectively and keep key parameters monitored for new cyber challenges.

    It is crucial to have a clear understanding of exactly what you are looking to accomplish and to have access to the necessary data in order to effectively configure and use the system.

    pfsense - Software-defined firewalls have been around for a while. Whereas, OPNsense came later into business.

    I would rate OPNsense a seven out of ten.

    Which deployment model are you using for this solution?

    On-premises

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Ralf Wenzel - PeerSpot reviewer
    Cloud Architect at infotek-software GmbH
    Real User
    Top 5
    Unbeatable pricing and easy to configure and use, but it can be configured only through the GUI, and the integration with Azure cloud is difficult
    Pros and Cons
    • "The IDS and IPS features are valuable. From the usability perspective, there is a lot of good documentation. As IT professionals, we found it very easy to configure the firewall. It was easy to configure and use."
    • "We did not like the fact that you have to configure everything with the graphic user interface. We have used other firewalls, such as FortiGate, that you can configure via code. OPNsense is not easy to integrate. When you are deploying via GitHub or another source repository, this is not possible. That's one thing we didn't like much."

    What is our primary use case?

    We are using it for intrusion detection and prevention. The firewall comes with a lot of third-party modules, and we also use proxy functionalities.

    In our company, we are using it as an appliance, but we are bringing companies to the cloud. We ourselves do not have an Azure layer, but we have got a contract from a customer to bring them to the cloud. So, we are installing it there and monitoring it, but it is not owned by our company. OPNsense is available on appliances, but we have made a special integration with Azure. There is a special mechanism in Azure to deploy firewalls, and we have installed three or four of them.

    We always have the latest version on the firewalls. One should run the updates very frequently.

    How has it helped my organization?

    We are onboarding cloud solutions for customers. We are on Azure. Especially on Azure, when the customers start, they always have small environments. We were looking for the best firewall solution for small environments, not big environments. We needed a small firewall, and we came across OPNsense. For small customers, we will use OPNsense in the future due to cost reasons. These are small installations, and Azure Firewall is very expensive.

    What is most valuable?

    The IDS and IPS features are valuable. From the usability perspective, there is a lot of good documentation. As IT professionals, we found it very easy to configure the firewall. It was easy to configure and use. 

    What needs improvement?

    The difficult part was the integration with Azure because OPNsense, in most cases, is not used on public clouds. It is on appliances that run on-prem. 

    We did not like the fact that you have to configure everything with the graphic user interface. We have used other firewalls, such as FortiGate, that you can configure via code. OPNsense is not easy to integrate. When you are deploying via GitHub or another source repository, this is not possible. That's one thing we didn't like much. 

    For how long have I used the solution?

    Within our own company, we have been using it for three or four years as an appliance, and on Azure, we have been using it for three months.

    What do I think about the stability of the solution?

    We have run it for three months in production, and we haven't had any problems in three months. 

    What do I think about the scalability of the solution?

    We run it as an NVA cluster with Azure, and it has good scalability, but when we have bigger deployments, we would use another firewall. I'm not sure if it makes sense to scale up. OPNsense has a very good niche market in comparison to FortiGate, Azure Firewall, or other firewalls. If a customer is starting in the cloud and has 100 or 200 users, I would always recommend OPNsense, but if you have a big installation, and you have a good DevOps team that deploys via source code and things like this, then I would not recommend it. So, the software itself may be scalable, but I wouldn't call it an enterprise-scale firewall.

    In terms of people working with this solution, I'm an architect, and we've got two people for monitoring and setup. Its usage is increasing. It has not been that long since we started using OPNsense, and it fills a gap. Not everybody needs a full-scaled enterprise firewall. So, it will be a part of our business. We've found a niche there.

    How are customer service and support?

    We were in touch with Microsoft support for special networking considerations. The firewall itself was easy for us, and we had no need to reach out to tech support of OPNsense. The heavy part was the Azure part, and we are specialists there.

    How was the initial setup?

    OPNsense deploys it on the Azure marketplace. So, you can download it directly via the Azure marketplace. You do not have to be a partner. From our perspective, it's easy to configure and it's intuitive. We have a background with a lot of firewalls, and we were just looking for a small one.

    We found that not many people have used it on Azure. The firewall itself is not bad, but the support around Azure in terms of documentation and the required infrastructure is not so good, but because we are Azure specialists, we found a very good solution. We would not recommend it for a beginner in Azure.

    In terms of the implementation strategy, there is a cloud adaptation framework. There is a white paper from Microsoft containing best practices for deploying firewalls on Azure, and we had to provide a setup for this, which took some time because it was not easy. It took at least two weeks, but it was only a one-time job. After that, for each firewall, you only have to adapt the rules, which takes two days, but it also depends on the complexity of the infrastructure. If a customer has hundreds of endpoints, it takes longer for sure.

    What's my experience with pricing, setup cost, and licensing?

    Its pricing is unbeatable in comparison to other firewalls. You can have a small instance that could be €80 a month with the hardware underneath. Azure Firewall and FortiGate are out of the question at this price.

    If you are on a public cloud, you need the underlying infrastructure. Other than that, there is no additional cost. If you have it on-prem, you have to buy the server or the appliance. The hardware cost is replaced with the infrastructure cost in the cloud. You also have costs for the public IPs and underlying VMs, but that's not related to OPNsense. It would be the same for a FortiGate deployment on Azure. You need a FortiGate license, and you need the underlying infrastructure that scales up depending on your needs.

    What other advice do I have?

    We use it on-prem, and we can recommend it for a standard, typical IT engineer with a networking background. We have had a good experience with it. It is good in terms of functionality and resource usage. It is easy, and we would recommend it, but for implementing it on the Azure cloud, you need good knowledge of Azure. When it comes to public clouds, you do not have your own hardware, and you need deep knowledge of the public cloud on which you are deploying it. It is a good solution if your installation is not too big. We would recommend it for small customers or companies that are starting in the cloud. 

    I would rate it a seven out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Buyer's Guide
    OPNsense
    May 2023
    Learn what your peers think about OPNsense. Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
    706,951 professionals have used our research since 2012.
    Eddy Ramirez - PeerSpot reviewer
    IT Security Director at a financial services firm with 1,001-5,000 employees
    Real User
    Top 5Leaderboard
    Good interface and firewall capabilities and overall easy to use
    Pros and Cons
    • "The solution has high availability."
    • "The reporting part could be better."

    What is our primary use case?

    The solution is basically an open-source firewall - a next-generation firewall solution. Now we actually use it at a client or company's request. They use it if they prefer something that is more versatile than a Cisco or Fortinet device.

    How has it helped my organization?

    The security has improved as we can isolate the network.

    We can do attrition prevention via a tool that comes with the solution.

    We can have a VPN solution in place for those that work from home, outside the network, in a secure manner.

    We also like that it offers good authentication. It offers radius-based authentication, which has been useful for the company. 

    The main platform is under the Open VPN firewall.

    The solution has high availability. When we have different ISPs, we can actually load balance those links or actually put some priority or even classify the traffic that might go into one ISP or another.

    What is most valuable?

    The interface, specifically the web interface, is very easy to use. 

    The firewall functions have been quite helpful. 

    Since the pandemic, the VPN component has been crucial now that everything is basically remote.

    It's stable.

    We've witnessed a solid ROI. 

    There are helpful online forums for troubleshooting.

    It's open-source and technically free to use.

    What needs improvement?

    The reporting part could be better. They actually provide some dashboards; however, when you have to relay information to upper management, there's no way to actually have some sort of executive summary. When you present it to a manager, there's way too much information in there. Having some sort of API to be able to pull out just the information we need to share would be ideal. 

    If we could install agents on computers and have that information correlated by the IES, that would be ideal. 

    For how long have I used the solution?

    I've been using the solution for ten years. 

    What do I think about the stability of the solution?

    It is fairly stable. It will always depend on the resources that you've given it. That said, historically, every time we log into the console, it will alert us to the bug and ask us to update it. In all of the years, only one bug scared me away from a feature. However, that bug only lasted a month. 

    What do I think about the scalability of the solution?

    We have about six people on the solution in between companies. The numbers of users vary from around 120 users to up to 5,000 users.

    How are customer service and support?

    I typically use the forum. They don't actually have a contract that you can buy from them for support. Instead, there's a web forum you can reach out to. I know a couple of people on the forum that actually develop the tool, and they are helpful. I've used them only three times over ten years. 

    Which solution did I use previously and why did I switch?

    We used to use Cisco or Nortel Solutions. We also worked with Linux. It was very manual in terms of configurations.

    How was the initial setup?

    The initial setup is very easy. In terms of configuration, you should have a design on hand. The system will only assess whatever you tell it to. For us, it is easy as we use a dedicated server for it. Right now, we're using a virtual machine. What we do is download and install, and that's it.

    If you have everything in place, it might only take about three or four hours to deploy it. That's plenty of time to get the job done. Usually, one or two people handle the deployment process.

    What about the implementation team?

    I always handle the deployment myself in-house. 

    What was our ROI?

    We have witnessed an ROI in less than three months. Money-wise, if I go and look at all the solution that costs money, you're looking at $5,000 in yearly fees. In this solution, you won't have any recurring fees, and even if you have to pay for equipment and setup, you save that money within three months. 

    What's my experience with pricing, setup cost, and licensing?

    The solution isn't exactly free. Basically, you need to invest in the equipment, and you'll have to install the solution and use resources. You'll have to train people to use the tool. However, if you go to their website, you can simply download the solution for free. While the solution is free, you need resources, people, and training. 

    Which other solutions did I evaluate?

    We did look into other solutions. However, we did not find anything that compared to this solution. 

    What other advice do I have?

    I'm an end-user. 

    It's important, before starting, to understand your network and the features you need. If you need certain features, you need to ensure that the company you choose has them, and you need to consider the cost involved in attaining the usability you need. 

    I'd rate the solution nine out of ten. You do need to have a bit of management experience to be able to troubleshoot effectively. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Director at CIIT
    Real User
    Top 20
    It helps control the bandwidth, is scalable, easy to set up, and has a lot of data available on how to set it up
    Pros and Cons
    • "What I like best about OPNsense is that, as a firewall, it's pretty good. I'm quite impressed with it. I had an excellent experience with OPNsense, which helped me achieve the targets I wanted."
    • "An area for improvement in OPNsense is the hardware, which needs to be updated more frequently. DNS blocking is another good feature I want to be added to the solution. pfSense has a peer-blocking feature that I also want to see in OPNsense."

    What is our primary use case?

    I'm using OPNsense as an open VPN and a firewall to control the traffic.

    How has it helped my organization?

    OPNsense improved my organization in terms of controlling the bandwidth. Limiting the bandwidth is the primary purpose of the solution in the organization.

    What is most valuable?

    What I like best about OPNsense is that, as a firewall, it's pretty good. I'm quite impressed with it.

    I had an excellent experience with OPNsense, which helped me achieve the targets I wanted.

    What needs improvement?

    An area for improvement in OPNsense is the hardware, which needs to be updated more frequently.

    An additional feature I want to see in OPNsense is a transparent proxy.

    DNS blocking is another good feature I want to be added to the solution, as that helps make processes faster.

    pfSense has a peer-blocking feature that I also want to see in OPNsense.

    For how long have I used the solution?

    I've been using OPNsense for more than one year.

    What do I think about the stability of the solution?

    OPNsense is a stable solution. Stability-wise, it's seven out of ten.

    What do I think about the scalability of the solution?

    OPNsense is a scalable solution, and I find it very good, but it still depends on your requirement and what you want to achieve from OPNsense.

    How are customer service and support?

    I didn't use OPNsense technical support because I resolved any issues myself.

    Which solution did I use previously and why did I switch?

    I used pfSense before using OPNsense, and OPNsense covered most of my environment's needs. My organization uses only one firewall, and that's OPNsense.

    How was the initial setup?

    Setting up OPNsense was easy for me. Even if you don't have experience, there is so much data available that you can follow so that the setup can be done easily.

    The initial setup for OPNsense is an eight out of ten, especially if you know what you want to do and achieve from the solution. You also must try blocking methods based on what and how you want to block.

    It took me two weeks to implement OPNsense completely. I set up the network and made a lab before using OPNsense in a production environment.

    What about the implementation team?

    We implemented OPNsense in-house.

    What's my experience with pricing, setup cost, and licensing?

    I'm using the free version of OPNsense. I didn't check the pricing for the solution because I still need to test it before getting the approval to purchase OPNsense, and it isn't easy to get approval from the higher-ups.

    What other advice do I have?

    I'm using two products, OPNsense and pfSense.

    I upgraded to the latest version of OPNsense.

    My organization is planning to move OPNsense to the cloud, in particular, hybrid cloud, but right now, it's deployed on-premises. Cloud deployment will be much more efficient than the current on-premises deployment, but I still need to test it before getting approval from the higher-ups.

    Within my organization, fifty people use OPNsense because one department is trying it out. Still, when the solution is fully deployed, there could be from five thousand to six thousand users of OPNsense.

    Ten to twelve people help maintain the solution yearly for the whole campus.

    I advise anyone who wants to implement OPNsense to look into the suppliers and pick the right one because having the right supplier helps you achieve what you want from the solution.

    My rating for OPNsense is eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    IT System Administrator at Boreas d.o.o. Kresevo
    Real User
    Top 20
    User-friendly interface that does not require command-line knowledge for configuration
    Pros and Cons
    • "URL blocking, Wireguard, Tail Scale, Engine Blocker, and VPN are the most valuable features for me."
    • "There is room for improvement in SSL inspection."

    What is our primary use case?

    The primary use case of OPNsense for me is VPN and firewall rules.

    What is most valuable?

    URL blocking, Wireguard, Tail Scale, Engine Blocker, and VPN are the most valuable features for me.

    What needs improvement?

    There is room for improvement in SSL inspection because that's where OPNsense, the open-source firewall software, just doesn't work well. So, I really use it for inspection.

    For how long have I used the solution?

    I have been using this solution for five years. I am using the latest version now.

    What do I think about the stability of the solution?

    It is a pretty much stable solution. I rate it an eight out of ten. I haven't experienced much complexity with stability. Mostly there are a lot of false positives when the firewall is on. The inspection may not be very good compared to CSP4 Fortinet. But other than that, it's okay because I really like the user interface for business purposes. We can do all things through GUI, and things come in line.

    What do I think about the scalability of the solution?

    It's very flexible and scalable, and I would rate the scalability an eight out of ten. It can adapt to changing needs easily. Around twenty customers are currently using OPNsense.

    How are customer service and support?

    I haven't contacted customer support. I usually resolve any issues through online forums and the community web page.

    Which solution did I use previously and why did I switch?

    I have experience with Cisco as well. I moved to OPNsense because it is free.

    How was the initial setup?

    The initial setup is pretty straightforward. The deployment process took three to four hours. When I install OPNsense on the premises, I usually allow everything; after that, I go to one location. I work remotely on that firewall or VPN, so the first step is to put it online and remotely access the VPN server or firewall there. After that, I installed and configured it while working remotely.

    What about the implementation team?

    I'm an integrator, so I mostly use OPNsense for VPN purposes and firewalls, and I use a couple of plugins for web blocking, and that's it. Only one person is required for deployment and maintenance; therefore, I handle all the deployment and maintenance.

    What's my experience with pricing, setup cost, and licensing?

    I haven't used any licensed operations. But when companies get bigger, they'll probably need a license model. The old companies where I have worked with OPNsense were small.

    What other advice do I have?

    I would suggest using OPNsense because there's no cost and a good interface. You don't need to use the command line to configure anything like on Cisco; sometimes, you don't need all the technical knowledge to operate OPNSense. Additionally, you have good community support.

    Overall, I would rate the solution a nine out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
    Flag as inappropriate
    PeerSpot user
    Senior Network Engineer at a comms service provider with 11-50 employees
    Real User
    Top 20
    Free to use, easy to manage, and offers good security options
    Pros and Cons
    • "The initial implementation process is simple."
    • "While they do have paid options that actually gives better features, for most of the clients, if they tend to take a paid option will instead opt for Fortinet."

    What is our primary use case?

    We just use the solution normally for its basic firewall functionality. OPNsense with WireGuard and CrowdSec bouncers handles all our requirements. 

    How has it helped my organization?

    This is a free and secure solution that is easy to use.

    What is most valuable?

    The normal security options are great. 

    It's light and easy to manage.

    The solution is very stable.

    The initial implementation process is simple. 

    The solution offers a free version.

    What needs improvement?

    While they do have paid options that actually give better features, for most of the clients, if they tend to take a paid option will instead opt for Fortinet.

    They should make it so that it's easier to reverse proxy integration.

    For how long have I used the solution?

    I have been using this solution for two years.

    What do I think about the stability of the solution?

    The product is quite stable and the performance is good. There are no bugs or glitches. It doesn't crash or freeze. 

    What do I think about the scalability of the solution?

    We can easily scale the solution if we need to. It's not difficult. 

    How are customer service and support?

    I've only used the free version of the solution. I just have to dig into the forums to find everything I need. There isn't a central place you can reach out to. I've found all the answers I've needed so far via the forums. There's a lot of information there. 

    How was the initial setup?

    The initial setup is straightforward. It's not overly complex or difficult. 

    What's my experience with pricing, setup cost, and licensing?

    We're a customer and an end-user.

    We are using the telemetry-free version of the solution. 

    Overall, the solution is quite affordable. 

    Which other solutions did I evaluate?

    I'm aware of Fortinet as well. 

    It depends on price versus performance. If you're willing to pay, Fortinet's great. If you don't have the budget, OPNsense is more affordable.

    What other advice do I have?

    We do supply the solution and we do use it for ourselves.

    I'd advise users to get the Geo functionality. It's a nice add-on, which we make use of a lot. It allows which countries are allowed to access your instances, which is very helpful. 

    I'd rate the solution at a nine out of ten. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Cloud and Infrastrcture manager at a tech services company with 11-50 employees
    Real User
    Top 20
    Easy to scale, easy to setup, and reasonably priced
    Pros and Cons
    • "OPNsense is easy to scale when running on the hardware."
    • "The interface needs to be simplified. It is not user-friendly."

    What is our primary use case?

    We upgrade our clients when they are ready for the newer versions of OPNsense.

    We are one of the local cloud providers in Indonesia. We implement OPNsense for the VPN and IPSec. We also collaborate with Zerotier to provide SD-WAN.  

    Our customers have solutions that integrate between on-premises and our cloud.

    We provide this solution for several clients, in multi-location offices. We have several retail customers in the city and we provide OPNsense with plug-in remote access. 

    We also use OPNsense for remote access, and IPSec gives them access to a cloud environment as well as on-premises.

    What is most valuable?

    OPNsense is easy to scale when running on the hardware.

    What needs improvement?

    The interface needs to be simplified. It is not user-friendly.

    The bandwidth management is easy to use, but very hard to implement. The multi-provider internet is protected by OPNsence but the features are limited, and not stable.

    The high availability feature is not feasible when the hardware fails.

    For how long have I used the solution?

    I have been working with OPNsense since 2008.

    Internally we are using the latest version. 

    What do I think about the stability of the solution?

    The stability of OPNsense needs improvement.

    What do I think about the scalability of the solution?

    OPNsense is commonly used in large enterprise companies.

    How are customer service and technical support?

    We have not yet contacted technical support. All of the technical issues are resolved within our company.

    Which solution did I use previously and why did I switch?

    We are also using pfSense.

    How was the initial setup?

    The initial setup is straightforward. It's an easy process.

    It takes one hour to deploy.

    We provide maintenance for our clients at a cost, however, 90% of our clients are familiar with the product and able to maintain the solution themselves.

    What about the implementation team?

    We are implementors, and we provide this solution for our clients.

    What's my experience with pricing, setup cost, and licensing?

    As an appliance, it's in the medium price range.

    What other advice do I have?

    OPNsense is suitable for Small to Medium-sized companies.

    I would recommend this solution to others who are interested in using it.

    I would rate OPNsense an eight out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
    PeerSpot user
    it_user1140060 - PeerSpot reviewer
    Machine designer at La Poste
    Real User
    Top 20
    An open-source firewall that works very well and gets updated every month
    Pros and Cons
    • "It has an open license. It works very well, and there is an update every month."
    • "Its interface should be a little bit better."

    What is our primary use case?

    I use it for firewall purposes and OpenVPN. Another use is to protect the servers inside my company. 

    I am using its latest version. It is deployed on my own server.

    What is most valuable?

    It has an open license. It works very well, and there is an update every month.

    What needs improvement?

    Its interface should be a little bit better.

    For how long have I used the solution?

    I have been using this solution for three years.

    What do I think about the stability of the solution?

    It is stable. A month ago, I had an issue for two weeks, but other than that, it has been stable.

    What do I think about the scalability of the solution?

    I don't need scalability. It is a small company. It is a small network. I just need a small firewall at the entrance of the network. I don't need to expand it. 

    In terms of its users, it is the firewall to protect the company, and I am the only one to touch this product.

    How are customer service and support?

    I have never contacted their support.

    Which solution did I use previously and why did I switch?

    I used another one a long time ago. I don't remember the name. I went for this because it has an open license and a lot of people use it. I don't remember why, but I prefer this one over pfSense.

    How was the initial setup?

    It is not so difficult to set up. You need to know the minimum things. I do it myself, and I am not an IT person. It is not my job.

    What's my experience with pricing, setup cost, and licensing?

    It is open source and free.

    What other advice do I have?

    I can recommend this product but only to people who are able to use it. It is not for everybody. You need to know how to manage it.

    I would rate it a 10 out of 10.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free OPNsense Report and get advice and tips from experienced pros sharing their opinions.
    Updated: May 2023
    Product Categories
    Firewalls
    Buyer's Guide
    Download our free OPNsense Report and get advice and tips from experienced pros sharing their opinions.