OPNsense Reviews

I work with OPNsense to create my capstone project in the sixth semester. I work with OPNsense for my capstone project, and I am now planning to make it my main firewall in my network at home, and I'm planning to use it also in case I work in the company.

For my capstone, I use OPNsense for my project and its broader benefits for enterprise and cybersecurity context. OPNsense is an open source based firewall and routing platform. It offers enterprise-grade features such as intrusion detection and prevention system, VPN support, traffic shaping, and web filtering, all without license cost. This platform has a modular design, a clean web-based GUI, and frequent updates that prioritize security and usability. It competes with commercial firewalls such as Cisco ASA, FortiGate, and Palo Alto, but stands out because it's community-driven, cost-effective, and transparent.

I find OPNsense's feature of acting as a central firewall and gateway most valuable, providing robust point segmentation between the internal network and DMZs in my capstone project, intrusion detection to monitor malicious traffic, VPN services for secure remote access, and logging and monitoring for compliance and auditing. This allows me to simulate a real-world enterprise environment on a smaller scale, demonstrating both security hardening and network efficiency.

OPNsense impacts my projects and home network positively because its cost-effectiveness is perfect for lab and enterprise setup without expensive licensing. The flexibility, easy VLAN and DMZ configuration supports different zones such as web servers, mail servers, and log servers. The security-first design for IDS/IPS integration helps me showcase modern defense-in-depth strategies. The user-friendly management through the web GUI makes it possible to manage complex firewall rules clearly, which is critical when documenting and presenting a capstone. Scalability is also an advantage. Although my project is lab-based, OPNsense can scale into production deployments in SMBs and enterprise.

The documentation should be clearer because I faced some difficulties navigating many options. Providing clearer documentation will be helpful for other students who are new to experiences with OPNsense.

I have been using OPNsense throughout my capstone project in the sixth semester.

OPNsense is stable in my experience and has been reliable for my projects and home network. For my capstone project, OPNsense consistently performs as expected, maintaining stable routing and firewall rules across multiple VLANs and DMZs. The IDS/IPS engine using Suricata detects test intrusion attempts without causing noticeable performance degradation, and VPN tunneling works reliably, allowing secure remote access to my simulated enterprise work. Logs and monitoring tools provide clear visibility, which is important for documenting my project. For home and small network use, OPNsense is also reliable, providing enterprise-grade security at no cost, which is valuable for students and professionals building labs. It has a user-friendly GUI that makes managing the firewall straightforward, and the community support is active, making troubleshooting and updating reliable.

OPNsense is scalable, but the degree of scalability depends on the hardware resources and the network design. In theory, OPNsense can handle small home networks and even large enterprise environments if deployed on sufficiently powerful hardware or virtualized on a clustered system. It supports features such as high availability pairs, load balancing, and multi-WAN setups that allow it to scale beyond a single device. In practice, for my capstone project, I didn't simulate a very large enterprise, but I did segment multiple VLANs, set up DMZs, and enable IDS/IPS, and OPNsense managed this well without performance issues. This showed me that it can handle at least mid-sized network complexity reliably. I haven't tested it for large production environments, but it is a reliable, cost-effective, and scalable solution for labs and mid-sized enterprises.

In my personal experience, I mostly interact with the community side and find it responsive and well documented. The forums answer most configuration issues I face, and the documentation is up to date. Compared to some open-source projects with weak support, OPNsense stands out for having both a strong community and commercial backing options.

Positive

I selected OPNsense as a primary solution in my project because of its strong open-source community support, robust features, and suitability for a cost-effective lab environment. If I were to switch to another solution, the most likely candidate would be pfSense or a commercial firewall appliance such as Cisco ASA or FortiGate.

For pfSense, built on a similar FreeBSD foundation with a long-standing reputation in academic and enterprise labs, I might choose it if I need certain community plugins or enterprise-level add-ons that are more mature in pfSense. The reason I initially didn't switch away from OPNsense is that it provides everything required for my capstone: VLANs, DMZ segmentation, IDS/IPS integration, VPN functionality, logging and monitoring, strong documentation, and GUI management. But for a production environment, I might recommend switching to Cisco or FortiGate for scalability in a very large network to ensure professional support in case of critical downtime and integration with another enterprise security system.

Before choosing OPNsense, I evaluated other options to ensure the choice aligns with both the technical goals of my project and real-world industry practice. The main alternative I considered was pfSense, which is very close to OPNsense. Both are free-based. I considered it because it's widely used in academic labs and has a strong plugin ecosystem. Ultimately, I preferred OPNsense for its more modern user interface, frequent updates, and strong focus on security features.

Regarding the pricing, OPNsense has no cost. The setup is somewhat easy, and for licensing, I haven't tried the paid version yet, but overall it's perfect. I save time while working on my capstone project because OPNsense helps me save time during setup and configuration, especially for the intrusion prevention system that helps me be more aware of monitoring and catching any malicious packets or traffic already passing through my network.

The GUI-based OPNsense is very useful and easy to deal with because many people find it frustrating to deal with command line projects. OPNsense provides a web-based GUI that makes the matter easier and more efficient to look at and to deal with.

I will discuss the general benefits of OPNsense, which include compliance support that is useful for organizations pursuing ISO 27001 and PCI DSS, as it helps enforce security controls. One benefit is open-source transparency; unlike black-box firewalls, its code is reviewable and trusted by the community. Rapid innovation through frequent updates means it stays aligned with modern threats, and many organizations use OPNsense as a cost-effective alternative to commercial appliances without sacrificing core security capabilities.

From using OPNsense, I think it could be easier, and I will talk about the lessons I learned. I gained hands-on experience with firewall rules design and the challenges of balancing security with usability. I learned the importance of logging and monitoring for incident response. Furthermore, I realized that open-source tools such as OPNsense can be viable for both learning and professional deployment. Most importantly, OPNsense helped me connect academic theory with practical enterprise-grade solutions.

I rate OPNsense a nine because the documentation needs more clarification.

If I were advising others considering OPNsense, I recommend a few key points. Start with clear goals; OPNsense has a wide feature set including firewalling, IDS/IPS, VPNs, traffic shaping, and more. Define what you need first—segmentation, remote access, monitoring—so you don't get overwhelmed. Invest in proper hardware since performance and scalability depend heavily on CPUs, RAM, and network interfaces, especially for IDS/IPS. Choose hardware with enough power; otherwise, packet inspection can slow the network. Leverage the community by utilizing the forums, GitHub, and documentation, which are excellent. Most configuration challenges I face have already been solved by others. Keep it updated because OPNsense has frequent updates and security patches. Staying current ensures you are protected against new vulnerabilities. For labs and mid-sized enterprises, open source is a fantastic solution; it is cost-effective, feature-rich, and transparent. For very large enterprises that require vendor SLAs or guaranteed throughput, you may want to evaluate commercial appliances alongside OPNsense.

We work on the technological side of things, systems, automation systems. When it comes to Layer 2, 3, 4, we hit firewalls. We work with a big company in the United States, so we usually use their recommended ones. There is a certain flexibility for products. We are not bound to buy a certain product, so it is flexible.

This is not robotics; that is process automation. It involves DCSs, PLCs, that type of systems.

DCS refers to control systems and PLCs (Programmable Logic Controllers). It is basically automation for processes such as refineries, chemical factories, paper mills, so that is what we do.

We have been using OPNsense in a lab, so we are actually experimenting with it.

YouTube is one of the best features with OPNsense.

In today's world, it is YouTube that stands out. It is just a big game, with someone writing code, putting it in a box, an embedded system and writing the 200-page manual on how to use it. In my opinion, down the road it is plain old TCP/IP, UDP in terms of communications and it is completely overrated. But this is what we have to live with unfortunately, that is what is out there. YouTube provides video explanations, and that brings you to speed, instead of sitting down and reading a 200-page document on the product.

I do not appreciate the pricing or the licensing of this product.

It is more expensive than it should be for what it does. Consider the commercial products - OPNsense offers community editions which are free, and then you have to determine the difference between a licensed version and community version. You have to pay for features. I understand people provide something and you have to pay for that service. But pricing in my opinion is just too expensive. It makes no sense. It moves in the direction of a monopoly. It implies that you depend on that system and have no choice but to spend. With firewalls there is competition. When it comes to operating systems, that is harder. Look at Microsoft - they have a monopoly more or less, so there is almost no alternative.

I have not had that chance yet with OPNsense, but this might be a good point. This is a differentiator. It is not just OPNsense firewalls, it is any other gizmo provider out there. You have Dell, you have Microsoft. Try to get support. The first question they ask you is about your support contract. If you say you do not have one, it is finished. This is where the monopoly starts. I am not sure how it is with OPNsense. If you call for support, it would be a test, actually. I have not done that yet. They might let you hang, saying you need a support contract, and finish. I do not know.

Neutral

I do not think there is a difference. All these products that are out there are more or less on the same level when it comes to setting up OPNsense initially.

We would have to do testing with OPNsense in an environment doing pen tests using cybersecurity tools that are available to pen test and see what happens. Because I am not in the IT group, and this is not our focus anyway, we have not done this bench testing, benchmarking, firewalls, or whatsoever, on-premises or not, all versions, hardware related, software firewalls.

With OPNsense, I find that you have to actually worry about this. There are two opinions on this. If I were an IT person, I would say it is fine, but I am not. I am an engineer. When I look at this IT stuff, in my opinion, this is in today's world completely overrated for what it is supposed to do. The fact that it is public makes it just not safe. And the rest is just a game. Firewall A, B, C, D, E, F, G, standard 1, 2, 3, 4, 5, 6, 7, 8. It will never be safe as long as it is public.

You want a game changer, you have to make the networks private. And this has to run not through your little company, it has to run through the ISP. It is the internet community that has to handle this. I cannot predict it, but this public stuff over there is public. In the end, whatever is public-facing is not safe. I make sure I have backups in place. When something crashes, I restore as quick as I can.

I do not use OPNsense VPN features.

As a company, this is a big game that is being played. I do not appreciate this because I am actually a chemical engineer and I want to focus my energy on how to make products with better quality, more efficient, using less energy, less raw materials, and so forth. Here you are stuck with running a game just to get simple communications up safely because it is on the public internet, which makes absolutely no sense. Instead of being a boon for remoting and productivity enhancement, I think we have reached the point where it is the opposite.

There are many ways down the road I see that will happen, probably some private type of networks that businesses get from the ISPs, private connectivity, so that you can clearly separate what is public and what is not. All you see happening and this patching up is IP version 4, NATting, PATting, it makes no sense. We try to keep things isolated as much as we can. Whenever it comes to a business-related solution, we will always go with a provider. We are actually outsourcing it; we are not doing it ourselves.

My rating for OPNsense is 5 out of 10.

My main use case for OPNsense is as a firewall on-premises.

Using OPNsense in my work environment, it serves as the first line of defense. I'm using it for filtering, using my own repository and Dnsmasq to filter unwanted websites. I'm using it as an SD-WAN, as an IPS, intrusion prevention software, and as a next-gen firewall.

As the first line of defense of my network, OPNsense firewall acts effectively, helping me reduce the number of attacks that my network suffers or has been impacted by a huge percentage. Due to its openness and because it's free, and it's a next-gen firewall, it can go up to the application layer to protect my network, which is very good and unique compared to traditional firewalls.

OPNsense is deployed on-premises in my organization.

In my opinion, the best features OPNsense offers are that it's open source, so it can be implemented in whatever scope or environment that I need. I just need to scale the hardware for that environment and I don't have to pay a license, perpetual or renewal.

The open-source aspect and flexibility of OPNsense have helped me significantly, especially due to the difference in the currency exchange rate here in Egypt, where the licensing and budgeting for IT infrastructure is very hard right now due to the high cost of the products in the Egyptian currency. Most companies see that the IT department is a consuming department, not one that's bringing money, with the ROI being an improvement in SLAs in a few percentages. We have a tight budget in Egyptian pounds, so when we get stuck because the budget has ended, we have to prefer open-source solutions to save budget, and here the open source can rise and shine. I don't need the license, so I will save cost in my budget that I can use in another product that doesn't have any alternative.

People sometimes overlook that OPNsense is modular, and that you can install plugins to improve it. You don't have to use it bare-metal OPNsense releases; it's modular, and you can add whatever plugin or features that you need to be added.

OPNsense can be improved by making it more user-friendly, as its current UI is not that user-friendly when compared to paid software such as Sophos. Sophos has a free version that is very limited, but OPNsense could be fantastic if this point is addressed correctly.

I have been using OPNsense for a couple of years.

OPNsense is stable.

OPNsense's scalability is excellent; I just need to resize my hardware and upgrade the server, and voilà, I am good to go.

OPNsense is open source, so you have to rely on the community for customer support.

Neutral

I previously used Sophos Home, but I switched because it's very limited.

My experience with pricing, setup cost, and licensing for OPNsense has been very positive since it is open source, reducing the cost of licensing. I don't need to license the software as it's free, and I can also scale the hardware, which cost me around 30,000 Egyptian pounds, less than a thousand dollars for used servers. This initial cost just required purchasing the server and installing the open-source software, reducing the amount of money needed for an enterprise firewall.

I have seen a return on investment as I saved a chunk of money, nearly $100,000, needed for licensing for an enterprise firewall such as FortiGate or Sophos.

We saved up to half a million Egyptian pounds, which is nearly $100,000 yearly on licensing or subscription using this kind of software. This saved a huge amount of money, and the network attacks reduced by approximately 60% after using that, even without customizing the custom configuration yet. Currently, I'm working on custom configuration.

Before choosing OPNsense, I evaluated pfSense, but pfSense is maintained by Netgate, which has filed for bankruptcy, so it's considered legacy and not fit for the modern network. OPNsense is a good option.

I rate OPNsense 8 out of 10. It is a straightforward product that has nothing crazy to do with it.

My advice for others looking into using OPNsense is to get creative.

My company does not have a business relationship with this vendor, as we are just customers.

My main use case for OPNsense is that it is my home firewall for my home lab.

A quick specific example of how I use OPNsense in my home lab is that I use VLANs, so I have different networks or sub-networks inside my home network, and the VLAN inside of OPNsense allows me to keep them isolated.

I have added some firewall rules to allow different devices to talk to different subnets regarding how I'm using OPNsense in my home lab.

The best features OPNsense offers include the VLANs that work spotlessly, and I feel very secure in my network because of it. It was relatively easy to set up, though I think a better wizard would help out.

One of the things I appreciated about the VLANs is that I can have a Wi-Fi VLAN and feel secure that the server network or the VM network that I have on a different VLAN are isolated, and they cannot talk to one another, which adds a great level of security.

OPNsense has positively impacted my organization and home lab through its security features, though it's hard to quantify as I don't pay enough attention to the logs to see what it's stopping from an outside perspective. It's actually sitting behind my modem from my ISP and I'm not in bridge mode.

OPNsense definitely gives me peace of mind and helps my workflow because of the network isolation. I can have multiple subnets without having to worry about one affecting the other.

OPNsense could be improved with a better wizard, as when I first installed it, it seemed difficult to know where to go. I had to watch a couple of YouTube videos on it, so having better videos sponsored by OPNsense might be helpful.

It would be beneficial if they could create some videos on how to set it up themselves.

I have been using OPNsense for about two years now.

OPNsense is stable for me.

OPNsense's scalability in my experience is very scalable, and I've been able to generate multiple VLANs without seeming to have any degradation.

I had not previously used a different solution for my firewall; this was the first one I tried.

Unfortunately, I have not seen a return on investment with OPNsense; I don't keep track of that, beyond the sense of saying that for a very little investment, I was able to increase the security of my network.

My experience with pricing, setup cost, and licensing is that since OPNsense is free, the licensing and setup was easy, and honestly, it's great for the price.

Before choosing OPNsense, I did evaluate other options, specifically I looked at pfSense first.

The advice I would give to others looking into using OPNsense is to absolutely go play with it. For little cost, if you have an extra machine around that you can test it out on, test it out. I'm running it on a low-end mini PC with multiple network interfaces and it works great.

I would say that OPNsense is one of those technologies, a firewall that if you're not playing with, you should, just to keep your skills up and to secure your home network.

On a scale of 1-10, I rate OPNsense an 8.

I mainly use OPNsense for routing and network security. That is the basic use: routing and firewall, basically for connecting to the internet as well as filtering my outgoing and incoming traffic.

In my opinion, the most useful functions or features in OPNsense are those that come packaged inside, such as WireGuard, if you need a VPN. It is not something you have to install afterward. Upon installing OPNsense, you can get WireGuard straight from the interface itself. You can also make it even more advanced by subscribing to certain features to enhance filtering capabilities, especially for filtering websites such as social media and specific traffic types. For pfSense, you cannot get those features straight. You have to keep adding on and installing add-on packages.

Regarding OPNsense's detection capabilities enhancing my network security, it does filter quite a lot. In terms of firewalling, I can really recommend it to someone who does not want to invest much on hardware and software that can really secure their network. As long as you have somebody who understands the product and is also willing to learn, even if they do not know initially, it is something to pursue at a very minimal cost.

When talking about real-time filtering inside the product, I am actually very satisfied with it. It is real-time. I like the way it does it. Upon effecting a rule, it automatically starts working. It is not something that delays or seems to hang the system. It effectively starts working immediately upon deploying the rule.

In my opinion, OPNsense could improve by incorporating either an open side of wireless management or a way that you can also manage your interconnected devices. You could easily have SNMP, Simple Network Management Protocol, incorporated in it so that you can easily manage the devices and easily get the information about the devices that you are managing. Additionally, the inclusion of Pi-hole would allow you to create an ad-free network instead of adding it on a separate device. I would prefer that incorporated into OPNsense, or if it is there, I would appreciate guidance on how to use it.

I have been working with OPNsense for about a year now.

For stability, I can give OPNsense a nine. It is very stable.

For scalability, I can give it about an eight.

For technical support, since I have not worked with one that requires external support, in my case, I think I can give it a ten, because I am able to manipulate whatever I want, and whatever I want it to do, it does. It does not disappoint. So for me, technically, it is a ten.

Positive

I have been working with firewall solutions for about two years. I first worked with pfSense, then I was looking for a difference. That is when I came across OPNsense and wanted to know the difference between the two of them and how OPNsense might be better than pfSense, and also the vice versa.

Regarding the initial setup for OPNsense, I find it fair and not that complex. As long as you have knowledge of Linux, it is simple and very straightforward.

When it comes to comparing OPNsense with other vendors, I cannot compare because currently OPNsense is fully open source. Compared to other vendors who claim to be open source but somehow they still have some interference with their product, yet they claim to be open source, OPNsense stands apart. I can only compare OPNsense with pfSense, since those are the only two I have worked with. pfSense currently, even the community, is not fully open.

I confirm that I am currently still working with OPNsense and still using their product. However, because of the hardware that I am using, sometimes it ends up freezing quite often, especially the interfaces, most of the busy interfaces. This is because I am not using the recommended network interfaces for that matter, as I have customized a normal desktop computer to work as an OPNsense router. Because of using the TP-Link cards, that is why I am getting frustrated. I was planning to find, either from the community, the best specification of a computer, maybe an old computer that one can use. Or, because I do not want to invest much on the hardware, I will buy network-dedicated cards, like the Intel cards, since it is not the CPU that has a problem.

In terms of OPNsense's VPN functions, I normally use it to access it from outside the workplace or to have some of the roaming users access the premise resources from outside the premise. Though, I was also looking at the SD-WAN capability of OPNsense because I wanted to find out if it is possible to have an SD-WAN solution with OPNsense. We are a business that has eight different branches, so I was looking for a way I can have each branch with an OPNsense, but then interconnect all of them through an SD-WAN solution instead of IPsec. This is so that you can communicate with the data center where we have hosted our servers, through OPNsense. I was looking for that to be one of the options: either use IPsec or use a public LAN such as Tailgate.

In terms of the reporting tools for my network traffic analysis, the reports are good. OPNsense has good reports in terms of the basics: the DHCP, the IPs already given out. In terms of whatever is blocked, whatever has been detected to be a potential threat, and the source of these threats, from which particular region, you can easily get the report from there. Also the bandwidth utilization, you can get it from there. I also deployed it some time back and I saw it had the capability, which of late I cannot see, to incorporate it with a wireless management system such as the Unifi.

Regarding the load balancing features in OPNsense, I have also used it in terms of load balancing and failover. It is also very effective and straightforward. You just need to have the knowledge on how to go about it. Since it is a community-based open source, you can easily get the information online in case of anything. I have tried both load balancing and failover and it has worked very effectively. In terms of quality of service also, it is very effective. I cannot complain.

Based on my experience, the main benefits OPNsense provides for me are due to the limitation in getting financials to implement the most marketable solutions available in the market. That pushed me to find other open-source-related solutions or cheaper solutions. That is how I came upon OPNsense and pfSense, but OPNsense was the choice in this decision. That is what brought me to finding a simple but also effective solution, but at a low budget.

I did not purchase OPNsense directly from the vendor or through marketplaces. I just downloaded the ISO file from OPNsense. In terms of price, I think OPNsense has a reasonable price compared to others, so I can give it about an eight or nine. I would rate this review as a nine overall.

I mainly use OPNsense for edge user firewall applications.

The functions I find most useful in OPNsense are basically the routes because we have a lot of routing that we do with it, VPN, and specifically WireGuard VPN. We also have the Zenarmor plugin because we do use the Zenarmor plugin, and disk monitoring log, ntop, as we also use it for ntop log monitoring.

When I talk about VPN, I am not completely satisfied with the VPN functions of OPNsense. What I have received so far is that sometimes the VPN route caches for some time and sometimes I want to change the route, but the route gets cached. So I have to sometimes delete it and then do another route again. Or if I want to use the same route but just change the gateway, it will not take effect unless I delete the whole thing and then do it all over again. That is the only issue, but that is acceptable.

In terms of real-time filtering, I think OPNsense can do more. Looking at other products, they do more of the filtering, and I think OPNsense can look at it. I want to have something like top talkers in a live view, and I want to have some amount of data being stored for maybe over a period of time. Instead of going through additional plugins with extra costs, if I am paying for a premium service on OPNsense, those features should come with it. I should not have to pay extra again.

For points of improvement, instead of going through VPN plugins and extra costs, they could just include it as part of the package and not make me pay extra. If I know I am paying for a premium service for a year, I should not have to pay for other features like ntop, especially for log monitoring, which is very necessary. I need to monitor my logs and be able to save some amount of data over a period of time. It should not always be live. Because if I have a day or let us say within forty-eight hours or more, I want to know the IPs and the packets going to and from. Since it is doing a lot of filtering, I want the data for what kind of filtering it has done over a period of time, illustrating which IP was trying to pass a packet of this nature towards this destination. I want all of that, something approaching using Wireshark to capture a packet. All those packets going through Wireshark are definitely going through OPNsense if I am capturing the packet from outside of my network. If I can have that data sitting somewhere and I have a problem, I can start troubleshooting from that data. I can say, okay, this IP is going to this destination, this is the packet being pulled, and this particular IP is a top talker. All of that would help me know where to look first without going through a whole lot of sequences just to get something small.

I have been working with OPNsense for four years now.

For stability, ten is the best mark, and I would give OPNsense an eight because sometimes when I put in a filter or a configuration, and then revert it, it caches the configuration. I have to actually delete the configuration when I disable it, which is not good. If I disable something, I expect it to work as disabled; it should not cache and still be working as if it is enabled. I think those are parts that can be worked on.

Regarding scalability, based on what I just said, I give it a seven for scalability.

My mark for OPNsense technical support is a four for the free version since they do not care when they realize you are using the free version; they just ghost on you. For the paid version, I give them a seven or eight because once you are paying, they want to pay attention to you, but if it is free, they do not care and just ghost on you.

For the initial setup of OPNsense, I find that it is very simple.

In my opinion, the main competitors for OPNsense in the market are Arista and Ubuntu, especially Untangle from our end. I prefer Untangle. Because I am using more of OPNsense, I will be partial here.

Regarding intrusion detection capabilities for network security, I think it is fine.

When it comes to the load balancing feature in OPNsense, I have seen it, but I have not used it. What I have actually been trying to use is the high availability—that is the groupings.

I cannot rate the pricing for OPNsense. I would rate this product an overall eight out of ten.

I am using OPNSense at 5~6 Different Locations with different network requirements,  having 40-80 clients each and fully depend on OPNSense and it is running satisfactorily.

After running OPnsense for 5 years at my primary location management has enaged another firewall solution.

Now my primary setup is shrink to 7 to 8 computers which is playground for me and my collegues. But we are successfully handling OPNsense at other locations remotely .

I find everything valuable in OPNsense. The configuration and reporting aspects are what we require. Reporting on user access and data consumed is fascinating in OPNsense, and the configuration offers a clear idea of everything that I have configured in DHCP.

The key metrics I track to measure the effectiveness of reporting tools include the graphic interface and real-time statistics, which are much better in OPNsense compared to Other products. If I want to export something, that is easy from OPNsense.

Managing Rules and implenting Policies are much easier than competitive products, Practically using IP blacklisting as well as whitelisting,

If we talk about port forwarding, is very straightforward. In OPNsense, everything can be done on a single screen: identifying the source of packets, determining what to do with them, and deciding where they should land is the most convenient aspect.

Additionally, making group of IP addresses in OPNsense is very easy, making the overall experience very user-friendly.

I assess OPNsense's intrusion detection capabilities through practical testing.

I find the load balancing features quite satisfactory as I am using two WANs with this system. The load balancing features have no negative impact on my operations, and I am satisfied with this aspect as it automatically takes over the network, directing load to the second WAN if one fails.

I have attempted to configure OPNsense VPN features, but I was not incomplete due to time constraints. However, I believe that with some effort, the VPN will work fine. I already using OpenVPN simultaneously for computer-to-computer communication, but not with OPNsense, though I am confident it will fulfill my needs. I want to implement a site-to-site VPN, but that project was dropped somehow.

As its is based on BSD sometime onboard as well as pciX Ethernet adapters refrences are little confusing, to overcome this we just unplug the cable and note the referene appearing on screen.

To use Intrusion detection and Anvitirus Plugin in is necessary to configure proxy Without a proxy, you cannot use the ClamAV antivirus plugin. I think that should be modified towork without configuring a proxy. This is the only aspect in which OPNsense is falling behind because implementing a proxy requires system-to-system attention. Alternatively, using a transparent proxy poses a threat if not properly configured.

Those takes laptops outside LAN feels difficulties if Proxy is configured on their system. It is suggested to consider this improvement.

I have been working with OPNsense for around five years.

I did not experience too many problems with the implementation or configuration of OPNsense in my system. The main thing to note is that OPNsense is based on BSD, so in some cases, changing the machine causes references of the LAN card to change. For instance, on a single machine, it might show en0, en1, while on a different machine, it shows enp0, enp1. This inconsistent naming convention can be confusing during configuration of LAN and WAN Points,

OPNsense is completely scalable for my needs.

N/A

Positive

Currently I introduced SonicWall a couple of months ago. I worked with the TZ series, specifically the TZ 270 model.

Intial setup is very strainghtforward.

None used. All done using tecnical articals available on internet.

Setup cost is almost zero as one can simulate the whole environment using open source version.

Pricing seems fair enough.

Open source license allows a beginner to have a complete firewall solution for practice and improve skill. Which is not possible in commercial solutions.

As it can be simulated using virutalbox and other Virtualization software, any one can master it using only a single physical machine with help of available Technical material found on Internet as well as on KB article web site.

Tried Untangle as well as PFSense in virtualized environment.

Neutral

I use OPNsense primarily for network security. It involves basic firewall operations and GeoIP location functionalities. I've got multiple versions running, some on hardware purchased and some on VPSs.

The most valuable features include the basic firewall functionality and the GeoIP location services. OPNsense is very stable, easy to upgrade, and maintain. I can work efficiently, knowing it does what it needs to do.

OPNsense should improve its performance in handling large volumes of voice traffic. It needs more support for Vigoroute and extensive VPN technologies. Enhancing its performance for significant amounts of data traffic would make it closer to a perfect solution.

I've been working with OPNsense for about five years.

I rate OPNsense's stability as very high. I would give it a nine out of ten. The only challenge faced was its inadequacy to manage large voice traffic effectively, even with dedicated hardware. It couldn't keep up with the packet per second for voice load, requiring a revert in our setup.

OPNsense struggles to handle large volumes of voice traffic, indicating scalability issues in that specific use case.

I haven't used technical support. I rely on forums and manage the setup independently.

The only other similar product I can compare is FortiGate. Overall, I find OPNsense more user-friendly.

I consider the pricing of OPNsense to be high when compared with other market products. However, as a free firewall product, it is one of the best available currently.

I only evaluated FortiGate alongside OPNsense, as they are the two offerings from my company.

For small to medium businesses, I recommend OPNsense. I'd rate it eight point five out of ten.

I mostly rely on the solution's network intrusion detection and prevention system, along with other systems, CMs, and log management. We are currently satisfied with the solution's threat intelligence. It's a pretty much in-house developed solution because it's in a Wazuh server. We have several scripts around it, allowing us to improve our posture on threats.

SD-WAN (software-defined wide area network) is integrated into some restricted service providers for OPNSense.

I pretty much like the solution's APIs, but it's somehow limited. I would like the APIs to be more mature and more developed and have more options to automate threat hunting. Also, I would like to see more drill-down possibilities.

We have to rely on specific hardware for the in-depth analysis of NetFlow. Although we have an interface on OPNsense, it's not as easy to use on the security side as other solutions.

I have been using OPNsense since 2016.

I rate the solution ten out of ten for stability.

OPNsense is an extremely scalable solution. I played on one network with CARP, and I was pretty happy with what I achieved there.

Before OPNsense, we worked with the Cisco ASA 5505 product for three years. Although it included the FirePOWER part, it was quite a poor experience.

OPNsense has helped reduce the speed of threat detection and containment from 50 minutes to 15 minutes.

I have quite a background in Berkeley Software Distribution (BSD) systems. I was looking into BSD, especially for the packet filter side. While evaluating, OPNsense was the most solid solution. I was also considering pfSense as my first option, but it is not so strong on the file system side.

OPNsense is a strong and solid solution that is easy to interact with. I don't see much on the new generation of firewalls, and only a few solutions are available for OPNsense. OPNsense handles network traffic much faster during peak loads because it's on dedicated hardware. I would recommend OPNsense when no specific topic prevents me from recommending OpenSense.

Overall, I rate the solution an eight out of ten.