OPNsense Reviews

We use the solution to secure our network and kid’s Internet usage. Since COVID-19, remote work has become relatively standard.

OPNsense is easy to use and open source. When the setup is complete, you can forget about the software itself. You can check the logs occasionally and set up some automatic reporting. 

The user interface could be improved, and the DNS section should be more intuitive.

I have been using OPNsense for a few days. We use the updated version of the solution.

I rate the solution’s stability a ten out of ten.

I rate the solution’s scalability a nine out of ten.

I’ve used pfSense and openWRT before.

The initial setup is straightforward. Being an engineer myself, I have no issues with systems on networks. The installation took around two hours to complete. When you download a system, it takes time. I’ve also installed one package named Zenarmor.

Overall, I rate the solution a nine out of ten.

The tool's integration is more like a button press. 

pfSense has better performance and quicker updates.

I have been working with the product for six months. 

The tool is more stable than pfSense because it has the drivers for my network card, Realtek. I didn't know at the time because manufacturers sometimes don't advertise what network cards they come with. I bought a computer with Realtek, and pfSense says immediately, out of the box, that it doesn't work with Realtek cards. OPNsense is the same, but it does have a way of installing the Realtek drivers, which gives you a lot more stability overall on the system.

I didn't contact the tool's technical team yet. 

The tool's deployment is easy. Apart from Cisco firewalls and Fortinet, if we talk about Untangle, pfSense, OPNsense, and so on, they are fairly quick to set up. It's not something you spend too much time on. It's a firewall, so you can spend months tweaking the system. If you know what you're doing, you can spend forever on logs, checking and tweaking the system because there's always a new update or feature coming up. Then you start playing with them, tweaking settings, checking logs, blocking or unblocking different things.

You can stay in that loop forever. But for a startup, the initial configuration is fairly easy and quick. It can be completed in 30 minutes. 

I've used the free version. My computer with two network cards at home allows me to try as many different software options as I want. I did pay for the license, but it was for the Zenarmor license, which is the packet inspection tool. They use AI for packet inspection, which integrates with OPNsense and pfSense.

I'm not using OPNsense at the moment. I work with many different technologies and keep testing various setups. Currently, I've gone fully customized. I'm using a Linux server configured as my router and firewall, and I'm using Zenarmor for packet inspection.

This setup allowed me to easily configure SSL VPN and port forwarding for specific ports, which isn't as straightforward with other systems. I've tried several, including Untangle, pfSense, and OPNsense, but found them somewhat restrictive.

OpenSense is quite good. I like it. It has many services and is somewhat similar to the WatchGuard system. I honestly have no complaints; it was a very good experience. It's easy to set up, especially if you know what you're doing. It also offers a nice library of add-ons.

However, if you have appliances with Intel network cards, I would probably go for pfSense instead. Firmware updates and other updates come a bit faster, making it a more reliable service than OPNsense. 

Everything that comes up on OPNsense appears first on pfSense. Some features are not yet available on OPNsense, and they haven't announced a release date. However, I'm confident they will eventually release these features, as they have previously done.

Ultimately, choosing between pfSense and OPNsense is more of a personal preference since they are very similar. Both are FreeBSD systems, operating in similar situations and offering comparable functionality.

Now, I'm just using a Linux server. I can monitor the system, reboot the card, install Apache, and redirect web servers within my home directly to the firewall. This eliminates the need for third-party boxes or other connected computers, allowing me to do everything in the same box. It gives me a lot more freedom.

That's the main reason I stopped using the other systems. I used OPNsense for about six months, which shows I've tried various solutions to find the best one. Despite all the good things I'm saying about OPNsense, I did stay with it longer than pfSense.

I traveled to China, so I used my home as my VPN instead of paying for one. They block VPN services in China, so I was using OpenVPN at home. OpenVPN is a known service, but it gets blocked there. The only way to do it was through SSL VPN, which worked fine. But, talking about OPNsense, everything was working fine. I had no problems. I just had to move away because I needed to use port 443 for something else on my web server, and I can't have a web server together with other stuff. It's a bit more complicated to configure because I use Nginx and Apache, too. You can install these tools on OPNsense, but I found it more complicated than just going onto the command line and doing it.

If you want to use something like OPNsense for FreeBSD, use pfSense instead. Unless, obviously, like me, the person in question has some hardware incompatibility with pfSense. Only then would I go for OPNsense. Because, I mean, they're the same systems, but pfSense is a bit better in terms of overall performance, and security updates come quicker and more often.

I rate the overall product an eight out of ten. 

We started working with a tier-four data center cloud service provider company, and we wish to develop our cloud instance/VM hosted.

We use OPNsense for content filtering, securing networks through DNSs and overcoming the challenges of ransomware, and securing different types of malware-virus attacks.

This is causing a lot of issues because we are focusing more and more on securing our customers' data.

It includes backup, recovery, archival, and now coming up with securing cloud instances/VMs. It is really essential for us.

Example: a firewall as a service can be provided to those who mainly work from home or Soho, Freelancers - clients.

OpNsense has given the most fundamental security service/support to our clients in an unstructured world like freelancers, consultants, soho users, etc. That is based on NIST guidelines, so, overall basic security postures are in place.

The most valuable features are content filtering, DNS level filtering and blocking unwanted Global IPs, built-in scanners and authentication capabilities, HA, etc.

I think that the most important aspect is a step-by-step run-book for its installation and deployment on small as well as on commodity hardware. Plus, clubbing the services into several (pre-configured) modules, detailing a BASIC, STANDARD, RATIONALIZED, and DYNAMIC (Enterprise ready) modules, and then custom configurable module, in that case even novice users can configure and start experiencing its benefits. On the same, documentation should be developed keeping the above five modules in mind.

The initial installation menu should clearly identify the existing IP class/subnet and suggest its challenges and benefits in configuration, and the respective error log should be shown on a screen on the same panel. They should also provide "modules" wise installation video links and their changes with previous versions for reference.

Our primary focus is to ensure the protection of customers' and consumers' data and critical IT/Dynamic infrastructure, for the same we have to do critical tunings, though, we practiced it in such a way that we have developed a habit of tuning things using a checklist based on clients "Mutual Value Discussions" (assessment session).

Added capabilities of add-ons/filters/extensions and its tunable help us detecting and alerting clients in sensitive environments when a malicious URL is detected in the traffic (e.g. messaging services/emails and/or other communications on the fly). This additional layer of protection helps in further safeguarding user data and preventing potentially damaging malware from being transmitted within the LAN environment.

We started using OPNsense in the last three or four years. Now they are pretty mature.

When we demonstrated this software and the firewall, the main thing is the customer's confidence.

If I remember correctly, it was 19.x version.

We have been operating here in our lab for several months, and everything appears to be extremely stable.

We also attempted a different method of providing the load factor, adjusting the various parameters, cross-checking the network jitters, detected security threats or not by other third-party software/hardware equivalents. It appears to be rather reliable, though, with the stated data points above, it is not yet ready for the enterprise yet.

Most of the BSD/FreeBAS or Linux-based software-defined firewalls support vertical and horizontal scaling 'scaling out and scaling up'(this all depends on how it has been architecture) based on the requirements.

Keeping Technology and Architecture governance with the leading practice of security, availability, and scalability as critical elements in mind. Few stated features make these products scalable and highly available, though, based on load and constant monitoring would require tuning from time to time.

To date, we managed to support clients ourselves and whenever we received feedback we come to know that support cost is very high, it is not as local as we are, for small soho, WFH, freelancers, and young startups they prefer locally available partners and hence they are not even interested in talking on those factors.

Neutral

A few years back, cybersecurity was not a problem for small and micro businesses, but since 2019 or so, that has seen a massive uphill, then, we were using built-in features of different types of OS-level firewalls with basic filtering, blocking the ports, orchestrating based on local FQDN based filtering, NATing, few BIND/DNS based filtering, implementing proxy's like Squid, etc. Best since these techniques are not good for business, we have to find other methodologies to protect clients' environments. Till recently, we also tried using Hardware firewalls, which most of our clients did not like because of known/unknown reasons.

A few years back when we first began using it, we were unable to find a proper document detailing different network scenarios for IP allocations for 2NIC cards. We went through aggressive discussion, reading blogs, and setting-up labs we started getting the knack for all possible configurable elements and started running several tests, packet forwarding, bombarding networks in the most ethical way possible, and verifying results. e.g. We created two separate networks, with WAN and LAN networks assigned to different classes. The menu-driven setup process is relatively easy, but you must know which IP address to define in the router, WAN section, and LAN sections. If this is clearly explained, the basic and fundamental aspects of your network will be in place, allowing you to set it up quickly.

Then we recommend clients purchase easily available commodity hardware-based motherboards with two NIC/Ethernet cards built-in, it simplified our tasks and so on.

We took some help from our old industry connections, and systems integrators, and later our lab practices and tests started solving most of the issues.

It is now organic, and growing (hope to improve better - though accidents do happen, e.g, COVID, Share market / Financial institution meltdown, the war between nations, and now CyberWarFare picked up!) these are the few key factors which disturb the business one way or other.

The best is to read through the terms and conditions, and fine-prints, and to spend time identifying support and operational cost, most of these elements are covered on the website, etc.

We made an attempt, but it appears that forming a partnership would not be done as the other party is requesting a significant amount of money, which we find to be very expensive to start with.

We are exploring the possibility of locating a domestic partner who has a partnership with either PfSense or OPNsense to partner with.

Subsequently, if we are successful in finding a suitable domestic partner, they would be able to offer these services to us.

While this software is certainly capable of getting used by masses, it is important to have the pragmatic knowledge to support and operate the system effectively and keep key parameters monitored for new cyber challenges.

It is crucial to have a clear understanding of exactly what you are looking to accomplish and to have access to the necessary data in order to effectively configure and use the system.

pfsense - Software-defined firewalls have been around for a while. Whereas, OPNsense came later into business.

I would rate OPNsense a seven out of ten.

The primary use case of OPNsense for me is VPN and firewall rules.

URL blocking, Wireguard, Tail Scale, Engine Blocker, and VPN are the most valuable features for me.

There is room for improvement in SSL inspection because that's where OPNsense, the open-source firewall software, just doesn't work well. So, I really use it for inspection.

I have been using this solution for five years. I am using the latest version now.

It is a pretty much stable solution. I rate it an eight out of ten. I haven't experienced much complexity with stability. Mostly there are a lot of false positives when the firewall is on. The inspection may not be very good compared to CSP4 Fortinet. But other than that, it's okay because I really like the user interface for business purposes. We can do all things through GUI, and things come in line.

It's very flexible and scalable, and I would rate the scalability an eight out of ten. It can adapt to changing needs easily. Around twenty customers are currently using OPNsense.

I haven't contacted customer support. I usually resolve any issues through online forums and the community web page.

I have experience with Cisco as well. I moved to OPNsense because it is free.

The initial setup is pretty straightforward. The deployment process took three to four hours. When I install OPNsense on the premises, I usually allow everything; after that, I go to one location. I work remotely on that firewall or VPN, so the first step is to put it online and remotely access the VPN server or firewall there. After that, I installed and configured it while working remotely.

I'm an integrator, so I mostly use OPNsense for VPN purposes and firewalls, and I use a couple of plugins for web blocking, and that's it. Only one person is required for deployment and maintenance; therefore, I handle all the deployment and maintenance.

I haven't used any licensed operations. But when companies get bigger, they'll probably need a license model. The old companies where I have worked with OPNsense were small.

I would suggest using OPNsense because there's no cost and a good interface. You don't need to use the command line to configure anything like on Cisco; sometimes, you don't need all the technical knowledge to operate OPNSense. Additionally, you have good community support.

Overall, I would rate the solution a nine out of ten.

I use it for firewall purposes and OpenVPN. Another use is to protect the servers inside my company. 

I am using its latest version. It is deployed on my own server.

It has an open license. It works very well, and there is an update every month.

Its interface should be a little bit better.

I have been using this solution for three years.

It is stable. A month ago, I had an issue for two weeks, but other than that, it has been stable.

I don't need scalability. It is a small company. It is a small network. I just need a small firewall at the entrance of the network. I don't need to expand it. 

In terms of its users, it is the firewall to protect the company, and I am the only one to touch this product.

I have never contacted their support.

I used another one a long time ago. I don't remember the name. I went for this because it has an open license and a lot of people use it. I don't remember why, but I prefer this one over pfSense.

It is not so difficult to set up. You need to know the minimum things. I do it myself, and I am not an IT person. It is not my job.

It is open source and free.

I can recommend this product but only to people who are able to use it. It is not for everybody. You need to know how to manage it.

I would rate it a 10 out of 10.

It's open source.

There are a few weaknesses. For example, there is a lack of some features that I have in certain commercial products.

Some of the features include classified traffic and better blocking of newly registered DNS domains.

I have been working with OPNsense for about three years. I use it both in my company and at home.

OPNsense is very stable, rock-solid.

It is a scalable solution. We haven't encountered any performance issues.

The initial setup was easy. 

Overall, I would rate OPNsense an eight out of ten. There is still some room for improvement.

OPNsense can be deployed in the cloud and on-premises.

I have used OPNsense in many different types of companies, such as financial and metropolitan.

I have been using OPNsense for approximately six years.

OPNsense is highly stable.

The scalability of OPNsense is very good.

I have approximately 15 customer companies using this solution.

The support for OPNsense is good because we have documents available on the internet. The support could improve a little.

I rate the support from OPNsense a four out of five.

The initial setup of OPNsense is straightforward. It took us a while to deploy the solution.

I rate the initial setup of OPNsense a nine out often.

I did the implementation of OPNsense in-house.

OPNsense is an open-source solution and it does not require a license.

I recommend this solution to others because in my country we have a limitation for buying any firewall.

I rate OPNsense a nine out of ten.

We are using it for intrusion detection and prevention. The firewall comes with a lot of third-party modules, and we also use proxy functionalities.

In our company, we are using it as an appliance, but we are bringing companies to the cloud. We ourselves do not have an Azure layer, but we have got a contract from a customer to bring them to the cloud. So, we are installing it there and monitoring it, but it is not owned by our company. OPNsense is available on appliances, but we have made a special integration with Azure. There is a special mechanism in Azure to deploy firewalls, and we have installed three or four of them.

We always have the latest version on the firewalls. One should run the updates very frequently.

We are onboarding cloud solutions for customers. We are on Azure. Especially on Azure, when the customers start, they always have small environments. We were looking for the best firewall solution for small environments, not big environments. We needed a small firewall, and we came across OPNsense. For small customers, we will use OPNsense in the future due to cost reasons. These are small installations, and Azure Firewall is very expensive.

The IDS and IPS features are valuable. From the usability perspective, there is a lot of good documentation. As IT professionals, we found it very easy to configure the firewall. It was easy to configure and use. 

The difficult part was the integration with Azure because OPNsense, in most cases, is not used on public clouds. It is on appliances that run on-prem. 

We did not like the fact that you have to configure everything with the graphic user interface. We have used other firewalls, such as FortiGate, that you can configure via code. OPNsense is not easy to integrate. When you are deploying via GitHub or another source repository, this is not possible. That's one thing we didn't like much. 

Within our own company, we have been using it for three or four years as an appliance, and on Azure, we have been using it for three months.

We have run it for three months in production, and we haven't had any problems in three months. 

We run it as an NVA cluster with Azure, and it has good scalability, but when we have bigger deployments, we would use another firewall. I'm not sure if it makes sense to scale up. OPNsense has a very good niche market in comparison to FortiGate, Azure Firewall, or other firewalls. If a customer is starting in the cloud and has 100 or 200 users, I would always recommend OPNsense, but if you have a big installation, and you have a good DevOps team that deploys via source code and things like this, then I would not recommend it. So, the software itself may be scalable, but I wouldn't call it an enterprise-scale firewall.

In terms of people working with this solution, I'm an architect, and we've got two people for monitoring and setup. Its usage is increasing. It has not been that long since we started using OPNsense, and it fills a gap. Not everybody needs a full-scaled enterprise firewall. So, it will be a part of our business. We've found a niche there.

We were in touch with Microsoft support for special networking considerations. The firewall itself was easy for us, and we had no need to reach out to tech support of OPNsense. The heavy part was the Azure part, and we are specialists there.

OPNsense deploys it on the Azure marketplace. So, you can download it directly via the Azure marketplace. You do not have to be a partner. From our perspective, it's easy to configure and it's intuitive. We have a background with a lot of firewalls, and we were just looking for a small one.

We found that not many people have used it on Azure. The firewall itself is not bad, but the support around Azure in terms of documentation and the required infrastructure is not so good, but because we are Azure specialists, we found a very good solution. We would not recommend it for a beginner in Azure.

In terms of the implementation strategy, there is a cloud adaptation framework. There is a white paper from Microsoft containing best practices for deploying firewalls on Azure, and we had to provide a setup for this, which took some time because it was not easy. It took at least two weeks, but it was only a one-time job. After that, for each firewall, you only have to adapt the rules, which takes two days, but it also depends on the complexity of the infrastructure. If a customer has hundreds of endpoints, it takes longer for sure.

Its pricing is unbeatable in comparison to other firewalls. You can have a small instance that could be €80 a month with the hardware underneath. Azure Firewall and FortiGate are out of the question at this price.

If you are on a public cloud, you need the underlying infrastructure. Other than that, there is no additional cost. If you have it on-prem, you have to buy the server or the appliance. The hardware cost is replaced with the infrastructure cost in the cloud. You also have costs for the public IPs and underlying VMs, but that's not related to OPNsense. It would be the same for a FortiGate deployment on Azure. You need a FortiGate license, and you need the underlying infrastructure that scales up depending on your needs.

We use it on-prem, and we can recommend it for a standard, typical IT engineer with a networking background. We have had a good experience with it. It is good in terms of functionality and resource usage. It is easy, and we would recommend it, but for implementing it on the Azure cloud, you need good knowledge of Azure. When it comes to public clouds, you do not have your own hardware, and you need deep knowledge of the public cloud on which you are deploying it. It is a good solution if your installation is not too big. We would recommend it for small customers or companies that are starting in the cloud. 

I would rate it a seven out of ten.