OPNsense Reviews

I am currently working with OPNsense to see if I can learn it. This product is used in small to medium-sized businesses for security, UTM, and other similar operations. We are a solution provider and this is one of the security solutions that we implement for our clients.

Offering this solution has provided some of our clients with firewall protection and UTM, which basically just protects them from the internet.

The most valuable features are reporting, the Sensei plugin, and firewall capabilities.

The vendor should offer compatibility-approved boxes, or at least stock one with OPNsense already installed. This would make it a one-stop-shop, and people would not have to worry about sourcing the hardware separately.

I would like to see better SD-WAN performance. I think that could be a very good bonus because SD-WAN is all the rage these days. That is probably the big thing that people need to improve upon, in terms of combining two, three, or four links.

The interface should continue to improve, which would make things a bit easier. For me, it was already easy, but nonetheless, it is quicker to install a FortiGate firewall.

I have been working with OPNsense for approximately one year.

This is a very stable product and I've had no issues with it.

This product is very scalable. I always buy hardware that can handle a lot of connections and a lot of users. So, in terms of scalability, all you have to do is upgrade your hardware. Or, it is especially scalable if you use the VM version because you only have to provision more resources.

We regularly have between 20 and 50 users, although sometimes it is as little as 5 or 10.        

I have not been in contact with technical support. So far, everything has been good because I just use Google to find all of the answers and all of my solutions.

I primarily work with FortiGate, but I am currently dabbling in OPNSense to see if I can learn it. I've also installed Cisco in the past, as well as Sophos.

FortiGate is a better firewall but that is commercial software that you have to buy a license for. OPNsense is suitable for small to medium-sized businesses. FortiGate is definitely quicker to install because you just buy the appliance. It's also more user-friendly.

If you dabble a bit with OPNsense, it can do about 90% of what FortiGate can do, but FortiGate is more user-friendly. Of course, with OPNsense being open-source, it will always beat FortiGate on price.

I think that with FortiGate, it is easier to log a support call. I haven't really needed technical support for OPNsense, but I know that FortiGate has the score logging facility, whereby you can just quickly log a call. There's also support in South Africa and I know company people that I can just call for help with FortiGate. But with OPNsense, I haven't really had a complicated setup, so for me, it has been okay and it hasn't been an issue.

The SD-WAN is also better on FortiGate. I think that they are heavily focused on security, so they might have better application profiles and other things, such as application threat detections.

Although about 80% of our clients ask for FortiGate, some of our clients ask for Sophos instead. For example, there are some banks and commercial institutions that ask for Sophos.

The initial setup is straightforward and quite simplified. I work in a Linux environment so for me, it will be a bit easier.

OPNsense is an open-source solution and it is free to use. You need only purchase the hardware.

The suitability of this product often depends on the size of the company, although sometimes there are clients that just want FortiGate and they're not open for negotiation. Personally, I like open-source and it's always a bonus if I can get stuff for free.

I would rate this solution a seven out of ten.

It is the main firewall for one of our locations. We use it for intrusion detection and prevention. We are using the latest software version, but the hardware is not the latest.

The VPN server feature is the most valuable. It is integrated with Radius and AAA for doing accounting and authentication.

Insight view is also an important feature for me at this time. It allows me to assess our network traffic. I also like the firewall feature. The BSD kernel has a packet filter. It is one of the most solid frameworks for firewalls.

Its user interface is one of the best interfaces I have used. 

The only thing that I would like to see improved is the Insight or the NetFlow analysis part. It would be good to have the possibility to dig down on the Insight platform. Right now, we can easily do only a few analyses. If this page becomes more powerful, it surely will be a well-adopted platform.

I started to use OPNsense about three years ago.

It is stable, but for us, it is not yet so reliable. Our server is an old DL120 HP Server, which is from the year 2006. We have ordered another appliance. After we receive the new appliance, it would be more stable for us.

It scales well for our needs. I haven't tried any horizontal or vertical scaling so far.

I did not need any technical support.

I used pfSense two years ago, but I was not so happy with our system protection. I have also previously used Cisco ASA appliance. It was a 5505 model, but it failed because of the hardware issues. It was prone to hardware failure, and in one month, we lost both firewalls. It was also not so easy to see traffic with Cisco ASA. I could not easily identify traffic issues. 

The initial setup was straightforward. I also have experience with BSD services, so I had no issues at all. It took us half an hour to deploy it for 250 users.

We deployed it ourselves. There was no need for a consultant for the deployment. We have two engineers for its deployment and maintenance.

It is not an expensive product. Basically, I deployed it because it was the fastest solution to satisfy our needs in open source.

We plan to continue using this solution. Right now, we are settling our networks. We plan to expand its usage, but I don't think it will happen until 2022.

It has a good user interface. Its configuration is simple but requires a little planning. It is much simpler than the Cisco ASA configuration.

I would recommend this solution. I would rate OPNsense a nine out of ten. I am happy with it.

The primary use case of this solution is to detect and block malicious traffic, malicious files, and malicious links to protect the internal network from any external malicious website that may contain a virus or malware.

The most valuable features in OPNsense are reporting and visibility. 

The visibility is awesome. With the visibility, you can see the data source, data destination, the source port, destination port, protocols, the most used, the malicious files that have been detected and blocked, the countries the customer has visited, and the IPs based on Suricata.

OPNsense also has ClamAV, which is a great tool.

I have some issues with OPNsense. I have created a virtual machine that I've lost connection at times and I am not able to connect to the gateway or ping the internet. When I started with OPNsense, it worked right away. It may be an issue with the virtual machine itself. I am currently setting up the protection on all of the virtual machines so they will connect to OPNsense and the internet, or anywhere they need to access.

I have tried to download some malicious files or a virus and it should dump the files and prevent the download, but I don't seem to get any notification or warnings.

It may be an issue with the configuration but I am not sure.

I would like to see improvements made to connectivity and alerting.

I wanted to deploy this solution in our organization and some of the workstations from remote sites but it's not reliable enough to do that yet.

In the next release, I would like to see real traffic monitoring and more visibility. Also, for the antivirus, I would like to see the files protected by ClamAV. 

I would like to see intelligence in OPNsense and have the option to apply it or not.

They need a threat intelligence tool similar to the one they would find with Cisco. It will show you the file hashes, all of the IFCs, the niches, the address information, and more.  With all of this information, you can be proactive and block the malicious file hashes, all of the malicious IP addresses, and the public IP addresses. It should help you be proactive.

It would be helpful to have OPNsense be one of the plugins, and they should include traffic capturing. With Palo Alto, you can monitor and specify which interface you want to monitor, the source IP, or you can specify the network and see the traffic that is coming from the VLAN, the destination, and any files being transferred over the network.

If you apply security profiles you can see the signatures.

I have been using OPNsense for five months.

There are issues with stability and reliability.

I set up two different virtual machines. I used a virtual box, I installed it and configured higher visibility for both. One was a master and the other a standby. 

I had a virtual machine installed on Windows 10 and put the gateway for it as OPNsense, which was the master. 

I tested and shut down the first one, which is the master. When I check to see if the second one would take over, it failed. 

I couldn't connect to the internet or any destination.

We have not explored the scalability. We are only a small lab with two to three workstations.

I have a colleague working with me, together. We meet weekly to share the progress we have.

I use the enterprise version daily. It's scalable, stable, they have proper documentation and support. We get daily updates from the vendor.

OPNsense is a great tool but it lacks information that you need before deploying it.

I have reached out to the community for support, but they haven't seen anything like the issues that I am experiencing. 

I have not contacted OPNsense directly.

The initial setup was straightforward and easy.

It took 30 to 45 minutes to set up and deploy OPNsense.

I did not use a vendor to implement this solution, I did it myself.

OPNsense is a well known open-source tool.

I am currently evaluating and searching for open-source enterprise firewalls and doing a comparison of the features between all of them. I am assessing the pros and cons of vendors. 

I am looking for something that will give me a report on the comparison of features, capabilities, the different vendors, and the different open-source solutions that are available.

I am also doing a comparison on Palo Alto, Cisco Firepower, and Fortinet Fortigate.

I don't have any information on the bandwidth and what it can handle, or how many workstations can work with it. This information is very important, but I can't find any resources for this information.

The reporting is amazing. You can export reports, you can set the parameters, and export reports based on your needs.

I would rate this solution a seven out of ten.

The interface and the dashboard are the most valuable features of this solution. 

There should be more technical documentation. 

I have been using it for the last year and a half. 

It is stable. 

We have two customers who use this solution and ten people on my team. My clients are enterprise-size. 

I am satisfied with the technical support. 

The initial setup is very easy. It took around one hour. It's only getting the licensing and getting started. 

It doesn't need a POC, doing a demo is enough. 

I would rate it a nine out of ten. The documentation about the malware and APT needs improvement to know more about the vulnerabilities. The product information is fine. 

The solution is primarily used as a basic firewall. I'm running my WiFi through it.

The solution is very user-friendly.

It's easy to manage and deploy.

The solution is good for a basic firewall for a small business or for home use.

The solution can't compete with next-generation firewalls.

The solution would not be suitable for anything large-scale.

I've been using the solution for a year or two.

There are issues with the VPN availability, but overall, the is a pretty smooth connection.

We have two people running the solution and another 50 to 80 people using the solution, so we have a relatively small setup.

The solution is scalable and can be deployed to multiple VMs.

I've never reached out to technical support. If I run into problems, I tend to Google queries in order to find solutions.

I was not at the company when they had a different solution, so I am unsure as to what it was.

Currently, I'm looking for another firewall and I am working on upgrading. We may use an Ignition firewall in the near future.

I've also deployed a couple of different firewalls in the past, including Huawei.

The solution wasn't too complex, but the VPN setup isn't so reliable. It sometimes misbehaves or malfunctions or breaks down automatically. Occasionally it disconnects and you can't transfer the data from it.

Deployment took about a day or so. It takes maybe five or six hours to get everything up and running.

Since it's a simple firewall, anyone who has basic firewall knowledge can run and maintain it.

I had some help internally from our network team when I was implementing the solution. However, I did not need outside assistance from a consultant or integrator.

We are using a free version of the solution.

I'm just a customer. I'm not a partner or reseller.

I'm not sure which version of the solution our organization is currently using. I understand that it is the most up-to-date version. I updated it two months ago.

The solution is good for a small business or home. I'm not sure what the paid version offers or if it has more security features that would be suitable for larger businesses. The version I'm using works well and is simple. It's more reliable than a router.

I'd rate the solution seven out of ten.

We have primarily been using it for testing at our company, but the normal primary use for the product is as a firewall.  

The most valuable thing about this product is that it is very easy to use. The graphic user interface is very good and it is user-friendly.  

The feature that I would like to see in the next release, I think, would be to improve the VPN (Virtual Private Network) selection. Specifically, I would like to improve the section where you can set the VPN IP address to high availability.  

We have been using OPNsense [Stands for: "Open (source) makes sense."] for about one year.  

The stability of OPNsense is actually very good.  

The scalability of OPNsense is also very good.  

Our experience with technical support has been good. We have a few issues, and if we do we have been satisfied with the support.  

The initial set up was pretty easy. The total time for deployment took just one or two days.  

OPNsense is open source software so at this time it is free for us to use.  

On a scale from one to ten where one is the worst and ten is the best, I would rate OPNsense between and eight or nine-out-of-ten. If I have to choose I would pick nine because it is practically a perfect solution for us.  

I definitely recommend the product to other people who are considering using this as a solution to use it because it is a good solution.  

The solution is easy to use and is accessible. I can also use it without paying. The configuration is very easy, and the website makes it easy to find help if you need it.

So far, everything is okay. We've just started using the solution.

As long as they continue to ensure that we are protected, it will be perfect.

The stability of the solution is good.

We haven't had to contact technical support. If we have questions, we're typically able to find answers via the website.

We did previously use another solution, but I don't recall the name. We didn't like the performance we were getting out of it.

The initial setup is easy. It only takes 15-30 minutes to deploy.

I handled the implementation myself.

We use the private cloud deployment model.

I would advise others thinking of implementing the solution to be aware of what you have to do to, and to plan it out beforehand. The solution is not for everybody, but it's not difficult to set up or maintain.

I would rate the solution ten out of ten.

Our primary use case of this solution is for VPN connections. We are currently supporting an SAP company, which has many customers, and most customers need a site-to-site active set connection for maintaining the SAP systems. We currently have round about 200 VPNs.

The feature I find most valuable is that the program helped me to realize all the requested functionality that was needed:

- IPsec VPN connections to remote gateways from various Vendors

- IPsec VPN connections with SNAT (our local network in use at remote site)

- IPsec connections with DNAT (remote network in use at our local site)

- Let's Encrypt certificate for WebGUI

- SSH Access by Putty to the device

Something that needs to improve is the translation. This comes into play when you have a remote and a local site and you have to work with two different transfer networks for each direction. What I'm missing is user portal for downloading the configurations for SSL VPN clients. It's still not implemented so it seems that this product is still in a developing process. 

Sometimes it's a little difficult to find some examples for special scenarios. But we have to keep trying and I believe it is possible. It's quite a suitable possibility to use it for VPN connections.

The monitoring is a little complicated and I have tried to use a plug-in, but it's quite complicated to configure. I had to write my own script.

With the VPN solutions, it is possible  to cover up all the scenarios which we have. For instance, if you have a customer and your local network is already in use, you have to work with source nat. It is possible and it works. Another issue that customers sometimes have Networks, which are already in use on out local site. It means you have to work with a destination nat but it is possible to create. 

I would, therefore, like to see the monitoring of the firewall being easier to configure, or to have more templates for this so that you can download the configurations for each scenario and get more detailed descriptions like how all the available plug-ins are performing.

I am currently running it on Hyper-V and so far I have had no problems. It is currently stable enough.

We have 250 people in our company using this program who are able to run the SAP systems with side-to-side connections between the company and the customers. We have six people for deployment and maintenance. I am responsible for the networking. 

There is no technical team in the Netherlands, but so far I fixed my own issues by reading up on the internet.

We are using several VPN gateways. We are using our primary solutions in our company, making all the IT for the complete caller group. The caller group has around about 1,600 people in 10 companies. They are part of this group. We have one, main office and several branch offices.

We are using Juniper SSG Firewalls for Site2Site IPsec connections to customers and this Equipment is working really good. Unfortunately this devices will be running out og supprot soon, so we have to look for some alternatives.

The central equipment we use is Sophos UTM/SG and Sophos XG configured as high availability. The branch offices are connected by Sophos RED and we mainly use Sophos RED 50 with the AP 55 access points configured as WPA2 Enterprise. For central management, everything is managed in the main office. We are using SMTP proxy with anti-span and anti-virus on SG solutions. This is the only one that doesn't work because we have a problem in that our exchange users are too many, and there are too many accounts - this fact caused the Appache runnig out of ressources.

An example would be if you have one workstation with two smartphones, and each person has maybe three or four sessions opened on the exchange. If you have 1,400 accounts, you can reach 8,000 sessions. If the Appache message scoreboard is full is comming up, no further users can connect. We have contacted Sophos support to solve this but they were not able to do this - the only effect was a correction of the sizing guide from Sophos. 

The setup was straightforward and the only mistake you can make is not to log in at the installer during the setup. I made this mistake once and configured a lot of features. After doing this I could not save the configurations on a disc. Generally, it was quite easy to install and to configure. 

The initial deployment took about two hours but figuring out how it works in detail and to run a roundabout took two or three days. 

There are no licensing costs for OPNsense.

We had to evaluate other solutions because our primary solution was Juniper SRX, but we were not happy with the features. So we had no other choice and we were forced to look for something else. We use the Sophos XG firewall because we can configure it directly from Azure. 

We found the OPNsense solution interesting because there are no costs. In Azure, you only pay for the virtual machine. 

My advice would be to compare all the solutions because they all offer something different. Find out what's available and get a feeling for the product and look at the configurations on the firewall. 

In the next version, I would like a friendlier user interface where the users can look at and download the configurations for the OPNsense clients.

My rating for this solution is a seven out of ten.

I find the solution to be user-friendly. It has a lot of reports and easy settings.

On the customer-side, because I'm a small business, I need a cheaper or free solution option. 

To scale, you need a different package application. It's not compatible with pfSense. Maybe there should be a different package or a different setup, but it's a problem. I need a little package because I'm a small business.

It would be nice if the solution offered virtual servers in the future. Compatible mutual servers with firewall specifications.

I've been using the solution for 6 months.

The solution is stable. There are about 10 people using this solution.

This solution is scalable. I may scale in the future.

I don't contact technical support. I don't need to.

I compared pfSense vs OPNSense. I used to use pfSense. I switched because OPNSense is modern and new. The graphic interface is good. And sometimes pfSense is not stable. Sometimes it breaks the line and stops.

The initial setup was easy. Deployment took about one day, maybe two. I do the deployment and handle the maintenance myself, so you only need one person to manage it.

I did the implementation myself.

It costs about $1000.

I would rate this solution 10 out of 10.

Our primary use case for this solution is using it as a VPN to connect our data centers and our offices with Windows servers. 

Also, we use OPNsense as a general firewall for protocol warnings on IIS.

OPNsense has been useful. It's easy to use. We can open a new VPN connection easily. It's much easier than with Fortinet in our experience. It is open source licensed. 

Open source software operates well. It's a good product. It's what FortiGate was with licensing. You need new licenses for it now. OPNsense is much more flexible.

The feature that we found most valuable is the flexibility. It has nothing to do with operating the firewall. It's that we can program it the way we want. 

There is no need to fight with the user interface.

In our experience, OPNsense showed me some problems when using it in different environments. The problem is integration with a virtual server. 

In general, OPNsense is sweet, pretty, and neat. It's still in development. I expect the next release in the fall. Maybe they are going to polish it more.

I would love a buy a new VPN. We experience problems with the old one. In high variables, it shuts off. We want to switch to a new one.

With the stability of this solution, we have had no problems except with high availability when we switch remote machines on.

Sometimes, it disconnects the VPN. That's the only problem we have experienced so far.

We don't have too much traffic. With our traffic, it's working great. We don't expect to have a very big traffic load. Directly within our offices, maybe 20 or 30 people. 

For the internet server, they are using our service. We have people on 100 home VPN connections. The final users are in the thousands. We are using it in all our offices.

We only use OPNsense now. We migrated from FortiGate. We removed all FortiGate software. That is the only problem we had using the tool.

We did not require any help from the support team.

Previously, we used the Fortinet FortiGate switch because of the devices we have. They were limited to maybe 100-200 MB and were slowing down very drastically with Fortinet. 

For many different reasons and because I need to do IP implementation that was not very compatible with our VPN, we switched. Now we have no problem integrating the VPN. 

We switched to this open source solution and so far we are happy with it.

The initial set up was very easy. We had it working in one week or so. It was pretty fast.

We did the initial setup only by ourselves.

We are not paying any licensing fees. OPNsense is completely free for us.

We evaluated other products for defense similar to OPNsense. We weren't happy with the whole difference. We were happy with the company behind OPNsense. 

We will pay for OPNsense if required, but that is the main reason we chose it.

My first advice is to check the recommendations. They have online information to spec it out in general. OPNsense is a great tool for problem-solving with a VPN. It's very nice.

On a scale of one to ten, I would rate this product an 8. It still needs to mature. It's new, only two years or three in the market. They are doing great improvements. They still need to fix little things with the high availability and the user interface. That needs to be polished, but they are doing a great job.