OPNsense Reviews

I use OPNsense primarily for network security. It involves basic firewall operations and GeoIP location functionalities. I've got multiple versions running, some on hardware purchased and some on VPSs.

The most valuable features include the basic firewall functionality and the GeoIP location services. OPNsense is very stable, easy to upgrade, and maintain. I can work efficiently, knowing it does what it needs to do.

OPNsense should improve its performance in handling large volumes of voice traffic. It needs more support for Vigoroute and extensive VPN technologies. Enhancing its performance for significant amounts of data traffic would make it closer to a perfect solution.

I've been working with OPNsense for about five years.

I rate OPNsense's stability as very high. I would give it a nine out of ten. The only challenge faced was its inadequacy to manage large voice traffic effectively, even with dedicated hardware. It couldn't keep up with the packet per second for voice load, requiring a revert in our setup.

OPNsense struggles to handle large volumes of voice traffic, indicating scalability issues in that specific use case.

I haven't used technical support. I rely on forums and manage the setup independently.

The only other similar product I can compare is FortiGate. Overall, I find OPNsense more user-friendly.

I consider the pricing of OPNsense to be high when compared with other market products. However, as a free firewall product, it is one of the best available currently.

I only evaluated FortiGate alongside OPNsense, as they are the two offerings from my company.

For small to medium businesses, I recommend OPNsense. I'd rate it eight point five out of ten.

I mostly rely on the solution's network intrusion detection and prevention system, along with other systems, CMs, and log management. We are currently satisfied with the solution's threat intelligence. It's a pretty much in-house developed solution because it's in a Wazuh server. We have several scripts around it, allowing us to improve our posture on threats.

SD-WAN (software-defined wide area network) is integrated into some restricted service providers for OPNSense.

I pretty much like the solution's APIs, but it's somehow limited. I would like the APIs to be more mature and more developed and have more options to automate threat hunting. Also, I would like to see more drill-down possibilities.

We have to rely on specific hardware for the in-depth analysis of NetFlow. Although we have an interface on OPNsense, it's not as easy to use on the security side as other solutions.

I have been using OPNsense since 2016.

I rate the solution ten out of ten for stability.

OPNsense is an extremely scalable solution. I played on one network with CARP, and I was pretty happy with what I achieved there.

Before OPNsense, we worked with the Cisco ASA 5505 product for three years. Although it included the FirePOWER part, it was quite a poor experience.

OPNsense has helped reduce the speed of threat detection and containment from 50 minutes to 15 minutes.

I have quite a background in Berkeley Software Distribution (BSD) systems. I was looking into BSD, especially for the packet filter side. While evaluating, OPNsense was the most solid solution. I was also considering pfSense as my first option, but it is not so strong on the file system side.

OPNsense is a strong and solid solution that is easy to interact with. I don't see much on the new generation of firewalls, and only a few solutions are available for OPNsense. OPNsense handles network traffic much faster during peak loads because it's on dedicated hardware. I would recommend OPNsense when no specific topic prevents me from recommending OpenSense.

Overall, I rate the solution an eight out of ten.

The tool's integration is more like a button press. 

pfSense has better performance and quicker updates.

I have been working with the product for six months. 

The tool is more stable than pfSense because it has the drivers for my network card, Realtek. I didn't know at the time because manufacturers sometimes don't advertise what network cards they come with. I bought a computer with Realtek, and pfSense says immediately, out of the box, that it doesn't work with Realtek cards. OPNsense is the same, but it does have a way of installing the Realtek drivers, which gives you a lot more stability overall on the system.

I didn't contact the tool's technical team yet. 

The tool's deployment is easy. Apart from Cisco firewalls and Fortinet, if we talk about Untangle, pfSense, OPNsense, and so on, they are fairly quick to set up. It's not something you spend too much time on. It's a firewall, so you can spend months tweaking the system. If you know what you're doing, you can spend forever on logs, checking and tweaking the system because there's always a new update or feature coming up. Then you start playing with them, tweaking settings, checking logs, blocking or unblocking different things.

You can stay in that loop forever. But for a startup, the initial configuration is fairly easy and quick. It can be completed in 30 minutes. 

I've used the free version. My computer with two network cards at home allows me to try as many different software options as I want. I did pay for the license, but it was for the Zenarmor license, which is the packet inspection tool. They use AI for packet inspection, which integrates with OPNsense and pfSense.

I'm not using OPNsense at the moment. I work with many different technologies and keep testing various setups. Currently, I've gone fully customized. I'm using a Linux server configured as my router and firewall, and I'm using Zenarmor for packet inspection.

This setup allowed me to easily configure SSL VPN and port forwarding for specific ports, which isn't as straightforward with other systems. I've tried several, including Untangle, pfSense, and OPNsense, but found them somewhat restrictive.

OpenSense is quite good. I like it. It has many services and is somewhat similar to the WatchGuard system. I honestly have no complaints; it was a very good experience. It's easy to set up, especially if you know what you're doing. It also offers a nice library of add-ons.

However, if you have appliances with Intel network cards, I would probably go for pfSense instead. Firmware updates and other updates come a bit faster, making it a more reliable service than OPNsense. 

Everything that comes up on OPNsense appears first on pfSense. Some features are not yet available on OPNsense, and they haven't announced a release date. However, I'm confident they will eventually release these features, as they have previously done.

Ultimately, choosing between pfSense and OPNsense is more of a personal preference since they are very similar. Both are FreeBSD systems, operating in similar situations and offering comparable functionality.

Now, I'm just using a Linux server. I can monitor the system, reboot the card, install Apache, and redirect web servers within my home directly to the firewall. This eliminates the need for third-party boxes or other connected computers, allowing me to do everything in the same box. It gives me a lot more freedom.

That's the main reason I stopped using the other systems. I used OPNsense for about six months, which shows I've tried various solutions to find the best one. Despite all the good things I'm saying about OPNsense, I did stay with it longer than pfSense.

I traveled to China, so I used my home as my VPN instead of paying for one. They block VPN services in China, so I was using OpenVPN at home. OpenVPN is a known service, but it gets blocked there. The only way to do it was through SSL VPN, which worked fine. But, talking about OPNsense, everything was working fine. I had no problems. I just had to move away because I needed to use port 443 for something else on my web server, and I can't have a web server together with other stuff. It's a bit more complicated to configure because I use Nginx and Apache, too. You can install these tools on OPNsense, but I found it more complicated than just going onto the command line and doing it.

If you want to use something like OPNsense for FreeBSD, use pfSense instead. Unless, obviously, like me, the person in question has some hardware incompatibility with pfSense. Only then would I go for OPNsense. Because, I mean, they're the same systems, but pfSense is a bit better in terms of overall performance, and security updates come quicker and more often.

I rate the overall product an eight out of ten. 

The primary use case is managing security and commercial network traffic.

The DNS-level filtering is impressive for thwarting time scanners. The VPN functionality is also crucial for my needs, as I connect to multiple locations simultaneously. Running the CBN server on the VPN is exceptionally reliable and efficient.

The interface is user-friendly, but there's room for improvement in terms of intuitiveness. The bundle management aspect requires additional attention to make it more intuitive, especially for inspecting high-level traffic. This is crucial, especially for larger companies where the existing features might not be the most optimal choice, given limitations like printer constraints. For high availability, it's crucial to have a method in place where a designated component oversees the entire process. Given that OPNsense plays a pivotal role as a firewall, safeguarding against various threats, having a reliable backup ensures uninterrupted protection even if unforeseen events impact the primary virtual machine. It would be beneficial if OPNsense supported additional virtualization platforms like Hyper-V from Microsoft and VMware, similar to how Kaspersky has integrated them.

I have been working with it for approximately six months.

It usually demonstrates a high level of stability, with some minor challenges. I would rate it nine out of ten.

During the installation process, there were some limitations, but it was generally fine for specific tasks. Aside from these aspects, it demonstrated good scalability. I would rate it eight out of ten.

I haven't come across a dedicated support page. I've never had to use it, and generally, with open-source solutions like OPNsense, there's an assumption that there isn't an official support team, unlike proprietary options such as SysTrack, Sophos, or FortiGate.

I would rate the initial setup as seven out of ten because sometimes we are facing issues, particularly with IP addressing. It takes a couple of hours to navigate and make the necessary preparations. Given that OPNsense is open-source, there isn't official support available at the moment, which adds an extra layer of complexity to issue resolution.

Initially, I activated Hyper-V and downloaded the installation file. The setup process was straightforward but not entirely seamless. The installation itself took around fifteen minutes, but there was a hiccup during the assignment of IP addresses, particularly for WAN and LAN. OPNsense can function both as a production machine and an operating system, but for the latter, a server with two network cards is required—one for WAN and one for LAN.

It is a free solution, and when you compare it to alternatives like FortiGate, which is quite powerful but also costly, the value becomes evident. Even with options like Sophos, where responsiveness might not be as high as FortiGate, the significant cost factor still applies. The contrast in functionality and the price difference makes OPNsense an attractive option, providing all the necessary features without the hefty price tag associated with some commercial solutions.

It's crucial to have a firewall solution that aligns seamlessly with an open-source approach. Connecting it twice allows for a comprehensive understanding of the network, analyzing factors such as traffic volume, technical specifics, and the nature of inbound and outbound traffic. This step is paramount in selecting the right firewall, considering it provides a holistic view of the network's dynamics. Overall, I would rate it seven out of ten.

The most valuable feature is the Dual WAN in OPNSense, which offers advanced capabilities. It has cost-effective communication options and the flexibility to deploy on your hardware. I like the security aspects, particularly through package managers. It allows for subscription-based enhancements, providing an additional layer of security to the network.

I would like better documentation concerning the provided packages and their integration. Improved guidance on package usage and integration beyond relying on external tutorials or community support would be beneficial. Additionally, having community support available for the free edition, which is suitable for home users, would be valuable.

I have been using the solution for the past two months.

The solution is stable. I rate it an eight out of ten.

In terms of scalability, I rate it around eight out of ten because it excels in handling various tasks. Beyond security features, it supports routing, VPN setups, and traffic monitoring with additional packages like Snort and Suricata. This flexibility allows for a wide range of functionalities. I have 200 users for the solution.

The initial setup was straightforward for me. It took me approximately two days to set up the system initially. Subsequently, I began testing by progressively increasing the number of connections, deploying it through the unified features, and carefully monitoring specific ports while observing how it handles DHCP releases, IPs, and overall traffic. This process extended over about a week.

To begin the initial setup, you need to search for and download the ISO to initiate the process, followed by a two-step procedure. Afterwards, you proceed with command-line configurations, including setting up IP addresses. Once this initial phase is complete, navigation through the graphical user interface (GUI) becomes more straightforward. However, certain commands and configurations may still pose challenges. I rate it a seven out of ten.

I would rate the pricing a nine out of ten, especially considering the availability of a free community edition. This makes it an excellent solution for small businesses, home use, or scenarios with around fifty connections or computers.

I have worked with MikroTik and Ubiquiti Networks EdgeRouter.

I would recommend testing the solution. It’s good for security features. For the community version of the solution, I rate it an eight out of ten.

I'm using it as a proxy in several scenarios.  

There are a lot of features I like. One of the most valuable features is the network checking. Additionally, the firewall and web filtering functionalities are highly useful.

There are some add-ons that need enhancements to make management easier for users, especially the reporting features. Some reports don't show the level of detail I'm looking for, and I've had trouble installing certain add-ons, especially for Internet bandwidth shaping within my company. So, this is an area of improvement for me. 

I have been using OPNsense for more than six years. I currently use the latest version.

I would rate stability a seven out of ten. I've encountered some instability after a recent update.

It just doesn't respond, so I have to restart it over and over again to try to figure out what the problem is. I haven't been able to find the problem yet.

I would rate the scalability a nine out of ten. There is room for improvement.

In my organization, there are 400 users, and OPNsense serves as our gateway and proxy for all of them. Therefore, all the users go through the gateway. 

The initial setup is very easy. The installation just takes minutes, but setting up everything may take a couple of hours.

It's reasonably priced. It's not expensive.

Overall, I would rate the solution an eight out of ten. I just want to say that it's the best open-source firewall. Strongly recommended.

The primary use case of OPNsense for me is VPN and firewall rules.

URL blocking, Wireguard, Tail Scale, Engine Blocker, and VPN are the most valuable features for me.

There is room for improvement in SSL inspection because that's where OPNsense, the open-source firewall software, just doesn't work well. So, I really use it for inspection.

I have been using this solution for five years. I am using the latest version now.

It is a pretty much stable solution. I rate it an eight out of ten. I haven't experienced much complexity with stability. Mostly there are a lot of false positives when the firewall is on. The inspection may not be very good compared to CSP4 Fortinet. But other than that, it's okay because I really like the user interface for business purposes. We can do all things through GUI, and things come in line.

It's very flexible and scalable, and I would rate the scalability an eight out of ten. It can adapt to changing needs easily. Around twenty customers are currently using OPNsense.

I haven't contacted customer support. I usually resolve any issues through online forums and the community web page.

I have experience with Cisco as well. I moved to OPNsense because it is free.

The initial setup is pretty straightforward. The deployment process took three to four hours. When I install OPNsense on the premises, I usually allow everything; after that, I go to one location. I work remotely on that firewall or VPN, so the first step is to put it online and remotely access the VPN server or firewall there. After that, I installed and configured it while working remotely.

I'm an integrator, so I mostly use OPNsense for VPN purposes and firewalls, and I use a couple of plugins for web blocking, and that's it. Only one person is required for deployment and maintenance; therefore, I handle all the deployment and maintenance.

I haven't used any licensed operations. But when companies get bigger, they'll probably need a license model. The old companies where I have worked with OPNsense were small.

I would suggest using OPNsense because there's no cost and a good interface. You don't need to use the command line to configure anything like on Cisco; sometimes, you don't need all the technical knowledge to operate OPNSense. Additionally, you have good community support.

Overall, I would rate the solution a nine out of ten.

It is a firewall.

The VPN has helped us a lot. 

It has firewall and VPN capabilities, which are very valuable features.

The scalability needs improvement.

I have been working with OPNsense for the past five years. 

I would rate the stability a six out of ten because we've encountered issues with OPNsense when establishing a side-to-side VPN using IPSec.

I would rate the scalability a five out of ten. 

The configuration and access VPN functionality in OPNsense are satisfactory and work well. Currently, I prefer using Azure Firewall for my firewall needs, even though it might not be the absolute best option. My preference is due to a lack of experience with other Windows-based solutions.

The deployment process takes almost an hour. The installation process involves several steps. First, you need to install the software. Then, configure the interfaces as needed. After that, establish the necessary rules for the software to function correctly. Finally, configure the VPN settings to ensure secure communication. I rate the solution a seven out of ten. 

I would rate the pricing a three out of ten. 

It's easy to configure, and it's good. I rate it a seven out of ten.