Sold by: OPNsense
Deployed on AWS
Free Trial
AWS Free Tier
High-end security made easy™
Overview
OPNsense is the fastest growing open-source security platform with an Open Source Initiative (OSI) approved 2-clause or simplified BSD license. Its feature set is extensive and ranges from router/firewall to inline intrusion detection and prevention.
It is the only open-source product that comes with the highly valued Proofpoint® ET Pro ruleset at no cost in the form of the ET Pro Telemetry edition.
The project is defined by its innovation through modularisation and hardening, simple and reliable firmware upgrades, multi-language support, hardened security, fast adoption of upstream software updates as well as a large and friendly community.
Optionally instances can be upgraded with the Business Edition using a separate licence available from shop.opnsense.com, volume options are also available.
Highlights
- Fully featured stateful Inspection Firewall with advanced routing features, including various dynamic protocols such as OSPF and BGP (pluggable)
- Various proven VPN technologies, such as OpenVP, IPsec and Wireguard which helps to secure your cloud infrastructure
- Inline Intrusion Detection and Prevention including high quality rulesets from Proofpoint (ET Open, ET Pro [Telemetry], depending on license)
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
FreeBsd OPNsense® 25.1
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free for 30 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
m4.large Recommended | $0.12 |
t3.micro AWS Free Tier | $0.04 |
t2.micro AWS Free Tier | $0.04 |
c3.2xlarge | $0.16 |
d2.4xlarge | $0.24 |
i3.large | $0.08 |
t2.small | $0.04 |
c5n.metal | $0.32 |
d2.2xlarge | $0.16 |
m5zn.metal | $0.32 |
Vendor refund policy
Hourly users can stop using the service at any time without additional costs, cancellation within 48 hours warrants a full refund
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Additional details
Usage instructions
After deployment, ssh and https are enabled by default. To access the instance using https use a recent webbrowser.
The default username for your instance is : ec2-user (both ssh and https)
We advise to setup an initial password in the "User data" which can be found in the "Advanced Details" of Step 3 during installation, make sure to select "as text" for the input method. The format for this data is as follows: password=mypasssword
When omitting a password, one will be automatically generated, which will be visible in the "System Log" (Get System Log option of the instance). Please note that EC2 images often need some time to flush the content of the system log, when presented empty, wait for a minute and try again. A random root password will also be generated and visible from the same log.
SSH access uses the key provided during installation, the ec2-user should be used as username (e.g. ssh -i my_delivered_ssh_aws_key ec2-user@my-host-at-ec2).
Resources
Vendor resources
Support
Vendor support
Commercial support at hourly rates
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By OPNsense
By Lightning Wire Labs
Top
50
In Network Infrastructure, Operating Systems
Top
100
In Network Infrastructure, Security
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Network Security Filtering
Fully featured stateful inspection firewall with advanced routing capabilities supporting dynamic protocols like OSPF and BGP
VPN Technologies
Multiple proven VPN technologies including OpenVPN, IPsec, and Wireguard for secure network connectivity
Intrusion Detection System
Inline intrusion detection and prevention system with high-quality rulesets from Proofpoint
Open Source Architecture
Modular platform with BSD license supporting multi-language interfaces and frequent software updates
Security Platform Extensibility
Pluggable architecture allowing dynamic protocol integration and system customization
Firewall Capabilities
Advanced stateful packet inspection with GeoIP blocking, anti-spoofing, and time-based rule configurations
Network Security
Comprehensive IDS/IPS with Snort-based packet analyzer, deep packet inspection, and multi-layer threat prevention
VPN Infrastructure
Multi-protocol VPN support including IPsec, OpenVPN, and WireGuard with SSL encryption and split tunneling
Network Routing
Concurrent IPv4/IPv6 support with policy-based routing, static routing, and network prefix translation capabilities
Network Services
Dynamic DNS, DHCP server, DNS forwarding and filtering with comprehensive network management interfaces
Network Security
Advanced firewall with Intrusion Detection and Prevention System capabilities
Web Traffic Management
Powerful web proxy with integrated content filtering functionality
Network Connectivity
Supports VPN connections between cloud regions and on-premise infrastructure
Traffic Optimization
Quality of Service (QoS) mechanisms for network performance management
Logging and Monitoring
Comprehensive logging and reporting system for network traffic and security events
Standard contract
No
No
No
Customer reviews
3
6 ratings
6 AWS reviews
|
20 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
Stephen Zoran
Offers seamless deployment and feature-rich experience with deep packet inspection
Reviewed on Apr 29, 2025
Review provided by PeerSpot
What is our primary use case?
I am a Sales Engineer working for a consulting company. I use OPNsense to take my lab environment on the road for demos. Initially, I built it to bring my demos from my own lab. Although the company has a lab, putting an OPNsense firewall in there worked better because it was a colo. I run it both bare metal and virtualized, and in some cases, I do both.
What is most valuable?
The main features I find valuable are ease of use, code stability, and the ability to add features such as Zenarmor, which provides fourth-generation firewall capabilities with deep packet inspection. Additionally, integrating solutions like Tailscale for VPN is very valuable for my uses.
What needs improvement?
They are trying to augment reporting with Grafana dashboards. Some of those integrations could be improved to work better with Grafana .
For how long have I used the solution?
I have used the solution for about four years.
What do I think about the stability of the solution?
The solution is extremely stable. At the latest code level, I haven't experienced any crashes. Initially, there were some performance issues with earlier versions, but it is very stable now.
What do I think about the scalability of the solution?
So far, scalability has been good. I use Zenarmor, pinning it to one core for packet inspection, and the CPU performance seems very good. My use cases don’t drive a ton of bandwidth, but I’m looking at some AI applications that may increase that dramatically, and that's where we will test scalability.
How are customer service and support?
The support is good. I mainly rely on community support since the solution is open source. I haven't had to open many tickets, just one or two under the Pro license.
How would you rate customer service and support?
Neutral
How was the initial setup?
The initial setup was very straightforward. It took about an hour the first time, but I could probably do it in five minutes now.
What was our ROI?
There are dramatic operational impacts compared to Check Point and FortiNet.
What's my experience with pricing, setup cost, and licensing?
The pricing is competitive when compared to vendors like Palo and FortiNet.
Which other solutions did I evaluate?
I have experience with FortiNet and Palo Alto network solutions.
What other advice do I have?
Overall, I would rate OPNsense as nine out of ten. The ability to deploy easily and leverage fourth-generation features adds significant value, especially with Zenarmor.
Which deployment model are you using for this solution?
On-premises
reviewer1027455
Enhancing network security with reliable firewall functionality and GeoIP features
Reviewed on Nov 15, 2024
Review provided by PeerSpot
What is our primary use case?
I use OPNsense primarily for network security. It involves basic firewall operations and GeoIP location functionalities. I've got multiple versions running, some on hardware purchased and some on VPSs.
What is most valuable?
The most valuable features include the basic firewall functionality and the GeoIP location services. OPNsense is very stable, easy to upgrade, and maintain. I can work efficiently, knowing it does what it needs to do.
What needs improvement?
OPNsense should improve its performance in handling large volumes of voice traffic. It needs more support for Vigoroute and extensive VPN technologies. Enhancing its performance for significant amounts of data traffic would make it closer to a perfect solution.
For how long have I used the solution?
I've been working with OPNsense for about five years.
What do I think about the stability of the solution?
I rate OPNsense's stability as very high. I would give it a nine out of ten. The only challenge faced was its inadequacy to manage large voice traffic effectively, even with dedicated hardware. It couldn't keep up with the packet per second for voice load, requiring a revert in our setup.
What do I think about the scalability of the solution?
OPNsense struggles to handle large volumes of voice traffic, indicating scalability issues in that specific use case.
How are customer service and support?
I haven't used technical support. I rely on forums and manage the setup independently.
Which solution did I use previously and why did I switch?
The only other similar product I can compare is FortiGate . Overall, I find OPNsense more user-friendly.
What's my experience with pricing, setup cost, and licensing?
I consider the pricing of OPNsense to be high when compared with other market products. However, as a free firewall product, it is one of the best available currently.
Which other solutions did I evaluate?
I only evaluated FortiGate alongside OPNsense, as they are the two offerings from my company.
What other advice do I have?
For small to medium businesses, I recommend OPNsense. I'd rate it eight point five out of ten.
Karan S.
Mon expérience avec OPNSense
Reviewed on Oct 17, 2024
Review provided by G2
Qu'aimez-vous le plus à propos de the product?
la chose que j'ai aimée en utilisant OPNsense, c'est qu'il a un très bon filtrage de contenu et d'après mes supérieurs, j'ai entendu dire qu'il est très rentable pour notre entreprise. également, dans mon utilisation personnelle, j'ai constaté qu'il a une bonne authentification, mais en premier lieu, il a une interface conviviale. aussi, il a une bonne performance, le temps de réponse est très bon. également, je l'utilise comme tous les jours.
Que n’aimez-vous pas à propos de the product?
il n'y a pas beaucoup de choses à ne pas aimer ici, mais une chose que je veux souligner est que la configuration initiale est assez difficile si vous n'êtes pas très au courant de la technologie. aussi, pour un usage personnel, je parcourais la documentation, mais elle n'était pas très utile.
Quels sont les problèmes que the product résout, et en quoi cela vous est-il bénéfique?
il a une bonne sécurité réseau sans se connecter à cela je ne peux pas accéder au contenu de mon entreprise ce qui est une très bonne idée donc si quelqu'un a mon ordinateur portable sans se connecter à OPNsense il ne peut pas accéder au contenu aussi comme je l'ai mentionné plus tôt c'est rentable il a un bon filtrage web comme mon organisation ne nous permet pas d'ouvrir notre gmail personnel sur l'ordinateur portable de l'entreprise donc nous ne pouvons pas accéder à tout grâce à OPNsense
Suraj K.
notre réseau
Reviewed on Sep 23, 2024
Review provided by G2
Qu'aimez-vous le plus à propos de the product?
OPNsense a une interface web conviviale, ce qui le rend facile à utiliser même pour les personnes qui ne sont pas très techniquement compétentes. La plateforme reçoit des mises à jour régulières, garantissant que les problèmes de sécurité sont corrigés rapidement et que de nouvelles fonctionnalités sont ajoutées. Le support client est bon et toujours disponible pour assistance.
Que n’aimez-vous pas à propos de the product?
Actuellement, nous ne faisons face à aucun défi. Tout va bien.
Quels sont les problèmes que the product résout, et en quoi cela vous est-il bénéfique?
Auparavant, nous faisions face à un défi de sécurité, tel que l'ouverture de sites web inconnus. Après avoir mis en place ce pare-feu, nous pouvons bloquer les sites web inconnus (sites HTTP) et également autoriser ou bloquer des sites web selon nos besoins.
Chirosca Alecsandru
Provides good network intrusion detection and prevention
Reviewed on Jul 26, 2024
Review provided by PeerSpot
What is most valuable?
I mostly rely on the solution's network intrusion detection and prevention system, along with other systems, CMs, and log management. We are currently satisfied with the solution's threat intelligence. It's a pretty much in-house developed solution because it's in a Wazuh server. We have several scripts around it, allowing us to improve our posture on threats.
What needs improvement?
SD-WAN (software-defined wide area network) is integrated into some restricted service providers for OPNSense.
I pretty much like the solution's APIs, but it's somehow limited. I would like the APIs to be more mature and more developed and have more options to automate threat hunting. Also, I would like to see more drill-down possibilities.
We have to rely on specific hardware for the in-depth analysis of NetFlow. Although we have an interface on OPNsense, it's not as easy to use on the security side as other solutions.
For how long have I used the solution?
I have been using OPNsense since 2016.
What do I think about the stability of the solution?
I rate the solution ten out of ten for stability.
What do I think about the scalability of the solution?
OPNsense is an extremely scalable solution. I played on one network with CARP, and I was pretty happy with what I achieved there.
Which solution did I use previously and why did I switch?
Before OPNsense, we worked with the Cisco ASA 5505 product for three years. Although it included the FirePOWER part, it was quite a poor experience.
What was our ROI?
OPNsense has helped reduce the speed of threat detection and containment from 50 minutes to 15 minutes.
Which other solutions did I evaluate?
I have quite a background in Berkeley Software Distribution (BSD) systems. I was looking into BSD, especially for the packet filter side. While evaluating, OPNsense was the most solid solution. I was also considering pfSense as my first option, but it is not so strong on the file system side.
What other advice do I have?
OPNsense is a strong and solid solution that is easy to interact with. I don't see much on the new generation of firewalls, and only a few solutions are available for OPNsense. OPNsense handles network traffic much faster during peak loads because it's on dedicated hardware. I would recommend OPNsense when no specific topic prevents me from recommending OpenSense.
Overall, I rate the solution an eight out of ten.