OPNsense® Firewall/Router/VPN/IDPS

My main use case for OPNsense  is as a firewall on-premises.

Using OPNsense  in my work environment, it serves as the first line of defense. I'm using it for filtering, using my own repository and Dnsmasq to filter unwanted websites. I'm using it as an SD-WAN, as an IPS, intrusion prevention software, and as a next-gen firewall.

As the first line of defense of my network, OPNsense firewall acts effectively, helping me reduce the number of attacks that my network suffers or has been impacted by a huge percentage. Due to its openness and because it's free, and it's a next-gen firewall, it can go up to the application layer to protect my network, which is very good and unique compared to traditional firewalls.

OPNsense is deployed on-premises in my organization.

In my opinion, the best features OPNsense offers are that it's open source, so it can be implemented in whatever scope or environment that I need. I just need to scale the hardware for that environment and I don't have to pay a license, perpetual or renewal.

The open-source aspect and flexibility of OPNsense have helped me significantly, especially due to the difference in the currency exchange rate here in Egypt, where the licensing and budgeting for IT infrastructure is very hard right now due to the high cost of the products in the Egyptian currency. Most companies see that the IT department is a consuming department, not one that's bringing money, with the ROI being an improvement in SLAs in a few percentages. We have a tight budget in Egyptian pounds, so when we get stuck because the budget has ended, we have to prefer open-source solutions to save budget, and here the open source can rise and shine. I don't need the license, so I will save cost in my budget that I can use in another product that doesn't have any alternative.

People sometimes overlook that OPNsense is modular, and that you can install plugins to improve it. You don't have to use it bare-metal OPNsense releases; it's modular, and you can add whatever plugin or features that you need to be added.

OPNsense can be improved by making it more user-friendly, as its current UI is not that user-friendly when compared to paid software such as Sophos. Sophos has a free version that is very limited, but OPNsense could be fantastic if this point is addressed correctly.

I have been using OPNsense for a couple of years.

OPNsense is stable.

OPNsense's scalability is excellent; I just need to resize my hardware and upgrade the server, and voilà, I am good to go.

OPNsense is open source, so you have to rely on the community for customer support.

Neutral

I previously used Sophos Home , but I switched because it's very limited.

My experience with pricing, setup cost, and licensing for OPNsense has been very positive since it is open source, reducing the cost of licensing. I don't need to license the software as it's free, and I can also scale the hardware, which cost me around 30,000 Egyptian pounds, less than a thousand dollars for used servers. This initial cost just required purchasing the server and installing the open-source software, reducing the amount of money needed for an enterprise firewall.

I have seen a return on investment as I saved a chunk of money, nearly $100,000, needed for licensing for an enterprise firewall such as FortiGate  or Sophos.

We saved up to half a million Egyptian pounds, which is nearly $100,000 yearly on licensing or subscription using this kind of software. This saved a huge amount of money, and the network attacks reduced by approximately 60% after using that, even without customizing the custom configuration yet. Currently, I'm working on custom configuration.

Before choosing OPNsense, I evaluated pfSense, but pfSense is maintained by Netgate, which has filed for bankruptcy, so it's considered legacy and not fit for the modern network. OPNsense is a good option.

I rate OPNsense 8 out of 10. It is a straightforward product that has nothing crazy to do with it.

My advice for others looking into using OPNsense is to get creative.

My company does not have a business relationship with this vendor, as we are just customers.

On-premises

My main use case for OPNsense  is that it is my home firewall for my home lab.

A quick specific example of how I use OPNsense  in my home lab is that I use VLANs, so I have different networks or sub-networks inside my home network, and the VLAN inside of OPNsense allows me to keep them isolated.

I have added some firewall rules to allow different devices to talk to different subnets regarding how I'm using OPNsense in my home lab.

The best features OPNsense offers include the VLANs that work spotlessly, and I feel very secure in my network because of it. It was relatively easy to set up, though I think a better wizard would help out.

One of the things I appreciated about the VLANs is that I can have a Wi-Fi VLAN and feel secure that the server network or the VM network that I have on a different VLAN are isolated, and they cannot talk to one another, which adds a great level of security.

OPNsense has positively impacted my organization and home lab through its security features, though it's hard to quantify as I don't pay enough attention to the logs to see what it's stopping from an outside perspective. It's actually sitting behind my modem from my ISP and I'm not in bridge mode.

OPNsense definitely gives me peace of mind and helps my workflow because of the network isolation. I can have multiple subnets without having to worry about one affecting the other.

OPNsense could be improved with a better wizard, as when I first installed it, it seemed difficult to know where to go. I had to watch a couple of YouTube videos on it, so having better videos sponsored by OPNsense might be helpful.

It would be beneficial if they could create some videos on how to set it up themselves.

I have been using OPNsense for about two years now.

OPNsense is stable for me.

OPNsense's scalability in my experience is very scalable, and I've been able to generate multiple VLANs without seeming to have any degradation.

I had not previously used a different solution for my firewall; this was the first one I tried.

Unfortunately, I have not seen a return on investment with OPNsense; I don't keep track of that, beyond the sense of saying that for a very little investment, I was able to increase the security of my network.

My experience with pricing, setup cost, and licensing is that since OPNsense is free, the licensing and setup was easy, and honestly, it's great for the price.

Before choosing OPNsense, I did evaluate other options, specifically I looked at pfSense first.

The advice I would give to others looking into using OPNsense is to absolutely go play with it. For little cost, if you have an extra machine around that you can test it out on, test it out. I'm running it on a low-end mini PC with multiple network interfaces and it works great.

I would say that OPNsense is one of those technologies, a firewall that if you're not playing with, you should, just to keep your skills up and to secure your home network.

On a scale of 1-10, I rate OPNsense an 8.

On-premises

I am a Sales Engineer working for a consulting company. I use OPNsense  to take my lab environment on the road for demos. Initially, I built it to bring my demos from my own lab. Although the company has a lab, putting an OPNsense  firewall in there worked better because it was a colo. I run it both bare metal and virtualized, and in some cases, I do both.

The main features I find valuable are ease of use, code stability, and the ability to add features such as Zenarmor, which provides fourth-generation firewall capabilities with deep packet inspection. Additionally, integrating solutions like Tailscale  for VPN is very valuable for my uses.

They are trying to augment reporting with Grafana  dashboards. Some of those integrations could be improved to work better with Grafana .

I have used the solution for about four years.

The solution is extremely stable. At the latest code level, I haven't experienced any crashes. Initially, there were some performance issues with earlier versions, but it is very stable now.

So far, scalability has been good. I use Zenarmor, pinning it to one core for packet inspection, and the CPU performance seems very good. My use cases don’t drive a ton of bandwidth, but I’m looking at some AI applications that may increase that dramatically, and that's where we will test scalability.

The support is good. I mainly rely on community support since the solution is open source. I haven't had to open many tickets, just one or two under the Pro license.

Neutral

The initial setup was very straightforward. It took about an hour the first time, but I could probably do it in five minutes now.

There are dramatic operational impacts compared to Check Point and FortiNet.

The pricing is competitive when compared to vendors like Palo and FortiNet.

I have experience with FortiNet and Palo Alto network solutions.

Overall, I would rate OPNsense as nine out of ten. The ability to deploy easily and leverage fourth-generation features adds significant value, especially with Zenarmor.

On-premises

I use OPNsense  primarily for network security. It involves basic firewall operations and GeoIP location functionalities. I've got multiple versions running, some on hardware purchased and some on VPSs.

The most valuable features include the basic firewall functionality and the GeoIP location services. OPNsense  is very stable, easy to upgrade, and maintain. I can work efficiently, knowing it does what it needs to do.

OPNsense should improve its performance in handling large volumes of voice traffic. It needs more support for Vigoroute and extensive VPN technologies. Enhancing its performance for significant amounts of data traffic would make it closer to a perfect solution.

I've been working with OPNsense for about five years.

I rate OPNsense's stability as very high. I would give it a nine out of ten. The only challenge faced was its inadequacy to manage large voice traffic effectively, even with dedicated hardware. It couldn't keep up with the packet per second for voice load, requiring a revert in our setup.

OPNsense struggles to handle large volumes of voice traffic, indicating scalability issues in that specific use case.

I haven't used technical support. I rely on forums and manage the setup independently.

The only other similar product I can compare is FortiGate . Overall, I find OPNsense more user-friendly.

I consider the pricing of OPNsense to be high when compared with other market products. However, as a free firewall product, it is one of the best available currently.

I only evaluated FortiGate  alongside OPNsense, as they are the two offerings from my company.

For small to medium businesses, I recommend OPNsense. I'd rate it eight point five out of ten.

What do you like best about the product?

the thing which i liked using OPNsense it has very good contenet filtering and from my seniors i have heard it is very cost effective to our company also in my personal use i have seen it has good authentication but in the first place it has good user friendly interface also it has a good performance response time is very good also i am using this like everday .

What do you dislike about the product?

there are not much dislike here but one thing i wants to point out is initial setup is quite difficult if you are not aware of much of the tech also for personal use i was going through the documentation but it was not much of help full

What problems is the product solving and how is that benefiting you?

it has good network security without connecting to this i cant access my company contenet which is very good idea so that some how if some has my laptop with out connecting to OPNsense they cant access the content also as i have mentioned earlier it is cost effective it has good web filtering like my organisation doesnt allow us to open our personal gmail in company laptop so we cant access all thanks to OPNsense