Reader supplied reviews for OPNsense
8.8from 21 review(s)
Very nice firewall and has matured quite a lot since it forked from its source. Very stable and some neat standout differentiating features like:
*Built in Suricata IDS (with snort as a plugin)
*Two-factor authentication (2FA)
*Slick modern UI that lets you do virtually everything via the Web GUI
*Fast Phalcom framework rewrite of the entire Web GUI
*Amd64 support (AES-NI not required!)
*i386 support for older devices.
*Refactored to be more secure
*OpenSSL or LibreSSL support
I like the fixed release schedule: two major releases a year and weekly security patches. Helps me manage upgrade planing. The community is also very active and friendly.
Switched from EdgeRouter to OPNsense and quite happy.
OPNSense is one of the best firewalls I have seen out there. It even supports virtualization which is great for virtual network security layering. My company uses XCP-ng which is another fine product however back to the point, OPNSense plays very nicely with it virtually. There is one glitch I have found that can crash some hardware setups. Sometimes you must turn off the TOS engine in it for networking to flow well. I love the interface compared to PFSense. I used to be a PFSense user until they cut support for nanobsd devices. As a network administrator I can tell you it is much easier to manage. I had to overcome the challenges of updating with PFSense, with every update something would go wrong and part of the firewall would no longer function (plugins wise). Things like pfblocker and snort would stop working and need to be MANUALLY uninstalled, reinstalled, and then reconfigured. Imagine doing that with 50 firewalls. NOT FUN!! Imagine those firewalls guarding emails and websites......EVEN MORE....NOT FUN!!
These guys have done a wonderful job and forum support is easy to find as well as their documentation.
I would very highly recommend this firewall even to a beginner but it has the advanced features a seasoned administrator would love to have with a simple easy to use interface for either case.
I tested five or six different firewall distributions (each of them for about week or so), till I found the one that fits my needs the best: OPNsense. As this is not the place to do direct comparison, I'll try to focus on what I do (+) or not (-) like on OPNsense:
+ HardenedBSD: call me paranoid, but that is one big extra point for OPNsense.
+ OpenSSL/LibreSSL: switching ssl-library, now ain't that beautiful?
+ sshd/webinterface port: easy to modify/change (unlike some other fws)
- interface: looks good on wide-screens, but not so good on 4:3 screens
- BSD network stack: single-cpu, not able to route full 1gbit but linux can (apu4b4)
- installation: hard-coded ip 192.168.1.1 and root password: why can't I change this?
Overall I'm very satisfied. Sure there are many other solutions, but for me OPNsense is the best...
See all 21 reader reviews of OPNsense...