OPNsense Review

A solution that detects and blocks malicious content with good reporting and visibility, but the reliability needs improvement

What is our primary use case?

The primary use case of this solution is to detect and block malicious traffic, malicious files, and malicious links to protect the internal network from any external malicious website that may contain a virus or malware.

What is most valuable?

The most valuable features in OPNsense are reporting and visibility. 

The visibility is awesome. With the visibility, you can see the data source, data destination, the source port, destination port, protocols, the most used, the malicious files that have been detected and blocked, the countries the customer has visited, and the IPs based on Suricata.

OPNsense also has ClamAV, which is a great tool.

What needs improvement?

I have some issues with OPNsense. I have created a virtual machine that I've lost connection at times and I am not able to connect to the gateway or ping the internet. When I started with OPNsense, it worked right away. It may be an issue with the virtual machine itself. I am currently setting up the protection on all of the virtual machines so they will connect to OPNsense and the internet, or anywhere they need to access.

I have tried to download some malicious files or a virus and it should dump the files and prevent the download, but I don't seem to get any notification or warnings.

It may be an issue with the configuration but I am not sure.

I would like to see improvements made to connectivity and alerting.

I wanted to deploy this solution in our organization and some of the workstations from remote sites but it's not reliable enough to do that yet.

In the next release, I would like to see real traffic monitoring and more visibility. Also, for the antivirus, I would like to see the files protected by ClamAV. 

I would like to see intelligence in OPNsense and have the option to apply it or not.

They need a threat intelligence tool similar to the one they would find with Cisco. It will show you the file hashes, all of the IFCs, the niches, the address information, and more.  With all of this information, you can be proactive and block the malicious file hashes, all of the malicious IP addresses, and the public IP addresses. It should help you be proactive.

It would be helpful to have OPNsense be one of the plugins, and they should include traffic capturing. With Palo Alto, you can monitor and specify which interface you want to monitor, the source IP, or you can specify the network and see the traffic that is coming from the VLAN, the destination, and any files being transferred over the network.

If you apply security profiles you can see the signatures.

For how long have I used the solution?

I have been using OPNsense for five months.

What do I think about the stability of the solution?

There are issues with stability and reliability.

I set up two different virtual machines. I used a virtual box, I installed it and configured higher visibility for both. One was a master and the other a standby. 

I had a virtual machine installed on Windows 10 and put the gateway for it as OPNsense, which was the master. 

I tested and shut down the first one, which is the master. When I check to see if the second one would take over, it failed. 

I couldn't connect to the internet or any destination.

What do I think about the scalability of the solution?

We have not explored the scalability. We are only a small lab with two to three workstations.

I have a colleague working with me, together. We meet weekly to share the progress we have.

I use the enterprise version daily. It's scalable, stable, they have proper documentation and support. We get daily updates from the vendor.

OPNsense is a great tool but it lacks information that you need before deploying it.

How are customer service and technical support?

I have reached out to the community for support, but they haven't seen anything like the issues that I am experiencing. 

I have not contacted OPNsense directly.

How was the initial setup?

The initial setup was straightforward and easy.

It took 30 to 45 minutes to set up and deploy OPNsense.

What about the implementation team?

I did not use a vendor to implement this solution, I did it myself.

What's my experience with pricing, setup cost, and licensing?

OPNsense is a well known open-source tool.

Which other solutions did I evaluate?

I am currently evaluating and searching for open-source enterprise firewalls and doing a comparison of the features between all of them. I am assessing the pros and cons of vendors. 

I am looking for something that will give me a report on the comparison of features, capabilities, the different vendors, and the different open-source solutions that are available.

I am also doing a comparison on Palo Alto, Cisco Firepower, and Fortinet Fortigate.

What other advice do I have?

I don't have any information on the bandwidth and what it can handle, or how many workstations can work with it. This information is very important, but I can't find any resources for this information.

The reporting is amazing. You can export reports, you can set the parameters, and export reports based on your needs.

I would rate this solution a seven out of ten.

Which version of this solution are you currently using?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More OPNsense reviews from users
...who compared it with Fortinet FortiGate
Learn what your peers think about OPNsense. Get advice and tips from experienced pros sharing their opinions. Updated: August 2021.
533,638 professionals have used our research since 2012.
Add a Comment
ITCS user