OPNsense Room for Improvement

Michal Konecny
Consultant at INCONSYS GmbH
Something that needs to improve is the translation. This comes into play when you have a remote and a local site and you have to work with two different transfer networks for each direction. What I'm missing is user portal for downloading the configurations for SSL VPN clients. It's still not implemented so it seems that this product is still in a developing process. Sometimes it's a little difficult to find some examples for special scenarios. But we have to keep trying and I believe it is possible. It's quite a suitable possibility to use it for VPN connections. The monitoring is a little complicated and I have tried to use a plug-in, but it's quite complicated to configure. I had to write my own script. With the VPN solutions, it is possible to cover up all the scenarios which we have. For instance, if you have a customer and your local network is already in use, you have to work with source nat. It is possible and it works. Another issue that customers sometimes have Networks, which are already in use on out local site. It means you have to work with a destination nat but it is possible to create. I would, therefore, like to see the monitoring of the firewall being easier to configure, or to have more templates for this so that you can download the configurations for each scenario and get more detailed descriptions like how all the available plug-ins are performing. View full review »
OT/ICS Information Security Specialist at SANS
I have some issues with OPNsense. I have created a virtual machine that I've lost connection at times and I am not able to connect to the gateway or ping the internet. When I started with OPNsense, it worked right away. It may be an issue with the virtual machine itself. I am currently setting up the protection on all of the virtual machines so they will connect to OPNsense and the internet, or anywhere they need to access. I have tried to download some malicious files or a virus and it should dump the files and prevent the download, but I don't seem to get any notification or warnings. It may be an issue with the configuration but I am not sure. I would like to see improvements made to connectivity and alerting. I wanted to deploy this solution in our organization and some of the workstations from remote sites but it's not reliable enough to do that yet. In the next release, I would like to see real traffic monitoring and more visibility. Also, for the antivirus, I would like to see the files protected by ClamAV. I would like to see intelligence in OPNsense and have the option to apply it or not. They need a threat intelligence tool similar to the one they would find with Cisco. It will show you the file hashes, all of the IFCs, the niches, the address information, and more. With all of this information, you can be proactive and block the malicious file hashes, all of the malicious IP addresses, and the public IP addresses. It should help you be proactive. It would be helpful to have OPNsense be one of the plugins, and they should include traffic capturing. With Palo Alto, you can monitor and specify which interface you want to monitor, the source IP, or you can specify the network and see the traffic that is coming from the VLAN, the destination, and any files being transferred over the network. If you apply security profiles you can see the signatures. View full review »
Hermann Potgieter
Senior Network Architect at Virtua Technologies
The vendor should offer compatibility-approved boxes, or at least stock one with OPNsense already installed. This would make it a one-stop-shop, and people would not have to worry about sourcing the hardware separately. I would like to see better SD-WAN performance. I think that could be a very good bonus because SD-WAN is all the rage these days. That is probably the big thing that people need to improve upon, in terms of combining two, three, or four links. The interface should continue to improve, which would make things a bit easier. For me, it was already easy, but nonetheless, it is quicker to install a FortiGate firewall. View full review »
Learn what your peers think about OPNsense. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
455,962 professionals have used our research since 2012.
Antonio EugenioBurriel
CIO at a tech vendor with 1-10 employees
In our experience, OPNsense showed me some problems when using it in different environments. The problem is integration with a virtual server. In general, OPNsense is sweet, pretty, and neat. It's still in development. I expect the next release in the fall. Maybe they are going to polish it more. I would love a buy a new VPN. We experience problems with the old one. In high variables, it shuts off. We want to switch to a new one. View full review »
Chirosca Alecsandru
Owner and business consultant at a tech services company with 1-10 employees
The only thing that I would like to see improved is the Insight or the NetFlow analysis part. It would be good to have the possibility to dig down on the Insight platform. Right now, we can easily do only a few analyses. If this page becomes more powerful, it surely will be a well-adopted platform. View full review »
Faris Khan
Support Engineer at Techaccess Pakistan
The solution can't compete with next-generation firewalls. The solution would not be suitable for anything large-scale. View full review »
FiorindoDi Agostino
System Administration Specialist at a tech vendor with 1-10 employees
The feature that I would like to see in the next release, I think, would be to improve the VPN (Virtual Private Network) selection. Specifically, I would like to improve the section where you can set the VPN IP address to high availability. View full review »
Ercan Aycan
Founding Partner, General Manager at emsteknoloji
On the customer-side, because I'm a small business, I need a cheaper or free solution option. To scale, you need a different package application. It's not compatible with pfSense. Maybe there should be a different package or a different setup, but it's a problem. I need a little package because I'm a small business. It would be nice if the solution offered virtual servers in the future. Compatible mutual servers with firewall specifications. View full review »
Owner at a construction company
So far, everything is okay. We've just started using the solution. As long as they continue to ensure that we are protected, it will be perfect. View full review »
Vice President at Jagils egypt
There should be more technical documentation. View full review »
Learn what your peers think about OPNsense. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
455,962 professionals have used our research since 2012.