The interface is user-friendly, but there's room for improvement in terms of intuitiveness. The bundle management aspect requires additional attention to make it more intuitive, especially for inspecting high-level traffic. This is crucial, especially for larger companies where the existing features might not be the most optimal choice, given limitations like printer constraints. For high availability, it's crucial to have a method in place where a designated component oversees the entire process. Given that OPNsense plays a pivotal role as a firewall, safeguarding against various threats, having a reliable backup ensures uninterrupted protection even if unforeseen events impact the primary virtual machine. It would be beneficial if OPNsense supported additional virtualization platforms like Hyper-V from Microsoft and VMware, similar to how Kaspersky has integrated them.

The scalability needs improvement.

The reporting part could be better. They actually provide some dashboards; however, when you have to relay information to upper management, there's no way to actually have some sort of executive summary. When you present it to a manager, there's way too much information in there. Having some sort of API to be able to pull out just the information we need to share would be ideal. 

If we could install agents on computers and have that information correlated by the IES, that would be ideal. 

Its interface should be a little bit better.

The user interface could be improved, and the DNS section should be more intuitive.

The IPS solution could be more reliable. The IPS functioning and internal prevention system functioning could be added to the system. I didn't have it in pfSense, which is why I'm moving to OPNsense, but it is still not working well. They could also have the LZN ones.

I would like better documentation concerning the provided packages and their integration. Improved guidance on package usage and integration beyond relying on external tutorials or community support would be beneficial. Additionally, having community support available for the free edition, which is suitable for home users, would be valuable.

There are some add-ons that need enhancements to make management easier for users, especially the reporting features. Some reports don't show the level of detail I'm looking for, and I've had trouble installing certain add-ons, especially for Internet bandwidth shaping within my company. So, this is an area of improvement for me. 

I think that the most important aspect is a step-by-step run-book for its installation and deployment on small as well as on commodity hardware. Plus, clubbing the services into several (pre-configured) modules, detailing a BASIC, STANDARD, RATIONALIZED, and DYNAMIC (Enterprise ready) modules, and then custom configurable module, in that case even novice users can configure and start experiencing its benefits. On the same, documentation should be developed keeping the above five modules in mind.

The initial installation menu should clearly identify the existing IP class/subnet and suggest its challenges and benefits in configuration, and the respective error log should be shown on a screen on the same panel. They should also provide "modules" wise installation video links and their changes with previous versions for reference.

Our primary focus is to ensure the protection of customers' and consumers' data and critical IT/Dynamic infrastructure, for the same we have to do critical tunings, though, we practiced it in such a way that we have developed a habit of tuning things using a checklist based on clients "Mutual Value Discussions" (assessment session).

Added capabilities of add-ons/filters/extensions and its tunable help us detecting and alerting clients in sensitive environments when a malicious URL is detected in the traffic (e.g. messaging services/emails and/or other communications on the fly). This additional layer of protection helps in further safeguarding user data and preventing potentially damaging malware from being transmitted within the LAN environment.

The difficult part was the integration with Azure because OPNsense, in most cases, is not used on public clouds. It is on appliances that run on-prem. 

We did not like the fact that you have to configure everything with the graphic user interface. We have used other firewalls, such as FortiGate, that you can configure via code. OPNsense is not easy to integrate. When you are deploying via GitHub or another source repository, this is not possible. That's one thing we didn't like much. 

There is room for improvement in SSL inspection because that's where OPNsense, the open-source firewall software, just doesn't work well. So, I really use it for inspection.

I have some issues with OPNsense. I have created a virtual machine that I've lost connection at times and I am not able to connect to the gateway or ping the internet. When I started with OPNsense, it worked right away. It may be an issue with the virtual machine itself. I am currently setting up the protection on all of the virtual machines so they will connect to OPNsense and the internet, or anywhere they need to access.

I have tried to download some malicious files or a virus and it should dump the files and prevent the download, but I don't seem to get any notification or warnings.

It may be an issue with the configuration but I am not sure.

I would like to see improvements made to connectivity and alerting.

I wanted to deploy this solution in our organization and some of the workstations from remote sites but it's not reliable enough to do that yet.

In the next release, I would like to see real traffic monitoring and more visibility. Also, for the antivirus, I would like to see the files protected by ClamAV. 

I would like to see intelligence in OPNsense and have the option to apply it or not.

They need a threat intelligence tool similar to the one they would find with Cisco. It will show you the file hashes, all of the IFCs, the niches, the address information, and more.  With all of this information, you can be proactive and block the malicious file hashes, all of the malicious IP addresses, and the public IP addresses. It should help you be proactive.

It would be helpful to have OPNsense be one of the plugins, and they should include traffic capturing. With Palo Alto, you can monitor and specify which interface you want to monitor, the source IP, or you can specify the network and see the traffic that is coming from the VLAN, the destination, and any files being transferred over the network.

If you apply security profiles you can see the signatures.

The interface of the solution is an area with shortcomings. The interface of the solution could be made better.

The user experience when we create policies can be made easier. Also, maybe some features should be added to the cloud.

When using the solution at the beginning was difficult. There was a steep learning curve.

In a feature release, it would be helpful to have some features that the new generation firewalls have, such as IPS.

You will need additional training before you can actually start to use it. You will need to gain some extensive knowledge. 

There are a few weaknesses. For example, there is a lack of some features that I have in certain commercial products.

Some of the features include classified traffic and better blocking of newly registered DNS domains.

They should improve IPEs for security in the future.

Something that needs to improve is the translation. This comes into play when you have a remote and a local site and you have to work with two different transfer networks for each direction. What I'm missing is user portal for downloading the configurations for SSL VPN clients. It's still not implemented so it seems that this product is still in a developing process. 

Sometimes it's a little difficult to find some examples for special scenarios. But we have to keep trying and I believe it is possible. It's quite a suitable possibility to use it for VPN connections.

The monitoring is a little complicated and I have tried to use a plug-in, but it's quite complicated to configure. I had to write my own script.

With the VPN solutions, it is possible  to cover up all the scenarios which we have. For instance, if you have a customer and your local network is already in use, you have to work with source nat. It is possible and it works. Another issue that customers sometimes have Networks, which are already in use on out local site. It means you have to work with a destination nat but it is possible to create. 

I would, therefore, like to see the monitoring of the firewall being easier to configure, or to have more templates for this so that you can download the configurations for each scenario and get more detailed descriptions like how all the available plug-ins are performing.

An area for improvement in OPNsense is the hardware, which needs to be updated more frequently.

An additional feature I want to see in OPNsense is a transparent proxy.

DNS blocking is another good feature I want to be added to the solution, as that helps make processes faster.

pfSense has a peer-blocking feature that I also want to see in OPNsense.

In terms of improvement, the performance could be enhanced.

The interface needs to be simplified. It is not user-friendly.

The bandwidth management is easy to use, but very hard to implement. The multi-provider internet is protected by OPNsence but the features are limited, and not stable.

The high availability feature is not feasible when the hardware fails.

While they do have paid options that actually give better features, for most of the clients, if they tend to take a paid option will instead opt for Fortinet.

They should make it so that it's easier to reverse proxy integration.

The solution could be more secure. 

So far, everything is okay. We've just started using the solution.

As long as they continue to ensure that we are protected, it will be perfect.

If I require many site-to-site connections or prioritize advanced features, I might look at the other products.

The vendor should offer compatibility-approved boxes, or at least stock one with OPNsense already installed. This would make it a one-stop-shop, and people would not have to worry about sourcing the hardware separately.

I would like to see better SD-WAN performance. I think that could be a very good bonus because SD-WAN is all the rage these days. That is probably the big thing that people need to improve upon, in terms of combining two, three, or four links.

The interface should continue to improve, which would make things a bit easier. For me, it was already easy, but nonetheless, it is quicker to install a FortiGate firewall.

The only thing that I would like to see improved is the Insight or the NetFlow analysis part. It would be good to have the possibility to dig down on the Insight platform. Right now, we can easily do only a few analyses. If this page becomes more powerful, it surely will be a well-adopted platform.

The solution can't compete with next-generation firewalls.

The solution would not be suitable for anything large-scale.

In our experience, OPNsense showed me some problems when using it in different environments. The problem is integration with a virtual server. 

In general, OPNsense is sweet, pretty, and neat. It's still in development. I expect the next release in the fall. Maybe they are going to polish it more.

I would love a buy a new VPN. We experience problems with the old one. In high variables, it shuts off. We want to switch to a new one.

On the customer-side, because I'm a small business, I need a cheaper or free solution option. 

To scale, you need a different package application. It's not compatible with pfSense. Maybe there should be a different package or a different setup, but it's a problem. I need a little package because I'm a small business.

It would be nice if the solution offered virtual servers in the future. Compatible mutual servers with firewall specifications.

The interface isn't so friendly user. But we have some technicians here who are quite confident with this tool. OPNSense could maybe add sets of rules so it's simpler to manage different groups with particular needs.

The logging could improve in OPNsense.

There should be more technical documentation. 

OPNsense could improve by making the configuration more web-based rather than shell or command-line-based.

The timeline for new features could be better. They could be faster at updating features.

The feature that I would like to see in the next release, I think, would be to improve the VPN (Virtual Private Network) selection. Specifically, I would like to improve the section where you can set the VPN IP address to high availability.