Using OPNSense in a SME environment - what are your opinions?

[chropnsense]

Sirs,

I've been given a task to evaluate the usage of OPNSense in small to midsized business environments. I've found a few features missing, some only nice to have and others that can get work around to achieve the needed functionality.

Are here on this forum people using OPNSense in SME environment and what are your pro's and con's that you have run into? What features do you like and what features do you miss?

Currently we are mostly deploying Fortigates (my favorite in the cheaper end firewalls) and Checkpoints for SME. For small businesses and edge/small remote site offices I can totally see an opportunity for OPNSense to replace a proprietary firewall (and that would mean money in the bank for OPNSense => a donation per sold case to customer).

Thanks for any input!

[lfirewall1243]

Using it in many SMEs and we are very happy with it.
All important features are there for us and the forum here is faster than many support Teams out there.

OpenSource is always a give and a take. If you or your company can give something back, everything is fine.

[bimbar]

I'm pushing for that, but it's a bit of a culture clash. Not easy to get a team that mostly does small customers and windows servers to go for opnsense.

[mimugmail]

Sirs,

I've been given a task to evaluate the usage of OPNSense in small to midsized business environments. I've found a few features missing, some only nice to have and others that can get work around to achieve the needed functionality.

Are here on this forum people using OPNSense in SME environment and what are your pro's and con's that you have run into? What features do you like and what features do you miss?

Currently we are mostly deploying Fortigates (my favorite in the cheaper end firewalls) and Checkpoints for SME. For small businesses and edge/small remote site offices I can totally see an opportunity for OPNSense to replace a proprietary firewall (and that would mean money in the bank for OPNSense => a donation per sold case to customer).

Thanks for any input!

Compared to commercial UTM's OPN misses:

- Wifi Controller
- User Portal to roll out client configs
- Spam Quarataine
- Commercial Blacklists
- TLS inspection

[chropnsense]

Thanks for the replies so far!

How complex environments are you having behind the OPNSense firewall (traffic througoutput, how many IPSec tunnels, VLANs and firewall rules)?

We're mostly using Fortigate right now due to that they are quite cheap, more than plenty of features and easy to maintain for SMEs. For semi complex environments I have sofar found the following drawbacks when doing research:

- Not possible to do wildcard DNS rules (e.g a FW rule only allowing Windows updates, *.office.com or blocking*.domain.com)
- Not possible to add "rules sections/separations" by interface or by "rule group", ex Fortigate:

or Forcepoint
- Different IPS per firewall rule (?)

[chropnsense]

Compared to commercial UTM's OPN misses:

- Wifi Controller
- User Portal to roll out client configs
- Spam Quarataine
- Commercial Blacklists
- TLS inspection

Per design, I'd be that bold to state that it is good that OPNSense is a firewall and firewall only. Plenty of other good products that control WiFi, email spamming. Can you please be more specific regarding the "User Portal to roll out client configs", thanks!

[lfirewall1243]

- Wifi Controller
- User Portal to roll out client configs
- Spam Quarataine
- Commercial Blacklists
- TLS inspection

- You can install the UniFi Controller on it
- what do you mean with User Portal?
- not there. But Rspam and Postifx can forward Spam messages to another Mailadress
- you can use commercial Blacklists
- you can use TLS Inspection

[mimugmail]

But its not inside per default :) And pricing would be similar compared to Sophos, Sonicwall or Baracuda