OPNsense versus commercial firewalls

Started by androidd, April 29, 2016, 01:11:34 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 29, 2016, 01:11:34 AM
Hi guys,

I need a pitch to sell OPNsense to my management. Corporation prefers to have a big name company like Fortinet behind our firewall. I do have OPNsense at home. But I am just a home user. I was trying to find something online to compare it, but found nothing available , I do not know if I can get something from developers or from you guys.

Only thing I found online was some reddit posts where people go in fights over nonsense and I found this comparison of Fortinet with iptables

author: Michael Rash http://searchsecurity.techtarget.com/opinion/Commercial-firewalls-vs-Open-source-firewalls

Can we start a discussion based on this template  :-\

Packet Filtering
Policy Management
VPN, NAT and ROUTING
Scaling and performance
Maintenance and support

We can also compare generally with commercial firewalls
April 29, 2016, 02:57:56 AM #1
You can't compare those shiny commercial firewalls to open source firewalls like OPNsense, pfsense or even small distri's like IPCop. Simply - because you don't have someone to call. And this is what your management wants. Firewalls like Watchguard and Sophos are running a Linux with an almost unknown patch state, may have giant holes because noone can look at their source code. But they provide a telefon number to call support. That's it.

It may work, if you take commecial support - which is offered by some companies for e.g. OPNsense and others.

The feature list? Doesn't really differ that much. L2TP, IPsec, OpenVPN (called "SSL-VPN" from eg. Watchguard, but is nothing but a relabeled OpenVPN), proxy, IDS, NAT, .. The main difference is the phone number. And the stylish funky red, orange, green, violett or blue boxes.
April 29, 2016, 07:58:03 AM #2
Well, Deciso has been the company behind the project from the start and they do offer support and services on different levels. This is their base level for business customers...

https://www.deciso.com/business-support/

This is helpful because the code lands directly in the releases for everyone to benefit.

But this aside, maybe this brochure helps with the comparison and presentation of OPNsense:

https://www.deciso.com/wp-content/uploads/2015/10/Deciso_About_OPNsense_v032016.pdf

If all else fails, don't hesitate to call them directly and talk about your requirements.
April 29, 2016, 01:27:34 PM #3
Zeitkind is correct, the cost of shinny expensive products are actually the cost of avoiding the headache you may face in a production environment. there are two cost which are involved 1) hardware cost 2) reoccurring cost licenses/upgrades bla bla.

Its up to your management to decide, all you can do is to provide them cost comparison, feature matrix, risk factors etc clearly. You can also do one step further by deploying OPNsense for limited users and prepare report on Performance, functionality according to your company requirements, stability, end user feedback.

In some paid products you can have centralized management capabilities like if you have several branch offices.

I have attached some basic comparison for your reference.

Cheers,
Faisal

May 02, 2016, 08:15:22 AM #4
Faisal and everybody thank you,

Faisal, just one question on your comparison, says OPNsense 6000 but product is free?
May 02, 2016, 12:23:56 PM #5
You can download OPNsense for free but you will need hardware. Maybe also special network adapters are required which will cost some money.
May 02, 2016, 12:44:31 PM #6
I forgot that  :D thx
May 04, 2016, 01:57:50 AM #7 Last Edit: May 04, 2016, 02:01:17 AM by chpalmer
Quote from: Zeitkind on April 29, 2016, 02:57:56 AM
You can't compare those shiny commercial firewalls to open source firewalls like OPNsense, pfsense or even small distri's like IPCop. Simply - because you don't have someone to call.

This is where I totally disagree with you. Because my customers do call us when and if they have problems.  And thats only if they don't call pfsense support guys first...  And from Franco's links above "Remote support by email & phone".   By the way-  my firewalls all look way better than any of the shiny stuff the big guys sell.  ;D

This is for pfSense but it looks to still be relevant...

https://doc.pfsense.org/index.php/Comparison_to_Commercial_Alternatives
May 04, 2016, 07:44:25 AM #8
Quote from: androidd on May 02, 2016, 08:15:22 AM
Faisal and everybody thank you,

Faisal, just one question on your comparison, says OPNsense 6000 but product is free?

Sorry that was error it should be "$0" because for software you dont need to incur any cost. But if you are going to deploy in production like reselling to customers then hardware appliance is what we should pitch/sell. This will support the project.
Print
Go Up Pages1
User actions