Who uses opnsense in companies

[bimbar]

We have some opnsense firewalls in the field.

It lacks some critical features for us to roll it out in a wider context.

For example:
- better firewall rule ui
- an easier way to import basic configuration, a cli would be great for that

To be honest, the firewall rule ui is one of the best I've seen. Don't like the FortiGate view. There are a couple of small things I would change and some annoyances but nothing deal breaking.

Which ui is better in your opinion?

The last FortiManager security flaw was really scary.

The main feature I miss in opnsense is the ability to display and edit objects directly in a rule.

[Seimus]

Well,

Personally, from my experience what bothers me most with enterprise vendors such a CISCO, Oracle etc. Is the state of their support, they do not care.

Even if you have diamond contracts often the support is just (sorry for this, but still worth if I got banned) shit. You cant even imagine, what support and stupidities I am getting from them. I am currently at my job/company holding a higher rate succession of fixing issues than CISCO TAC support. This is sad.

I am literary getting better support for OPNsense here on the forum from people like Franco, Patrick, New, Mo, Chem, Cookie and others active users, than from a payed enterprise vendor.

Regards,
S.

[hgerding]

Thanks for all the input does not help as Cisco uses the big-name approach and look at all our big customers.

As a note, we have more than 20 firewalls running, supporting more than 1,000 users, so this is not small.

The CIO just wants a brand name and easy to use so "any" body can do it.

I find in North America that if you have money, then people feel that if it is a big box company it will be better.

We also seem to have problems with the idea of open source. Some "uneducated" IT people ban open source because it is open source (which large companies like Microsoft, Cisco, Apple, etc. still promote), even though all the large companies use the same open source software in their products.

[Greg_E]

You cant even imagine, what support and stupidities I am getting from them. I am currently at my job/company holding a higher rate succession of fixing issues than CISCO TAC support. This is sad.

Regards,
S.

Yes, yes I can. We used to get fantastic support from Enterasys, now Extreme support is, well, not great. We have over $100k for our support contract with them, it was a 5 year and took them over 2 years to deliver the power supplies to power the switches up... Think they gave us a credit? Yup, a single year on some of the devices.

Over all, the corporate support world is just lacking as they go cheaper and cheaper. You can never talk directly to one of the engineers that designed the product or programmed the software anymore. Excepting of course OPNsense, once in a while Truenas, and definitely XCP-NG. I should also add the FS.com and Mikrotik are pretty good with support too, but I don't have a lot of equipment from them and don't ask too many questions.

[cookiemonster]

To me you're on a battle you can't win if the decision maker has to justify it to his/her peers IMHO.
OPN is great and used in large environments but like the similarly-named distribution, and other leaning more on the Open source world, they are "unknown" in the world of Corporate IT.
Like it or not, the big 'uns have thrown a lot of money into their offerings which include products, services, support, training and certification and more. And they build walls around them to make them a proprietary offering. Then the cheerleaders at Gartner go and put them in their quadrants and your have the CIOs noticing.

> he CIO just wants a brand name and easy to use so "any" body can do it.
This is one of the big ones to overcome. If he/she is looking for the brand name so "anybody" can do it, we all know it means there are certifications out there where they can go and get a certified engineer when they need to, rather than trying to find someone who knows a particular (in their eyes "niche" product).
Same as unix/linux for servers. They won't replace their CentOS app servers with freeBSD ones even if they are a better suit for their purpose. Same reasons.

[Seimus]

Yes, yes I can. We used to get fantastic support from Enterasys, now Extreme support is, well, not great. We have over $100k for our support contract with them, it was a 5 year and took them over 2 years to deliver the power supplies to power the switches up... Think they gave us a credit? Yup, a single year on some of the devices.

Indeed you do. Well this is exactly the problem that plagues enterprise, sell for more but go cheaper and cheaper on support for Day 2 etc.

To me you're on a battle you can't win if the decision maker has to justify it to his/her peers IMHO.
OPN is great and used in large environments but like the similarly-named distribution, and other leaning more on the Open source world, they are "unknown" in the world of Corporate IT.
Like it or not, the big 'uns have thrown a lot of money into their offerings which include products, services, support, training and certification and more. And they build walls around them to make them a proprietary offering. Then the cheerleaders at Gartner go and put them in their quadrants and your have the CIOs noticing.

> he CIO just wants a brand name and easy to use so "any" body can do it.
This is one of the big ones to overcome. If he/she is looking for the brand name so "anybody" can do it, we all know it means there are certifications out there where they can go and get a certified engineer when they need to, rather than trying to find someone who knows a particular (in their eyes "niche" product).
Same as unix/linux for servers. They won't replace their CentOS app servers with freeBSD ones even if they are a better suit for their purpose. Same reasons.

This is another plague I see in enterprises. Its like brainwashing.
Me as a eng I barely get into offer and buying calls or discussion. Few times happened I was on such calls, where ppl clapped their hands "what an awesome product" yet when I pointed out several shortcomming not even the vendor technical people couldn't answer this.

Usually how it works is they buy crap, it gets into deployment and provisioning and then they figure out its not working or not behaving as expected because it never even should in the first place :D.

When I was redoing my personal network, I had a possibility to get H/W from the BIG names, but I said no and gave a shot to OPNsense and other OpenSource projects to build what I need. I really would love to have OPNsense in work, but enterprise is enterprise...

The only what we can hope for is that with time this mindset of management changes.

Regards,
S.

[Greg_E]

I also run into the "open source software" is garbage and full of bugs statements. This is one of the reasons I'm budgeting for a DEC2770, the device immediately provides an acceptable appliance even though the software is exactly the same.

And yet they also use Linux servers here, so how is that any different? And Drupal, can't forget our web host software, isn't that also open sourced? (scratches head)  ???

I'm on old hardware now, so this is an upgrade that is really needed. Hopefully the hardware will extended my current Business license, but not going to worry about it right now. By the time I get it, I'll only have a year left of that license and it's pretty inexpensive.

Getting kind of off topic. I do know a lot of businesses use PFsense, so I would expect there are a few who secretly use OPNsense.

[hgerding]

Thank you for all the comments, I agree with many of them.

Sometimes opensource is a battle that cannot be won, even though they already use it.

Security auditors are another problem with the same stuff. I remember being told you should get a brand name like Dell, not a white box solution. (To me Dell is a white box)

The biggest problem I see is they don't want to train their people to think, and they do not really care about security because if it just works or they don't need all that training, chances of an insecure configuration or improper logic the chances of an errors goes way up.

[mimugmail]

https://www.max-it.de/wp-content/uploads/2023/12/2023_11_14_maxIT_Success-Story_PME_quer-Thomas-Krenn-FIN.pdf

This is a public success story in German. We manage OPNsense for pme Familienservice. 1 datacenter, 80 branches and 2000 employees, OPN everywhere.

[Seimus]

https://www.max-it.de/wp-content/uploads/2023/12/2023_11_14_maxIT_Success-Story_PME_quer-Thomas-Krenn-FIN.pdf

This is a public success story in German. We manage OPNsense for pme Familienservice. 1 datacenter, 80 branches and 2000 employees, OPN everywhere.

<3 Beautiful

You are also doing a lot of webinars in regards of OPNsense, but I guess those are in German. Are chance you can do some in English?

Regards,
S.