We went back and forth on firewalls many times but finally decided on a Decisio DEC2752 and have been super happy with it. We have used Protectlis too but having a specifically designed piece of hardware made a big difference. It has 10G fiber ports and comes with the business version of OPNsense right out of the box. The throughput speeds are insane, definitely recommend if you’re a small to medium business needing higher speeds through a firewall. The whole setup has worked flawlessly for us. Really appreciate this video, it did a great job highlighting the advantages and disadvantages of each one and overall helped make our decision alot easier.
That's an awesome bit of kit! You're also supporting a great project using official hardware. From recent dealings [with Deciso], I have a new appreciation for how much effort these guys put in.
Glad it helped, and thanks for the feedback 👍 I guess everybody has different use case, people have different opinions and personal preferences, and biases. Both are great firewalls
Thank you for the video showing the value that OPNsense brings to the table with Free-BSD feedback and also in your comparison! i will admit that I was a previous user of pfSense for many years, but always had various issues. While minimal, they were still a pain. Having moved to to OPNsense, I have been very pleased...so much so that I've purchased Decisio hardware (DEC850). I acknowledge it is way more power than I truly need, but I looked at it as a way to support the project. Thank you again for the informative comparison!
Thank you for taking the time to leave feedback on this, and I'm glad OPNsense is working for you. Using official hardware is also a massive help supporting the project, similarly to those who buy official pfSense hardware help support that. I tried to provide an unbiased opinion and reasons different people might find for using both, from homelab to business. I also tried to defuse some of the misconceptions being thrown around about OPNsense.
Wow, nice box for home use. ~40W usage vs. 10.5W of my MOGINSOK. As I have at most 2.5gb/s intervlan routing going on, it's more than powerful enough for me (and
I've been running Opnsense for over 8 months non-stop with zero issues. Its running in a virtual environment on Proxmox on an old optiplex with 8gb without any issues.
Good comparison. I have used your tutorials and Tom's tutorials for many years. I prefer not having to constantly update systems so pfSense CE is a very safe approach in my mind. I think the entire IT industry is imploding with AGILE and now CI/CD methodologies. Banks, Insurance Companies and Telco's are constantly doing what I call Continuous Destruction and Continuous Interference. The root of the problem is that Cloud and Hybrid Cloud architecture enables Devops folks to bust things daily all over the planet. What ever happened to good old Q/A and pilots/staging followed by soaks of software before you go victimising your entire user base.
@@sheridans I keep getting sales people trying to sell me on cloud services, I just tell them I'm anticloud and that recurring contracts are difficult to get through my budget process. But it never stops, they will try to push me to this again in a couple of months.
I have used pfsense for a quite a few years. I have evaluated opnsense a few times over that period, but have always found a blocker to moving across. The last time was about 6 months ago and I found the bgp and frr interface on opnsense lacking compared to CE and especially plus. One of these days there might be alignment and I might actually switch.
I've been running OPNsense on a N3450 8GB ZimaBoard with 4-port Intel i350 PCIE NIC for 5 months now with no issue. I bought a second ZimaBoard as a cold spare.
pfsense e is being left behind by netagte...there is already a ouple of features that are not in ce but only available in plus...netgate has said they are going to be focusing on plsu and not ce....use carefully
Nice video, I learnt a lot from the last chapter, put it to a more consideration when comparing apples and oranges. I think the CE version will be dropped, and tbh I'm not really willing to pay a recurring licence going forward for the plus version. I have a simple network setup for media and cctv and have in fact dropped pfsence for a unifi cloud gateway that cost I think £99 + £12 postage, I'm happy with it and will keep pfsence box for spare, but I think after this video I'll be putting Opnsence on it.
@@sheridans Software support is EOL on those devices which is what he is referring to. Hardware still works so might as well re-purpose it using the alternative such as pfsense or OPNsense. The large Sophos firewalls are just regular x86 machines so any OS will run it.
I have been trying to create bootable media for OPNsense and can't figure it out. Rufus, Balena Etcher, etc. I made a bootable DVD but it took 45 minutes to boot the live session on my Lenovo ThinkCentre that's been running pfSense for 6 years and then the clone/install takes an hour and is non-bootable. Anyway, I only dabble, obviously I am too stupid to even create an installer.
Nope, not to stupid! The CD installer did not work through Etcher or Rufus for me. I dropped it into Ventoy and it worked. I think you can drop the VGA installer in Ventoy as well.
You can use whatever you want, and Tom was very clear on his video. However, If you criticize someone, and have valid points it is ok, you do not have to apologize for it. Statements come BEFORE everything. After the fact it is like an apology, and do not seem honest. You have to be objective and do a full review, not just pick and analyze some points of a video, especially if you potentially commit these errors: You can’t counter a thing with an another (apples with oranges). You cannot give words in other peoples mouth, and criticizing for it, and countering it by doing the “same” (the suggesting thing). You cannot state I am not doing this and that, and than doing that exactly thing (and statement comes BEFORE). Well you can do all above, but you loose credibility. And yes, you should made this to a separate video...
I'm gonna jump here and say something: I was at one point one of the most active users in the pfSense forums around the brazilian community and I'm tired of Ad Hominem and bullshit statistics. What "Tom" did was put half truths in some things and he should be called out on it, furthermore, while I understand Netgate monetizing their business, what they did when they aquired ESF was attack any dissenting arguments and deny they would ever turn pfSense closed source... look what happened some years later. So, half truths, using the same argument about they being the main contributors of the BSD project, while they exert grate influence in what is approved or not and activelly refusing code they didn't want in the project, like denying any integration between Squid and AD because they had a paid product for it and didn't want the community to implement their own. See what a mess of a situation this is?
We went back and forth on firewalls many times but finally decided on a Decisio DEC2752 and have been super happy with it. We have used Protectlis too but having a specifically designed piece of hardware made a big difference. It has 10G fiber ports and comes with the business version of OPNsense right out of the box. The throughput speeds are insane, definitely recommend if you’re a small to medium business needing higher speeds through a firewall. The whole setup has worked flawlessly for us. Really appreciate this video, it did a great job highlighting the advantages and disadvantages of each one and overall helped make our decision alot easier.
That's an awesome bit of kit! You're also supporting a great project using official hardware. From recent dealings [with Deciso], I have a new appreciation for how much effort these guys put in.
Why doesn’t anyone else do what you just did? Thank you for actual feature explanation and comparison.
Glad it helped, and thanks for the feedback 👍
I guess everybody has different use case, people have different opinions and personal preferences, and biases. Both are great firewalls
Thank you for the video showing the value that OPNsense brings to the table with Free-BSD feedback and also in your comparison! i will admit that I was a previous user of pfSense for many years, but always had various issues. While minimal, they were still a pain. Having moved to to OPNsense, I have been very pleased...so much so that I've purchased Decisio hardware (DEC850). I acknowledge it is way more power than I truly need, but I looked at it as a way to support the project. Thank you again for the informative comparison!
Thank you for taking the time to leave feedback on this, and I'm glad OPNsense is working for you. Using official hardware is also a massive help supporting the project, similarly to those who buy official pfSense hardware help support that.
I tried to provide an unbiased opinion and reasons different people might find for using both, from homelab to business.
I also tried to defuse some of the misconceptions being thrown around about OPNsense.
Wow, nice box for home use. ~40W usage vs. 10.5W of my MOGINSOK. As I have at most 2.5gb/s intervlan routing going on, it's more than powerful enough for me (and
I've been running Opnsense for over 8 months non-stop with zero issues. Its running in a virtual environment on Proxmox on an old optiplex with 8gb without any issues.
Glad to hear 🙏
I'm still on pfsense because opnsense takes a long time to add security fixes, some of them take months.
@@gg-gn3re What mission critical apps are you running on your home network ?
@@romangeneral23 like 50 companies websites etc
I really should get around to trying OPNsense, another interesting video, maybe this will spur me on to giving it a go.
Good comparison. I have used your tutorials and Tom's tutorials for many years. I prefer not having to constantly update systems so pfSense CE is a very safe approach in my mind. I think the entire IT industry is imploding with AGILE and now CI/CD methodologies. Banks, Insurance Companies and Telco's are constantly doing what I call Continuous Destruction and Continuous Interference. The root of the problem is that Cloud and Hybrid Cloud architecture enables Devops folks to bust things daily all over the planet. What ever happened to good old Q/A and pilots/staging followed by soaks of software before you go victimising your entire user base.
Don't get me started in cloud lol..
@@sheridans I keep getting sales people trying to sell me on cloud services, I just tell them I'm anticloud and that recurring contracts are difficult to get through my budget process. But it never stops, they will try to push me to this again in a couple of months.
Tell me about it!
I have used pfsense for a quite a few years. I have evaluated opnsense a few times over that period, but have always found a blocker to moving across. The last time was about 6 months ago and I found the bgp and frr interface on opnsense lacking compared to CE and especially plus. One of these days there might be alignment and I might actually switch.
Check back when OPN gets to 24.7 which is on BSD 14.1 which might bring some of those features.
I've been running OPNsense on a N3450 8GB ZimaBoard with 4-port Intel i350 PCIE NIC for 5 months now with no issue. I bought a second ZimaBoard as a cold spare.
Still happy with the Zimaboard? Haven’t used one yet myself
pfsense e is being left behind by netagte...there is already a ouple of features that are not in ce but only available in plus...netgate has said they are going to be focusing on plsu and not ce....use carefully
Amazing and comprehensive piece of work. Thank you very much.
Thanks for the kind words and feedback!
Nice video, I learnt a lot from the last chapter, put it to a more consideration when comparing apples and oranges.
I think the CE version will be dropped, and tbh I'm not really willing to pay a recurring licence going forward for the plus version.
I have a simple network setup for media and cctv and have in fact dropped pfsence for a unifi cloud gateway that cost I think £99 + £12 postage, I'm happy with it and will keep pfsence box for spare, but I think after this video I'll be putting Opnsence on it.
Unifi gateway is great if you don't need the extra bells and whistles
Really interesting and once real deep comparison between these two products, little boring sometimes except may be for experts ;)
Thank you! I'll try to be more entertaining in future, IT geeky stuff not a very exciting subject to cover 😀
Thx this was crystal clear.
Thank you, comments like this make the videos worth doing!
OPNsense on EoL Sophos devices 🎉
Not sure what you mean, I've never installed, or would recommend installing anything on an EoL device.
@@sheridans Software support is EOL on those devices which is what he is referring to. Hardware still works so might as well re-purpose it using the alternative such as pfsense or OPNsense. The large Sophos firewalls are just regular x86 machines so any OS will run it.
Got it, ty
I'am running OpenWRT
I haven't used it tbh, maybe I should take a look. Never had a need. Thanks for that 👍
I have been trying to create bootable media for OPNsense and can't figure it out. Rufus, Balena Etcher, etc. I made a bootable DVD but it took 45 minutes to boot the live session on my Lenovo ThinkCentre that's been running pfSense for 6 years and then the clone/install takes an hour and is non-bootable. Anyway, I only dabble, obviously I am too stupid to even create an installer.
Nope, not to stupid! The CD installer did not work through Etcher or Rufus for me. I dropped it into Ventoy and it worked. I think you can drop the VGA installer in Ventoy as well.
@@minigpracing3068 ventoy worked! Thanks! 👍
thank you for answering that 😊
Ventoy did the trick! Thanks!
@@psion13 thanks for the update! Glad you got sorted
compared testing for real world threat who more secure & transparant
You can use whatever you want, and Tom was very clear on his video. However, If you criticize someone, and have valid points it is ok, you do not have to apologize for it. Statements come BEFORE everything. After the fact it is like an apology, and do not seem honest. You have to be objective and do a full review, not just pick and analyze some points of a video, especially if you potentially commit these errors: You can’t counter a thing with an another (apples with oranges). You cannot give words in other peoples mouth, and criticizing for it, and countering it by doing the “same” (the suggesting thing). You cannot state I am not doing this and that, and than doing that exactly thing (and statement comes BEFORE). Well you can do all above, but you loose credibility. And yes, you should made this to a separate video...
Thanks for the detailed feedback, 👍. This how we improve on constructive criticism
I'm gonna jump here and say something: I was at one point one of the most active users in the pfSense forums around the brazilian community and I'm tired of Ad Hominem and bullshit statistics.
What "Tom" did was put half truths in some things and he should be called out on it, furthermore, while I understand Netgate monetizing their business, what they did when they aquired ESF was attack any dissenting arguments and deny they would ever turn pfSense closed source... look what happened some years later.
So, half truths, using the same argument about they being the main contributors of the BSD project, while they exert grate influence in what is approved or not and activelly refusing code they didn't want in the project, like denying any integration between Squid and AD because they had a paid product for it and didn't want the community to implement their own.
See what a mess of a situation this is?