- High-end features (QoS, GuestNet,VPN, IDS, etc..)
- Fail-safe (HA, MultiWAN, Failover)
- Easy to setup (Modern User Interface)
- Build-in reporting and monitoring
- Frequent updates
Open source for your business!
Your next open source appliance has been tested to meet the high standards defined by our customers.
The open source, turn-key solution that is ready for your business!
Take a look for yourself and be amazed!
OPNsense, truly turn-key solution.
OPNsense® is a free, open source customized distribution of FreeBSD 11 tailored for use as a firewall and router. It includes a long list of features including high-end features not found in pfSense such as inline Intrusion Prevention. The robust firmware upgrade mechanism assures fast and reliable upgrades and allows for fast reaction on emerging threats.
Currently all OPNsense appliances are installed with OPNsense 17.1 Release.
OPNsense® includes most of the features available in expensive next generation commercial firewalls, including high-end features not found in pfSense such as inline Intrusion Prevention. Download the brochure for the full and detailed feature overview. Below is a short list of features of the currently installed OPNsense® release. All of these things are possible in the web interface, without touching anything at the command line.
Comprehensive Documentation & Inline Help
OPNsense offers inline help in the User Interface for almost every item and Comprehensive online documentation including many how-to's with full step-by-step explanation of more complex setups. See the Docs
A stateful firewall is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known active connection will be allowed by the firewall; others will be rejected.
- Easy and flexible. Shaping rules are handled independently from the firewalll rules.
Limit bandwidth by:
- Source & Destination
- Direction of traffic flow (in/out)
- Port number (application)
- Prioritise traffic. Add Queues and define weights.
The Captive Portal allows you to force authentication, or redirection to a click through page for network access. This is commonly used on hot spot networks, but is also widely used in corporate networks for an additional layer of security on wireless or Internet access.
- Guest Network
- Hotel & Camping Wifi Access
- Bring Your Own Device (BYOD)
- URL redirection
- Option for your own Pop-up
- Custom Splash page
- Zone Management
- LDAP [Microsoft Active Directory]
- Local User Manager
- Voucher / Tickets
- No Authentication (Splash screen only)
- Multiple (a combination)
- Voucher Manager
Bandwidth Management, OPNsense's Build-in traffic shaper can be utilised to:
- Share bandwidth evenly
- Give priority to protocols port numbers and/or ip addresses
- Portal bypass. MAC and IP address can be white listed to bypass the portal.
- Typical Applications
OPNsense includes Squid, a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator.
- Multi interface support
- Transparent Proxy mode (including SSL)
- Authentication using LDAP,Radius or Local User Manager.
- Access Control
- Traffic Management
- Category Based Web Filtering. Native support for all major lists.
- FTP proxy
Virtual Private Network
A virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables a computer to send and receive data across shared or public networks as if it is directly connected to the private network, while benefiting from the functionality, security and management policies of the private network.
- OpenVPN (SSL VPN). Site 2 Site and Road Warrior. Includes easy configuration exporter.
- IPsec Site 2 Site and Road Warrior.
- Legacy support for PPTP and L2TP.
High Availability & Hardware Failover
The Common Address Redundancy Protocol or CARP allows for hardware failover. Two or more firewalls can be configured as a failover group. If one interface fails on the primary or the primary goes offline entirely, the secondary becomes active.
- Includes configuration synchronization & synchronized state tables
- Can be combined with Traffic Shaper
Intrusion Detection and Inline Prevention
The inline IPS system of OPNsense is based on Suricata and utilises Netmap to enhance performance and minimize cpu utilisation. This deep packet inspection system is very powerful and can be used to mitigate security threats at wire speed.
- Protect against Bank Fraud using Feodo Tracker
- Includes Emerging Threats Community Rules
- SSL Finger printing support
- Includes Maxmind GeoLite2 Country
Build-in reporting and monitoring tools
- System Health, the modern take on RRD Graphs
- Packet Capture
- Netflow Exporter
OPNsense supports custom plugins to extend the system even further.
- VMware tools
- Xen tools
- Hello word plugin for developers
DNS Server & DNS Forwarder
- DNS Forwarder
- DNS Server
DHCP Server and Relay
Backup & Restore
Better safe than sorry, always keep an up to date backup of your configuration. It’s easy with OPNsense.
- Encrypted cloud backup to Google Drive
- Configuration history with colored diff support
- Local drive backup & restore
Stateful inspection firewall
Granular control over state table
802.1Q VLAN support
- and more..