OPN appliances are easy to use, affordable and can meet or exceed those of commercial - often closed source - solutions. Your next open source appliance has been tested to meet the high standards defined by our customers.
The open source, turn-key solution that is ready for your business! Take a look for yourself and be amazed!
OPNsense, truly turn-key solution.
OPNsense® is a free, open source customized distribution of HardenedBSD 11.2 (a security-enhanced fork of FreeBSD) tailored for use as a firewall and router. It includes a long list of features including high-end features not found in pfSense such as inline Intrusion Prevention. The robust firmware upgrade mechanism assures fast and reliable upgrades and allows for fast reaction on emerging threats.
Fully Supported
OPNsense® is fully supported by Deciso, see our commercial offerings here Support Offerings.
Versions Currently all OPNsense appliances are installed with OPNsense 19.7 Release.
Features OPNsense® includes most of the features available in expensive next generation commercial firewalls, including high-end features not found in pfSense such as inline Intrusion Prevention. Download the brochure for the full and detailed feature overview. Below is a short list of features of the currently installed OPNsense® release. All of these things are possible in the web interface, without touching anything at the command line.
OPNsense offers inline help in the User Interface for almost every item and Comprehensive online documentation including many how-to's with full step-by-step explanation of more complex setups. See the Docs
A stateful firewall is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known active connection will be allowed by the firewall; others will be rejected.
Easy and flexible. Shaping rules are handled independently from the firewalll rules.
Limit bandwidth by:
Interface(s)
Source & Destination
Direction of traffic flow (in/out)
Port number (application)
Prioritise traffic. Add Queues and define weights.
The Captive Portal allows you to force authentication, or redirection to a click through page for network access. This is commonly used on hot spot networks, but is also widely used in corporate networks for an additional layer of security on wireless or Internet access.
Typical Applications
Guest Network
Hotel & Camping Wifi Access
Bring Your Own Device (BYOD)
Template Management
URL redirection
Option for your own Pop-up
Custom Splash page
Zone Management
Authentication
LDAP [Microsoft Active Directory]
Radius
Local User Manager
Voucher / Tickets
No Authentication (Splash screen only)
Multiple (a combination)
Voucher Manager
Bandwidth Management, OPNsense's Build-in traffic shaper can be utilised to:
Share bandwidth evenly
Give priority to protocols port numbers and/or ip addresses
Portal bypass. MAC and IP address can be white listed to bypass the portal.
OPNsense includes Squid, a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator.
Multi interface support
Transparent Proxy mode (including SSL)
Authentication using LDAP,Radius or Local User Manager.
Access Control
Traffic Management
Category Based Web Filtering. Native support for all major lists.
A virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables a computer to send and receive data across shared or public networks as if it is directly connected to the private network, while benefiting from the functionality, security and management policies of the private network.
OpenVPN (SSL VPN). Site 2 Site and Road Warrior. Includes easy configuration exporter.
The Common Address Redundancy Protocol or CARP allows for hardware failover. Two or more firewalls can be configured as a failover group. If one interface fails on the primary or the primary goes offline entirely, the secondary becomes active.
Includes configuration synchronization & synchronized state tables
The inline IPS system of OPNsense is based on Suricata and utilises Netmap to enhance performance and minimize cpu utilisation. This deep packet inspection system is very powerful and can be used to mitigate security threats at wire speed.
