Sold by: OPNsense
Deployed on AWS
Free Trial
AWS Free Tier
High-end security made easy™
Overview
OPNsense is the fastest growing open-source security platform with an Open Source Initiative (OSI) approved 2-clause or simplified BSD license. Its feature set is extensive and ranges from router/firewall to inline intrusion detection and prevention.
It is the only open-source product that comes with the highly valued Proofpoint® ET Pro ruleset at no cost in the form of the ET Pro Telemetry edition.
The project is defined by its innovation through modularisation and hardening, simple and reliable firmware upgrades, multi-language support, hardened security, fast adoption of upstream software updates as well as a large and friendly community.
Optionally instances can be upgraded with the Business Edition using a separate licence available from shop.opnsense.com, volume options are also available.
Highlights
- Fully featured stateful Inspection Firewall with advanced routing features, including various dynamic protocols such as OSPF and BGP (pluggable)
- Various proven VPN technologies, such as OpenVP, IPsec and Wireguard which helps to secure your cloud infrastructure
- Inline Intrusion Detection and Prevention including high quality rulesets from Proofpoint (ET Open, ET Pro [Telemetry], depending on license)
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
FreeBsd OPNsense® 25.1
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free for 30 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
m4.large Recommended | $0.12 |
t3.micro AWS Free Tier | $0.04 |
t2.micro AWS Free Tier | $0.04 |
c3.8xlarge | $0.32 |
m6id.metal | $0.32 |
m3.medium | $0.08 |
c3.large | $0.08 |
r5.metal | $0.32 |
c4.8xlarge | $0.32 |
c4.large | $0.08 |
Vendor refund policy
Hourly users can stop using the service at any time without additional costs, cancellation within 48 hours warrants a full refund
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Additional details
Usage instructions
After deployment, ssh and https are enabled by default. To access the instance using https use a recent webbrowser.
The default username for your instance is : ec2-user (both ssh and https)
We advise to setup an initial password in the "User data" which can be found in the "Advanced Details" of Step 3 during installation, make sure to select "as text" for the input method. The format for this data is as follows: password=mypasssword
When omitting a password, one will be automatically generated, which will be visible in the "System Log" (Get System Log option of the instance). Please note that EC2 images often need some time to flush the content of the system log, when presented empty, wait for a minute and try again. A random root password will also be generated and visible from the same log.
SSH access uses the key provided during installation, the ec2-user should be used as username (e.g. ssh -i my_delivered_ssh_aws_key ec2-user@my-host-at-ec2).
Resources
Vendor resources
Support
Vendor support
Commercial support at hourly rates
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By OPNsense
By Lightning Wire Labs
Top
50
In Network Infrastructure, Operating Systems
Top
100
In Network Infrastructure, Security
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Network Security Filtering
Fully featured stateful inspection firewall with advanced routing capabilities supporting dynamic protocols like OSPF and BGP
VPN Technologies
Multiple proven VPN technologies including OpenVPN, IPsec, and Wireguard for secure network connectivity
Intrusion Detection System
Inline intrusion detection and prevention system with high-quality rulesets from Proofpoint
Open Source Architecture
Modular platform with BSD license supporting multi-language interfaces and frequent software updates
Security Platform Extensibility
Pluggable architecture allowing dynamic protocol integration and system customization
Firewall Capabilities
Advanced stateful packet inspection with GeoIP blocking, anti-spoofing, and time-based rule configurations
Network Security
Comprehensive IDS/IPS with Snort-based packet analyzer, deep packet inspection, and multi-layer threat prevention
VPN Infrastructure
Multi-protocol VPN support including IPsec, OpenVPN, and WireGuard with SSL encryption and split tunneling
Network Routing
Concurrent IPv4/IPv6 support with policy-based routing, static routing, and network prefix translation capabilities
Network Services
Dynamic DNS, DHCP server, DNS forwarding and filtering with comprehensive network management interfaces
Network Security
Advanced firewall with Intrusion Detection and Prevention System capabilities
Web Traffic Management
Powerful web proxy with integrated content filtering functionality
Network Connectivity
Supports VPN connections between cloud regions and on-premise infrastructure
Traffic Optimization
Quality of Service (QoS) mechanisms for network performance management
Logging and Monitoring
Comprehensive logging and reporting system for network traffic and security events
Standard contract
No
No
No
Customer reviews
3
6 ratings
6 AWS reviews
|
21 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
Richard Chamberlain
Network isolation improves security with ease of use in home lab
Reviewed on Sep 04, 2025
Review provided by PeerSpot
What is our primary use case?
My main use case for OPNsense is that it is my home firewall for my home lab.
A quick specific example of how I use OPNsense in my home lab is that I use VLANs, so I have different networks or sub-networks inside my home network, and the VLAN inside of OPNsense allows me to keep them isolated.
I have added some firewall rules to allow different devices to talk to different subnets regarding how I'm using OPNsense in my home lab.
What is most valuable?
The best features OPNsense offers include the VLANs that work spotlessly, and I feel very secure in my network because of it. It was relatively easy to set up, though I think a better wizard would help out.
One of the things I appreciated about the VLANs is that I can have a Wi-Fi VLAN and feel secure that the server network or the VM network that I have on a different VLAN are isolated, and they cannot talk to one another, which adds a great level of security.
OPNsense has positively impacted my organization and home lab through its security features, though it's hard to quantify as I don't pay enough attention to the logs to see what it's stopping from an outside perspective. It's actually sitting behind my modem from my ISP and I'm not in bridge mode.
OPNsense definitely gives me peace of mind and helps my workflow because of the network isolation. I can have multiple subnets without having to worry about one affecting the other.
What needs improvement?
OPNsense could be improved with a better wizard, as when I first installed it, it seemed difficult to know where to go. I had to watch a couple of YouTube videos on it, so having better videos sponsored by OPNsense might be helpful.
It would be beneficial if they could create some videos on how to set it up themselves.
For how long have I used the solution?
I have been using OPNsense for about two years now.
What do I think about the stability of the solution?
OPNsense is stable for me.
What do I think about the scalability of the solution?
OPNsense's scalability in my experience is very scalable, and I've been able to generate multiple VLANs without seeming to have any degradation.
Which solution did I use previously and why did I switch?
I had not previously used a different solution for my firewall; this was the first one I tried.
What was our ROI?
Unfortunately, I have not seen a return on investment with OPNsense; I don't keep track of that, beyond the sense of saying that for a very little investment, I was able to increase the security of my network.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing is that since OPNsense is free, the licensing and setup was easy, and honestly, it's great for the price.
Which other solutions did I evaluate?
Before choosing OPNsense, I did evaluate other options, specifically I looked at pfSense first.
What other advice do I have?
The advice I would give to others looking into using OPNsense is to absolutely go play with it. For little cost, if you have an extra machine around that you can test it out on, test it out. I'm running it on a low-end mini PC with multiple network interfaces and it works great.
I would say that OPNsense is one of those technologies, a firewall that if you're not playing with, you should, just to keep your skills up and to secure your home network.
On a scale of 1-10, I rate OPNsense an 8.
Which deployment model are you using for this solution?
On-premises
Stephen Zoran
Offers seamless deployment and feature-rich experience with deep packet inspection
Reviewed on Apr 29, 2025
Review provided by PeerSpot
What is our primary use case?
I am a Sales Engineer working for a consulting company. I use OPNsense to take my lab environment on the road for demos. Initially, I built it to bring my demos from my own lab. Although the company has a lab, putting an OPNsense firewall in there worked better because it was a colo. I run it both bare metal and virtualized, and in some cases, I do both.
What is most valuable?
The main features I find valuable are ease of use, code stability, and the ability to add features such as Zenarmor, which provides fourth-generation firewall capabilities with deep packet inspection. Additionally, integrating solutions like Tailscale for VPN is very valuable for my uses.
What needs improvement?
They are trying to augment reporting with Grafana dashboards. Some of those integrations could be improved to work better with Grafana .
For how long have I used the solution?
I have used the solution for about four years.
What do I think about the stability of the solution?
The solution is extremely stable. At the latest code level, I haven't experienced any crashes. Initially, there were some performance issues with earlier versions, but it is very stable now.
What do I think about the scalability of the solution?
So far, scalability has been good. I use Zenarmor, pinning it to one core for packet inspection, and the CPU performance seems very good. My use cases don’t drive a ton of bandwidth, but I’m looking at some AI applications that may increase that dramatically, and that's where we will test scalability.
How are customer service and support?
The support is good. I mainly rely on community support since the solution is open source. I haven't had to open many tickets, just one or two under the Pro license.
How would you rate customer service and support?
Neutral
How was the initial setup?
The initial setup was very straightforward. It took about an hour the first time, but I could probably do it in five minutes now.
What was our ROI?
There are dramatic operational impacts compared to Check Point and FortiNet.
What's my experience with pricing, setup cost, and licensing?
The pricing is competitive when compared to vendors like Palo and FortiNet.
Which other solutions did I evaluate?
I have experience with FortiNet and Palo Alto network solutions.
What other advice do I have?
Overall, I would rate OPNsense as nine out of ten. The ability to deploy easily and leverage fourth-generation features adds significant value, especially with Zenarmor.
Which deployment model are you using for this solution?
On-premises
reviewer1027455
Enhancing network security with reliable firewall functionality and GeoIP features
Reviewed on Nov 15, 2024
Review provided by PeerSpot
What is our primary use case?
I use OPNsense primarily for network security. It involves basic firewall operations and GeoIP location functionalities. I've got multiple versions running, some on hardware purchased and some on VPSs.
What is most valuable?
The most valuable features include the basic firewall functionality and the GeoIP location services. OPNsense is very stable, easy to upgrade, and maintain. I can work efficiently, knowing it does what it needs to do.
What needs improvement?
OPNsense should improve its performance in handling large volumes of voice traffic. It needs more support for Vigoroute and extensive VPN technologies. Enhancing its performance for significant amounts of data traffic would make it closer to a perfect solution.
For how long have I used the solution?
I've been working with OPNsense for about five years.
What do I think about the stability of the solution?
I rate OPNsense's stability as very high. I would give it a nine out of ten. The only challenge faced was its inadequacy to manage large voice traffic effectively, even with dedicated hardware. It couldn't keep up with the packet per second for voice load, requiring a revert in our setup.
What do I think about the scalability of the solution?
OPNsense struggles to handle large volumes of voice traffic, indicating scalability issues in that specific use case.
How are customer service and support?
I haven't used technical support. I rely on forums and manage the setup independently.
Which solution did I use previously and why did I switch?
The only other similar product I can compare is FortiGate . Overall, I find OPNsense more user-friendly.
What's my experience with pricing, setup cost, and licensing?
I consider the pricing of OPNsense to be high when compared with other market products. However, as a free firewall product, it is one of the best available currently.
Which other solutions did I evaluate?
I only evaluated FortiGate alongside OPNsense, as they are the two offerings from my company.
What other advice do I have?
For small to medium businesses, I recommend OPNsense. I'd rate it eight point five out of ten.
Karan S.
My Experience with OPNSense
Reviewed on Oct 17, 2024
Review provided by G2
What do you like best about the product?
the thing which i liked using OPNsense it has very good contenet filtering and from my seniors i have heard it is very cost effective to our company also in my personal use i have seen it has good authentication but in the first place it has good user friendly interface also it has a good performance response time is very good also i am using this like everday .
What do you dislike about the product?
there are not much dislike here but one thing i wants to point out is initial setup is quite difficult if you are not aware of much of the tech also for personal use i was going through the documentation but it was not much of help full
What problems is the product solving and how is that benefiting you?
it has good network security without connecting to this i cant access my company contenet which is very good idea so that some how if some has my laptop with out connecting to OPNsense they cant access the content also as i have mentioned earlier it is cost effective it has good web filtering like my organisation doesnt allow us to open our personal gmail in company laptop so we cant access all thanks to OPNsense
Suraj K.
Secure our network
Reviewed on Sep 23, 2024
Review provided by G2
What do you like best about the product?
OPNsense has a user-friendly web interface, making it easy to use even for people who aren’t very technically knowledgeable. The platform gets regular updates, ensuring that security issues are fixed promptly and new features are added. The customer support is good and always available for assistance
What do you dislike about the product?
Currently, we are not facing any challenges. everything is going well
What problems is the product solving and how is that benefiting you?
Previously, we were facing a security challenge, such as unknown websites opening. After implementing this firewall, we can block unknown websites (HTTP sites) and also allow or block websites as per our requirements.