Hello everyone,
a quick question: can I use pfSense CE or opnSense in business environment? Or is it mandatory a commercial (paid) version?
I am asking because I think I miss something during the modifications they did few months ago on licenses of pfsense plus / ce…
You can still use pfsense CE in a business enviroment. We use pfsense+ because we only use Netgate hardware for our clients.
Thank you!
We need to change the software because there are some problem between Untangle and its reseller here in Italy, so we looking for an alternative keeping the existing hardware.
OPNsense is also available for commercial use in the free version, but you are going to be on the stable version. OPNsense Business is behind stable by about 6 months and gives you some custom blocking lists. If there are important fixes in Busniess, you get an update as soon as they are ready, normally a little behind the free stable. Consider OPNsense Business as extra stable.
If you are filtering sites, then you may also want to look into Zenarmor which plugs into OPNsense and pfsense. You can also try to get the opensource e2guardian working, this was a bit faster than Zenarmor when I had it working.
If you have the time and a spare system, I’d suggest trying both to see which you like better. Then you can decide if you are going to purchase the + or Business level product.
I avoid OPNSense as their slower on security updates.
Critical things have been faster, they may lag behind PF, but only because they generally want the patches to move through the base OS to be deployed. They are a case by case basis and weighed by possible attack. If the likelyhood of an attack is having physical access to the device, it might wait until a regular release cycle and make it to Business in a couple weeks after that.
But yes, I did hesitate before posting the above based on the view points of most people on these forums. It’s an option that people really should look at before they make a choice to spend money on hardware or licenses. If they then decide on PF, that’s OK with me. Just like I started teaching myself VSphere 8, I can see why people like it over XCP-NG, but I can also see why people like XCP-NG too. There are definitely things that XCP-NG does better, or at least I haven’t gotten deep enough into VMware to see these things yet. Still just scratching the surface with VMware.
I have been an almost exclusive user of pfSense since version 2.0. I had already used previous versions, but at the time I used Endian Firewall and other options more. However, given the path that Netgate has taken with the project, if I were to start my environment with clients NOW (without having to migrate more than 50 firewalls and train each client’s level 1 team), I would undoubtedly go for opnsense as the main firewall.
In this case, the biggest problem for me is that Netgate has been cutting off the decision-making community for years, has increasingly closed the platform, and I have no doubt that in a few years they will kill the CE version or turn it into a beta, as Zentyal did, which killed the project.