We changed our name from IT Central Station: Here's why

OPNsense vs Zscaler Cloud Firewall comparison

Cancel
You must select at least 2 products to compare!
Featured Review
Find out what your peers are saying about OPNsense vs. Zscaler Cloud Firewall and other solutions. Updated: January 2022.
564,599 professionals have used our research since 2012.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection.""The most valuable feature is the access control list (ACL).""The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands.""The implementation is pretty straightforward.""One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful.""The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate.""Web filtering is a big improvement for us. The previous version we used, the AC520, did not have that feature included. It was not very easy for us, especially because the environment had to be isolated and we needed to get updates from outside, such as Windows patches. That feature has really helped us when we are going outside to pull those patches.""One of the most valuable features of Firepower 7.0 is the "live log" type feature called Unified Event Viewer. That view has been really good in helping me get to data faster, decreasing the amount of time it takes to find information, and allowing me to fix problems faster. I've found that to be incredibly valuable because it's a lot easier to get to some points of data now."

More Cisco Firepower NGFW Firewall Pros →

"The VPN server feature is the most valuable. It is integrated with Radius and AAA for doing accounting and authentication. Insight view is also an important feature for me at this time. It allows me to assess our network traffic. I also like the firewall feature. The BSD kernel has a packet filter. It is one of the most solid frameworks for firewalls. Its user interface is one of the best interfaces I have used.""I have found the solution has some great features overall, such as guest access capabilities, dashboards, and ease of use. There is plenty of documentation and support and it has the plugins that I needed.""The most valuable features are reporting, the Sensei plugin, and firewall capabilities.""The system in general is quite flexible.""The initial implementation process is simple.""OPNsense is easy to scale when running on the hardware.""We have found pretty much all the features of the solution to be valuable.""The interface and the dashboard are the most valuable features of this solution."

More OPNsense Pros →

"The solution offers good sandboxing.""Once you have Zscaler running you have access to configure it however you want.""Includes advanced tech protection.""I like the ease of deployment and its flexibility. We don't need to deal with license, quotes, procurement, delivery, and installation. Everything is software-based, and it's very easy to operate.""The initial setup is straightforward.""Most of the features that Zscaler has to offer, we will deploy.""The solution is scalable."

More Zscaler Cloud Firewall Pros →

Cons
"The product line does not address the SMB market as it is supposed to do. Cisco already has an on-premises sandbox solution.""One of the few things that are brought up is that for the overall management, it would be great to have a cloud instance of that. And not only just a cloud instance, but one of the areas that we've looked at is using an HA type of cloud. To have the ability to have a device file within a cloud. If we had an issue with one, the other one would pick up automatically.""There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility.""FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively.""On the VPN side, Firepower could be better. It needs more monitoring on VPNs. Right now, it's not that good. You can set up a VPN in Firepower, but you can't monitor it.""The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second.""The initial setup was a bit complex. It wasn't a major challenge, but due to our requirements and network, it was not very straightforward but still easy enough.""Implementations require the use of a console. It would help if the console was embedded."

More Cisco Firepower NGFW Firewall Cons →

"There are issues with stability and reliability.""The solution could be more secure.""While they do have paid options that actually gives better features, for most of the clients, if they tend to take a paid option will instead opt for Fortinet.""There should be more technical documentation.""The interface needs to be simplified. It is not user-friendly.""I would like to see better SD-WAN performance.""The ability to set the VPN IP address would be a welcome addition.""The only thing that I would like to see improved is the Insight or the NetFlow analysis part. It would be good to have the possibility to dig down on the Insight platform. Right now, we can easily do only a few analyses. If this page becomes more powerful, it surely will be a well-adopted platform."

More OPNsense Cons →

"It would be nice to have some sort of a form factor, a physical form factor perhaps, or virtual machine that you could install on devices or on a cloud, and have some cloud computing.""Data Leak Prevention is only for web filtering and there is no protection for email.""It would be better if they improved their policy, package visibility, and flexibility while we're creating rules for inspection. It could also be cheaper or more things could be included in the basic package. In the next release, I would like better coverage in the Asia Pacific region and better quality of service.""The product could improve its integration with some legacy systems.""The issue right now is probably that Zscaler is not providing web browser isolation. Another solution, Menlo, offers this. For one customer, we had to send traffic to Menlo to do the isolation for us. It was requested by the customer so that they could integrate any iframe. Zscaler needs to add this type of feature in their next release.""There are some areas it could improve when it comes to blocking, we have to block some things manually. For example, if we block a top-level domain we have seen that the new IPs come through, the IPs are not blocked. There should be some more granular way of doing it. My only request is if you're blocking something at a top level, the sub-level sub-domains and all those other IPs should be blocked too automatically.""Because it's on cloud, it doesn't allow application of extra settings."

More Zscaler Cloud Firewall Cons →

Pricing and Cost Advice
  • "Cisco pricing is premium. However, they gave us a 50 to 60 percent discount."
  • "There are additional implementation and validation costs."
  • "Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed."
  • "This product requires licenses for advanced features including Snort, IPS, and malware detection."
  • "This product is expensive."
  • "For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
  • "The price of Firepower is not bad compared to other products."
  • "The solution was chosen because of its price compared to other similar solutions."
  • More Cisco Firepower NGFW Firewall Pricing and Cost Advice →

  • "OPNsense is open source software so at this time it is free for us to use."
  • "OPNsense is a well known open-source tool."
  • "It is not an expensive product. Basically, I deployed it because it was the fastest solution to satisfy our needs in open source."
  • "OPNsense is an open-source solution and it is free to use."
  • "The solution is not expensive."
  • "As an appliance, it's in the medium price range."
  • More OPNsense Pricing and Cost Advice →

  • "The licensing is on a yearly basis. It is somewhere around 30 or 40 pounds per user for our organization."
  • "There are licensing costs, and I would not say that it's a cheap vendor."
  • "There is an annual license required for the use of the Zscaler Cloud Firewall."
  • More Zscaler Cloud Firewall Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    564,599 professionals have used our research since 2012.
    Questions from the Community
    Top Answer: 
    When you compare these firewalls you can identify them with different features, advantages, practices and… more »
    Top Answer: 
    The Cisco Firepower NGFW Firewall is a very powerful and very complex piece of anti-viral software. When one considers… more »
    Top Answer: 
    It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
    Top Answer: 
    Two of the most common and well recognized firewalls, PfSense and OPNsense both support site-to-site IPsec VPN and… more »
    Top Answer: 
    The initial implementation process is simple.
    Top Answer: 
    We're a customer and an end-user. We are using the telemetry-free version of the solution. Overall, the solution is… more »
    Top Answer: 
    Netscope, Zscaler if they continue route they are on now. FIrewalls needs great deal of automation on each end… more »
    Top Answer: 
    The licensing is on a yearly basis. It is somewhere around 30 or 40 pounds per user for our organization.
    Comparisons
    Also Known As
    Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv
    Learn More
    OPNsense
    Video Not Available
    Overview

    Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
    small/branch offices to high performance data centers and service providers. Available in a wide
    range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
    defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
    Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
    features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
    volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
    for increased performance, high availability configurations, and more.
    Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
    deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
    the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
    can deliver micro-segmentation to protect east-west network traffic.
    Cisco firewalls provide consistent security policies, enforcement, and protection across all your
    environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
    delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
    SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
    greater simplicity, visibility, and efficiency.
    Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

    OPNsense is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources.

    Zscaler enables the world’s leading organizations to securely transform their networks and applications for a mobile and cloud first world. Its flagship services, Zscaler Internet Access and Zscaler Private Access, create fast, secure connections between users and applications, regardless of device, location, or network. Zscaler services are 100% cloud-delivered and offer the simplicity, enhanced security, and improved user experience that traditional appliances or hybrid solutions are unable to match. Used in more than 185 countries, Zscaler operates the world’s largest cloud security platform, protecting thousands of enterprises and government agencies from cyberattacks and data loss.

    Check more details: https://www.zscaler.com/produc...

    Offer
    Learn more about Cisco Firepower NGFW Firewall
    Learn more about OPNsense
    Learn more about Zscaler Cloud Firewall
    Sample Customers
    Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
    CompuNet Systems GmbH,
    Zenith Live, Azure, Carlsberg Group
    Top Industries
    REVIEWERS
    Comms Service Provider22%
    Financial Services Firm16%
    Manufacturing Company8%
    Non Profit8%
    VISITORS READING REVIEWS
    Comms Service Provider33%
    Computer Software Company21%
    Government7%
    Manufacturing Company4%
    VISITORS READING REVIEWS
    Comms Service Provider46%
    Computer Software Company16%
    Government7%
    Media Company4%
    VISITORS READING REVIEWS
    Computer Software Company26%
    Comms Service Provider25%
    Financial Services Firm6%
    Government5%
    Company Size
    REVIEWERS
    Small Business43%
    Midsize Enterprise28%
    Large Enterprise29%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise13%
    Large Enterprise65%
    REVIEWERS
    Small Business69%
    Midsize Enterprise15%
    Large Enterprise15%
    REVIEWERS
    Small Business50%
    Midsize Enterprise13%
    Large Enterprise38%
    Find out what your peers are saying about OPNsense vs. Zscaler Cloud Firewall and other solutions. Updated: January 2022.
    564,599 professionals have used our research since 2012.

    OPNsense is ranked 13th in Firewalls with 11 reviews while Zscaler Cloud Firewall is ranked 29th in Firewalls with 7 reviews. OPNsense is rated 8.0, while Zscaler Cloud Firewall is rated 8.0. The top reviewer of OPNsense writes "A solution that detects and blocks malicious content with good reporting and visibility, but the reliability needs improvement". On the other hand, the top reviewer of Zscaler Cloud Firewall writes "Flexible licensing with good performance and support". OPNsense is most compared with pfSense, Untangle NG Firewall, Sophos XG, Sophos UTM and Fortinet FortiGate, whereas Zscaler Cloud Firewall is most compared with Menlo Security Cloud Firewall, Check Point NGFW, pfSense, Fortinet FortiGate and Cisco ASA Firewall. See our OPNsense vs. Zscaler Cloud Firewall report.

    See our list of best Firewalls vendors.

    We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.