OPNsense hardware and deployment requirements

OPNsense is an open-source firewall and routing platform based on the FreeBSD operating system created by Deciso. OPNsense is a fork of pfSense and has many same features but an entirely different GUI and more customization options.

It was first released in 2015 as a fork of the more well-known pfSense firewall software. OPNsense provides a wide range of features and functionality, including firewall, virtual private network (VPN), intrusion detection and prevention, web filtering, and load balancing, among others. It is designed to be easy to use, flexible, and highly customizable, with a user-friendly web interface and a vast community of developers and users who contribute to its ongoing development and improvement. OPNsense is free to use, and its source code is available to the public, which means users can modify and distribute it as they wish.

All the information below are valid for both pfSense and OPNsense implementations.

More about differences between both forks you’ll find under this address:

pfSense vs. OPNsense

 

 

System requirements

OPNsense is developed on the Hardened FreeBSD platform, and it includes all of the drivers that are present in Free BSD. Consequently, OPNsense has the same level of hardware compatibility as Free BSD.

OPNsense is compatible with a diverse range of devices, from embedded systems to rack-mounted servers, as long as the hardware can support 64-bit operating systems. OPNsense exclusively supports x86-64 (amd64) microprocessor architectures.

Minimum Hardware requirements

The minimum hardware requirements for installing OPNsense are as follows:

  • 1 GHz dual-core CPU x86-64 Intel/AMD CPU architecture (AES-INI instructions supported for cryptography)
  • 4 GB of RAM
  • 8 GB of storage (solid-state drive, nvme recommended)
  • Network card with at least two interfaces (recommended Intel NICs), 1-10 Gbit or more
  • Serial console or video (VGA) for initial installation

Note that the above requirements are for a basic installation of OPNsense. If you plan to use additional features or services, such as VPN, IDS/IPS, or proxy, you may need more RAM and storage.

  • 1,5 GHz dual-core CPU, x86-64 Intel/AMD CPU (AES-INI instructions supported for cryptography)
  • 8 GB of RAM
  • 120 GB of storage (solid-state drive, nvme recommended) have an Intel NIC
  • Network card with at least two interfaces (recommended Intel NICs), 1-10 Gbit or more
  • Serial console or video (VGA) for initial installation

Keep in mind that these are only recommendations, and the actual hardware requirements may vary depending on the use case and workload.

More – List of CPUs that supports AES-INI

 

Hardware considerations

In terms of hardware all the requirements are same for pfSense and OPNsense.

When choosing hardware for OPNsense, a popular open-source firewall and routing platform, there are several factors to consider, including:

  1. CPU: OPNsense is CPU-intensive, so choosing a powerful CPU is essential. A multi-core processor with a clock speed of at least 2 GHz is recommended.

  2. RAM: OPNsense requires a minimum of 2 GB of RAM. However, it is recommended to have at least 4 GB or more for optimal performance, especially when using features like VPN or Intrusion Detection System (IDS).

  3. Storage: OPNsense requires at least 8 GB of storage. Solid-state drives (SSDs) are recommended over hard disk drives (HDDs) for better performance.

  4. Network Interface Cards (NICs): OPNsense requires at least two NICs for firewall and routing functionality. Intel NICs are recommended for compatibility and performance.

  5. Power Supply Unit (PSU): A reliable and sufficient PSU is essential to power the hardware components.

  6. Form factor: OPNsense can run on various form factors, including desktops, rack-mount servers, and embedded systems. The choice of form factor depends on the use case and deployment scenario.

  7. Budget: The cost of hardware is an important factor to consider, especially when deploying OPNsense on a large scale. Choosing cost-effective hardware without compromising on performance is essential.

 

Hardware sizing guidance is same for both OPNsense and pfSense:

 

Overall, it is important to choose hardware components that are compatible, reliable, and capable of handling the expected workload.

 

Moreover, when choosing the right hardware you need to focus on the deployment type.

 

Home use

If it’s a home use equipment you need to consider the HW reliability, power usage and think of the PC board/Mini Pc manufacturer that will keep the same form of the HW over the years, so if your HW fails you could easily switch to new HW appliance. When migrating the config to new machine make sure that it has same number of physical interfaces.

Small business use

If the deployment is made for a small/medium company when choosing the HW you need to keep same requirements as for home deployments but It is advised to have a cold backup device that you can deploy whenever the main goes down or have a redundancy set between two devices.

 

Official devices with support:

3rd party devices:

 

Why not to virtualize your router?

It’s always better to have a HW device deployment in place rather than VM when it comes to the stability.

Opnsense virtual deployment is not necessarily a bad idea, but it may not be the best option for every situation. There are some potential disadvantages to running Opnsense in a virtual environment that you should be aware of.

One concern is performance. Running Opnsense as a virtual machine can potentially reduce the performance of the network traffic routing and security features, depending on the resources available on the host machine and the demands placed on the virtual environment.

Another concern is security. Virtualization introduces additional layers of complexity to your infrastructure, which can make it more difficult to ensure the security of your network. Additionally, vulnerabilities in the virtualization software or the hypervisor can potentially be exploited to gain unauthorized access to your network.

Finally, virtualization can introduce issues with compatibility and interoperability, particularly if you are running a mixed environment with different types of hardware and software. This can lead to unexpected problems and downtime if not managed properly.

All of these factors should be considered when deciding whether to deploy Opnsense in a virtual environment. While it may be a viable option for some organizations, it is not always the best choice depending on your specific requirements and resources.

If you are still interested in virtualization head up to the guide on how to deploy a VM:

https://protectli.com/kb/opnsense-on-proxmox-ve

 

Sources:

0 Shares:
You May Also Like