Do you remember when you purchased your Wi-Fi router? Probably not. If you’re like most people, you likely got it from your ISP potentially many years ago. Here’s another question: when was the last time you updated its firmware? Never? Highly likely.

I’ve been using the excellent (and free)pfSense CEandOPNsensefirewall and router software for a while now, and I wouldn’t go back to an off-the-shelf router. Below are six reasons why.

OPNsenseDashboard

1Open Source Security

Both pfSense CE and OPNsense are based on FreeBSD, a Unix-based open-source operating system known for its focus on security. Because they’re open-source applications, security researchers can review the codebase to ensure thesoftware does what it’s supposed toand doesn’t contain any apparent bugs or vulnerabilities.

By comparison, most off-the-shelf commercial routers use proprietary code and cannot be reviewed. You need to hope the developers of that software have robust cybersecurity practices and test things rigorously.

Checking for updates in OPNsense.

2Frequent Updates

Many commercial router manufacturers seldom update their products' firmware. They tend to focus on bringing the next model to market rather than updating older products. That may make business sense, but it’s bad security practice. People often keep their commercial routers for ten-plus yearswithout ever updating their firmware.

If you use pfSense CE or OPNsense, you get frequent updates to protect you from emerging threats. Case in point: pfSense CE and OPNsense issued updates to mitigate theSpectre and Meltdownvulnerabilities shortly after these major vulnerabilities were discovered. What about your store-bought router?

pfSense’s UI exposes most settings to users.

3Customizations Galore

This one is for your inner geek. While most off-the-shelf routers provide all the functionality your everyday user needs, those who like to play around with their network by setting up servers and experimenting with various configurations (lab setup) will be much better served with pfSense CE and OPNsense.

By navigating their respective UIs, you’ll quickly see just how customizable the software is. Both will accommodate practically any networking scenario. It’s also a great way to learn about networking.

pfSense’s Package Manager lists all the available add-ons.

4A Massive Number of Add-Ons

Out-of-the-box, both pfSense CE and OPNsense pack a ton of functionality. But they also come with a large repository of optional add-on software. These are optional because if you don’t need that extra functionality, you’re better off not installing add-ons, as they could grow your attack surface if not properly configured.

But they’re there if you want them.

pfSense provides detailed logging with filtering capabilities.

There are many, many more. So it’s worth taking your time to browse the selection.

5Detailed Logging for Easier Troubleshooting

When most folks have an issue with their internet connection, they’ll attempt to fix it by rebooting their router, and if that fails, they’ll promptly contact their ISP. There’s nothing wrong with that, of course. Most off-the-shelf routers have limited logging capabilities and don’t provide the ability to filter logs by keyword, making the experience of viewing your router logs a jumbled mess.

With pfSense CE and OPNsense, you gethighly detailed logging, organized by category, with all the filtering you could want. It makes troubleshooting issues much easier—even for those who are less tech-savvy. You might still need to call your ISP’s support department, but at the very least, you’ll have a better idea of what the issue may be and can better assist the rep on the phone.

6It Runs on Old Hardware

pfSense CE and OPNsense are free and open-source, but you’ll still need some hardware to install them. The good news is that you don’t need to go out and buy a high-end machine. pfSense CE and OPNsense will run onolder hardware you may have lying around already.

Note that you can run either firewall as a virtual machine, but that’s a different beast than running the firewall on dedicated hardware. Plus, you’re going to need a powerful base system for that.

The minimum hardware requirements are:

I’d recommend the following, if possible:

Those are some of the reasons I find pfSense CE and OPNsense compelling, and I do, in fact, use both. There are other reasons, but with the current state of the internet, in which marketers, big tech, governments, and malicious actors all want a piece of your data, the added security benefits take the crown.