We have the fairly high end DEC3850, and I don't recommend it (or their other stuff). Not because I don't love OPNsense, because I do and I've switched all my firewall/gateway/routing tasks over to it at a range of sites from UniFi gateways (which are crap). OPNsense is awesome. I have Deciso's Business Edition as well in a bunch of places. And the thing does work.
But the value is crap. Essentially it's a SuperMicro 5019D-FTN4 with a worse
performing chip, a built-in AMD SFP+ solution (which isn't as well supported as a cheap Chelsio card one can find on Ebay), and with no IPMI or normal VGA console. Which sucks. For something as critical as a gateway, it's really nice to just be able to plug it into normal rack console/screen/IPMI management for recovery and install. And originally barebones the 5019D sold for around $1k. While sadly amongst the supply shortages now they're more like $1400 despite being old, that's still ~$300 less than the DEC3850, and will end up about even with RAM and an M.2. But you still then get a faster CPU, and much better management. They throw in a single year of BE as a small sweetener but overall their offerings are straight downgrades in my opinion from just getting normal decent PC hardware. And that's part of the advantage of going to OPNsense in the first place.
So I kind of regret going for that vs just getting a normal SM system (various flavors of which I've deployed everywhere else, I got a bunch of 5018Ds for ~$600 for example). Not that setting up a special dedicated serial thing is a huge deal, but it's definitely an annoyance at that price level. Looking over the rest of their offerings it all looks similar: debatable quality for the money vs bog standard quality hardware.
And I want to be clear this isn't just a complaint about markup. I don't in principle actually mind paying more for the same thing if it comes with better support and someone standing behind it. The problem here is that the features are actively worse, and support is too! I was very surprised for example that something like Sunny Valley's Zenarmor actually has issues with the DEC3850's SFP+ that it wouldn't have with an old Chelsio card. So it's not like it runs OPNsense better.
Still, despite warts I'm very happy overall with the OPNsense, and with Deciso beyond their kit. It's also let me squeeze more life out of stuff I was feeling more iffy about (like UniFi and UISP for example, now I can just route their management VLANs via WireGuard for L3 management with zero internet exposure, and without UI's shitty ass routing/security I'm no longer feeling as pressured to leave ASAP).
But the value is crap. Essentially it's a SuperMicro 5019D-FTN4 with a worse performing chip, a built-in AMD SFP+ solution (which isn't as well supported as a cheap Chelsio card one can find on Ebay), and with no IPMI or normal VGA console. Which sucks. For something as critical as a gateway, it's really nice to just be able to plug it into normal rack console/screen/IPMI management for recovery and install. And originally barebones the 5019D sold for around $1k. While sadly amongst the supply shortages now they're more like $1400 despite being old, that's still ~$300 less than the DEC3850, and will end up about even with RAM and an M.2. But you still then get a faster CPU, and much better management. They throw in a single year of BE as a small sweetener but overall their offerings are straight downgrades in my opinion from just getting normal decent PC hardware. And that's part of the advantage of going to OPNsense in the first place.
So I kind of regret going for that vs just getting a normal SM system (various flavors of which I've deployed everywhere else, I got a bunch of 5018Ds for ~$600 for example). Not that setting up a special dedicated serial thing is a huge deal, but it's definitely an annoyance at that price level. Looking over the rest of their offerings it all looks similar: debatable quality for the money vs bog standard quality hardware.
And I want to be clear this isn't just a complaint about markup. I don't in principle actually mind paying more for the same thing if it comes with better support and someone standing behind it. The problem here is that the features are actively worse, and support is too! I was very surprised for example that something like Sunny Valley's Zenarmor actually has issues with the DEC3850's SFP+ that it wouldn't have with an old Chelsio card. So it's not like it runs OPNsense better.
Still, despite warts I'm very happy overall with the OPNsense, and with Deciso beyond their kit. It's also let me squeeze more life out of stuff I was feeling more iffy about (like UniFi and UISP for example, now I can just route their management VLANs via WireGuard for L3 management with zero internet exposure, and without UI's shitty ass routing/security I'm no longer feeling as pressured to leave ASAP).