Comparative Analysis of Flexiwan, OPNSense, and pfSense Cybersecurity Mechanisms in MPLS / SD-WAN Architectures

Document Type : Original Article


1 Network Department, Computer Sciences institute, Sulaimani Polytechnic University, Sulaymaniyah, Iraq

2 Department of Computer Science, College of Science, University of Garmian, Kalar


SD-WAN, a software-defined network used in wide area networks, has grown in popularity among major corporations with geographically spread operations. Given the high prices of WAN connections, the key objective is to employ software-based solutions to offer a cost-effective balance. However, the proliferation of SD-WAN solutions from many vendors and open-sources has led in a rise in the number of threats and vulnerabilities to the technology. This research compares three popular open-source firewall solutions inside a certain design and examines cyber-attack vectors within the SD-WAN architecture using Graphical Network Simulator-3 (GNS3) software simulations. The presented topology consists of three branches, each of which employs one of the suggested firewalls, Flexiwan, OPNSense, or pfSense, and is linked by Multiprotocol Label Switching (MPLS), Virtual Private Network (VPN) and Internet Protocol Security (IPSec) tunnels. The research concludes that the solutions mentioned provide similar mechanisms for security, including confidentiality, integrity, and availability. Simulation results show that these open-source firewalls provide in-depth security features for SD-WAN architectures and can be implemented in such environments. However, the three solutions have vulnerabilities, which can be handled as long as they offer tools for adaptation because they are open-source and can be improved in future batches and updates within their community.


Main Subjects