So I built a PFsense box this weekend.. After much trial and error I got it working. It's probably the most non-intuitive thing I have worked with since Watchguard. The install is a joke, and often errors out, and/or doesn't detect NIC's properly. In some cases you need to manually edit the loader to recognize NICs. Which of course in my case I needed to do. Second you need to load into it, and then enable the secondary NIC (LAN) because the install only allows you to designate the Primary NIC (WAN). Nothing about it is intuitive, or well done, the GUI while good, isn't helpful. For example if you enable HPAV you need to disable transparency in Squid. Etc. None of this is indicated in the FW, so you need to research it on the internets. After I got it running default, nothing enabled I placed it on my network. The problems started immediately, it broke my PBX-VOIP, and refused to allow my encrypted PBX pipe through. Essentially my VOIP is highly secure, and starts a 2048-Bit encrypted VPN everytime I pick up the phone, and generates a new key for the handshake. There is a 3 second pause when you pick up my phone while the handshake takes place, and the VPN is negotiated. PFsense was having NOTHING to do with that, even with all forwards correctly entered. Second, games started breaking.. First Steam complained, then War Thunder refused to update, even with all ports correctly passed through. Research indicates PFsense is well known for 'breaking' stuff, including random games, etc. Throughput on some speed tests was terrible, and fine on others, consistency was lacking. After 3 hours of putting in policies/rules/forwards, nothing much was working correctly in the home. Which reminded me of my nightmares with Sopho's UTM. My conclusion so far is Pfsense while good for pure businesses, and limited homes, is probably not a good choice for consumers, even tech savvy consumers. It seems to break too much right out of the box. I assume I MAY be able to get it working if I spent a couple days poking through it. Which at some point I may attempt to tackle it again. The problem is, Untangle works out of the box after a few clicks on the installation, and doesn't block legitimate traffic out from the WAN. Once untangle fixes their anemic IPS, it will be a contender again - which apparently is in Beta right now. Anyone have any comments/suggestions? I want to bring Pfsense back into the mix if I can overcome how utterly picky and network breaking it is!