@NASbox Haha, just a "few" things. Thanks for that write-up. It sounds like a direction I'd like to head towards. I'm just now starting to learn about pfSense, and about FreeNAS for that matter. I finally just finished building my
48TB freenas box. I've been busy setting up jails, etc.. Started to do cert stuff via cloudflare, but ran into issues with my current router not being about to dns host override actions. Which led me to pfSense.
@thepixelgeek very nice build! Please tell me more... I'd love to know a bit more about what you are doing with that beautiful box.
What are you doing with cloudflare?
https://www.amazon.com/dp/B07G9NHRGQ/ref=psdc_13896591011_t1_B07FKMJGD6
Mine is about 4-5 years old, so that one is better than mine since it has the AES-NI. At a glance that looks like it should be a great choice. Specs are very similar to mine otherwise and it is well sized for the task.
You may want to ask around in the pfSense hardware forum to see if anyone is using it just to double check on build quality or other unforseen problems.
If I go that route, how's the setup/installation of pfsense software. Looks to be the better avenue given the cost difference. Especially comparing to the SG-5100 ($699)!
Also looking at USG, but not sure how it compares.
Don't know much about the USG, but personally I prefer a well supported open source project. Hardware vendors eventually abandon support for products and then you are SOL. I could likely buy a new minipc, install pfSense, import my config and be right back where I started, but with new hardware. Like to try that with proprietry software? As an asside I decided to upgrade my 5 year old phone to lineage OS because I don't like the sealed batteries and disappearing headphone jacks, and my securtity patch level is more recent than the $1400 S10s in the store... and I don't have to put up with all the bloatware, I can back up my phone properly, and cut down on a lot of the privacy invasion... and save $1400! God bless the open source communities.
As a home user I couldn't afford to pay the premium for pfSense hardware (in a business in makes sense because you have to pay someone to assemble hardware), but a home user is likely doing it becuase they like to do it (and/or get advantages of customization/control by doing it).
If you can build that FreeNAS box, trust me you can install pfSense. A monkey can install it. It takes moderate ability to use it in place of a consumer firewall, and depending on what you want to accomplish you might need to be a guru... but then you use pfSense to replace very high end cisco products in large installations with appropriately sized hardware - it does high availability/failover, multiple WANS, and a whole host of things a small installation doesn't need.
If you want a firewall, a remote access VPN, and some filtering/blocking, then you have a few hours of reading to do, but it's very doable as long as you have some basic networking backaground. If you are asking "What's a subnet? What's a broadcast address? DNwhat?, then you are going to have some major poblems.
Most of my issues were I had zero experience with a managed switch and VLANs.... which was a difficult learning curve. Very hard to find good educational material.... most of the training stuff I looked a got into a lot of very elaborate concepts for multi floor/location office buildings with hundreds of users.... or way too simple. Finding something for an advance home/very small business user is almost impossible.
TLDR; Watch Tom Lawrence's videos on pfSense on Youtube, and download the manual and have a look... You will have a tool you will likely never outgrow.
AFAIK, you don't get a lot in the way of support with the hardware, you have to buy a separate support package--double check, I may be wrong. So either way you are going to have to understand how to set things up. Plugging in the hardware and installing pfSense is a no brainer, and it's good to get some experince setting it up, breaking things and fixing them before you put the thing into service. That way if something does go wrong you know how to fix it.
If you get into filtering, depending on how far you want to go, a lot of work may have to go into deciding what lists to subscrible to and tuning those lists. I went looking for as much malware blocking as I could find, and I llkely need to repeat that exercise since I haven't updated my choice of lists for about 2 years (the lists pull fresh updates every few hours depending on the list). Again, unless you get a turnkey choice made by a vendor, you are going to have to do that yourself.
I haven't upgraded my pfSense box yet, (I still have a UFS root file system) but pfSense has moved to a ZFS root file system, which means you have snapshots/boot enviroments/rollback just like FreeNAS which will be a big relief if you run into an incompatable package or a bad update (in over 4 years it hasn't happened).
I'm sure you won't regret going the pfSense route. I wouldn't want to run a home network without it (even without the VLANs) becaise you can monitor and control what is going in and out and you get quick security patches by people who are passionate and know what they are doing!
Hope that is helpful... best of luck.