Mine is an unusual situation. I have for years been using an ASA5550 I picked up used probably 8 years ago. I had access to the firmware for that platform and its what we used at work so I could sometimes try things out at home. The thing was a tank. It was good for 1Gbps from LAN->WAN but had to share backplane from LAN->GUEST or LAN->ISOLATION (my workbench equipment) but that was fine for my needs. The two built in remote access VPN connections were enough for my needs and naturally it was fine for building S-2-S IPSec VPNs. It ran non-stop for all those years unless the power was out. Just rock-stable and reliable gear.
But with each year after it went EOL/EOS it became harder to keep it up. The issues with Java and all the security settings with the old ASDM GUI and later with browsers making TLS 1.1 a major PITA it was getting very involved to get into the GUI anymore. Sure, it has a rocking CLI but I'm visual and prefer seeing related parts of config. It's also a major electrical load to run every day every hour on top of my two other managed switches. I decided it was time to part ways with her.
I looked into Cisco gear again and the FP1100 but the price is just astronomical plus the requirement to pay yearly for every feature you want. That was a solid "no". Fortinet, SonicWall, and Sophos were others I looked at too but all would be locking me into some level of subscription and they are pretty pricy still for real 1Gbps throughput on all the inspections. I decided to take another look at pfSense to see how it had come along since I last saw it a decade ago.
That brought me to the Netgate hardware and It didn't take long to decide. I settled on the 4100. The features needed were there, the interface was pretty nice and feature rich (vs the Unifi Dream Machine I was considering) and the specs looked really good. Everything I was doing on the ASA could be done here and in a smaller, quieter, lower power setup. I waffled between 6100 and 4100 but I think this is already overkill for my home network needs.
Watched a few videos to get up to speed after ordering and my equipment arrived in 2 days. It took me about 4 hours to get basic setup in place and get it put in parallel with the ASA. Worked immediately and with a few tests done I went ahead and swapped it into place on the internal network. Most of the family had no idea it even happened. Another 4 hours and I had most of my other networks grafted onto it.
Day two and I had incoming port forwards done. Certificate setup done. OpenVPN working, single-pipe traffic limiting on my guest network and per-ip traffic limiting on my internal network. I have a plan for setting up a site-2-site VPN with a friend in another city to allow remote backup to an off-site NAS. This I will probably use a Netgate 1100 to implement.
So far I am impressed with this platform and software. I think a little more documentation in the box would be nice and with an ASA background figuring out if I really want some of the "we did that for you" items can be a little bit hard but I really have no major negatives. There are aspects of the ASA, CLI, and ASDM GUI that I will miss but not many. This is FAR FAR more intuitive to setup and VPN is a complete snap by comparison. Over a decade and Cisco ASA VPN is still a nightmare to setup and admin. I was happy with how quickly I could each new feature bolted into place.
Impressive project and product. Nice to see an open source project go this long and mature this well AND not be arcane. Kudos and I feel I made a really solid choice if the hardware lasts and the updates are solid.
AT&T Fiber Internet
2 C3750-X 48 port full PoE switches w/routing (1 home, 1 outbuilding)
1 Netgate 4100
4 Main subnets (Internal, Guest, Shop, Isolation)
3 Wireless APs.
16 to 24 connected devices average.
Work from Home office in the Shop building.
