PfSense and perimeter security
We're seriously considering standardizing on pfSense as our preferred router platform, for all but our largest clients (because support isn't 24x7).
I have one concern, however: I’m not aware that pfSense has much by way of advanced perimeter security. I know it has Snort as an optional package but in my playing with Snort it really peeved the heck out of me and I had to go pop some Extra-Strength Advil before uninstalling it.
I also don’t know nearly enough about advanced perimeter security to know what I'm talking about!!! I know that the larger commercial router vendors like Cisco etc. have annual subscriptions to their threat databases and whatever but I don't really know what that means, whether it's worth it, and whether something like pfSense can do the same as effectively.
I've had good results with Snort. pfSense also has Suricata. Both are IDS engines (Intrusion Detection System) that load daily update files with threat parameters.