So, the time is coming soon for me to replace my router at my home office. I'm pretty much sold on pfSense going forward, although I had evaluated offerings from Ubiquiti (Edgerouter and USG) and Cisco small business, pfSense seems to be the best way to go as far as bang for buck and all the features I am looking for. I'm just curious as to whether my plan is going to work, and any potential pitfalls that may arise with my setup.

Here's the current network setup:

• Cisco Meraki MX64 security appliance
• Cisco Meraki MR33 access point
• Cisco SG200-26FP-NA 24 port POE switch
• WAN1 is FIOS 300x300
• WAN2 is Spectrum 100x10 (provided through my HOA, so I'll take it as a backup since Spectum is legendary for their lack of reliability in our area)

I'm having to replace the Meraki hardware before Feb 1 2020 as that's when licenses expire. As much as I love the hardware/software (and have a few clients that use it), I'm not going to drop that kind of coin annually for my home router and access point.

The bulk of the traffic going through the WAN is 1) Plex Server Traffic 2) SSH/SFTP 3) L2TP/IPSEC client VPN connections (only used by myself). Meraki SA manages to deliver the full 300mbit over VPN.

Initially I was looking at getting a Netgate SG-3100, but then I stumbled into the Protectli FW4A and was quite impressed with the hardware spec, form factor, and price. I am planning to put a 120GB Kingston SSD and 8GB DDR3 into it.

So, now here come the questions:

1. Are there any known issues with the ProtectLi FW4A box and the latest stable pfSense?

2. What sort of experiences have users in this sub had with the FW4A? Is it well liked, or is there another similar box out there that performs better? Is the cooling sufficent on the FW4A or am I going to have to rig a 120mm fan onto the top of it?

3. In my current configuration, all outgoing traffic goes over WAN1 unless WAN1 goes down, or I have a rule in place that routes it over WAN2. Currently I only have rules in place that redirect all traffic from my Roku devices through WAN2, so I can use the Spectrum app to watch TV from time to time. This also has the added bonus of not impacting WAN1 bandwidth when someone is streaming Amazon/Netflix on the Roku. Is this something I can do easily with pfSense, or is it going to require some more in-depth configuration?

4. Client VPN server - How difficult is this to setup? Meraki makes it super simple, and I'm expecting a few more hoops to jump through. I don't particularly care if I use L2TP/IPsec or OpenVPN as I use both interchangeably in practice. It seems like L2TP gives better bandwidth and is easier on CPU usage than OpenVPN, is this accurate? Which one is easier to configure in pfSense?

5. DNS server - One area I particularly found unpalatable with Meraki hardware is that while it can run its own DNS server, if you don't have a Static IP address it will only forward requests to the DNS provided by the ISP. If you want to use another DNS provider like OpenDNS, it will push their internet IP addresses to the clients instead of relaying through the appliance. This isn't a huge deal but rather an annoyance I know has been voiced to Meraki.

6. For wireless, I'm just planning to drop in a single Ubiquiti UAP-AC-PRO or UAP-AC-HD which should be quite sufficient given I've only needed the single Meraki MR33 AP in the past and I'm familiar with Unifi. I don't think this will present any issues, but if there are some I'd like to hear about them.

I'm sure I'm going to have more questions as I get into this project, I figure I'll get a couple VMs spooled up in the next week to do some evaluation and such. Thanks in advance for all your comments and feedback!