Favorite Firewall Solution - Community POLL

What’s your favorite firewall solution and why? I know @LTS_Tom’s favorite is PfSense but I wonder what other people around the community choose?

Depends on situation. I have some amount of experience with almost every platform.
For managed customers, WatchGuard, unless they buy into Meraki. We have taken over Juniper, Fortinet, and others. We used to offer Cisco ASA but stopped. You might notice a theme here - our target industry expects a full subscription based service.
For my house and tech savvy friends, Mikrotik, sometimes with a USG with NAT disabled behind it for the DPI. Once you get past the UI oddness, Mikrotik is almost a direct mapping of linux functions and networking basics, which makes is easy for us to understand what’s going on under the covers. Waiting on a way to disable NAT on the UDM/UDMP before buying one. Or UI can make it good enough that I don’t need to disable NAT and get rid of the Mikrotik - unlikely.
For virtualized utility installs, PFSense. Usually these are less about firewall and more about basic routing and VPN.
For nonprofit convention networking, Tomato, OpenWRT, or Mikrotik. This is about strict economy and flexibility.

I use pfSense for my home and cloud hosting business. For my data center project work I use Cisco Firepower (FPRs), Palo Altos, and Checkpoints. For offices I use Cisco (FPR and Meraki) and Fortinet. For public cloud I’ll use Cisco CSRs as well as the built in network services. It really depends on the existing infrastructure that I will be connecting to and required security services such as IPS, remote access VPN, identity mgmt, and MFA.

OPNsense gets my vote. I’m a fan of it being open-source, flexible hardware (much like pfSense), and importantly for me is 2FA with TOTP without subscriptions or paid add-ons.

We focus on business clients, and for over 15 years we’ve been pushing UTMs…firmly believing they should be guarding businesses versus plain NAT routers.

We have done a lot of PFSense…I’ve played with it since their first year out in the beta days, love it, I call it “the Ferrari of firewall distros”. BUT…I wanted more full UTMs…so shortly after that I discovered Untangle and started reselling that since back around version…5.03 I think. We have a lot out there, it’s a great money maker, strong reseller program. Fantastic support. Also did a bit of Endian back in the day. On the “entry level side” for basic clients that either don’t need a full UTM, or won’t pay for one, …we’ve been using Ubiquiti…and they’ve worked well. Both Edge and Unifi…depending on the client, although since Unifi has matured a lot. (tidbit of info…a couple of years ago Ubiquiti hired one of the co-founders of PFSense…Chris B…to take over the Unifi project…which is why you’ve seen Unifi get much better in recent years).

We’re happy with Sophos UTMs. Subscription service is expected. They have scale in their range from small to VLarge and support loadbalancing and failover.