My response here is not just to this post, but also your other recent post which is clearly related, and possibly the seed for this suggestion: What is your response to someone telling you "pfSense is not a NG firewall and you should be using one"? - #31 by jvedman
It is true that in many cases, inline inspection of traffic for AV, Spam, etc, targeted at HTTP, FTP, and SMTP, is getting outdated, even if used in an enterprise that does deploy a trusted root certificate to all company computers so the firewall can do MITM of the TLS traffic.
The vendors of these devices are instead putting more emphasis on their managed IP reputation lists, heuristic detection of applications based on factors that can be measured even when encrypted, and the integration of SDWAN and other buzzword features. The company I am currently at, which is just shy of being a Fortune 500 and is acting the way a proper enterprise is expected to act, is in the process of replacing an infrastructure existing of Cisco routers (non-firewall devices) and Palo Alto firewalls (operating purely as firewalls, not routers) with a “modern” NGFW/UTM product. This was chosen not just to have every router also doing firewall duties, but also because the SDWAN functionality is actually doing what was promised and allowing us to use multiple commodity connections at each location and get rid of our more expensive MPLS connections, while still maintaining good QOS for our business critical applications.
If you want to look at the feature set available with the “next step up” I can’t recommend Untangle highly enough. The home license especially is really excellent - you are getting an enterprise-grade product for consumer friendly prices. Tom has mentioned it before, that they use it for their clients that want more application usage reports and dashboards.
I’ve gone down the route of adding on tools to PFSense to do some of these advanced features, but what you are missing in that case is the integration of the features. What a properly designed NGW/UTM does is show you all together in one place everything it has learned and decided relating to a particular host, packet, or connection. What application is it? What priority for QOS does it have? If its a VOIP connection, what is the MOS score and other metrics that indicate if its a good call? What is the reputation of the server? And then for the connections it has blocked, an easy way to view the reports, and unblock false positives. When you do it piecemeal with PFSense, you have to look at each individual thing to get part of the information.