About a year ago I replaced the consumer router that came with my connection, because it was slow, lied about its NAT table size, and rebooted itself whenever it felt unloved. I could not decide between a MikroTik and a pfSense box, so being sensible and frugal, I bought both and ran them in different roles for a year. Here is what I actually learned, rather than what the forums told me before I started.
What each one is
MikroTik is a hardware vendor whose boxes run RouterOS, a dense, capable, slightly intimidating routing operating system. You get a lot of router for not much money, and the same OS runs across a wide range of hardware. pfSense is FreeBSD with a firewall stack and a web UI, running on whatever x86 box you point it at, in my case a small fanless thing with a few NICs.
They overlap heavily and they are not the same tool, which is the whole point of this comparison.
MikroTik: dense, fast, unforgiving
The MikroTik is the one doing the actual routing and switching at the edge. What it is brilliant at is doing a lot of networking in a small, cheap, low-power box. Hardware-offloaded forwarding means it pushes my line speed without breaking a sweat. The feature set is genuinely deep: proper VLANs, BGP and OSPF if you want them, queueing that actually works, all in something the size of a paperback.
The cost is the learning curve, which is more of a learning cliff. RouterOS has its own logic and its own vocabulary, and the documentation assumes you already understand networking properly. The Winbox tool and the CLI are both fine once they click, but they do not hold your hand. My first month involved several self-inflicted lockouts and a great deal of "why is this not forwarding". When you get something subtly wrong, it will not warn you, it will simply do exactly what you told it.
# RouterOS firewall: terse and order-sensitive
/ip firewall filter
add chain=forward connection-state=established,related action=accept
add chain=forward connection-state=invalid action=drop
add chain=forward in-interface=ether1 action=drop comment="default deny inbound"
The flip side of unforgiving is precise. Once it is configured the way you meant, it is rock solid. Mine has uptime measured in months and has never once surprised me after the initial bedding-in. For raw routing and switching at the edge, it has earned its keep many times over.
pfSense: friendlier, heavier, more featureful
The pfSense box sits behind it doing the things I want a nice UI for: VPN termination, more elaborate firewall rules I want to read at a glance, and the various packages that make a homelab pleasant. The web interface is genuinely good. Firewall rules are legible, the OpenVPN setup took minutes rather than an evening, and when I want to see what is happening there are graphs and logs that do not require me to remember a command.
The cost is that it is a whole FreeBSD machine. It draws more power, it has more to update, and it is more computer to go wrong. It is also, frankly, overkill for plain routing if that is all you need. Where it shines is when you want the extras: a real VPN server, detailed traffic insight, packages, the comfort of a UI you can hand to someone else.
A year in, which one
It depends, which is the answer nobody wants, so let me be concrete about it.
If I could only keep one, and I wanted maximum capable networking per watt and per pound, it would be the MikroTik. It does the core job superbly and cheaply, provided you are willing to learn RouterOS and accept that it will not catch your mistakes. For someone who does networking professionally, that trade is easy and the box is a joy.
If I wanted the friendliest path to a capable firewall with a VPN and good visibility, and I did not mind a bit more power and a bit more machine to maintain, pfSense is the gentler choice. I would happily set one up for someone who is not going to live in the CLI.
What I have actually settled on is keeping both, MikroTik at the edge doing what it is best at, pfSense behind it for the services and the UI. It is more boxes than strictly necessary, and I am at peace with that. The year taught me they are not really competitors so much as different shapes of the same job, and the right answer is mostly about how much you enjoy reading terse config versus clicking through a clean interface. I enjoy both, which is how I ended up with two routers, and a blog post justifying it.