A year ago I pulled the pfSense box out of the rack and put a MikroTik in its place, mostly to see if I could. The pfSense build had been faultless, which is exactly the problem: it was boring, it sat in a corner, and I'd stopped learning anything from it. The MikroTik promised a steeper curve and a smaller footprint, both of which it delivered. Now that I've lived with it through a full cycle of upgrades, outages and the odd 2am panic, here's the honest version.
What got better
The hardware-to-money ratio is genuinely silly. The pfSense box was a repurposed mini-PC pulling 30-odd watts doing very little. The RouterBOARD does the same job sipping power and fits in the palm of your hand. For a home network that never gets near the limits of either, the MikroTik wins on every practical axis except the one that matters most when you're tired.
RouterOS is also a proper, scriptable system. Everything you can do in WinBox you can do over SSH, and the config is one coherent thing you can export, diff and version. I keep the whole router config in git now:
/export compact file=router-config
That export is readable, reproducible, and has saved me twice when I broke something and wanted to know exactly what changed. pfSense has config backups too, but it's an XML blob you restore wholesale, not something you read over breakfast.
The bandwidth queues are excellent. Proper hierarchical token bucket, CAKE if you want it on a recent build, and the monitoring is granular enough that I finally understood which device in the house was quietly hammering the uplink. (It was, of course, a backup job I'd forgotten to throttle.)
What got worse
The learning curve is real and it is not always fun. RouterOS has its own vocabulary and its own opinions, and the documentation assumes you already share them. I have bricked my own remote access more than once with a firewall rule that was correct in isolation and catastrophic in order. The default firewall on a fresh install is also looser than I'd like, so you own the entire ruleset whether you wanted to or not.
pfSense, for all that I found it dull, holds your hand in exactly the places MikroTik shoves you off the cliff. The web UI surfaces the sensible defaults. The package ecosystem (pfBlocker, the dashboards, the VPN wizards) means common things are a few clicks rather than a few hours of reading forum posts from 2014. If I were setting up a router for someone who didn't want it to be a hobby, it would be pfSense every time, no hesitation.
Would I switch back?
No, but that's a statement about me, not about the boxes. I wanted something to tinker with and I got it. The MikroTik has taught me more about how my own network actually works than three years of pfSense ever did, precisely because it made me build it all by hand.
If you want a firewall that disappears and just works, run pfSense and spend your evenings on something else. If you want the network itself to be the hobby, the MikroTik is brilliant value and a genuinely deep system. Just keep a second way in before you touch the firewall rules. Ask me how I know.