A year ago I swapped the pfSense box at the edge of the house for a MikroTik, mostly out of curiosity and partly because the pfSense hardware was getting old enough to vote. Twelve months in, here's the honest verdict, because most comparisons of these two are written the week someone migrates, when they're either still cross or still infatuated.
pfSense is a firewall that grew a router. MikroTik RouterOS is a router that grew a firewall. That single sentence explains almost every difference you'll feel. pfSense leads with the security model: a clean web UI, sensible defaults, packages for the bits you want, and an aliasing system that makes rulesets pleasant to maintain. RouterOS leads with networking primitives: it will do things with routing, bridging, VLANs and traffic shaping that pfSense makes you fight for, and it'll do them on hardware that costs a fraction as much and sips power.
The thing nobody warns you about with MikroTik is that the learning curve isn't a curve, it's a wall, and then a plateau. RouterOS assumes you understand networking properly. It will happily let you build something subtly broken and never editorialise about it. The web UI exists, but the moment you do anything real you end up in the terminal, and the terminal is wonderful once it clicks and baffling until it does. I spent the first month with the manual open in a tab. By month three I was writing config straight in, and it felt like the router had stopped fighting me.
What I genuinely miss from pfSense: the friction-free package ecosystem and the way the firewall rules read almost like prose. What I genuinely don't miss: the resource appetite, the power draw, and the upgrade dance. The MikroTik draws a handful of watts, boots in seconds, and its config is small enough to read in one sitting and back up as a single text file I actually understand.
The other thing a year buys you is perspective on upgrades, which is where these two diverge most. pfSense upgrades are an event: you read the notes, you take a backup, you set aside an evening, and occasionally a package breaks and you spend it. RouterOS upgrades are a single command and a reboot, the config is a small text file I can read top to bottom, and I've never had one surprise me. That's partly because RouterOS does less hand-holding, so there's simply less to break, but the lived experience is that I upgrade the MikroTik without bracing first, and I used to brace for pfSense.
Stability has been a non-issue on both. Neither has fallen over unprompted in years of combined service. The difference is in who they're for. pfSense is the right answer if you want a firewall appliance that's secure by default and you'd rather not think about the routing layer. MikroTik is the right answer if the routing layer is the interesting part and you're willing to learn its dialect.
A year later, would I switch back? No. But I'd also not push pfSense people towards MikroTik unless they actively enjoy networking for its own sake. I do, so for me it was the right trade. The cheaper, lower-power, more capable box won, at the entirely fair price of having to actually learn it.