The average home user should just use the ISPs defacto services. The price is typically reasonable including warranty and support. Simple economics should provide the realization that once you start to add hardware you add to the amount of training, support, attack vectors, and so on.How many times have you called your ISP for support and they want you to connect directly to the modem, bypassing your router, and test whatever it is you are reporting? For me it’s every time.But once you start to live a mobile or semi-mobile lifestyle you either have to move certain elements into the cloud, everything to the client site, or at home. The first 2 are obvious and the client site is the easiest because you’re not likely managing that service making daily life easy. I prefer to function in the cloud but it does leave some systems vulnerable. And phoning home has it’s own set of vulnerabilities.One client is in a constant state of change. It’s impossible for me to deploy a dev in a box approach.One client uses cloud and bare metal services to process millions of phone calls a day. These systems are so busy that the various systems including hardware are reaching EOL.Another client has a cloud based app that is rock solid but is rarely used. One thing we talk about in risk management is not to create risk when there is none. So this stuff is just aging.The last client I will mention had to replace my MacBook while I was traveling because it failed in a spectacular way. The battery expanded causing the mouse to stop working. At the time I had all of my projects on the Mac’s HDD. That meant my latest changes could be lost or if the laptop was stolen then I could be responsible for the company’s secrets. Later that year I started encrypting everything.So assuming that you’re going to commute to the cloud now the question is how? What is he formula for your services. To VPN or not to VPN; or maybe just ssh? Running an ssh server is pretty simple and it limits the attack plane even though it’s a thin layer. VPN can open the barn door entirely creating a new set of problems.Pricing and functionality for Ubiquiti and Netgate hardware varies. pfSense has been around a long time and is open source leaving it open to inspection but also vulnerable to certain attacks. Once you start looking at network traffic/capacity the cost goes up. pfSense does not have a universal app where monitoring the Ubiquiti can be coincidental.moving onUPDATE I have two ISP connections.  Both pfSense and Edgerouter support dual WAN. I have one ISP connected to each device. I have not made a decision yet.UPDATE the ERX is incredibly buggy !!!