i am a huge Pfsense fan, i've gone though the sg 2220, mbt 4220.  and now use a sg 3100.

i personally would not consider the sg1100.   but if it meets your needs i would not hesitate.   as with any other network i would at least have a spare for no downtime... rma can take a while

Keep in mind that if you have pfSense handle the VLANs, either by trunking them all from tagged ports on your switch, or using separate ports to untagged ports on your switch, the pfSense will have to handle all routing between the VLANs.  If you have a lot of inter-VLAN traffic, this could be a bottleneck.  The normal recommended way to avoid this problem is to use a L3 switch and only send traffic to the router that actually needs to go out to the internet, not just to a different VLAN, since switches have at least an order of magnitude more "routing" speed.

ETA: at 10G speeds, this is even more likely to be true.  I think with their appliances you have to get up to the XG7100 to get L3 routing over 10 Gbps-- maybe.

Hi,

To answer a few more questions from the OP,

pfSense is good. At some point someone might need more routing horsepower than its software stack can provide, but that point is probably in the 5-10 Gbps range judging by the L3 forwarding / firewalling specs listed here https://www.netgate.com/products/appliances/    Netgate does have a "next generation" platform called TNSR that has much, much higher bandwidth potential but beyond that I don't know anything about it.  Bottom line, pfSense can do everything most small-medium businesses need to do, as well as "prosumer" / "hobby" networks.  

pfSense is meant to be a router/firewall.  You can use it for other things if you jam it in there, but it's intended to be the main router/firewall between one or more LANs and one or more WANs, and you can throw a bunch of VPNs in there if you need to, too.  There is no need for another dedicated router in the system at all.  Once you go pfSense, there is no reason for anything openwrt, ddwrt, etc, etc.  

pfSense is a software package.  Netgate also sells appliances built for it, with it pre-installed.  They also sell service contracts, etc.

I've used both their appliances (SG3100) and installs on my hardware.  The advantage of using one of their appliances is that the hardware is known good to go, simplicity, and, yeah, it's an "appliance."   The advantage of using it on your own hardware is that it's cheaper if you have an appropriate machine sitting around-- does not have to be cutting edge by any means-- and you have more hardware flexibility (and cheaper) if you want to have more or different NICs than you could get from them.  It also might be easier to resurrect a setup if you have a hardware failure. I personally find having about 4x 1 Gbe ports and 1x or 2x SFP+ ports to be most flexible and useful for my setups.  

VLANs are not bad to set up on pfSense, but have the potential pitfall I mentioned earlier.   In most VLAN setups, you will need to configure the VLANS on your switches and assigned the untagged/tagged ports correctly.

If you do use a layer 3 switch for inter VLAN filtering, the ACL's are much less flexible and much less easy to configure than they are on pfSense, but that's the price you pay for raw speed.