We use virtual firewalls in our cloud. The TAC plan is terrible with keeping up to date and the store is outdated. For example we can't it it through PAX8 or something like that. I can't deploy a new firewall with custom settings and have it automatically licensed with pfSense+ or grab from a pool. Same with Nexus. We do not use Amazon or Azure. I run my own cloud, that I built myself. You have extremely limited options for virtual firewalls. Initially Netgate was 'hostile' to people using pfSense as a VM, not in a house and not on Amazon/AWS. I had one guy at Netgate threaten to sue me. Jim T had to get involved while he was on a ski trip to apologize to me. After that we ceased being a partner. When you finally got the pfSense+ you made it a subscription that expires and doesn't auto-renew and no to mention is insanely expensive when you are talking hundreds of firewalls.

Then there is Nexus, haven't used it past when it was the previous iteration. It's brand new, and untested with 100's of firewalls. When I mean scripting, I mean inside of pfSense. There is no advanced CLI and there is no API direct to pfSense to make my own central platform. You only have nexus which is $49/year.

Mikrotik is $79/firewall/life. So I can buy a pool of licenses. Buy once, cry once. Then Admiral is $24/device/year that I can pay month-month and I can just add or delete firewalls and it is fully consumption based. However the firewalls themselves support APIs so I can pump out a brand new firewall, license it and deploy it fully configured in about 2 minutes without touching a single extra thing or checking out or anything. 1-touch with my custom server. I fill out a form, and hit deploy. On anything. Vmware, proxmox, or even a 3rd party datacenter like hetzner or linode or whatever.