I have one of those as well. As a word of caution, they are dropping support for that in 2.5 [1]. Starting in 2.5, they are requiring AES-NI instructions (like I said in my other post, I am a bit irritated they did that, especially when that is a requirement for something I do not need).
For 100 MBit/s firewall all you need is Raspberry PI. Most people’s WAN connection is probably less than that. And if you need gigabit then there’s still plenty of options, anything from ODROID-C to 10W Goldmont, the latter a little expensive but it can double as HTPC etc. Idk how any of those work with BSDs but they work fine on Linux.
Also the nic.cz people have a neat new product[1]. It’s really cool, but I think still too pricey.
Last I checked pfsense wasn't running on ARM. And there were worries that it wouldn't even be able to keep up unless you were very careful with your filters, although that might be less of a problem with the more recent hardware.
I suppose at gigabit the pi might have some issues. Unfortunately, I don’t have this problem. I doubt Goldmont would break any sweat though. If you don’t want to jump all the way to Intel there’s always this: http://espressobin.net/
Not much. Have not noticed a real increase in my electric bill. However, it is a mini desktop and designed to be low power. Probably far less then my Plex Server easily.
There are options for much lower power hardware. I may do an experiment to see. Be kinda interesting but also hard to duplicate traffic effect and CPU loads.
However the reliable updates, advanced firewall, physical multi LAN, and durable VPN can't be understated for my use.
Updates are easy to manage, I use Pfblocker which is similar functionality to PiHole, and have cloudflares DNS (1.1.1.1) set up.
As for wireless I attach a Ubiquiti AP through a switch.
I've done this at a couple different sites for relatives and it's comforting to know there's some semblence of security and privacy for them.
[1] http://www.pcengines.ch/apu2.htm