I’d never been too happy with some of the ‘big’ solutions.
Astaro - it was OK at the time, didn’t do the quality of service
IPCop - with traffic shaping extension, worked reasonably well
Clark Connect - couldn’t get this working effectively.
iptables - didn’t understand

But PFSense gave me what I need. It automatically prioritizes traffic when traffic shaping is on.
1. My servers and my bit torrent machine can download up to 250K of my 500K line shared amongst them. This leaves the rest free for me. If my servers aren’t using it, I get it all. If I want to use that bandwidth, I get it first!
2. If a request comes in for a web page from any machine, it gets higher priority than other items and is handled first.
3. Instant messaging, email, all low priority.
4. VOIP is top priority. When calls come in my downloads slow right down. No jitter, no distortion.

pfSense comes with a traffic shaping wizard that actually sets things up really well. Normally I avoid ‘wizards’ like the plague, but this is very quick and sets up priorities for a number of different protocols for you very rapidly. It has a fairly good setup wizard for the general setup as well.

Overall, pfSense is a good firewall solution. It requires that you use a ‘real computer’ to run it (although I want to add it to my VMWare system) and you need at least two network cards (one for your LAN, one for your WAN).

But it has Several VPN options with it, excellent security, and the ability to schedule rules (no MSN messenger after 10 PM!)

It’s open source, and it’s available at pfsense.com. It comes as a LiveCD so you have the ability to try it first without having to wipe out your current machine, with settings stored on a USB keychain.

If you are looking for a firewall solution that will help you with your VOIP problems and give you quality of service and is easy to use, give pfSense a try.

What’s also great are the graphing options - I can see my bandwidth, who is using it, and what they are using it for.

Requirements are pretty minimal… 128 meg of RAM, 2 gig hard drive… certainly you have a machine that fits like this lying around?

Don’t let words like ‘Linux’ (actually FreeBSD) scare you. It works, it’s solid. I’ve been running it for 12 months so far and it works great. And no, I’m not affiliated with them in any way!

Bonuses with pfSense that I’ve just set up.
I have my two outgoing lines set up with ‘load balancing‘ That means when I load a web page up, every other request goes through the alternate line… For example, if there is a page with 10 photos on it, it loads the first photo on Cable, the second on DSL, third on cable, fourth on dsl, etc. Most pages come up lightning fast now.

Failover - pfsense is set that if one of the lines fails, it switches over to the other line automatically.

Captive Portal - If you run a little cafe, and want to offer wireless, but don’t want to let people sit in their cars, you can set it up so that people connecting to your wireless point go to a web page of yours prompted for username and password - just like a real wireless hot spot. Set these folks up on a different interface, give them a small slice of your bandwidth, and sell them some drinks!