We find pfSense to be an excellent free firewall. We do also find with the 2.0 release that the traffic shaping capabilities are still not fixed (worked great in 1.23 though). We don't let this dissuade us from using it as a firewall, though we now shpae bandwidth with a commercial appliance that gives us much better control and sits between the LAN port of the firewall and SWITCH transparently. If you organization needs much more infinite control, oversight and monitoring/reporting of bandwidth, we can help!
Installing pfSense is still recommended for organizations on a budget that need to put "something" in front of sipXecs and use the sipXecs built-in remote user and/or sip trunking functions.
Remember to configure the outbound NAT and MANUAL and STATIC PORT, and this is uber important, BEFORE YOU ADD ANY NAT RULES.
If you need a rate limiting function, once you create the NAT rule, go to:
Firewall, Rules and edit the rule for the port (i.e. 5060) and click the ADVANCED button. There you will see:
Maximum new connections / per second(s).
Also, if you need something to block inbound requests from other countries,
System>Packages" click the "+" next to "pfBlocker", install that and configure it to deny inbound traffic to all countries you don't have remote users of traffic coming from for you network!