Once upon a time I worked at for a company with a limited budget for a new UTM device but desired all of its capabilities. The following represents an overview of the results of an evaluation of various pieces of software. Note that it was based on an evaluation of these pieces of software about a year ago.
Endian: Does simplistic QoS, VPN, does possess some functionality issues such as restrictions on hostname, limitation on password, some odd issues with particular users when using NTLM authentication, etc...
pfSense: BSD based. Does everything we need, is free, stable but handling of QoS is very difficult, http://www.pfsense.org/index.php?option=com_content&task=view&id=40&Item...
m0n0wall: a limited feature set. Basically nothing more than an embedded firewall/router that is able to be installed on a PC, http://m0n0.ch/wall/features.php
Vyatta: basically a Cisco copy. Does a lot but can be difficult to administer and has a non-intuitive interface, http://www.vyatta.com/downloads/index.php
IPCop: Like m0n0wall an limited feature set. Basically nothing more than an embedded firewall/router that is able to be installed on a PC, http://www.ipcop.org/
Astaro: Slick interface, does everything we need but is too expensive for our budget even with the software only version, http://www.astaro.com/our_products/product_overview
CheckPoint, NetGear ProSafe, D-Link NetDefend, WatchGuard appliances are sort of within our price range once you factor in hardware costs but are also subject to support/warranty issues.