I'm thinking: if the whole purpose of yet-to-be-purchased switch is to enable higher wan speed of pfsense, wouldn't be replacing pfsense's NIC with a 10Gbps part actually cheaper? And would allow full speed for connections targeting same internet server.
You are 100% correct. Unfortunately, I've hit a few problems... My pfsense box is a protectli, which is a small form factor PC without any expansion. It has usb3 but that's really about it. It has six gigabit ports on it and that's really about it. When I bought it I thought I would max it out at 1 gig, but I was wrong.
I was thinking about swapping the hardware, but even if I do, driver support under freebsd (pfsense) is sketchy. It can support 10g, but the cable modem only has gigabit ports and one 2.5G port on it. There are a few 2.5G NIC's out there, and some SFP+'s that support 2.5G, but the drivers for this look like they are just being introduced and just really buggy.
Ubiquiti has their product that can support 2.5G, but one of my requirements is an OpenVPN client and server running on that box, which isn't supported on the Ubiquiti side. I guess if I really wanted to, I could replace my pfsense with Ubiquiti, then get a seperate box to run OpenVPN, but that is a lot of work and more power. So that's why I'm trying to think of different ways to do this...which, in the end, I'm not sure if it's really going to work.