Well, you really need to decide what you want. If it's just a firewall, then it doesn't require much in the way of resources for a simple home network. What bumped up the hardware requirement was when you started to talk about squid and snort and openvpn etc.Thank you. The Xeon D wouldn't just be for firewall. It would be for the purpose of running a whole virtual environment in my home, which could include a pfsense vm.
So, squid: I'm hard pressed to suggest running it anywhere at this point, unless you're trying to play with some kind of content filter (which you'll probably just end up giving up on). There's just not much bandwidth to be saved caching HTTP these days, so you're adding complexity and latency for nothing.
Snort: no reason for this to be on the firewall. Put it on a VM on a span port, you can throw as much or as little hardware at it as you want, and experiment with multiple tools more easily. Unless you're trying to IPS, then it needs to be inline. (But on a home network snort IPS is mostly going to just make you sad anyway.)
OpenVPN: hardware requirement for this is heavily dependent on your available bandwidth. Up to around 50Mbps you can keep up with most modern x86 hardware. Up to around 100Mbps you're fine with almost anything that has AES-NI. Beyond that, you need to start looking more closely at the requirements and the CPU specs.
If you keep the firewall as just a firewall the requirements are pretty low. I prefer a standalone firewall configured minimally, because it'll just run forever without needing to touch it or think about it. Putting it on a VM adds complexity, and you have to answer questions like "why isn't the internet working" when you want to futz around with the VM server. Heck, if you don't want to agonize over hardware and have modest bandwidth requirements you can just get SG-1000 microFirewall pfSense® Security Gateway Appliance from the pfsense store and be done with it.
Anyway, you need to figure out what you're trying to do