For a while I have been planning to switch from an all-in-one wifi router to having separate devices because that way they can be upgraded piece by piece instead of having to replace the whole thing.

I am confused about the role of the firewall.

If I have a router running OpenWRT, does it have a firewall included? Either by default or by installing certain packages?

Or is it required to have a separate firewall running opnsense/pfsense?

If not required, what would be the benefits that would lean in favour of separate firewall?

use case: small home network 2-3 users. some internal self hosting and maybe one day external self hosting.

ETA: The best internet I could subscribe to where I’m at is 1024 Mbps down, 50 Mbps up. So don’t worry about wasting fibre speeds. :(

My assembled components so far are: router, WAPs, switches, ethernet cable and cable modem.

Thanks for any advice.

  • jubilationtcornpone@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    The firewall is the gatekeeper that typically controls the traffic between the WAN and LAN. Most routers have at least a basic firewall built in. Whether you should have a separate router and firewall depends on a few things.

    A common scenario is if you’re routing a whole bunch of different subjects internally. This is often the case in an enterprise environment where thousands of devices are connected to the network. Routing can eat up a lot of horsepower and you don’t want spikes in WAN traffic slowing down your internal routing. In that situation it makes sense to have separate firewall and router appliances.

    If you’re running you’re entire LAN on one subnet, you’re not typically going to have any internal issues with routing related to WAN traffic. It’s also easier to troubleshoot one network appliance than multiple. I run a single Mikrotik as my main router and firewall. Don’t make it any more complex than you need to unless you just want to see if you can.