Please help, I think I'm doing this all wrong

FIRST: Sorry for the wall of text. I tried to explain what I have to try to make my options clearer. My head is full of dots that need connecting

a) I used to have WiFi issues at home years ago.
I was using a Netgear R7000 for routing my cable internet, NAT and as WiFi.
I was also running VPN on my PC, as trying in in the router made everything slower than ants.

b) I live in an old crowded building and the WiFi didn’t seem strong enough. So I put in a Ubiquiti UniFi AC-HD with CloudKey and that took care of providing a good signal to the apt.

c) Now I have Verizon FiOS “Gigabit” (only Internet, VoIP third through Google Voice OBI202, no FiOS TV. It seems The Netgear R7000 (1GHz CPU) just can’t cope. I still have basic cable internet too for failover because I work on-call and need a connection just in case.

c) I recently discovered pfSense thanks to @LTS_Tom. etc. on Youtube. It looks like I could run a router box, from Netgate, put together a little box with quad NIC (I have an Intel Quad NIC), do VPN on it to either PIA/NordVPN or even set up a cheap VPS to route everything that way. Eventually I might route out to AMZ or Azure if my studies pay off…Either way, I right now I want to encrypt to most or all my packets from my ISP, DNS and everything, I dont’t trust Verizon to do anything good with my data. Plus I need a secure(ish) off-site backup soon in case disaster strikes.

My problem 1: I got a secondhand Juniper SRX220. Unless I’m doing something very wrong, it can’t cope with routing gigabit between my NAT and Internet, not even close. Its VPN support seems rubbish and I can’t even get the latest firmware update because I’m not the original owner.

My problem 2: I grabbed an Ubiquiti EdgeRouter 6P from Amazon. I got scared about the Netgate S300 because I thought there could be only one WAN so couldn’t do like double WAN and VPN for a segment of the network, etc.

My problem 3: I also have a secondhand Nortel (now AVAYA) BayStack 550-24T-PWR. Commonly known as ERS5500. It’s a managed switch, 24 PoE port (4SFP) that can do Gigabit fine on the lan but it’s a little loud and again Avaya won’t let me update it to latest version because I wasn’t the original owner

Someone recommended a DellPowerConnect 5524P that seems a bit more modern on ebay. It has RJ-45 console, 2 SFP+, USB and is stackable via HDMI. It’s also $120 so when I saw Xeons on Ebay for not much more than that, I couldn’t help think a 1U xeon with quad Intel NIC might be a beast to run suricata and anything I could throw at it, maybe a DMZ, multiple VPNs to fully segment the home and work network, etc.

Current PC Ryzen 7 2700X 3.7 GHz 8 core, Gigabyte Aorus Gaming 7, 32 GB DDR4 RAM, 256 NVME and 2TB WD Black temp data drive till I get a NAS going
– goes crazy if I try IOMMU due to some BIOS issue

Spare box (thinking about putting unraid on it for NAS and so I can play with VMs) Asus Z87-Pro i5-4590S Quad Core (SR1QN) 3.00 GHz FCLGA1150, 32 MB DDR3 RAM 3x4TB WD, 1 spare 300 GB
Velociraptor). I hear I could run a PBX on it for the office phone and fax lines?
2x250GB Samsung 850 EVO for laptops if I can’t find a better use

PS Off Topic: I’ve been learning a lot since then thanks to @LTS_Tom, invader1 and other people on youtube. I’m actually considering looking at places where I could get learn properly, get certifications to supplement my income (now working on healthcare where security is much important too)…

Good to hear that you are learning so much, but I am not completely clear on what your ask is. If you are asking what switch to get, I really like the UniFi line of swithces and the Netgate/psense routers.

I think I Made a mistake by getting UniFi Edgerourer 6P.
I remember from the pfSense videos that you could have part of the LAN traffic go through a VPN and the rest route normally. Can UniFi do that? Does it support OpenVPN? Does is have advanced QoS or something like Suricata?

I read somewhere that Netgate only has WAN and the rest work as a switch so you can’t call each in pSense OPT1, OPT2, etc. Was this wrong?

I mentioned the servers on eBay because maybe I could get a deal on a box and use that for pfSense.

I don’t think it can run Suricata but it can do OpenVPN, but it’s all command line configured.

Same with the QoS, it’s supported but done via command line

Pfsense can do logically assigned ports but some models do have configurations that use the split VLAN back end, such as the netgate sg-3100, XG-7100 and SG-1100. Here is how that works

Edgerouter will give you a few more options than a USG, but you’re going to have to get comfortable with the command line.

If you want to build out a pfsense box and have a place where server fans won’t bother you, check out one of these. I’ve been running one with the E5-2609v2 and 8GB RAM, 8GB is overkill but I had it sitting around. Testing on LAN it should have no problem with gig routing with Suricata and pfblocker. It only has two nics, but get a riser card and you can add quad nic card in if needed.