Hi, new here. I’m curious if I really need to do anything differently with my setup. I work mostly from home with:
1Gb Comcast cable modem service
Arris Surfboard DOCSIS modem
Asus GT-AX11000 WAN/LAN router firewall and WiFi AP
Gb Switch, UPSs, etc.
It’s been working well, discounting the outages periodically by Comcast. I do see constant bot traffic attempts on my Asus.
Question: Should I put a PFSense (or other) firewall in front and reconfigure the Asus as just an AP? I use one isolated VLAN (for work box), no crazy f-wall rules, just want to keep out the bad stuff. Any advice would be helpful. Cheers!
I prefer pfsense over a consumer router like the Asus, that setup should work.
1 Like
Prior to moving over to pfSense I was using an array of Asus routers running Merlin firmware.
The reason I moved over was mainly that I needed more OpenVPN servers and that Trendmicro snooped on my traffic if I wanted wanted pretty traffic charts. If you opt out then those features are no longer available.
Don’t think you need to change.
If you do change to pfSense, then you are better off with a managed switch, I wouldn’t bother with then using the Asus as an access point, instead, I’d buy a poe access point which you can better place to get improved wifi.
You need a router with hardware offload, if you want to saturate your 1Gb internet connection withour braking the bank 
Thank you for the replies. I’ve gone through so many WiFi routers over the years, and this Asus has lasted longer than any of them. I was originally curious if I should put something in front of the Asus to help shield the potential attacks, but based on the current logs everything is being blocked. There’s very little CPU load and memory use is pretty static. I’ve turned off ping and remote access completely. But we all know how the IPv4 blocks will just get nmap scanned constantly. Maybe moving to IPv6 would help.
Thank you all again!
1 Like
IPv6 gets scanned too, is a pain to deal with especially with Comcast. Disabled on my internal net. Yep Comcast sometimes just goes away and at others is ex crushingly slow. Bridge mode and turn WiFi off on the Comcast box.
The modem I’m using (Arris) is as simple as it gets and working in bridge-mode. No WiFi. Wireless comes from the Asus behind it. It’s mostly designed for gaming optimization but I don’t use any of that stuff. I agree about IPv6. I work cyber security, and “rue the day” when more and more of our customers start moving to 6. Hard enough to deal with a simple home network, but gigantically more difficult with thousands to millions of addresses thrown around! 