What's new

Question about Asus Merlin Router behind a firewalla?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

AsusRouterUser

Occasional Visitor
I had a friend of one of my family members contact me because he was moving into my area and wanted my help getting his network setup, he needed a router so I recommend a Asus that we could put the Asus Merlin firmware on, he picked the RT-AX68U. However when he got here and I went to set it up I found out he had a firewalla, I had never even heard of this thing so I had to look it up and see what it was to even know how it was suppose to hook into the network. That was not a problem the firewalla connects directly to the modem and it has a firewall built into it, and then the asus router connects to it. But here is where my question comes in, he got some guy on the phone who had set this up for him where he lived before and he said that behind the firewalla should be only an access point and not a full router and that having a full router was LESS secure then having just an access point? I don't claim to be a networking guru or anything but I can't follow why this would be the case or that it is true in anyway. If I am wrong I would really like to know, this just makes no sense to me at all.
 
I too have never heard of a firewalla; I wondered if it was anything like a punka-walla, but for firewall duties.
 
Last edited:
behind the firewalla should be only an access point

In order to use all Firewalla features as described - yes, it needs AP only.

I too have never heard of a firewalla

Made user-friendly router OS with some quite capable hardware options.

 
In order to use all Firewalla features as described - yes, it needs AP only.



Made user-friendly router OS with some quite capable hardware options.

I was expecting some sort of snake oil device, but a cursory search indicates otherwise.


A bit pricey?
 
having a full router was LESS secure

This statement is incorrect about security, but unnecessary complication with double NAT configuration and Firewalla won't see the actual clients on the LAN side and won't be able to monitor and filter anything separately. The cascaded router WAN IP will be the only client visible for Firewalla. Asus RT-AX68U is End-of-Life model now and perhaps used as AP is the better option long term. Unfortunately, Firewalla is VLAN capable appliance, but RT-AX68U is not. Most home routers don't have user configurable VLANs on the LAN side. This limits some of Firewalla capabilities. A business class AP with VLAN support is the better fit for Firewalla and similar firewall appliances.

A bit pricey?

Some models are much faster than any home router x86 hardware. The higher specs appliances they use are similar to Protectli Vault, the UI is built on top of Ubuntu Linux, it comes in user-friendly form pre-installed and ready to go. It's a nice project and getting somewhat popular. The same functionality can be achieved on OPNsense/pfSense appliance of course, but requires much more networking knowledge. Firewalla offers professional features and covers higher demands market as well. It also has nice modern UI UniFi/Omada style with both App and Web available. Asuswrt is like blast from the past 2010 UI. Some folks like to play with the UI and like "fresher" design.


1714320279860.png
 
Last edited:
This statement is incorrect about security, but unnecessary complication with double NAT configuration and Firewalla won't see the actual clients on the LAN side and won't be able to monitor and filter anything separately. The cascaded router WAN IP will be the only client visible for Firewalla. Asus RT-AX68U is End-of-Life model now and perhaps used as AP is the better option long term. Unfortunately, Firewalla is VLAN capable appliance, but RT-AX68U is not. Most home routers don't have user configurable VLANs on the LAN side. This limits some of Firewalla capabilities. A business class AP with VLAN support is the better fit for Firewalla and similar firewall appliances.



Some models are much faster than any home router x86 hardware. The higher specs appliances they use are similar to Protectli Vault, the UI is built on top of Ubuntu Linux, it comes in user-friendly form pre-installed and ready to go. It's a nice project and getting somewhat popular. The same functionality can be achieved on OPNsense/pfSense appliance of course, but requires much more networking knowledge. Firewalla offers professional features and covers higher demands market as well. It also has nice modern UI UniFi/Omada style with both App and Web available. Asuswrt is like blast from the past 2010 UI. Some folks like to play with the UI and like "fresher" design.


View attachment 58249
Thank you for confirming it is not LESS secure, that is the part I was really not understanding, because I could not wrap my brain around anyway it could be less secure.
 
Thank you for confirming it is not LESS secure

Not less secure, but doesn't make sense to run it as a router when Firewalla is the actual Internet facing device.

I thought the same thing when I first saw it.

Pricey is subjective. RT-AX68U is quite pricey as well. It arrived in mid-2020 at around $200 price tag and got discontinued in the beginning of 2024.
 
Firewalla I would think would fit with consumer gear and may be easy to use. Firewalla seems to be a layer 2 device but it does not do real networking with a layer 3 switch which I would want.

Firewalla seems like an easy to maintain firewall for non-networkers. I have not seen anything on hacking it yet. It is set up like a small business network.
 
So... I would need a Firewalla Gold Pro unit for my 10G network with 5GB (so far... 7 GB is now available 😀) fiberoptic internet. Would there be any significant benefit to putting this ahead of my current mesh setup with 3 hardwired BE30000 (BQ 16 Pro) and changing my main Asus settings to AP/AIMesh? If I would have much better security or a visibly faster network it would be worth it to me... but on the other hand does the ASUS BQ 16 Pro already do everything well enough? 🤔
 
Would there be any significant benefit to putting this ahead of my current mesh setup with 3 hardwired BE30000 (BQ 16 Pro) and changing my main Asus settings to AP/AIMesh?

Firewalla Gold Pro is killing BQ16 Pro in both processing power and features. It's a x86 hardware computer with quad-core Intel N97 up to 3.6GHz CPU and 8GB RAM.
 
For the money you are going to spend on this mix of equipment with unused features you could have better quality SMB system. 🤷‍♂️
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top