lee756 wrote:
Once again, thank you for all your assistance. As I mentioned above I am considering pulling Fing out permanently in favor of something along the lines of what you describe. I have some ideas, but any suggestions as to “strong, reputable” firewalls to consider..?
Ubiquiti Dream Machine Pro (UDMP) provides excellent network traffic monitoring, uptime plots, and support services, and particularly integrates well if you also use Ubiquti APs and switches. Connect UDMP as your firewall and network control, and add Wi-Fi 5 or Wi-Fi 6 APs as needed. Ubiquiti APs can be wired or wireless backhaul; traditional or “mesh” setups. Oddly, UDMP does not include an embedded DNS server.
Another that works well is Zyxel ZYWALL USG series. These devices expect the user to know basic networking, but are seriously capable devices, with embedded DNS, VPN servers, and other useful features. Monitoring and traffic displays and cross-device management aren’t up to UDMP.
Usual config in the range you’re looking at (inferring much from your use of that Fing box) is ISP > firewall/gateway/NAT box > switch > APs. AP configurations are handy as they’re transparent, and as they support roaming across APs, but that transparency also means you need to establish your DHCP and other services else-network. That’s usually in the firewall/gateway/NAT box, but can be on another server somewhere on your network. Multiple APs give you wider coverage.
Do not install double NAT, as that can cause issues for various IP protocols. Pick one box to provide NAT, and use that. Other boxes in the path that can or do provide NAT then need be set to their “transparent” or “bridged” mode; NAT disabled.
