bitdefender box 2 upgrading firewall and wanting to use current firewall as IOT specific WAP.

[Mongobit]

Longtime electronics guy (component level troubleshooter IRL) here looking for advice. TLDR at the end.

 

I freely admit my networking chops are...lacking a bit and am working on changing that. I have been surviving on plain Jane off the shelf level gear and prebuilts for years and finally in a position to start upgrading my setup bit by bit. Can't wait to build my first custom PC in years this coming spring.

 

I currently have 1Gig symmetrical fiber service and plan to upgrade to the 2 gig service in my area in the near future but my current firewall just won't cut it.

 

My current setup is the ONT -> Bitdefender box 2 -> Netgear Nighthawk router in bridge mode. Bitdefender tops out at 1GB so I plan to upgrade to a Firewalla Gold or maybe whatever their top end system is by the time I make the jump since it can handle up to 3GB.

 

I plan to have 3 zones. All my IOT devices and my smart TV's on a dedicated IOT Wifi/Ethernet network.  My personal devices on a 10 Gig internal Ethernet/Wifi network. And a guest Wifi network all segmented and separated on their own hardware. To save a bit of cost and not toss out or pass on still good gear (who in their right mind would use hand me down security hardware) I plan to use the Bitdefender box for the IOT network and the current Nighthawk for the guest network WAP. Personal network hardware I am still figuring out what I want.

 

Yes I can hear you all yelling "TRY PFSENSE you ding dong!!!".  I am lol.  I may switch to that in the future but my skill level with it now is nil to non-existent and I would want to take the time to kick the tires on it a bit and make sure i am confident in my configuration before trusting it with my personal data. I also hear you all yelling "VLANs". Call me old fashioned but in my mind separate network should be separate hardware.

 

Finally my question: What issues might I run into putting the Bitdefender box behind the other firewall? I plan to turn off most of the monitoring features of the Bitdefender box not directly associated with IOT monitoring to minimize potential conflicts.

 

Yes I have contacted both companies for advice but have not heard anything back yet.

 

TLDR How dumb of an idea is it to put my current Bitdefender box behind another better firewall to function as a separate IOT quarantine network?

[Electronics Wizardy]

11 minutes ago, Mongobit said:

Firewalla Gold

Well the problem there is its 1gbit ports only. If you need your router to hve >1gbe ports, either go pfsense or anouther diy box, mikrotik, or a udm pro. Every router that can do >1gbe isn't cheap. Id go udm pro here as its pretty cheap and has 10gbe ports.

 

13 minutes ago, Mongobit said:

What issues might I run into putting the Bitdefender box behind the other firewall?

It won't be able to see or monitor the other devices, but you don't seem to care bout tht here, so no rels issues.

 

Id pick anouther router, but you cn use that as a ap just fine.

[Mongobit]

Did i misread the Golds specs? Was under the impression the wan port was multi gig capable? The internal ports I am OK with them being just 1 gig. I was planning to allocate 1 gig dedicated for the private network then split the second gig between the guest and the IOT segments.

[Mongobit]

their promo video says >3Gb throughput.

[Electronics Wizardy]

17 minutes ago, Mongobit said:

Did i misread the Golds specs? Was under the impression the wan port was multi gig capable? The internal ports I am OK with them being just 1 gig. I was planning to allocate 1 gig dedicated for the private network then split the second gig between the guest and the IOT segments.

it can route 3gbit, but it only has 1gbe ports it seems. So for a normal wan to lan setup your limited to 1gbe. 

 

Id go with a untagle box(really simple, tkes about the  same amount of time to setup as these sytems. Just use a old desktop. Or go with a udm pro if you want ready to use.

[Mongobit]

reading up more on both of those.