Adding firewall between WAN and ER8411 - will this work?
Based on feedback from TP-Link and the community I want to add a firewall in between the Omada managed ER8411 and the modem so I can get true DPI with full IPS/IDS functionality. I am thinking about a netgate (pfsense) solution. I would like to leave the management of vlans, etc. to the ER8411 to be managed through the controller and basically use the Netgate as a firewall only to add the DPI IPS/ADS features I want (in my case torrent blocking and possibly other layer 7 functionality).
It would look like this:
Modem => WAN on Netgate Firewall (IPS/IDS here) => WAN on ER84111 (get DHCP from netgate on WAN, otherwise omada managed) => controller, etc. (everything else is Omada)
I don't want to replace the ER8411 as it runs my PPSK, etc. and I like the way I can do that with the controller software and the cloud management.
1. Will this work?
2. What ports does Omada cloud need open on the netgate to function - possibly irrelevant if bridged mode is the solution?
3. Any thoughts or conerns (experience doing this would be awesome).
4. My research so far indicates this may be something that requires a bridged mode setup in pfsense which it does support with ids/ips using suricata...
Thanks!