Home Automation

Consider a NUC style device, like a Protectli Vault FW4B, and install opnSense or pfSense.

I have not used Firewalla, but from the screenshots the interface looks more simplistic than what I would expect from a several hundred dollar dedicated router. It may not be able to do everything you want. OTOH, pfSense or opnSense may have a steeper learning curve but more capability.

XR500 with OpenWRT installed.

Found my used one for $10.

I absolutely love my EdgeRouter 4 (from Ubiquiti), running the v2.xx version of the EdgeOS. It's a router only; you have to bring your own WIFI, or better yet, hard-wire everything).

Setting up my VLAN's for IOT stuff, kids' stuff, untrusted stuff, etc., was pretty effortless. And although I prefer the command line for some of this stuff, custom firewall rules allowing, e.g., untrusted VLAN's to access the Plex server using the GUI was easy.

I literally never have a problem with this router, compared to all of the consumer stuff I'd run in the past.

On the subject, I use a Brocade 6450-24P as a switch. It was dirt cheap off of eBay, and once you have PoE (power over Ethernet) available, you soon start to see great applications for it. Setting up VLAN's to work with the router was easy, and although there's a GUI, I did this in the command line. This is enterprise hardware, by the way, but I'm not an IT guy and it was fun and useful to figure out. Now when you plug any device into the spare ports in the home office, you get put onto my guest network. I'm doing "router on a stick" (Google it) but I plan, some day, to move all of the routing into the switch in the future.

Finally for WIFI, I moved to a Grandstream GWN7664, replacing three different Asus AP's running FreshTomato. Part of the problem with FreshTomato was having only four VLAN's available over WIFI, and although I forced them to restart every night, sometimes they needed actual power cycling to clean themselves up. One each in the basement, ground floor, and second floor (in US speak). The Grandstream takes advantage of the PoE from the switch, and I ran a new line in a perfect spot on the ground floor to give me coverage in every corner of all three floors, extending far enough outside to control irrigation, holiday lights, etc. when I'm out there. It supports at least 16 VLAN's (maybe more) on different SSID's, so it's perfect for IOT, WLED, untrusted stuff, kids' stuff, work's stuff, etc., things that I can't plug in.

I love my MikroTik stuff.

The ubiquity stuff is ok but man I hate the ui.

O hope you have a good understanding of network security if you are forwarding ports like that.

It is like having doors on your house that are always open if the thieves only bother to check.

There should be no need to forward ports from the outside when things are done right.

Tp link Archer c7 with openwrt

This isn't the best recommendation*, but I've personally had no issues with tons of devices and a large two building layout with 4 Google Wifi pucks.

• I gather that some of the other mesh solutions like Eero work better but I've never used them.

Mikrotik !

My friend, port forwarding is a very dangerous game. I’ve been a CyberSecurity architect for 20 years and I still do not use port forwarding. If you do make sure your target endpoint is sitting on a DMZ isolated from your home network. Better yet, use VPN.