Bridge-Mode to prevent double NAT/Firewall advantages?

Question

In my network I currently have a cable connection with an ISP provided (consumer grade) modem/router combo device. Behind this modem there is a pfSense box. The pfSense box is acting as firewall and router. The network configuration e.g. the VLANs for the users is done in PfSense. So currently in my network there is a double NAT and two firewalls. I'm considering setting the modem/router device into "Bridge mode" so that it does no more routing but only acts as a modem and passes the WAN IP to the pfSense box. So there would only be one router (the PfSense box) that performs NAT and acts as firewall.

I'm wondering what would be the advantages of this change and is it worth the effort? Would I gain performance improvements?

Answer 1

The advantage is that everything is passed through to the pfSense, thus you do not have to worry about port forwarding not working, because you forgot to open it on another device.

There is a performance increase, but it is going to be marginal. Its more for practical reasons to do this.

That said, by putting the monitor in bridge mode, you disable all but 1 LAN ports and also WIFI is disabled. This can be a problem to some, so that is something to consider.

It is best practice to place the modem into bridge mode, and use another router behind it though, especially if you want more LAN ports, faster WIFI or more configuration options.

Answer 2

So there would only be one router (the PfSense box) that performs NAT and acts as firewall.

I'm wondering what would be the advantages of this change and is it worth the effort? Would I gain performance improvements?

I use Bridged Mode on my ISP Router here.

There are no performance improvement of any note in doing this. Just a different place for the external IP address to be found.

I do this so I can access my VPN Router remotely. The VPN Router has the external IP (Bridged Mode) and is easy to access remotely.