[ale] Additional Firewall Router for home LAN?

[neal at mnopltd.com]

Progress is forcing us to look at home/office network changes. Current 
Home WAN/LAN looks like:

New AT&T Fiber Router provides 192.168.1.X network on Wifi and Cat5 for:
  + VOIP adapter for two POTS lines
  + Wifi for devices: Echo Dots, Thermostat, TV, smart phones, Wyze 
Camera, Raspberry Pi
  + Sonicwall TZ-190 VPN Router
         + Provides Firewall & CAT5 for 192.168.1xx.x LAN:
                + Linux servers
                + Windows desktops
                + Printer/Scanner

We are finally retired and shutting down the corporation this year.

Which also means no need for the TZ-190 per se.

As it stands, none of the herd of unwashed IOT WIFI devices has access 
to the LAN resources.   I kinda like it that way.   The LAN devices DO 
have access to the WIFI devices.

Switching to AT&T Fiber means we have 240-ish megabits down.  Which the 
wifi devices do enjoy.  However, the Sonicwall pretty much maxes out at 
28 megabits throughput.

We're thinking on replacing the TZ-190 with a Ubiquiti Networks 
EdgeRouter X, 4-Port Gigabit Router, ER-X, ER-X (Router, ER-X) to retain 
the same inner firewall protection, but gain the fiber speed we are 
paying for.

I've done a cursory look at the AT&T router, and it doesn't look like it 
supports making the LAN a separate network from the Wifi, like the 
Sonicwall does.

Is this over thinking security? Versus just tossing everything on the 
192.168.1 LAN?  I'm just figuring one of those little IOT devices is 
gonna go rogue on me one of these days.   We restrict all financial 
activity to the desktops and never do banking on smartphones.

regards,

Neal