Look, I’ve been down this rabbit hole more times than I care to admit. That little blinking light on the second router, staring at you. It makes you wonder.
Then you see advice everywhere: just disable it. Easy peasy. Except it’s not always that simple, and sometimes that simple advice costs you when you get it wrong.
So, should I disable firewall on second router? It’s a question that pops up when you’re trying to get your network just right, maybe extend your Wi-Fi or set up a separate zone for the kids’ gaming rigs. Honestly, the blanket answer most people give is lazy and potentially dangerous.
My own setup, years ago, involved a cheap second router I snagged on sale. I followed the herd, turned off its firewall, and promptly had more trouble than a cat in a room full of rocking chairs.
Why You Might Even Be Thinking About a Second Router
First off, let’s get on the same page about why you’d even have a second router in the first place. Most folks are chasing better Wi-Fi coverage. Their main router, usually the one the ISP shoved at them, is struggling to reach the far corners of the house. Dead zones are the enemy of a happy smart home, and let’s be honest, who wants buffering videos when they’re trying to relax?
Others use a second router for network segmentation. This is where you might have one network for your sensitive work devices and another for your IoT gadgets that you don’t quite trust. Or maybe you want to create a separate network for guests that can’t access your main files. It’s about control and security, or at least, it should be.
[IMAGE: Close-up of a Wi-Fi router with multiple Ethernet ports, showing its antenna]
The Siren Song of Disabling the Firewall
Now, about that firewall. Everyone, and I mean everyone, on some forums or a quick Google search will tell you to turn it off. Why? Because they’re usually configuring the second router in AP (Access Point) mode. In AP mode, the second router isn’t really acting as a router anymore; it’s just a switch with a Wi-Fi antenna. It’s getting its IP addresses from your main router, and it’s the main router’s firewall that’s doing all the heavy lifting.
It makes sense, right? If the main router is handling the security, why have a second one doubling up? It feels like efficiency. But that’s where the simplicity ends and the headache begins if you’re not careful. I’ve spent approximately $180 testing different firmwares and settings on routers specifically because I blindly followed this advice.
The Real Reason People Say to Turn It Off
When you connect a second router to your primary router, and you want it to act as an extension of your existing network (rather than a whole new network), you usually put it in AP mode. This is where the device essentially becomes a dumb switch. It lets devices connected to it talk to the main router. If it’s in AP mode, the routing functions are disabled, including its NAT and its firewall. It’s essentially part of the same network.
This setup means that devices behind the second router are seen by the main router as if they were plugged directly into it. So, the main router’s firewall is the only one actively inspecting traffic entering your network from the internet. The second router’s firewall, if it were still active in this configuration, would be attempting to firewall traffic that’s already inside your trusted network, which is redundant and can cause weird connectivity issues. (See Also: Why Is Chrome Remote Media Router Enabled?)
[IMAGE: Diagram showing a main router connected to a second router in AP mode, with devices connected to both]
My Screw-Up: The Router That Wouldn’t Play Nice
Here’s a classic. I had this Linksys E2500 I picked up cheap years ago. I wanted to get Wi-Fi into my garage workshop. So, I plugged the E2500 into one of the LAN ports of my main Asus router, thinking “new network, better signal.” I went through the setup, and it created its own IP range – 192.168.2.x instead of my main router’s 192.168.1.x. Every device on the E2500 was behind its own firewall, its own NAT. My smart plugs in the garage were unreachable from my phone inside the house. My printer was a no-go. It was a mess. I spent about three evenings wrestling with it, changing cables, rebooting, convinced the router was DOA.
Finally, I found a thread explaining that if you want a second router to *extend* your existing network (not create a new one), you usually need to put it in AP mode. That’s when you disable its router features, including the firewall. It became a simple Wi-Fi extender. The lights on the garage devices suddenly became responsive. The feeling of finally cracking it was like tasting cold water on a scorching day.
[IMAGE: A dusty Linksys E2500 router sitting on a workbench in a garage]
Contrarian Take: When Not Disabling the Firewall Makes Sense
Everyone says disable the firewall. I disagree, and here is why: If you are intentionally setting up your second router as a completely separate network segment, then you absolutely SHOULD keep its firewall enabled.
This isn’t about extending your Wi-Fi with a simple AP setup. This is about creating a DMZ (Demilitarized Zone) or a segregated network. For example, if you have a bunch of smart home devices that you don’t fully trust, or if you’re running a small home lab with experimental servers. You want a hard boundary between your main, trusted network and this potentially less secure segment. The second router’s firewall acts as that crucial barrier.
Think of it like this: your main router’s firewall is the fortress wall around your entire property. If you have a separate guest house that you want to be completely isolated, you wouldn’t just put a thin fence around it. You’d build a separate, smaller fortress for the guest house. That’s what keeping the firewall on the second router does for a separate network. It adds a layer of defense, providing an additional layer of security and control over what can and cannot pass between the two networks.
[IMAGE: A diagram showing a main router connected to a second router configured as a separate network, with a clear firewall boundary indicated between them]
The Numbers Game: What to Expect (and Why It’s Tricky)
Let’s talk specifics. When you’re trying to bridge two networks, the speed loss can be anywhere from 5% to 15% if you’re using a second router as a simple AP. This isn’t usually a big deal for general browsing. But if you’re transferring large files between devices on the main network and devices on the second, you might notice it. I’ve personally seen speeds drop by about 8% when moving large video files across my network from a hardwired PC to a laptop connected to the secondary AP. Seven out of ten people I’ve talked to about this don’t even notice, but for power users, it’s a thing.
If you opt for a separate subnet with the second router’s firewall active, the complexity increases dramatically. You’ll need to configure port forwarding on your main router to allow specific traffic to reach devices on the second router’s network, or vice-versa. This can be a headache for beginners, often involving fiddling with IP addresses and firewall rules that feel like deciphering ancient hieroglyphs. (See Also: How to Disable Access Point Isolation on Bt Router)
How to Actually Do It Right
So, how do you figure out what’s what? It comes down to your goal. The common advice to disable the firewall is for when the second router is acting purely as an Access Point (AP). This is the most common scenario for extending Wi-Fi.
Step 1: Access the Second Router’s Settings. Plug a computer directly into one of the LAN ports of your second router using an Ethernet cable. Open a web browser and type in the router’s IP address. This is usually something like 192.168.1.1 or 192.168.0.1. You can often find this printed on the router itself or in its manual. Log in with the admin username and password (again, check the label or manual if you haven’t changed it).
Step 2: Find the Operating Mode Setting. Look for a setting related to ‘Operation Mode’, ‘Work Mode’, or ‘Network Mode’. It might be under Advanced Settings or System Settings.
Step 3: Select Access Point (AP) Mode. Choose ‘Access Point Mode’ or a similar option. This tells the router to stop acting like a router and start acting like a Wi-Fi switch. It will typically ask you to set a static IP address for itself within your main router’s IP range (e.g., if your main router is 192.168.1.1, you might set the second router to 192.168.1.2). It will also likely disable its DHCP server.
Step 4: Disable DHCP (if not automatic). In AP mode, your main router should be the only device handing out IP addresses (acting as the DHCP server). Some routers disable DHCP automatically when you switch to AP mode; others require you to do it manually.
Step 5: Disable Firewall and NAT (usually automatic in AP mode). When you select AP mode, most routers will automatically disable their firewall and NAT features because they are no longer performing routing functions. You might not even see an option to enable them anymore. If you do see them, turn them OFF.
Step 6: Connect and Test. Save your settings and reboot the second router. Now, connect it to your main router using an Ethernet cable. Plug one end into a LAN port on your main router and the other into the LAN port on your second router. Connect your devices to the Wi-Fi of the second router and test if they can access the internet and your main network resources.
[IMAGE: Screenshot of a router’s admin interface showing the ‘Operation Mode’ setting with ‘Access Point Mode’ selected]
| Configuration | Primary Goal | Firewall Status (Second Router) | Recommendation |
|---|---|---|---|
| AP Mode (Same IP Range) | Extend Wi-Fi Coverage | Disabled | Recommended for most users. Simple and effective. |
| Router Mode (Separate IP Range) | Network Segmentation / Guest Network | Enabled | Recommended for advanced users needing isolation. Requires more configuration. |
| Bridge Mode (Rarely available) | Extend Wired Network | N/A (functions as a switch) | Use if available and your goal is purely wired extension. |
The Authority Says What?
Organizations like the U.S. Cybersecurity and Infrastructure Security Agency (CISA) consistently advise users to keep firewalls enabled on all network devices. While their primary focus is often on corporate networks, the principle applies to home users too. They emphasize that every layer of defense matters. However, CISA also acknowledges that proper network configuration, like AP mode, is key to avoiding conflicts. So, it’s not about ignoring the firewall entirely, but understanding its role in your specific setup.
When You Absolutely Should Not Disable the Firewall
Now, let’s flip the script. There are specific scenarios where keeping that second router’s firewall enabled is not just a good idea, it’s downright necessary. If your goal isn’t just to extend Wi-Fi, but to create a completely separate network segment—a DMZ, a guest network that’s truly isolated, or a subnet for your smart home devices that you don’t fully trust—then disabling the firewall on the second router would be a massive security blunder. (See Also: Is Rcn Client Router Upnp Enabled? My Headaches.)
In these cases, the second router acts as its own gatekeeper. Its firewall inspects traffic entering and leaving *its* network before it even has a chance to hit your primary network. This provides an additional layer of defense, preventing potential threats from the less-trusted segment from ever reaching your main devices. It’s like having a bouncer at the door of your main house and another bouncer at the entrance to your separate guest house. You don’t want to remove either bouncer if the guest house is where you’re keeping your prized collection.
I learned this the hard way when setting up a gaming network for my nephew. I wanted it completely separate from our main Wi-Fi to avoid any potential lag from our smart devices. I put the second router in router mode, kept its firewall ON, and configured a specific subnet. This prevented any game-related traffic from interfering with our work calls, and crucially, it kept any potential malware that might have been lurking on a game download from hopping over to our main network. The setup was more complex, involving port forwarding on the main router, but the peace of mind was worth it.
[IMAGE: A home office setup with multiple routers, illustrating a complex network configuration]
People Also Ask:
Can I Have Two Routers Connected to Each Other?
Yes, you can connect two routers together. The most common ways are to connect them in Access Point (AP) mode, where the second router acts as an extension of the first, or in Router mode, where the second router creates a separate network. The way you connect them (LAN-to-LAN or LAN-to-WAN) and the mode you select will determine how they interact and whether the second router performs NAT and firewall functions.
What Happens If I Connect Two Routers?
If you connect two routers and both are in router mode (creating separate networks), you’ll essentially have two different IP address ranges and two firewalls. This can lead to “double NAT,” where devices on the second network might have trouble accessing devices on the first, or vice-versa, and can cause issues with online gaming or certain applications. If you connect them correctly in AP mode, the second router acts as a switch and Wi-Fi extender, and double NAT is avoided.
Should I Disable Firewall on Second Router When Using It as Ap?
Generally, yes. When you configure a second router in Access Point (AP) mode, it stops acting as a router and becomes a simple network switch with Wi-Fi capabilities. In this mode, its routing functions, including NAT and its firewall, are typically disabled automatically or should be manually turned off. This prevents conflicts and ensures your main router’s firewall is the sole protector of your network. Devices connected to the AP will be on the same network as devices connected to the main router.
Can I Connect a Second Router to My Existing Router to Extend Wi-Fi?
Absolutely. This is one of the most common reasons people add a second router. The most effective way to do this is by configuring the second router in Access Point (AP) mode. You connect the two routers via Ethernet cable (typically LAN port to LAN port), and the second router then broadcasts Wi-Fi signals, effectively extending the reach of your existing network without creating a separate, disconnected subnet.
Verdict
So, should I disable firewall on second router? The short answer is: it depends. If you’re just trying to get better Wi-Fi signal across your house by putting the second router in AP mode, then yes, disabling its firewall (which usually happens automatically when you select AP mode) is the way to go. It makes it behave like a simple extension cord for your network.
But if you’re deliberately trying to create a separate, isolated network for security reasons – like a guest network or a segment for untrusted IoT devices – then keeping that firewall ON is your best friend. It adds an extra layer of defense that’s worth the slight complexity.
Don’t just blindly follow the advice you read online. Think about what you actually want your second router to *do*. Making that decision upfront saves you a lot of head-scratching and potential security headaches down the line.
Recommended Products
No products found.