This is mostly just based on my experience and there's no one size fits all, so if your'e happy with what you have and its working well stay with it and probably don't mess with it and this may not be worth the effort or cost, but if you are tired of consumer routers due to various issues and need additional features, functions and proper firmware updates even after more than 2-3 years you may want to take a look at Pfsense. I got fed up with the firmware quality of consumer routers and decided to try pFsense. If anyone is interested they can get a $150-250 Qotom or similar box on Amazon or even an old PC and install Pfsense and use their current router as an Access Point cum switch. Do note that it does take a bit of learning or guidance and its not for everyone, but even as a novice myself a few great videos by Lawrence Systems on YouTube got me setup in regards to the basics, pFblocker, OpenVPN and Traffic Limiting for Bufferbloat management. Took me only about 20-30 mins to get all the previously mentioned functions ready. I switched my RAX120 to AP mode with my NAS connected to the RAX120's 5Gbe port. Basic Setup and getting online: pFblocker: (Don't use the Geo Blocking part unless you really need to) Traffic Limiters: (for Buffer Bloat) For VPN profiles from providers ExpressVPN etc have links on their own site on how to setup manually. pFsense Home Page on my SuperMicro 1U Unit DNS Setup & Resolving: By default pFsense does DNS resolving itself rather than using the ISP for security, you can go to DNS Resolver and select Forwarding mode for a speedup and enable DNS over TLS for security in forwarding mode if you want to use third part DNSs. (First disable DNSSEC when switching to forwarding) If using Third party DNS Servers you can enable those in general setup, I added an image below with CloudFlare primary & secondary IPv4/IPv6 DNS servers. Also disable WAN DNS override so it won't use ISP DNS servers. If you want speed in resolving, ISP DNSs’ can and will be faster in most cases at the cost of security. Enabling Hardware Crypto and Thermal Sensors for Intel CPUs: In the Advanced -> Miscellaneous section you can enable hardware crypto (helps VPN) and Thermal sensors as shown in the attached image. pFblockerNG (Use the Development Version): You can get pFblockerNG by going to the package manager in the System section, after install it shows up under Firewall section, it has a guided setup by default. Another simple guide: https://www.linuxincluded.com/block-ads-malvertising-on-pfsense-using-pfblockerng-dnsbl/ One thing I should mention about pfblocker NG is that it has a section you can enable called TLD (Top Level Domain Blocking). Be careful as that feature can take a lot of RAM depending on your block lists' size. Im using upwards of 4.5GB RAM on my unit with TLD function enabled with my large number of blocklists. A few short topics from the makers of pFsense including limiters, captive portals etc. I went a bit more extreme and recently bought an Intel Xeon D-1541based SuperMicro 1U unit to install ESXi VM for pFsense and FreeNAS side by side. I so far only installed pFsense (2.4.5) and I must say it's far more powerful (honestly even a $200 Intel based Qotom box is probably more powerful than the best consumer router in terms of routing and VPN), reliable and the sheer amount of functions available are amazing including packages like pFblockerNG piHole like ad/tracking blocking but more powerful. OpenVPN and tracking options (ie ntoppng) are really great and the limiter and traffic shaping functions seem to be far better than most consumer routers. I liked OpenWRT on consumer units but with a lot of hardware acceleration functions being lost due to closed source binaries and the fact that even though I can even use OpenWRT on my Xeon D it just doesn't seem as friendly out of the the box as pFsense. Will add more info as time permits or on request.