lacking very needed HW Acceleration to deal with AES-256-GCM.
Apologies I didn't mention that earlier, to save you the trouble.
@Marin and
@John Fallon:
For something baseline viable, relatively inexpensive and easy to manage, the best full LAN-to-WAN ecosystem would probably be UniFi. A Dream Machine would give you the classic "all-in-one", but with expandability, so you could add a UniFi PoE switch and more APs, all as-needed, and adopt and control
all of them from a single pane of glass. If there's an easier setup out there, I haven't heard of it. Another ecosystem that's more legacy in style but fairly rock-solid is Cisco RV/SG/WAP small biz stuff.
@coxhaus seems to love it. RV gateways are very simple in their capability and the whole ecosystem can't be governed by a single control plane like UniFi can, but the entire stack is very reliable, usually production-ready for the features they do have, and direct support from Cisco is of course way deeper than what Ubiquiti offers.
For specialized wants/needs:
Gateway - If you know you ultimately want to be running services (VPN, etc.) at hundreds of Mb/s or more, and/or just don't want to have to even be concerned with ever being bottlenecked, I would skip right over MIPS/ARM (consumer all-in-ones, Ubiquiti, Mikrotik, etc.) and go straight to x86 hardware. This could be a PC with a multi-NIC card, an embedded appliance (Qotom/Protectli), a 1U rackmount server, whatever. You'd be free to run whatever distro you wanted - OpenWRT, Untangle, pfSense, OPNSense, etc. I would probably suggest pfSense, as it's widely known and proven. A great go-between, as John was thinking, might be a Netgate pre-built appliance, like the SG-3100, which would get your feet wet with something ready-to-go and supported.
Switching - If you go UniFi for wifi, I highly recommend running their switches for the single pane of glass. Otherwise, Cisco SG, HPE OfficeConnect (19__/18__ series) or refurb enterprise. PoE is highly desirable. Layer 2 is enough, but a layer 3 switch would allow you offload even more services from the gateway and learn even more (DHCP, inter-VLAN routing, etc.). I really like Cisco SG350, as it's GUI-based, while also having an IOS-like CLI to learn. For something full-enterprise and totally rock-solid, HPE ProCurve/Aruba (2530 and up) is probably the best buy out there, with a ton of it for dirt cheap on eBay, NetworkTigers, etc. and the failure rates are practically zero. Most 24 and 48-port models can be on the noisier side, but the little 2530-8G-PoE+ or even 2930F-8G-PoE+ are silent, serve as great "mini" core switches for a home network and are awesome to learn on.
WiFi - I would go for something centralized, expandable, even mesh-capable. For most houses/apartments, UniFi is good enough. If you're not thinking of running UniFi switches, though, then UniFi APs alone are less of an obvious choice. TP-Link Omada would be baseline-viable for dirt cheap. Cisco WAP's are rock-solid, albeit not truly controller-based. Then there's integrated controller stuff, where the APs themselves host the controller, and offer master/slave auto-redundancy as well (why UniFi does't have this by now is beyond me...). Aruba Instant On (app or cloud-controlled) or Granstream GWN (app, local web or cloud-controlled) are low priced and very easy to deploy. Then there's big-boy wifi. Aruba, Ruckus, etc. I personally run Ruckus, as the quality of the endpoint connections you get is just tops, regardless of the airspace you're in (you can see my other posts as to why). But the stuff is spendy, for sure. Overall, UniFi should be good enough, but maybe give the other stuff a look as well.
Maybe enterprise kit if you're really hankering for overkill, but probably unnecessary.
Hope some of that helps!
