I am adding an Edgerouter Lite after my Comcast modem to better secure the home network. I will still have an external network directly attached to the Comcast modem. What is the best way to prevent access from the external network to the Edgerouter network and vice versa. Essentially, I would like for the Edgerouter to get internet access from the Comcast modem but limit access to / from the external network, while retaining the ability to access the router. Any thoughts?
You want to limit your home network from accessing the outside internet?
Are you wanting to make the home network more secure? ERX-Lite should come with defaults that limit/exclude remote access to the router from the WAN. Keeping this setting turned off will help keep people from accessing the router. Other than that you should look into firewall rules on the ERX and make sure it’s defaults are set to deny all, and then only open what ports you need (if any, besides port 80 and 443) in both directions.