Question Two routers, DMZ on and firewall off, bad idea?

Feb 21, 2019
First I'll explain how I set up things:

I have 2 routers, one of them is an ONT/Router (Huaweii) combo provided by my ISP with a limited user and the other one is an Asus Router ACRH1300, since the user is limited I couldn't change the ONT to bridge mode so people in other forums recommended this:

-ONT LAN IP is and DHCP range is to .255

-ONT WLAN is turned off

-ONT connects to Asus Router from LAN1 to WAN

-All devices are connected to Asus Router through Wi-Fi

-Asus Router Static IP is, subnet is and gateway is

-Asus Router LAN IP is

-Asus Router DHCP is off

-Turns off Asus Router and connects ONT from LAN1 to LAN1 in Asus router

-Turns on Asus Router

After doing this I couldn't access Asus router settings anymore, then I remembered about LAN IP so I changed my PC IP in Windows from Automatic to Static and set it to, of course while doing that I had no internet but I could access Asus settings again, then I thought about changing the mode to AP mode but that will turn off the firewall so I didn't do it (I'll explain why in a second), changed my PC IP from Static to Automatic again and here I am asking this.

The thing is that I was told by other users from same ISP and ONT that since they only give us limited access, there's a lot of problems with ports and stuff, so they recommended me to set my Asus Router as a DMZ Host (, basically opening all the ports to my Asus Router and let Asus manage the ports with its firewall, does that mean that if I set the Asus Router to AP mode that will turn off both firewalls and basically I'll have no hardware firewall protection at all?

Should I remove the DMZ host? Should I NOT set my Asus Router to AP mode then?

Basically I don't know what's the best configuration anymore, I've read lots of stuff, I was doing this so I wouldn't have much problems with the limited ONT from my ISP but I also don't want to be totally exposed to hacking attempts or whatever, I also don't want to be under too many NAT layers.

P.S.: I'm kinda new to this networking stuff so please be patient with me.

Similar threads