Here's a question at the other end of the networking spectrum:
For a home user, is there any compelling security reason to be running a dedicated firewall instead of one of those all in one router/switch/wifiAP devices?
This is assuming that the all in one doesn't have insecure 'cloud' or remote access functions enabled, and is running firmware not straight from the manufacturer (dd-wrt/tomato/merlin, etc).
Second question: What's your opinion of Cisco vs Juniper router performance at the medium/large enterprise level?
Great questions, jamster!
I'm going to start with the easy one. Juniper vs. Cisco. They both live/play in the same market, but got their start in different ways. Cisco is and always has been a large enterprise routing and switching company aiming for the business market. Juniper started as a carrier-grade routing and switching solution, mostly used at the provider level (ISP, Telco, and peering backbone providers). They have gotten more popular in the 'smaller' enterprise market like large businesses, universities, hospitals, and government.
The real difference between the two, and is what influences most people's decisions is the their OS. Cisco has CatOS, IOS, ASA/PIX, and NX-OS. Juniper has JunOS. They both run their flavor of OS on multiple platforms (routers, switches, firewalls, APs, etc.), but they stem from completely different places. JunOS is a linux-based management OS that manages all the routing/switching ASICs (chips) and network backplane. Cisco OSes are highly specific to their hardware. Their most recent OS, NX-OS is a linux-flavored OS that mimics the same design as a Juniper - Linux-based OS managing other processes/chips.
They are both big players in the market and both have their pros and cons. Cisco: expensive, well supported world-wide, can get parts in 4 hours anywhere. Juniper - more affordable, highly programmable, more difficult to find engineers that know their stuff, will support with 4 hour replacement as well.
Numero Dos! Home routing and switching. Thank you for asking, my brother and I just went through this with his setup.
DISCLAIMER: I've long since given up custom router configurations at home because I do that at work all day everyday. Actually, at home, I run all Macs, have an Airport Extreme and an AppleTV with all my **** loaded into iTunes. Stupid easy, but configurable. I know, despite knowing Linux for almost two decades and managing a national fleet of wireless routers, I still use Apple products at home. Why? They work, they're usually pretty secure, my two young daughters can hack away with out issue, and I never. have. to. touch. them.
Now, on with the answer: The short answer is: No, only very specific reasons to have a dedicated firewall. Remember, usable security is a balance of security and usability. If you are security minded, there are many solutions to a home network. What you outlined will give complete control over your home network. I used to run a Linksys WRT54G and it was the titties. Pretty good security: white listing, port forwarding, etc. The linksys firmware was good, but I could load any firmware I wanted on it. That being said, you might be spending your time in a network-centric OS command line hand-editing firewall rules.
If you really want to get into security, I'd suggest running a dedicated linux firewall in front of your router (pfSense or iptables). As long as there are two ethernet ports, you are good to go. Could be a fun project for a tiny x86 computer, even an old one. You'll learn linux, how to run httpd, mysql, and all sorts of fun stuff. Steep learning curve for the less-technical experienced.
Another option for 'deep' security is a very usable, stable, full featured platform:
FortiNet firewalls. They are great for SMB and home 'heavy' firewalls. They are very full featured and I've deployed them at over 300 locations nation-wide. Buy-in for these puppies is about $500, but you get a full-featured web-ui (static routing, advanced routing, VPN, firewall, wireless controller, security controls, host-based security/management, real-time security updates, etc.) They even sell video security and wireless APs... great company.
I hope that answered your questions! Happy to answer more. Not often I get to chat networking.