OK. I’ve taken a closer look at the BDB2 box (although there isn’t much info out there so keep that in mind). It seems that it is as you suggest and designed to act as the primary wired/wifi router and wants all devices to be connected to it directly. I assume that is so that it can keep an eye on all connected IPs and MAC addresses on your LAN segments and look out for nefarious traffic.That is why their support keep on saying that any additional router needs to be in bridge mode, and by bridge mode they are referring to ‘transparent bridge’ mode ie like what you see when you use a wifi enabled router as an access point. So that type of bridge mode would present wireless clients on the 3rd party wifi router to the wired network segment on the BDB2 as locally connected devices and then the BDB2 would manage and monitor them.
If you were to plug your Soho WAN into the LAN of the BDB2 with out of the box settings, the BDB2 box will only ever see one IP and one MAC address (that of the WAN port of the Soho which has NAT enabled by default). As such some of the BDB2 features would likely still work (like web filtering and blocking known bad URLs etc), but of course other features wouldn’t work (like the parental controls) since as far as the BDB2 is concerned it can only see a single device (the WAN IP & MAC of the SOHO) so can’t identify and manage the individual LAN devices connected to the LAN of your SOHO.
There is a chance that you could set the WAN of the SOHO to IP Forwarding (so no NAT) and connect it to the LAN of the BDB2.With NAT disabled the BDB2 would see individual IPs from behind the SOHO, but for that to work you would need to be able to add a static route to the BDB2 to tell it how to reach devices behind the SOHO (using the WAN IP of the SOHO as the destination) - which looks unlikely and the BDB2 would never see the LAN device MAC addresses which I suspect it would need to do its more advanced stuff…
So I think that the only role the SOHO router can have if you want to use the BDB2 is at the perimeter (on the BDB2’s WAN as the ‘ISP Router’) where you could use it for failover between ISPs (cable / USB 4G etc). Then we get to the question of the big picture… should you combine the BDB2 and the SOHO at all?
Yes I think you could/should. I see the BDB2 as another layer of security you can apply to key services / devices - particularly user devices like smartphones and laptops /PCs that are actively used and likely to be targeted at some point by viruses and phishing attacks. The BDB2 should help prevent that kind of activity and also adds parental controls, safe browsing and device management etc. So if I was going to use the BDB2 at home I would connect all my PCs and laptops and smartphones to it directly (over wifi or wired) and use the app to keep an eye on those devices and their behaviour.
In that setup the SOHO becomes a WAN controller that keeps you connected using multiple WANs if you want, and you can also create local VLANs on the SoHO to secure specific devices that would not be connected to the BDB2. Many IoT sensors connect directly to the cloud and the apps we run on our smartphones don’t connect to the IoT sensors directly but instead to the cloud as well to monitor and manage them. So keeping the IoT devices locked down in their own VLAN on the SOHO and then protecting your user devices behind the BDB2 (which would be in its own VLAN on the SOHO) works as there is no way the IoT devices can route to the BDB2 protected user devices.
You could also still use SSIDs in VLANs on the SOHO for guest wifi which again would be isolated from the VLAN the BDB2 is on which in turn is providing additional protection to those devices behind it.
If you do decide to use the BDB2 do share your experiences with it here - it looks like an interesting product and one that deserves more investigation.