"...will it run from within the router?"
No, definitely not.
You are right to avoid having more than one AV and more than one client firewall per PC.
But don't get confused between hardware firewalls and client firewalls - two very different things whose features only briefly overlap, specifically where SPI (stateful packet inspection) and related monitoring features are concerned. Hardware firewalls offer more inbound capabilities, such as more sophisticated port control, while client firewalls are most useful for their outbound abilities, such as program launch control, etc.