Jump to content

Ubiquiti UniFi Thoughts and Questions


BAlGaInTl

Recommended Posts

mastrmind11

The UXG-Pro looks pretty promising too, it is literally the USG with better hardware.  The issue I have with what I've seen in the UDM/UDM-Pro is the new OS.  One of the benefits of the USG is EdgeOS... if you want to enable features not built into the UI (there are plenty of features missing) you just edit a json config file. With the UDM, you are tied to the UI entirely, there are no configs to edit so you literally sit and wait for the thing to be feature complete... and let's be honest, ubiquity doesn't exactly work at light speed.  And anyone using existing unifi gear already has a controller set up or on a cloud key, so hosting it directly on the UDM is overkill for most.  Anyway, my 2c, but I will be scooping up a UXG once it hits early access.

Link to comment
Share on other sites

sooty234

I wish they had a layer 3 switch that was 10 gigabit over RJ45 with PoE+ and PoE++. They've got a 1 gig, which is on my radar...

Link to comment
Share on other sites

BAlGaInTl

It's a complete no brainer to go the UDM route right now, the hardware is better in every single aspect and it's in the same price range. I would not recommend a USG to anybody right now. I actually just picked up the UDM-Pro, only downside I've come across is that the SFP+ port doesn't sync at 2.5Gbit although it's on their roadmap for a future firmware upgrade.

 

 

I won't pretend that the USG that I got is somehow as good as the UDM.

 

That being said, it's unfair to that they are "in the same price range."  I was replacing a consumer router/mesh.  The USG was a HUGE upgrade from that.  I paid 1/3 the cost of the cheapest UDM that I could find.

 

I fully admit that there are trade-offs at that price, but it was still well worth it to me.

 

ETA: I did my whole new network (USG + 3AP) for less than the cost of a UDM Pro.

Edited by BAlGaInTl
Link to comment
Share on other sites

rbjtech

I sent my UDM Pro back in disgust due to the lack of what I consider basic features vs Sophos XG or PFsense. 

 

For the price, I expected the feature list to at least be on-par with the Sophos/PF functionality which is free !

 

I may revisit once they get their gateways up to speed, as a single solution/view would be nice - but for the moment Sophos XG v18 is ticking all the right boxes - especially with SSL packet inspection and IPS which are fast  ..

Link to comment
Share on other sites

Jdiesel

I sent my UDM Pro back in disgust due to the lack of what I consider basic features vs Sophos XG or PFsense.

 

For the price, I expected the feature list to at least be on-par with the Sophos/PF functionality which is free !

 

I may revisit once they get their gateways up to speed, as a single solution/view would be nice - but for the moment Sophos XG v18 is ticking all the right boxes - especially with SSL packet inspection and IPS which are fast ..

Could you humour me and explain how Sophos handles SSL packet inspection? Do the clients need to use an assigned certificate or is there some magic happening that allows Sophos to see what is inside those packets? My understanding was that the only way to truely monitor SSL traffic was to do essentially a man in the middle attack on your own network.

Link to comment
Share on other sites

MRobi

I won't pretend that the USG that I got is somehow as good as the UDM.

 

That being said, it's unfair to that they are "in the same price range."  I was replacing a consumer router/mesh.  The USG was a HUGE upgrade from that.  I paid 1/3 the cost of the cheapest UDM that I could find.

 

I fully admit that there are trade-offs at that price, but it was still well worth it to me.

 

ETA: I did my whole new network (USG + 3AP) for less than the cost of a UDM Pro.

Not many buy the original USG anymore, I would have instantly assumed you were buying a USG 4 pro. Most conversations surrounding a USG in the past year or 2 have primarily been comparing the USG 4 pro which is why I say they're in the same price range. The USG 4 is about $100 less than a UDM-Pro. The cloud key is around $100. And an 8 port switch is around $100. So it's cheaper to buy a UDM-P than a USG4, Cloud Key and switch.

 

The only way the USG will be sufficient is if your internet connection is under 100Mbit. And those are getting rarer and rarer these days. Even with a slow internet connection I wouldn't recommend it because it's old hardware and with how tech changes you're starting with something that's already outdated. It was fine during it's release back around 2016 but it doesn't cut it in 2020. If your connection is any faster than 100Mbit, by enabling any of the security features on your security gateway, you'll be throttling your internet connection. In order to keep your internet speeds you need to disable the security features, but then what's the point of putting a security gateway in place? 

Link to comment
Share on other sites

BAlGaInTl

Not many buy the original USG anymore, I would have instantly assumed you were buying a USG 4 pro. Most conversations surrounding a USG in the past year or 2 have primarily been comparing the USG 4 pro which is why I say they're in the same price range. The USG 4 is about $100 less than a UDM-Pro. The cloud key is around $100. And an 8 port switch is around $100. So it's cheaper to buy a UDM-P than a USG4, Cloud Key and switch.

 

The only way the USG will be sufficient is if your internet connection is under 100Mbit. And those are getting rarer and rarer these days. Even with a slow internet connection I wouldn't recommend it because it's old hardware and with how tech changes you're starting with something that's already outdated. It was fine during it's release back around 2016 but it doesn't cut it in 2020. If your connection is any faster than 100Mbit, by enabling any of the security features on your security gateway, you'll be throttling your internet connection. In order to keep your internet speeds you need to disable the security features, but then what's the point of putting a security gateway in place? 

 

I think you are missing my use case, or maybe you didn't really read it in this thread.

 

I was using a consumer grade mesh router.  Because of that, I lost out on some routing capability that I wanted.  I wanted to upgrade to a UniFi mesh, and I wanted a better router anyway.  Why not get one that would integrate with the UniFi controller?

 

I'm not currently using the security features, although I may play around with it at some point.  

 

My connection is only 100Mbit, and that's the fastest available in my area.

 

I may upgrade to something different at some point, but for now, the USG meets my needs, and it's a good start to learn the UniFi system.

Link to comment
Share on other sites

lightsout

Not many buy the original USG anymore, I would have instantly assumed you were buying a USG 4 pro. Most conversations surrounding a USG in the past year or 2 have primarily been comparing the USG 4 pro which is why I say they're in the same price range. The USG 4 is about $100 less than a UDM-Pro. The cloud key is around $100. And an 8 port switch is around $100. So it's cheaper to buy a UDM-P than a USG4, Cloud Key and switch.

 

The only way the USG will be sufficient is if your internet connection is under 100Mbit. And those are getting rarer and rarer these days. Even with a slow internet connection I wouldn't recommend it because it's old hardware and with how tech changes you're starting with something that's already outdated. It was fine during it's release back around 2016 but it doesn't cut it in 2020. If your connection is any faster than 100Mbit, by enabling any of the security features on your security gateway, you'll be throttling your internet connection. In order to keep your internet speeds you need to disable the security features, but then what's the point of putting a security gateway in place?

Hmmmm. Now you have me back pedalling a bit. I have 400mb inherent. Don't really like the idea of installing anything that's going to gimp that to 100mb.

 

Especially when my $30 Netgear handles it just fine.

 

I like the poster above want it because it ties into the unifi controller and gives me extra control.

 

I'm not even honestly sure what all the security features are, I have been looking at a second vlan for iot devices.

 

Which would probably be the most advanced thing that I would do.

 

I paid $115 for the USG. Don't think anything new comes close to that.

 

Edit## I hadn't really looked at the UDM, I recently bought an AP Pro and a USG. I could return them and get the UDM for $50 more.

 

I would gain a better AP, a managed switch, and an integrated cloud key. Kind of seems like a no brainier.

 

Thoughts?

Edited by lightsout
Link to comment
Share on other sites

rbjtech

Could you humour me and explain how Sophos handles SSL packet inspection? Do the clients need to use an assigned certificate or is there some magic happening that allows Sophos to see what is inside those packets? My understanding was that the only way to truely monitor SSL traffic was to do essentially a man in the middle attack on your own network.

 

Exactly as you have described - you need to install a cert on the end client and Sophos then inspects SSL by decrypting and then re-encrypting it via it's own Cert (CA). 

 

Considering nearly 90% of traffic on the net is now SSL, AV scanning for Ransomware etc and IPS is fast becoming useless as there is no way to identify what is in the packet stream.  You can of course specify 'safe' end hosts for those clients where you can't install Certs and/or fasttrack 'cached' safe sites to make it as seamless as possible but ultimately as you correctly say, you need to decrypt the traffic to inspect it - there is no other way.  

Link to comment
Share on other sites

MRobi

 

Edit## I hadn't really looked at the UDM, I recently bought an AP Pro and a USG. I could return them and get the UDM for $50 more.

 

I would gain a better AP, a managed switch, and an integrated cloud key. Kind of seems like a no brainier.

 

Thoughts?

This right here is exactly the point I was trying to make! It's a total no brainer right now. Especially with a 400Mb internet connection. You can enable every security feature on it and it will handle it all at full speed.

 

For clarity, the USG on it's own will not throttle your internet connection if you simply use it as a router. But if you enable the security features that it's designed for (unifi SECURITY gateway), then it will limit you because it simply doesn't have the processing power that the newer hardware has.

Link to comment
Share on other sites

lightsout

This right here is exactly the point I was trying to make! It's a total no brainer right now. Especially with a 400Mb internet connection. You can enable every security feature on it and it will handle it all at full speed.

 

For clarity, the USG on it's own will not throttle your internet connection if you simply use it as a router. But if you enable the security features that it's designed for (unifi SECURITY gateway), then it will limit you because it simply doesn't have the processing power that the newer hardware has.

I am really thinking this is a better option for my setup since I can still get a refund on the stuff that I have. Still need to do some more research.
Link to comment
Share on other sites

lightsout

The one thing I don't like about the UDM is that the AP is stuck where the router goes, which for me is the garage. Which is not ideal. I would pair the UDM with an AP Lite, which would be upstairs. It would probably be ok but was happy to get all AP's out of the garage at the new place.

Link to comment
Share on other sites

Sammy

All this banter.. the USG has plenty of security without these turned on and with them off my maximum real world download speed is about 96mbps on a good day (minute actually) even though I have a 450mbps connection and speedof.me shows something between 300 and 480.

 

This really isn't as big a deal as it is made out to be; so maybe it takes an extra minute to down that movie and this level of threat is minimal at best for a small home network. This is the same reason so many buy McAfee when they don't need it.

 

Sent from my SM-G960U1 using Tapatalk

Link to comment
Share on other sites

lightsout

All this banter.. the USG has plenty of security without these turned on and with them off my maximum real world download speed is about 96mbps on a good day (minute actually) even though I have a 450mbps connection and speedof.me shows something between 300 and 480.

 

This really isn't as big a deal as it is made out to be; so maybe it takes an extra minute to down that movie and this level of threat is minimal at best for a small home network. This is the same reason so many buy McAfee when they don't need it.

 

Sent from my SM-G960U1 using Tapatalk

May be true. But there is something about being able to use the features of the device you pay for.

 

Although on the flip side if I wasn't able to return the gear I have it wouldn't even be a consideration, but in the unique position I am in I'm going to go for it.

 

One thing I'm uncertain of, is the non pro udm going to get unifios. They seem to have the same CPU, from what I've read they are holding it back from the non pro model. Maybe it can't handle all the features idk. But don't really like that. Makes it seem like the UDM is not being supported like the pro is.

Link to comment
Share on other sites

Sammy

As far as pricing goes, you do not need a CloudKey, the USG is $130ish and the UDM Pro is $300ish so that is more like $170 more. When I bought mine, the UDM just hit the market and some of the reviews were not favorable so I went with the USG, not only to save some $ but also to utilize something tried and true. As far as f/w goes, I got an update just last week.

Link to comment
Share on other sites

lightsout

As far as pricing goes, you do not need a CloudKey, the USG is $130ish and the UDM Pro is $300ish so that is more like $170 more. When I bought mine, the UDM just hit the market and some of the reviews were not favorable so I went with the USG, not only to save some $ but also to utilize something tried and true. As far as f/w goes, I got an update just last week.

I don't use a cloud key and wouldn't. I currently run the controller on an Odroid XU4 that runs diet pi. I don't factor in the cost of that because I just it for other things.

 

But the UDM has an ap and a switch in it. So factoring in those costs is a big offset.

Link to comment
Share on other sites

sooty234

I just replaced my USG Pro 4 with a UDM Pro. If you have Unifi security cams, this is a good option. And having the controller built it in is really good, too. Now, if the power goes out, when it comes back on, everything automatically boots up. And I've got the whole network plugged into a UPS, which gives me around 45 minutes up time before the battery dies.

Link to comment
Share on other sites

MRobi

One thing I'm uncertain of, is the non pro udm going to get unifios. They seem to have the same CPU, from what I've read they are holding it back from the non pro model. Maybe it can't handle all the features idk. But don't really like that. Makes it seem like the UDM is not being supported like the pro is.

That's actually probably a bonus for the UDM right now, although I think their plan is to have all devices on the new OS. The new UnifiOS is still working through some glitches and if you're using it in other applications (For example I use a Home Assistant integration with Unifi to help determine presence in my house) it's still not fully supported. I'd actually prefer it if the UDM-P had the old OS or that it were an option to choose.

 

If I had the USG in place now and it was working for me, I wouldn't rush out and buy a new one just to replace it. But if I were just starting off with a Unifi system, or in a position where I could return a USG for full credit, it will be well worth the little bit of investment to get hardware that's more current. I don't think there's too many of us that would rush out and buy a new iPhone 5c or Samsung Galaxy S3. They'll still be able to make calls, but they won't work anywhere near as good as an iPhone 11 or Galaxy S20.

Link to comment
Share on other sites

lightsout

That's actually probably a bonus for the UDM right now, although I think their plan is to have all devices on the new OS. The new UnifiOS is still working through some glitches and if you're using it in other applications (For example I use a Home Assistant integration with Unifi to help determine presence in my house) it's still not fully supported. I'd actually prefer it if the UDM-P had the old OS or that it were an option to choose.

 

If I had the USG in place now and it was working for me, I wouldn't rush out and buy a new one just to replace it. But if I were just starting off with a Unifi system, or in a position where I could return a USG for full credit, it will be well worth the little bit of investment to get hardware that's more current. I don't think there's too many of us that would rush out and buy a new iPhone 5c or Samsung Galaxy S3. They'll still be able to make calls, but they won't work anywhere near as good as an iPhone 11 or Galaxy S20.

Yeah that last bit is pretty much my thinking. Sounds like a win. Pulled the trigger on the UDM earlier today.
  • Like 2
Link to comment
Share on other sites

Sammy

I got USG before the CoViD 19 thing so my return window closed in February..

 

That said I could probably off-load it and the Switch8-60 on eBay for a few bucks and get an UDM but I'd probably keep my UAP-ACPro's, moving the one right next to the USG to a different location..

 

DAM YOU GUYS!

 

https://www.youtube.com/watch?v=7-QvRq6vvf0

Edited by Sammy
Link to comment
Share on other sites

jaycedk

That looks like some thing I want.

300 square feet home + garden, town house.

That should do nicely.

ATM I only have 200/75 internet connection.

Should be a nice replacement for my old Asus router.

Edited by jaycedk
Link to comment
Share on other sites

lightsout

I got USG before the CoViD 19 thing so my return window closed in February..

 

That said I could probably off-load it and the Switch8-60 on eBay for a few bucks and get an UDM but I'd probably keep my UAP-ACPro's, moving the one right next to the USG to a different location..

 

DAM YOU GUYS!

 

https://www.youtube.com/watch?v=7-QvRq6vvf0

Ha I know! Just as I thought I was settled. I did a test to see how coverage will be, put the AC-Pro in the garage where the UDM will go and put the AC-Lite upstairs where

the Pro was. Seems just fine in my house. 

 

For now also the 4 port switch on the UDM solves my switch problem, as I only have 3 ethernet runs so I think it will be enough to distribute the vlans properly for my setup.

 

Shipping was quick at Unifi as well got the email at like 7am PST after the long holiday weekend. 

Link to comment
Share on other sites

Sammy

I guess that means that you still haven't got CableCARD's for your Prime tuners?

 

I have 7 ethernet connected devices just in my office, two of them Prime Tuners.

Link to comment
Share on other sites

sooty234

Haha... You guys just caught the Ubiquiti networking bug. Once bitten, you'll never stop spending money :D

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...