mastrmind11 717 Posted May 24, 2020 Share Posted May 24, 2020 The UXG-Pro looks pretty promising too, it is literally the USG with better hardware. The issue I have with what I've seen in the UDM/UDM-Pro is the new OS. One of the benefits of the USG is EdgeOS... if you want to enable features not built into the UI (there are plenty of features missing) you just edit a json config file. With the UDM, you are tied to the UI entirely, there are no configs to edit so you literally sit and wait for the thing to be feature complete... and let's be honest, ubiquity doesn't exactly work at light speed. And anyone using existing unifi gear already has a controller set up or on a cloud key, so hosting it directly on the UDM is overkill for most. Anyway, my 2c, but I will be scooping up a UXG once it hits early access. Link to comment Share on other sites More sharing options...
sooty234 266 Posted May 24, 2020 Share Posted May 24, 2020 I wish they had a layer 3 switch that was 10 gigabit over RJ45 with PoE+ and PoE++. They've got a 1 gig, which is on my radar... Link to comment Share on other sites More sharing options...
BAlGaInTl 279 Posted May 24, 2020 Author Share Posted May 24, 2020 (edited) It's a complete no brainer to go the UDM route right now, the hardware is better in every single aspect and it's in the same price range. I would not recommend a USG to anybody right now. I actually just picked up the UDM-Pro, only downside I've come across is that the SFP+ port doesn't sync at 2.5Gbit although it's on their roadmap for a future firmware upgrade. I won't pretend that the USG that I got is somehow as good as the UDM. That being said, it's unfair to that they are "in the same price range." I was replacing a consumer router/mesh. The USG was a HUGE upgrade from that. I paid 1/3 the cost of the cheapest UDM that I could find. I fully admit that there are trade-offs at that price, but it was still well worth it to me. ETA: I did my whole new network (USG + 3AP) for less than the cost of a UDM Pro. Edited May 24, 2020 by BAlGaInTl Link to comment Share on other sites More sharing options...
rbjtech 4169 Posted May 24, 2020 Share Posted May 24, 2020 I sent my UDM Pro back in disgust due to the lack of what I consider basic features vs Sophos XG or PFsense. For the price, I expected the feature list to at least be on-par with the Sophos/PF functionality which is free ! I may revisit once they get their gateways up to speed, as a single solution/view would be nice - but for the moment Sophos XG v18 is ticking all the right boxes - especially with SSL packet inspection and IPS which are fast .. Link to comment Share on other sites More sharing options...
Jdiesel 1112 Posted May 24, 2020 Share Posted May 24, 2020 I sent my UDM Pro back in disgust due to the lack of what I consider basic features vs Sophos XG or PFsense. For the price, I expected the feature list to at least be on-par with the Sophos/PF functionality which is free ! I may revisit once they get their gateways up to speed, as a single solution/view would be nice - but for the moment Sophos XG v18 is ticking all the right boxes - especially with SSL packet inspection and IPS which are fast .. Could you humour me and explain how Sophos handles SSL packet inspection? Do the clients need to use an assigned certificate or is there some magic happening that allows Sophos to see what is inside those packets? My understanding was that the only way to truely monitor SSL traffic was to do essentially a man in the middle attack on your own network. Link to comment Share on other sites More sharing options...
MRobi 159 Posted May 24, 2020 Share Posted May 24, 2020 I won't pretend that the USG that I got is somehow as good as the UDM. That being said, it's unfair to that they are "in the same price range." I was replacing a consumer router/mesh. The USG was a HUGE upgrade from that. I paid 1/3 the cost of the cheapest UDM that I could find. I fully admit that there are trade-offs at that price, but it was still well worth it to me. ETA: I did my whole new network (USG + 3AP) for less than the cost of a UDM Pro. Not many buy the original USG anymore, I would have instantly assumed you were buying a USG 4 pro. Most conversations surrounding a USG in the past year or 2 have primarily been comparing the USG 4 pro which is why I say they're in the same price range. The USG 4 is about $100 less than a UDM-Pro. The cloud key is around $100. And an 8 port switch is around $100. So it's cheaper to buy a UDM-P than a USG4, Cloud Key and switch. The only way the USG will be sufficient is if your internet connection is under 100Mbit. And those are getting rarer and rarer these days. Even with a slow internet connection I wouldn't recommend it because it's old hardware and with how tech changes you're starting with something that's already outdated. It was fine during it's release back around 2016 but it doesn't cut it in 2020. If your connection is any faster than 100Mbit, by enabling any of the security features on your security gateway, you'll be throttling your internet connection. In order to keep your internet speeds you need to disable the security features, but then what's the point of putting a security gateway in place? Link to comment Share on other sites More sharing options...
BAlGaInTl 279 Posted May 24, 2020 Author Share Posted May 24, 2020 Not many buy the original USG anymore, I would have instantly assumed you were buying a USG 4 pro. Most conversations surrounding a USG in the past year or 2 have primarily been comparing the USG 4 pro which is why I say they're in the same price range. The USG 4 is about $100 less than a UDM-Pro. The cloud key is around $100. And an 8 port switch is around $100. So it's cheaper to buy a UDM-P than a USG4, Cloud Key and switch. The only way the USG will be sufficient is if your internet connection is under 100Mbit. And those are getting rarer and rarer these days. Even with a slow internet connection I wouldn't recommend it because it's old hardware and with how tech changes you're starting with something that's already outdated. It was fine during it's release back around 2016 but it doesn't cut it in 2020. If your connection is any faster than 100Mbit, by enabling any of the security features on your security gateway, you'll be throttling your internet connection. In order to keep your internet speeds you need to disable the security features, but then what's the point of putting a security gateway in place? I think you are missing my use case, or maybe you didn't really read it in this thread. I was using a consumer grade mesh router. Because of that, I lost out on some routing capability that I wanted. I wanted to upgrade to a UniFi mesh, and I wanted a better router anyway. Why not get one that would integrate with the UniFi controller? I'm not currently using the security features, although I may play around with it at some point. My connection is only 100Mbit, and that's the fastest available in my area. I may upgrade to something different at some point, but for now, the USG meets my needs, and it's a good start to learn the UniFi system. Link to comment Share on other sites More sharing options...
lightsout 144 Posted May 24, 2020 Share Posted May 24, 2020 (edited) Not many buy the original USG anymore, I would have instantly assumed you were buying a USG 4 pro. Most conversations surrounding a USG in the past year or 2 have primarily been comparing the USG 4 pro which is why I say they're in the same price range. The USG 4 is about $100 less than a UDM-Pro. The cloud key is around $100. And an 8 port switch is around $100. So it's cheaper to buy a UDM-P than a USG4, Cloud Key and switch. The only way the USG will be sufficient is if your internet connection is under 100Mbit. And those are getting rarer and rarer these days. Even with a slow internet connection I wouldn't recommend it because it's old hardware and with how tech changes you're starting with something that's already outdated. It was fine during it's release back around 2016 but it doesn't cut it in 2020. If your connection is any faster than 100Mbit, by enabling any of the security features on your security gateway, you'll be throttling your internet connection. In order to keep your internet speeds you need to disable the security features, but then what's the point of putting a security gateway in place? Hmmmm. Now you have me back pedalling a bit. I have 400mb inherent. Don't really like the idea of installing anything that's going to gimp that to 100mb. Especially when my $30 Netgear handles it just fine. I like the poster above want it because it ties into the unifi controller and gives me extra control. I'm not even honestly sure what all the security features are, I have been looking at a second vlan for iot devices. Which would probably be the most advanced thing that I would do. I paid $115 for the USG. Don't think anything new comes close to that. Edit## I hadn't really looked at the UDM, I recently bought an AP Pro and a USG. I could return them and get the UDM for $50 more. I would gain a better AP, a managed switch, and an integrated cloud key. Kind of seems like a no brainier. Thoughts? Edited May 24, 2020 by lightsout Link to comment Share on other sites More sharing options...
rbjtech 4169 Posted May 24, 2020 Share Posted May 24, 2020 Could you humour me and explain how Sophos handles SSL packet inspection? Do the clients need to use an assigned certificate or is there some magic happening that allows Sophos to see what is inside those packets? My understanding was that the only way to truely monitor SSL traffic was to do essentially a man in the middle attack on your own network. Exactly as you have described - you need to install a cert on the end client and Sophos then inspects SSL by decrypting and then re-encrypting it via it's own Cert (CA). Considering nearly 90% of traffic on the net is now SSL, AV scanning for Ransomware etc and IPS is fast becoming useless as there is no way to identify what is in the packet stream. You can of course specify 'safe' end hosts for those clients where you can't install Certs and/or fasttrack 'cached' safe sites to make it as seamless as possible but ultimately as you correctly say, you need to decrypt the traffic to inspect it - there is no other way. Link to comment Share on other sites More sharing options...
MRobi 159 Posted May 25, 2020 Share Posted May 25, 2020 Edit## I hadn't really looked at the UDM, I recently bought an AP Pro and a USG. I could return them and get the UDM for $50 more. I would gain a better AP, a managed switch, and an integrated cloud key. Kind of seems like a no brainier. Thoughts? This right here is exactly the point I was trying to make! It's a total no brainer right now. Especially with a 400Mb internet connection. You can enable every security feature on it and it will handle it all at full speed. For clarity, the USG on it's own will not throttle your internet connection if you simply use it as a router. But if you enable the security features that it's designed for (unifi SECURITY gateway), then it will limit you because it simply doesn't have the processing power that the newer hardware has. Link to comment Share on other sites More sharing options...
lightsout 144 Posted May 25, 2020 Share Posted May 25, 2020 This right here is exactly the point I was trying to make! It's a total no brainer right now. Especially with a 400Mb internet connection. You can enable every security feature on it and it will handle it all at full speed. For clarity, the USG on it's own will not throttle your internet connection if you simply use it as a router. But if you enable the security features that it's designed for (unifi SECURITY gateway), then it will limit you because it simply doesn't have the processing power that the newer hardware has. I am really thinking this is a better option for my setup since I can still get a refund on the stuff that I have. Still need to do some more research. Link to comment Share on other sites More sharing options...
lightsout 144 Posted May 25, 2020 Share Posted May 25, 2020 The one thing I don't like about the UDM is that the AP is stuck where the router goes, which for me is the garage. Which is not ideal. I would pair the UDM with an AP Lite, which would be upstairs. It would probably be ok but was happy to get all AP's out of the garage at the new place. Link to comment Share on other sites More sharing options...
Sammy 734 Posted May 25, 2020 Share Posted May 25, 2020 https://help.ui.com/hc/en-us/articles/360006893234-UniFi-USG-UDM-Configuring-Internet-Security-Settings Sent from my SM-G960U1 using Tapatalk Link to comment Share on other sites More sharing options...
Sammy 734 Posted May 25, 2020 Share Posted May 25, 2020 All this banter.. the USG has plenty of security without these turned on and with them off my maximum real world download speed is about 96mbps on a good day (minute actually) even though I have a 450mbps connection and speedof.me shows something between 300 and 480. This really isn't as big a deal as it is made out to be; so maybe it takes an extra minute to down that movie and this level of threat is minimal at best for a small home network. This is the same reason so many buy McAfee when they don't need it. Sent from my SM-G960U1 using Tapatalk Link to comment Share on other sites More sharing options...
lightsout 144 Posted May 25, 2020 Share Posted May 25, 2020 All this banter.. the USG has plenty of security without these turned on and with them off my maximum real world download speed is about 96mbps on a good day (minute actually) even though I have a 450mbps connection and speedof.me shows something between 300 and 480. This really isn't as big a deal as it is made out to be; so maybe it takes an extra minute to down that movie and this level of threat is minimal at best for a small home network. This is the same reason so many buy McAfee when they don't need it. Sent from my SM-G960U1 using Tapatalk May be true. But there is something about being able to use the features of the device you pay for. Although on the flip side if I wasn't able to return the gear I have it wouldn't even be a consideration, but in the unique position I am in I'm going to go for it. One thing I'm uncertain of, is the non pro udm going to get unifios. They seem to have the same CPU, from what I've read they are holding it back from the non pro model. Maybe it can't handle all the features idk. But don't really like that. Makes it seem like the UDM is not being supported like the pro is. Link to comment Share on other sites More sharing options...
Sammy 734 Posted May 25, 2020 Share Posted May 25, 2020 As far as pricing goes, you do not need a CloudKey, the USG is $130ish and the UDM Pro is $300ish so that is more like $170 more. When I bought mine, the UDM just hit the market and some of the reviews were not favorable so I went with the USG, not only to save some $ but also to utilize something tried and true. As far as f/w goes, I got an update just last week. Link to comment Share on other sites More sharing options...
lightsout 144 Posted May 25, 2020 Share Posted May 25, 2020 As far as pricing goes, you do not need a CloudKey, the USG is $130ish and the UDM Pro is $300ish so that is more like $170 more. When I bought mine, the UDM just hit the market and some of the reviews were not favorable so I went with the USG, not only to save some $ but also to utilize something tried and true. As far as f/w goes, I got an update just last week.I don't use a cloud key and wouldn't. I currently run the controller on an Odroid XU4 that runs diet pi. I don't factor in the cost of that because I just it for other things. But the UDM has an ap and a switch in it. So factoring in those costs is a big offset. Link to comment Share on other sites More sharing options...
sooty234 266 Posted May 25, 2020 Share Posted May 25, 2020 I just replaced my USG Pro 4 with a UDM Pro. If you have Unifi security cams, this is a good option. And having the controller built it in is really good, too. Now, if the power goes out, when it comes back on, everything automatically boots up. And I've got the whole network plugged into a UPS, which gives me around 45 minutes up time before the battery dies. Link to comment Share on other sites More sharing options...
MRobi 159 Posted May 25, 2020 Share Posted May 25, 2020 One thing I'm uncertain of, is the non pro udm going to get unifios. They seem to have the same CPU, from what I've read they are holding it back from the non pro model. Maybe it can't handle all the features idk. But don't really like that. Makes it seem like the UDM is not being supported like the pro is. That's actually probably a bonus for the UDM right now, although I think their plan is to have all devices on the new OS. The new UnifiOS is still working through some glitches and if you're using it in other applications (For example I use a Home Assistant integration with Unifi to help determine presence in my house) it's still not fully supported. I'd actually prefer it if the UDM-P had the old OS or that it were an option to choose. If I had the USG in place now and it was working for me, I wouldn't rush out and buy a new one just to replace it. But if I were just starting off with a Unifi system, or in a position where I could return a USG for full credit, it will be well worth the little bit of investment to get hardware that's more current. I don't think there's too many of us that would rush out and buy a new iPhone 5c or Samsung Galaxy S3. They'll still be able to make calls, but they won't work anywhere near as good as an iPhone 11 or Galaxy S20. Link to comment Share on other sites More sharing options...
lightsout 144 Posted May 25, 2020 Share Posted May 25, 2020 That's actually probably a bonus for the UDM right now, although I think their plan is to have all devices on the new OS. The new UnifiOS is still working through some glitches and if you're using it in other applications (For example I use a Home Assistant integration with Unifi to help determine presence in my house) it's still not fully supported. I'd actually prefer it if the UDM-P had the old OS or that it were an option to choose. If I had the USG in place now and it was working for me, I wouldn't rush out and buy a new one just to replace it. But if I were just starting off with a Unifi system, or in a position where I could return a USG for full credit, it will be well worth the little bit of investment to get hardware that's more current. I don't think there's too many of us that would rush out and buy a new iPhone 5c or Samsung Galaxy S3. They'll still be able to make calls, but they won't work anywhere near as good as an iPhone 11 or Galaxy S20. Yeah that last bit is pretty much my thinking. Sounds like a win. Pulled the trigger on the UDM earlier today. 2 Link to comment Share on other sites More sharing options...
Sammy 734 Posted May 26, 2020 Share Posted May 26, 2020 (edited) I got USG before the CoViD 19 thing so my return window closed in February.. That said I could probably off-load it and the Switch8-60 on eBay for a few bucks and get an UDM but I'd probably keep my UAP-ACPro's, moving the one right next to the USG to a different location.. DAM YOU GUYS! https://www.youtube.com/watch?v=7-QvRq6vvf0 Edited May 26, 2020 by Sammy Link to comment Share on other sites More sharing options...
jaycedk 347 Posted May 26, 2020 Share Posted May 26, 2020 (edited) That looks like some thing I want. 300 square feet home + garden, town house. That should do nicely. ATM I only have 200/75 internet connection. Should be a nice replacement for my old Asus router. Edited May 26, 2020 by jaycedk Link to comment Share on other sites More sharing options...
lightsout 144 Posted May 26, 2020 Share Posted May 26, 2020 I got USG before the CoViD 19 thing so my return window closed in February.. That said I could probably off-load it and the Switch8-60 on eBay for a few bucks and get an UDM but I'd probably keep my UAP-ACPro's, moving the one right next to the USG to a different location.. DAM YOU GUYS! https://www.youtube.com/watch?v=7-QvRq6vvf0 Ha I know! Just as I thought I was settled. I did a test to see how coverage will be, put the AC-Pro in the garage where the UDM will go and put the AC-Lite upstairs where the Pro was. Seems just fine in my house. For now also the 4 port switch on the UDM solves my switch problem, as I only have 3 ethernet runs so I think it will be enough to distribute the vlans properly for my setup. Shipping was quick at Unifi as well got the email at like 7am PST after the long holiday weekend. Link to comment Share on other sites More sharing options...
Sammy 734 Posted May 26, 2020 Share Posted May 26, 2020 I guess that means that you still haven't got CableCARD's for your Prime tuners? I have 7 ethernet connected devices just in my office, two of them Prime Tuners. Link to comment Share on other sites More sharing options...
sooty234 266 Posted May 26, 2020 Share Posted May 26, 2020 Haha... You guys just caught the Ubiquiti networking bug. Once bitten, you'll never stop spending money Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now