Can you do a similar video for the UDM / UDM-Pro and the switches? Also, could you do videos contrasting the Unifi Line to the Edge line? Great video as always
Why do so many of the features (IPS/IDS, GeoIP Filtering, etc) stay in Beta status for literally years? My theory is that they don't' want to be responsible for them so if there's a problem they'll just say "Well....it's in Beta so you shouldn't be relying on it.".
PFSense still blows away the USG and UDM lines. I own a USG 3 and a UDM Pro. I stopped using both as they fail on the UI side, nothing but half working buggy 'features'. If you don't want the 'features' to work then they are not bad devices. Running PFSense on a SM C3558 with 32GB of RAM at the moment. So not really a dollar for dollar comparison. I get tired of people saying how great the UDM Pro is when it's clearly just crippled by software issues. Tom at Lawrence systems tells the truth, the actual truth. I did enjoy using the USG as I got it for free. Free is always good. The UDM Pro I paid for and regret it ...for now.
@@WillieHowe I didn't say you lied about anything. But I also am not lying about their software being buggy as hell. To be fair they are working on it. Problem is they get something working and come along and break it the next day. I've had issues with PFSense in the past as well having bugs, difference being they are less and less. Hopefully Ubiquiti gets it together. Great hardware, software...YMMV.
What this video to me is a statement of speciation matching requirements. All to often people f about with complexity without the scoped requirements just a desire to implement. Road warrior = remote client VPN. Unififile is the new cloud storage ?
Ubiquiti routers are so crimpling outdated I don't understand how they can be recommended for any type of business that requires security and support. Decent for home use though.
I agree with your assessment. I use UniFi switches for businesses, I like the price point, features and no subscription fees. I use Watchguard equipment for firewall and router, a little pricey, but you have 24x7 support real tech support, it is rock solid and very secure. Would not use anything else. If you’re a IT shop, you want to be able make your hours billable and not be troubleshooting UniFi firmware issues (ugh). I really like the UniFi single pane of glass of glass approach, but in my opinion, they are not ready for business class prime time.
@@WillieHowe I take no offense to your opposition but I am curious as to why you feel the way that you do with Fortinet. I understand that Open Source products help the P&L stay in black Ink. If stateful inspection is all that is required, then basic firewalls are the obvious choice. If the NGFW fits the need, then Watchguard, Sonicwall, Fortinet, Check Point, Cisco Fire-power, and Palo-Alto along with a few others that I am not thinking of all do the same things. The terminology / verbiage between them may be different but having things like Full Layer-2 support, Next Gen gateway AV, Web filtering, Deep packet Proxy, IPS, advanced logging options, Secure DNS Proxy, and other UTM features are things that I require in my business model.
@@WillieHowe thats where the fly out terminal comes in handy. I've had to plug in many of the same rules for our clients Fortigates and so just pasting or importing is super fast and takes effect immediately (one of my pet peeves with USG is the 30 second delay for changes to provision).
More cant's - No custom DNS records No bulk editing for things like static DHCP Good luck trying to get internet only per client stats to figure out/troubleshoot things Good luck trusting stats on Unifi period, for that matter :/
@@WillieHowe DNS entries is very common. $50 home routers let you customize what's stored in the local DNS resolver yet after almost 10 years Unifi can't figure it out?!? Ditto for bulk editing - trying to maintain more than a handful of static DHCP reservations in Unifi is a nightmare. God help you if the device has been offline for any amount of time and the stats for it get purged; there is no way to remove a static reservation without hacking the database directly. The amount of basic stuff that has never been cleaned up despite three or four major settings GUI rewrites just boggles my mind.
Great summary of the USG Willie. It would be interesting to compare the USG to a typical home router to help people put it into perspective. Some people really swear by the "gaming" routers like the Netgear Nighthawk series. Just thinking bout loud here.
@@HighResStereo I switched to a USG3 from a device also known as a USG from a different company which decided to discontinue the model I had. Now, I'm looking at replacing my USG3 with a Protectli running pfSense or OPNSense in 2022. Onwards and upwards.
Great video, clear and direct. The USG and Dream Machine options are solid devices within the design limitations. We have deployed to many small businesses and residential settings and they require little maintenance to keep running (controller updates and firmware) . If you need more than the stated features of unifi, get a PFSense based device. If you need basic and easy, Unifi is a great option...
I have had enough of the USG. Im removing mine from my network and replacing it with pfsense. too many vpn issues and the auto NAT on the WAN interface which can only be disabled using json file has finally done it for me. such a shame
Excellent, sensible, fact based video. I appreciate your good sense approach (e.g. no JSON files!) It’s more about matching the product to it’s the environments requirements.
Absolutely Agree with your arguments, we still quite often use the USG-pro for our hospitality clients here in Indonesia as Dual Wan in Load Balancing is quite important here due to cost and instability of ISPs here.
Spot on, The USG is actually a good little router, too many people ump on the "They cant do anything" or "I would never use them as they aren't any good" bandwagon, they fit nicely in businesses where they fit the requirements, if they don't then we use Sophos XG's
All of my clients are small business and these more than fit the bill for them. My question, USG or UDM? I like the single pane of glass and that I have full control over the controller, but you can't deny the hardware performance improvements the UDM's have over the USG's. But I don't like being forced into their cloud infrastructure. Is that the way they are going to them ultimately charge us for it?
I have the UDM Pro. It's great but I have one issue with it. I have an Avaya IP Office PABX....The Avaya IP Phones that can be set up as Remote worker phones which have an inbuilt VPN feature. They then can connect back to the Avaya IP Office via the Firewall. Problem is it doesn't support L2TP over IPSec. It will only work with pure IPSec. Do you think they will ever add this feature/ability down the track? Only way around it at this point would be setting up say an Edge Router at the remote location and using a site-to-site VPN. It's a waste though considering the IP Phones have the inbuilt VPN feature.
I love the USG for a fair amount of things it can do well, however for the things it CAN'T do, like many here, in those cases, that's where PFSense comes into play, else for those who feel SonicWall's are worth the pricy subscriptions needed to make use of their features, then I might endorse those, however I honestly feel that PFS can handle your advanced level needs so long as you're familiar enough with how to implement them. But getting back to the USG, I often times will turn to these since theirs a bigger advantage for ease of scalability if the use cases fall mostly under the things it CAN do, while it's alot cleaner to have one at the root of a network in cases where you're using UniFi products for everything else.
Bro my exact same router in the thumbnail just died today. I'm gonna get the same exact one because I can't be bothered to upgrade to a Dream machine and reset and adopt all these APs I have
I have multiple ipsec site to site VPN why can't I connect to my remote user VPNs when on any of the sites? Can they not be used at the same time if on same network?
Tbh, in the past they where ok for me, but there are things you cant do and things which are a pain in the ass like ignp proxy, i wouldnt use them anymore and instead use something like a pfsense. the usg's are garbage
Hi Willie, I have learnt a lot from watching your video, up till 3 months ago I hadn't heard of unifi. Now I have set up my home network with A USG 3 and USW 16 POE switch watching your videos. My question is can I set-up a VPN using expressVPN. I want to connect a TV to it. I did find an article 2 years old to show how but it uses a .json configuration file( I don't like using json files). However 2 years is a long time with computers.
Nice video Willie - thank you. I used a USG in my previous setup and it worked great. I’m going to be building a new house in the new year and as much as I love the Unifi ecosystem, I really want something where I can control bandwidth at a port level which none of the USG or UDMs can do currently. APs will be Unifi but what do you suggest as a Router / Firewall to compliment the Unifi APs in a new home deployment where the owner is not a network engineer 😉.
USG. I am a home office person all this stuff is over my head. All I want are two Unifi Pro AP for my new home and connect all my wireless devices Nest, Google, Smart Locks, all wireless items, etc. I have been happy with my Netgear router and cable internet connection all work well but APs would be better for my new home. I do not feel I need a Dream Machine Pro/SE, etc. Looks to me the USG and an Unfi Switch for the Unifi AP are all I need. Seems everyone is over many head and not speaking to the simple home users is the USG good enough if I have no issues or need to change my current home setup besides finding a way to use APs. You had no issue with your USG?
I lost this video, although I had followed you for several years. I totally agree with you. I have several USG put in various locations, for different needs of family and customers. They work like a charm. Yes, it is true that there are a lot of better solutions. But at which costs and how steep is the learning curve? Keep on Willie, I love the honest way you talk about technology! 👍👍👍
Can do you a follow-up to this with how to configure a UDM Pro site to site vpn with AWS? I know it can be done but there are reports with people saying there is an SA issue with the connection to AWS causing stability issues.
The USG Pro4 OS seems to be EOL'd- at least according to Nessus. Good system. I have been using it for about 2 years now, and I have a pfsense router I am considering replacing it with, but I need to finish my testing. It sure would be nice to have an OpenVPN client, but I am wary about bringing in plugins etc on pfsense.
I am art a loss as to why you would want to replace incredibly powerful and full featured pfSense with the Unifi router rubbish. Don't get me wrong: all their other stuff is great, just not their routers.
@@nickharvey5149 i am working at going tye other way. I place a high value on having the one pane of glass, but I am shaking out pfsense feature wise With a view to replacing the usg pro
Don't do it. I just replaced my brand new UDM Pro with PFSense as it just blows the doors off anything Unifi offers. Don't get me wrong, I love many of their products, just not their routers. I do run Unifi U6-LR AP's and they are great.
@@WillieHowe I have a cable modem from astound. When I run a speed test directly from the the cable modem I get 400Mbps down and 30Mbps up as I should. As soon as I connect to the Router I get 150Mbps ish sometimes close to 200Mbps. Do you think it is a configuration issue or do I simply need a different Router. By the way thank you very much for the assistance.
I have been using a USG3 for over 3 years for business with 15 people. Never had a problem. The reason I chose it is, among other things, to have the possibility of doing VLANs, which a commercial router cannot do.
What's your "go to" ecosystem for the next level from Unifi ? Is there a vendor that has a SPOG management interface, at a price point that doesn't require a bank loan to implement ? Thanks for your videos.. and Happy Holidays!
It all comes down to use case, cost, reliability and usability in the end. I think the vast majority of small businesses would have nearly all of their needs met by a USG, medium sized businesses on the other hand may start to outgrow it's capabilities.
I think the biggest issue with Unifi is the misleading marketing. Many of the Unifi products are marketed as enterprise equipment which is just plain wrong. Unifi is great for SOHO solutions because they don't need the advanced features. But an enterprise absolutely needs features such as OSPF and custom QoS options.
@@razredge68 yeah you definitely wouldn't want to run this in a large business I think the term "Prosumer" as some have described is fitting. It is more capable than what you get from a run of the mill SOHO routers and you need to have some understanding of networking to really get the most out of it but it still falls short of enterprise security gateways. These are perfect for your standard small restaurant or other small mom and pop businesses.