The Truth About the UniFi Security Gateways (USGs)
Vložit
- čas přidán 6. 08. 2024
- Here's the hard truth about the UniFi Security Gateway!
williehowe.com
Amazon Affiliate Link USG Pro: amzn.to/3pYbNAW
Amazon Affiliate Link USG 3: amzn.to/3md0nIy
Time Stamps:
00:00 - Intro
00:18 - The Truth about the USG
00:50 - What CAN the USGs do?
04:20 - What CAN'T THE USG DO?
06:00 - All things are possible through json - NOT!
07:20 - Will it work for me?
08:20 - Wrap Up
Affiliate Links (I earn a small percentage of the sale if you use these links):
My AmazonLink: www.amazon.com/shop/williehowe
Telnyx Referral Code: refer.telnyx.com/cv6cm
HostiFi Affiliate Link: hostifi.net/?via=willie
Netool: netool.io use code WILLIEHOWE to save at least 10%!
Digital Ocean Referral Link: m.do.co/c/39aaf717223f
Patreon Link: / williehowe
Contact us for network consulting and best practices deployment today! We support all Grandstream, DrayTek, Obihai, Poly, Ubiquiti, MikroTik, Extreme, Palo Alto, and more!
Come back for the next video!
Twitter - @WillieHowe
Instagram - @howex5
TikTok - @whowe82
SUBSCRIBE! THUMBS-UP! Comment and Share! - Věda a technologie
They do everything that my SMB clients need. 58 of them deployed and never had a failure or issue.
Absolutely Agree with your arguments, we still quite often use the USG-pro for our hospitality clients here in Indonesia as Dual Wan in Load Balancing is quite important here due to cost and instability of ISPs here.
Can you do a similar video for the UDM / UDM-Pro and the switches? Also, could you do videos contrasting the Unifi Line to the Edge line? Great video as always
I lost this video, although I had followed you for several years.
I totally agree with you.
I have several USG put in various locations, for different needs of family and customers. They work like a charm.
Yes, it is true that there are a lot of better solutions. But at which costs and how steep is the learning curve?
Keep on Willie, I love the honest way you talk about technology! 👍👍👍
Always thanks for the video... Really appreciated...
Excellent, sensible, fact based video. I appreciate your good sense approach (e.g. no JSON files!) It’s more about matching the product to it’s the environments requirements.
Great video, clear and direct. The USG and Dream Machine options are solid devices within the design limitations. We have deployed to many small businesses and residential settings and they require little maintenance to keep running (controller updates and firmware) . If you need more than the stated features of unifi, get a PFSense based device. If you need basic and easy, Unifi is a great option...
Agreed. I'm a hobbiest, and wanted to setup VLANs and some firewall rules at home. Dream Machine Pro has been a perfect fit!
Great summary of the USG Willie.
It would be interesting to compare the USG to a typical home router to help people put it into perspective. Some people really swear by the "gaming" routers like the Netgear Nighthawk series.
Just thinking bout loud here.
I would argue that the USG or UDM are perfect for most homes, and way better than the typical internet company box and are upgradable.
@@chrism556 No argument from me.
@@Fidelity_Sound I switched to a USG3 from a device also known as a USG from a different company which decided to discontinue the model I had. Now, I'm looking at replacing my USG3 with a Protectli running pfSense or OPNSense in 2022. Onwards and upwards.
Yep, replaced my USG3 with Draytek; kept Unifi switches and APs though
No NTP server.
I was really surprised when i discovered this as it's small and practical to have on the router in a small network
Spot on, The USG is actually a good little router, too many people ump on the "They cant do anything" or "I would never use them as they aren't any good" bandwagon, they fit nicely in businesses where they fit the requirements, if they don't then we use Sophos XG's
Same
Same
More cant's -
No custom DNS records
No bulk editing for things like static DHCP
Good luck trying to get internet only per client stats to figure out/troubleshoot things
Good luck trusting stats on Unifi period, for that matter :/
@@WillieHowe DNS entries is very common. $50 home routers let you customize what's stored in the local DNS resolver yet after almost 10 years Unifi can't figure it out?!?
Ditto for bulk editing - trying to maintain more than a handful of static DHCP reservations in Unifi is a nightmare. God help you if the device has been offline for any amount of time and the stats for it get purged; there is no way to remove a static reservation without hacking the database directly.
The amount of basic stuff that has never been cleaned up despite three or four major settings GUI rewrites just boggles my mind.
Hi Willie, I have learnt a lot from watching your video, up till 3 months ago I hadn't heard of unifi. Now I have set up my home network with A USG 3 and USW 16 POE switch watching your videos. My question is can I set-up a VPN using expressVPN. I want to connect a TV to it. I did find an article 2 years old to show how but it uses a .json configuration file( I don't like using json files). However 2 years is a long time with computers.
I have the UDM pro, it does everything I need it to
I have had enough of the USG. Im removing mine from my network and replacing it with pfsense. too many vpn issues and the auto NAT on the WAN interface which can only be disabled using json file has finally done it for me. such a shame
I have multiple ipsec site to site VPN why can't I connect to my remote user VPNs when on any of the sites? Can they not be used at the same time if on same network?
I have the UDM Pro. It's great but I have one issue with it. I have an Avaya IP Office PABX....The Avaya IP Phones that can be set up as Remote worker phones which have an inbuilt VPN feature. They then can connect back to the Avaya IP Office via the Firewall. Problem is it doesn't support L2TP over IPSec. It will only work with pure IPSec. Do you think they will ever add this feature/ability down the track? Only way around it at this point would be setting up say an Edge Router at the remote location and using a site-to-site VPN. It's a waste though considering the IP Phones have the inbuilt VPN feature.
Can do you a follow-up to this with how to configure a UDM Pro site to site vpn with AWS? I know it can be done but there are reports with people saying there is an SA issue with the connection to AWS causing stability issues.
What this video to me is a statement of speciation matching requirements. All to often people f about with complexity without the scoped requirements just a desire to implement. Road warrior = remote client VPN. Unififile is the new cloud storage ?
1 have a USG since 3 years, and could never install it properly. Always wants UPDATE but after every update always shows the old firmware.
Why do so many of the features (IPS/IDS, GeoIP Filtering, etc) stay in Beta status for literally years? My theory is that they don't' want to be responsible for them so if there's a problem they'll just say "Well....it's in Beta so you shouldn't be relying on it.".
Bro my exact same router in the thumbnail just died today. I'm gonna get the same exact one because I can't be bothered to upgrade to a Dream machine and reset and adopt all these APs I have
I have been using a USG3 for over 3 years for business with 15 people. Never had a problem. The reason I chose it is, among other things, to have the possibility of doing VLANs, which a commercial router cannot do.
Hi Patrick need ur help and advices if u can
Nice video Willie - thank you. I used a USG in my previous setup and it worked great. I’m going to be building a new house in the new year and as much as I love the Unifi ecosystem, I really want something where I can control bandwidth at a port level which none of the USG or UDMs can do currently. APs will be Unifi but what do you suggest as a Router / Firewall to compliment the Unifi APs in a new home deployment where the owner is not a network engineer 😉.
I'd say pfsense
USG. I am a home office person all this stuff is over my head. All I want are two Unifi Pro AP for my new home and connect all my wireless devices Nest, Google, Smart Locks, all wireless items, etc. I have been happy with my Netgear router and cable internet connection all work well but APs would be better for my new home. I do not feel I need a Dream Machine Pro/SE, etc. Looks to me the USG and an Unfi Switch for the Unifi AP are all I need. Seems everyone is over many head and not speaking to the simple home users is the USG good enough if I have no issues or need to change my current home setup besides finding a way to use APs. You had no issue with your USG?
Small networks with maybe a few port forwards I'm fine with these. Anything else and they are getting a fortigate.
All of my clients are small business and these more than fit the bill for them. My question, USG or UDM? I like the single pane of glass and that I have full control over the controller, but you can't deny the hardware performance improvements the UDM's have over the USG's. But I don't like being forced into their cloud infrastructure. Is that the way they are going to them ultimately charge us for it?
If the performance benefit would be noticable by your clients then it may be worth the jump, otherwise I'd stick with the USG.
What device would work best for small sme for QoS for Voice
I really like the pro all because it has sfp but don’t know if it would work with my fiber instead of having a modem plugged in
I have several of our clients fiber directly plugged into the SFP port with no issues.
I love the USG for a fair amount of things it can do well, however for the things it CAN'T do, like many here, in those cases, that's where PFSense comes into play, else for those who feel SonicWall's are worth the pricy subscriptions needed to make use of their features, then I might endorse those, however I honestly feel that PFS can handle your advanced level needs so long as you're familiar enough with how to implement them. But getting back to the USG, I often times will turn to these since theirs a bigger advantage for ease of scalability if the use cases fall mostly under the things it CAN do, while it's alot cleaner to have one at the root of a network in cases where you're using UniFi products for everything else.
no support of multiple Wan ip addresses could be a major con. I don't understand what's so difficult to implement
What's your "go to" ecosystem for the next level from Unifi ? Is there a vendor that has a SPOG management interface, at a price point that doesn't require a bank loan to implement ? Thanks for your videos.. and Happy Holidays!
Fortinet
Meraki
It all comes down to use case, cost, reliability and usability in the end. I think the vast majority of small businesses would have nearly all of their needs met by a USG, medium sized businesses on the other hand may start to outgrow it's capabilities.
I think the biggest issue with Unifi is the misleading marketing. Many of the Unifi products are marketed as enterprise equipment which is just plain wrong. Unifi is great for SOHO solutions because they don't need the advanced features. But an enterprise absolutely needs features such as OSPF and custom QoS options.
@@razredge68 yeah you definitely wouldn't want to run this in a large business I think the term "Prosumer" as some have described is fitting. It is more capable than what you get from a run of the mill SOHO routers and you need to have some understanding of networking to really get the most out of it but it still falls short of enterprise security gateways. These are perfect for your standard small restaurant or other small mom and pop businesses.
Unifi is ok for Switches and accesspoints. For routers get another one.
I don't use them, as my past experiences with them were not good. Unifi are great for access points and switches, I do use those.
Yes exactly their wifi is gud and routing is joke our fav combo is mikrotik routers and unifi AP
@@WillieHowe hai mostly will be dynamic routing and ospf
The USG Pro4 OS seems to be EOL'd- at least according to Nessus. Good system. I have been using it for about 2 years now, and I have a pfsense router I am considering replacing it with, but I need to finish my testing. It sure would be nice to have an OpenVPN client, but I am wary about bringing in plugins etc on pfsense.
I am art a loss as to why you would want to replace incredibly powerful and full featured pfSense with the Unifi router rubbish. Don't get me wrong: all their other stuff is great, just not their routers.
Yeah, unifi is a big step backwards from pfsense.
@@nickharvey5149 i am working at going tye other way. I place a high value on having the one pane of glass, but I am shaking out pfsense feature wise With a view to replacing the usg pro
Don't do it. I just replaced my brand new UDM Pro with PFSense as it just blows the doors off anything Unifi offers. Don't get me wrong, I love many of their products, just not their routers. I do run Unifi U6-LR AP's and they are great.
Unifile can be a awesome NAS name. :p
Who buys a USG anymore? I think people only buy UDR's or UDM-Pro's.
What about USG-XG-8? ;)
PFSense still blows away the USG and UDM lines. I own a USG 3 and a UDM Pro. I stopped using both as they fail on the UI side, nothing but half working buggy 'features'. If you don't want the 'features' to work then they are not bad devices. Running PFSense on a SM C3558 with 32GB of RAM at the moment. So not really a dollar for dollar comparison. I get tired of people saying how great the UDM Pro is when it's clearly just crippled by software issues. Tom at Lawrence systems tells the truth, the actual truth. I did enjoy using the USG as I got it for free. Free is always good. The UDM Pro I paid for and regret it ...for now.
@@WillieHowe I didn't say you lied about anything. But I also am not lying about their software being buggy as hell. To be fair they are working on it. Problem is they get something working and come along and break it the next day. I've had issues with PFSense in the past as well having bugs, difference being they are less and less. Hopefully Ubiquiti gets it together. Great hardware, software...YMMV.
Guess I don’t see the relevance on what’s essentially end of life products. Still great content and good information though!
Ubiquiti routers are so crimpling outdated I don't understand how they can be recommended for any type of business that requires security and support. Decent for home use though.
I agree with your assessment. I use UniFi switches for businesses, I like the price point, features and no subscription fees. I use Watchguard equipment for firewall and router, a little pricey, but you have 24x7 support real tech support, it is rock solid and very secure. Would not use anything else. If you’re a IT shop, you want to be able make your hours billable and not be troubleshooting UniFi firmware issues (ugh). I really like the UniFi single pane of glass of glass approach, but in my opinion, they are not ready for business class prime time.
With the most recent update on udm pro you can assign multiple wan ip's. I'm sure 40,000 people already let you know that though 😉
UDM Pro is the cheapest 10G Router on the market right now, and more than enough for 99% of home users.
Any issues with the USG-3P router getting download speed above 400Mbps?
Only if you run IDS IPS
@@WillieHowe run not disable correct? Running threat management makes it run faster?
@@terryreedy107 IDS/IPS makes your USG and UXG go slower. 3 port USG will only be able to do 80Mb throughput with IDS/IPS enabled.
@@WillieHowe I have a cable modem from astound. When I run a speed test directly from the the cable modem I get 400Mbps down and 30Mbps up as I should. As soon as I connect to the Router I get 150Mbps ish sometimes close to 200Mbps. Do you think it is a configuration issue or do I simply need a different Router. By the way thank you very much for the assistance.
@@terryreedy107 Probably a config issue.
i think unifi need to EOL these things and focus on the UDM line
I'm a USG Pro user that has not gone down the UDM route but is waiting for the USG Pro replacement.... which seems to be taking an age.
Tbh, in the past they where ok for me, but there are things you cant do and things which are a pain in the ass like ignp proxy, i wouldnt use them anymore and instead use something like a pfsense. the usg's are garbage
Have they ever sorted the poor throughput from their Ap's? Or have they just buried their head in the sand as usual?
hmm the start of video sounded weird
👋
We use them on every job but we really want the next gen XG version to drop already.
One word. Fortinet
@@WillieHowe I take no offense to your opposition but I am curious as to why you feel the way that you do with Fortinet. I understand that Open Source products help the P&L stay in black Ink. If stateful inspection is all that is required, then basic firewalls are the obvious choice. If the NGFW fits the need, then Watchguard, Sonicwall, Fortinet, Check Point, Cisco Fire-power, and Palo-Alto along with a few others that I am not thinking of all do the same things. The terminology / verbiage between them may be different but having things like Full Layer-2 support, Next Gen gateway AV, Web filtering, Deep packet Proxy, IPS, advanced logging options, Secure DNS Proxy, and other UTM features are things that I require in my business model.
@@WillieHowe thats where the fly out terminal comes in handy. I've had to plug in many of the same rules for our clients Fortigates and so just pasting or importing is super fast and takes effect immediately (one of my pet peeves with USG is the 30 second delay for changes to provision).
@@Wahinies thanks for sharing your thoughts on this matter.