Buy from the Ubiquiti Store (Affiliate): - UK: uk.store.ui.com/uk/en/pro/category/all-unifi-cloud-gateways/products/efg?a_aid=CameronGray - US: store.ui.com/us/en/pro/category/all-unifi-cloud-gateways/products/efg?a_aid=CameronGray - EU: store.ui.com/eu/en/pro/category/all-unifi-cloud-gateways/products/efg?a_aid=CameronGray
Don't worry, it's coming! Lots of extremely cool projects in the works! Just been so busy with getting the rest of the house ready for regular life (flooring, furniture, getting various "snagging" issues fixed) that I haven't got around to it all yet. Trust me, I'm desperate for it too - for this video I had to uplink the EFG to my network with a temperamental powerline adapter, it was torture!
@@camerongray1515 lol that defn seems like a pain I need to eventuaoly run a line downstairs as atm I have a cursed wifi bridge method with a wifi repeater haha
Nice to know they're making a version that can be controlled* by an external controller* instead of using an internal controller*, but I never understood why with the UXG/UCG and this they can't just have an Integrated Controller*/External Controller* switch on the same hardware so if you want to use the integrated controller* you just flip a switch in the UI (or flash a different firmware), and then later switch to an external controller* as your needs change without having to buy a whole new box. *UniFi Network Application *UniFi Network Application *UniFi Network Application *UniFi Network Application *UniFi Network Application *UniFi Network Application *UniFi Network Application
Nice video, thank you! It would be interesting to see some more extensive/representative performance testing - for instance, a larger connection count, over a range of protocols (transport and application). Likewise for the TLS interception stuff.
for the packet inspecting and decrypting ssl traffic, can you install the certificate directly from the EFG or do you have to do it on the client device? Can you install / inspect on mobile devices, such as iphones, ipads or androids that are on your network?
I’ve been trying to get an answer about setting up multi WAN. Does this still only support 2 WANs like the UDM’s or can this support more. I have 4 separate WANs routed through my watchguard now. Sounds excessive but is necessary for my application.
Cameron could you suggest a magazine that I could read & that will explain of how & what I need to set up my home work as I’m nearing 60 & dint understand it all
Yep, it's a U-RACK-6U-TL - generally aimed at a test bench/lab type setup. I really like it, only thing to bear in mind is that it's "toolless" so the kit sits on shelves and it has thumbscrews on the side that will screw into the side of UniFi devices. You can of course fit non-UniFi devices into it, but there wouldn't be a way to lock the equipment in place.
As a school using Unifi our biggest issue is we have a BYOD where students can bypass the filtering using VPN apps. If we can install the SSL cert on their devices does NeXT Ai have a category for blocking VPNs like this?
OMG I can’t believe you have got your hands on this device so fast so early! Like it have just been released 😂😂😂 anyways, thanks for all the information and the knowledgeable sharing 🥰🥰😍😘😘
What was the configuration of the IDS/IPS feature during tests? To better understand the difference of ideal load vs real load. For the rest, great content!
I generally get to keep the samples, although currently I haven't found myself using them as part of my main network as I want to be able to keep them available for testing other UniFi products or for benchmarking against new projects. For example with this video I needed to benchmark a UDM Pro Max to compare to this which would have been a complete pain had I been using it as part of my main network.
2 місяці тому
Can you tell the Gateway what interfaces to enable IPS etc on? For example, I only want it on the WAN, any other internal to internal traffic just pass at max speed.
Another caveat with the traffic interceptor (true for every content filter, not just Ubiquiti's) is that a lot of mobile apps have a certificate pinned so the traffic can't be decrypted, as they will not use any user trusted certificates. Additionally, I believe with HSTS, the first time a site is loaded it pins the certificate. If the certificate changes the browser will show an error and prevent the user from accessing it (though I think this can also be ignored for enterprise deployments). Just something to keep in mind, e.g. if someone blocks a keyword for a certain website it will be blocked on desktop but potentially not through an app - I imagine if you combined it with mobile device provisioning you will have finer grained control over what the user can access on both sides.
Good point! Although with an app with a pinned certificate, the EFG would still decrypt and inspect the traffic, however the app would likely throw a certificate error - so it wouldn't be able to bypass the filtering, but it may not work correctly. The NEXT AI feature is only really viable on networks where you have full control over all of the devices on the network.
As an MSP I started deploying Ubiquiti equipment since 2008. EdgeMax series used to be much more stable and open long before UniFi took over. My first major UniFi deployment was in 2011 in central London Lower Belgrave Street and the controller software had very basic features put together. Now back in New Delhi...we are still going strong with UniFi deployments and complete turnkey residential services. It remains the backbone of all of our other services AV, Security, Automation, Power, IoT etc..
Hello Cameron, How does the EFG sound? because I have the Enterprise 24 in switch in open space and it makes noise if I add it it's not good! And is the 25 Gbps WAN port 10 Gbps compatible?
Under low load it's relatively quiet but still audible however the fans are speed controlled so will likely ramp up under high load or if the ambient temperature is high. Realistically, this sort of equipment is designed to be hidden away in comms rooms, not to be used in rooms where people are working/living. The 25Gbps WAN port can be used with a 10Gbps connection with an approprate DAC/SFP+ module however you can also reassign the ports so one of the SFP+ ports acts as a WAN port leaving the SFP28 ports available as LAN ports.
Can i just get this with a unifi switch for my setup? Initially i was thinking of getting Dream Machine Pro Max with a switch, am i right to say this is just a really stronger version compared to Dream Machine Pro Max? I'm running servers , 2 ISP , 10gbps
You definitely could if your setup reqiures the power of this over a UDM Pro Max. It works essentially the same as a UDM however, unlike a UDM, the EFG can't run non-Networking UniFi applications such as Protect, Talk or Access so if you need those you'd need something to run them on such as a CloudKey or UNVR.
@@camerongray1515 Thank you! That's perfect as I don't need non-networking apps. What if I have multiple Internet service providers? Can it manage both, or is it only for "backup"? I'm looking for a way to use 2 ISPs with 2 different IP addresses, preferably being able to assign different ISPs to different servers while still allowing them to connect within the private network. Do you have any advice on this? Thank you!
Listing performance / speeds without listing packet size is basically useless. Because these devices are not ASIC based there will be a huge difference in performance when full size (1500 byte) packets are used and when something like 64-byte or IMIX sized (~576-byte) packets are used. There’s also the fact that this device is heavily marketed as an edge firewall / router. With most of the internet still using IPv4, the lack of ASICs for handling NAT means that performance will more than likely severely degrade when PAT is used. Your video is so clear and comprehensive in every other way, it’s just a shame you’re not showing realistic performance numbers that actually apply to the use cases marketed for the product.
not sure im sold on Ubiquiti for the enterprise or the industry is, never seen a single bit of ubiquiti in the colo’s i work in. i think they will have to work hard to change that
The SSL/TLS inspection is neat, but with "AI" in the name it makes me wonder, if this is using AI is it being done fully locally on the firewall or is it sending your traffic details to some cloud AI service?
Unless Unifi ever adjust their privacy policy and fully stop collecting data about their customers when one specifically disables it, nobody who values anything in regards to their own data and privacy should buy any of their products. This has been a known issue for years and Unifi refuses to adress it. What goes on behind my firewall is my business and not Unify's. That's the reason why it's behind a firewall. Why this even has to be said is concerning though... They make fantastic products, no doubt about that. Especially for the price. Wondering more and more if the price isn't the CIA trojan horse here...
This an enterprise level shit. completely overkill for small 1 bedroom apartment home office. Now the real question is how loud is it? Will my wife kill me as soon as I gonna fire it up?
What for? Threre's nothing on this that would benefit or even be able to use local storage. If you want a device with hard drive bays for UniFi Protect then you'd be best to go for a UDM. This is designed for large scale deployments to work purely as a firewall.
The subscription is for "enhanced threat updates" which is a daily updated feed of signatures for the IDS/IPS feature. It's definitely not required for using the EFG, or even for using the IDS/IPS feature in general, it's just for those users that want the additional, more up to date signatures.
Don't buy this stuff if you live in the UK. The returns process is done by sending stuff to the Netherlands. Your products get customs charges for returns! This stuff is garbage! I was offered instore credits to cover the customs charges! I will not be buying more items to send to the Netherlands! Very poor customer service.
Buy from the Ubiquiti Store (Affiliate):
- UK: uk.store.ui.com/uk/en/pro/category/all-unifi-cloud-gateways/products/efg?a_aid=CameronGray
- US: store.ui.com/us/en/pro/category/all-unifi-cloud-gateways/products/efg?a_aid=CameronGray
- EU: store.ui.com/eu/en/pro/category/all-unifi-cloud-gateways/products/efg?a_aid=CameronGray
Can you also open the case and give a Inside tour
Exciting for it to be the first test subject for your traffic generator!
Excellent! I think this is probably the best overview video I've seen on how the shadow mode setup and operations works. 👏🏻
Hopefully some new house setup content soon, interested to know how you've done things differently based on past learnings!
Don't worry, it's coming! Lots of extremely cool projects in the works! Just been so busy with getting the rest of the house ready for regular life (flooring, furniture, getting various "snagging" issues fixed) that I haven't got around to it all yet. Trust me, I'm desperate for it too - for this video I had to uplink the EFG to my network with a temperamental powerline adapter, it was torture!
@@camerongray1515 lol that defn seems like a pain
I need to eventuaoly run a line downstairs as atm I have a cursed wifi bridge method with a wifi repeater haha
thanks man, just what i wanted to hear. thanks for the detail testing...i think ill still stay with my UXG pro's but maybe do the auto shadow feature
Pretty gnarly Cameron. This would pair well for a new switch solution.
It looks like the new enterprise line with be 10Gbps Copper PoE++ as it was seen in their lastest videos too.
Cool that's interesting! The speed to price ratio is insane on this setup. Very impressive!
Nice to know they're making a version that can be controlled* by an external controller* instead of using an internal controller*, but I never understood why with the UXG/UCG and this they can't just have an Integrated Controller*/External Controller* switch on the same hardware so if you want to use the integrated controller* you just flip a switch in the UI (or flash a different firmware), and then later switch to an external controller* as your needs change without having to buy a whole new box.
*UniFi Network Application
*UniFi Network Application
*UniFi Network Application
*UniFi Network Application
*UniFi Network Application
*UniFi Network Application
*UniFi Network Application
Nice video, thank you! It would be interesting to see some more extensive/representative performance testing - for instance, a larger connection count, over a range of protocols (transport and application). Likewise for the TLS interception stuff.
for the packet inspecting and decrypting ssl traffic, can you install the certificate directly from the EFG or do you have to do it on the client device? Can you install / inspect on mobile devices, such as iphones, ipads or androids that are on your network?
I’ve been trying to get an answer about setting up multi WAN. Does this still only support 2 WANs like the UDM’s or can this support more. I have 4 separate WANs routed through my watchguard now. Sounds excessive but is necessary for my application.
Nope! Kinda stupid that they don’t, I’d recommend running BGP on another device and passing through one ISP to your UDM
Cameron could you suggest a magazine that I could read & that will explain of how & what I need to set up my home work as I’m nearing 60 & dint understand it all
I love your test rack! Where can I get one?
edit: Looks like it's a Ubiquiti product too - I didn't realise they made racks.
Yep, it's a U-RACK-6U-TL - generally aimed at a test bench/lab type setup. I really like it, only thing to bear in mind is that it's "toolless" so the kit sits on shelves and it has thumbscrews on the side that will screw into the side of UniFi devices. You can of course fit non-UniFi devices into it, but there wouldn't be a way to lock the equipment in place.
As a school using Unifi our biggest issue is we have a BYOD where students can bypass the filtering using VPN apps. If we can install the SSL cert on their devices does NeXT Ai have a category for blocking VPNs like this?
OMG I can’t believe you have got your hands on this device so fast so early! Like it have just been released 😂😂😂 anyways, thanks for all the information and the knowledgeable sharing 🥰🥰😍😘😘
What was the configuration of the IDS/IPS feature during tests? To better understand the difference of ideal load vs real load.
For the rest, great content!
The IDS and IPS settings were just set to "Auto" for all of the "IDS/IPS On" tests and then set to "Off" for the "IDS/IPS Off" tests
Reminds me of their 10 gig monster of a gateway they had
Will they allow you to keep this?
I generally get to keep the samples, although currently I haven't found myself using them as part of my main network as I want to be able to keep them available for testing other UniFi products or for benchmarking against new projects. For example with this video I needed to benchmark a UDM Pro Max to compare to this which would have been a complete pain had I been using it as part of my main network.
Can you tell the Gateway what interfaces to enable IPS etc on? For example, I only want it on the WAN, any other internal to internal traffic just pass at max speed.
Open it up!!
Another caveat with the traffic interceptor (true for every content filter, not just Ubiquiti's) is that a lot of mobile apps have a certificate pinned so the traffic can't be decrypted, as they will not use any user trusted certificates. Additionally, I believe with HSTS, the first time a site is loaded it pins the certificate. If the certificate changes the browser will show an error and prevent the user from accessing it (though I think this can also be ignored for enterprise deployments). Just something to keep in mind, e.g. if someone blocks a keyword for a certain website it will be blocked on desktop but potentially not through an app - I imagine if you combined it with mobile device provisioning you will have finer grained control over what the user can access on both sides.
Good point! Although with an app with a pinned certificate, the EFG would still decrypt and inspect the traffic, however the app would likely throw a certificate error - so it wouldn't be able to bypass the filtering, but it may not work correctly. The NEXT AI feature is only really viable on networks where you have full control over all of the devices on the network.
It seems quiet. Is it similar to dream machine for noise?
As an MSP I started deploying Ubiquiti equipment since 2008. EdgeMax series used to be much more stable and open long before UniFi took over. My first major UniFi deployment was in 2011 in central London Lower Belgrave Street and the controller software had very basic features put together. Now back in New Delhi...we are still going strong with UniFi deployments and complete turnkey residential services. It remains the backbone of all of our other services AV, Security, Automation, Power, IoT etc..
Hello Cameron,
How does the EFG sound?
because I have the Enterprise 24 in switch in open space and it makes noise if I add it it's not good!
And is the 25 Gbps WAN port 10 Gbps compatible?
Under low load it's relatively quiet but still audible however the fans are speed controlled so will likely ramp up under high load or if the ambient temperature is high. Realistically, this sort of equipment is designed to be hidden away in comms rooms, not to be used in rooms where people are working/living. The 25Gbps WAN port can be used with a 10Gbps connection with an approprate DAC/SFP+ module however you can also reassign the ports so one of the SFP+ ports acts as a WAN port leaving the SFP28 ports available as LAN ports.
@@camerongray1515 thank you for the quick answers
What about cross vlan speed?
What about noise level?
Can i just get this with a unifi switch for my setup?
Initially i was thinking of getting Dream Machine Pro Max with a switch, am i right to say this is just a really stronger version compared to Dream Machine Pro Max?
I'm running servers , 2 ISP , 10gbps
You definitely could if your setup reqiures the power of this over a UDM Pro Max. It works essentially the same as a UDM however, unlike a UDM, the EFG can't run non-Networking UniFi applications such as Protect, Talk or Access so if you need those you'd need something to run them on such as a CloudKey or UNVR.
@@camerongray1515 Thank you! That's perfect as I don't need non-networking apps. What if I have multiple Internet service providers? Can it manage both, or is it only for "backup"? I'm looking for a way to use 2 ISPs with 2 different IP addresses, preferably being able to assign different ISPs to different servers while still allowing them to connect within the private network. Do you have any advice on this? Thank you!
It would be nice if we could customize the blocked content page that comes up. Add our own logo and custom text and images.
Listing performance / speeds without listing packet size is basically useless. Because these devices are not ASIC based there will be a huge difference in performance when full size (1500 byte) packets are used and when something like 64-byte or IMIX sized (~576-byte) packets are used.
There’s also the fact that this device is heavily marketed as an edge firewall / router. With most of the internet still using IPv4, the lack of ASICs for handling NAT means that performance will more than likely severely degrade when PAT is used.
Your video is so clear and comprehensive in every other way, it’s just a shame you’re not showing realistic performance numbers that actually apply to the use cases marketed for the product.
How much drive storage does this thing have for log files and stuff like that I can't find that information anywhere does anyone know ?
not sure im sold on Ubiquiti for the enterprise or the industry is, never seen a single bit of ubiquiti in the colo’s i work in. i think they will have to work hard to change that
Open it, I want to see inside to know if it really needs all that space
Great video
this is a good news
The SSL/TLS inspection is neat, but with "AI" in the name it makes me wonder, if this is using AI is it being done fully locally on the firewall or is it sending your traffic details to some cloud AI service?
Unless Unifi ever adjust their privacy policy and fully stop collecting data about their customers when one specifically disables it, nobody who values anything in regards to their own data and privacy should buy any of their products.
This has been a known issue for years and Unifi refuses to adress it.
What goes on behind my firewall is my business and not Unify's. That's the reason why it's behind a firewall.
Why this even has to be said is concerning though...
They make fantastic products, no doubt about that. Especially for the price. Wondering more and more if the price isn't the CIA trojan horse here...
I had a look at their prices, and for the spec it does look... inexpensive. I'm very wary that it's not hosing data somewhere, like the Nsa.
@@EE12CSVT yeah if you're worried about your data forget unifi and go with something opensource like opnsense or pfsense...
Neat
This an enterprise level shit. completely overkill for small 1 bedroom apartment home office. Now the real question is how loud is it? Will my wife kill me as soon as I gonna fire it up?
needs 2.35 and 3.25 sata hdd storage mod
What for? Threre's nothing on this that would benefit or even be able to use local storage. If you want a device with hard drive bays for UniFi Protect then you'd be best to go for a UDM. This is designed for large scale deployments to work purely as a firewall.
The stars * ✨ 🌟
Nice Device, BUT it's also $ 2000 plus $ 800/year. USD. Thanks for testing it!
Ubiquiti said there are 0 fees... it's a big price tag at first but then it's yours..
@@agreniers The $ 800 is for the 'pro' updates with more signatures
@@jfkastner what does it include exactly ?
@@agreniers no idea, check their site, might be different also from country to country
The subscription is for "enhanced threat updates" which is a daily updated feed of signatures for the IDS/IPS feature. It's definitely not required for using the EFG, or even for using the IDS/IPS feature in general, it's just for those users that want the additional, more up to date signatures.
Don't buy this stuff if you live in the UK. The returns process is done by sending stuff to the Netherlands. Your products get customs charges for returns! This stuff is garbage! I was offered instore credits to cover the customs charges! I will not be buying more items to send to the Netherlands! Very poor customer service.