Buy from the Ubiquiti Store (Affiliate): - UK: uk.store.ui.com/uk/en/pro/category/all-unifi-cloud-gateways/products/efg?a_aid=CameronGray - US: store.ui.com/us/en/pro/category/all-unifi-cloud-gateways/products/efg?a_aid=CameronGray - EU: store.ui.com/eu/en/pro/category/all-unifi-cloud-gateways/products/efg?a_aid=CameronGray
As an MSP I started deploying Ubiquiti equipment since 2008. EdgeMax series used to be much more stable and open long before UniFi took over. My first major UniFi deployment was in 2011 in central London Lower Belgrave Street and the controller software had very basic features put together. Now back in New Delhi...we are still going strong with UniFi deployments and complete turnkey residential services. It remains the backbone of all of our other services AV, Security, Automation, Power, IoT etc..
Don't worry, it's coming! Lots of extremely cool projects in the works! Just been so busy with getting the rest of the house ready for regular life (flooring, furniture, getting various "snagging" issues fixed) that I haven't got around to it all yet. Trust me, I'm desperate for it too - for this video I had to uplink the EFG to my network with a temperamental powerline adapter, it was torture!
@@camerongray1515 lol that defn seems like a pain I need to eventuaoly run a line downstairs as atm I have a cursed wifi bridge method with a wifi repeater haha
Nice to know they're making a version that can be controlled* by an external controller* instead of using an internal controller*, but I never understood why with the UXG/UCG and this they can't just have an Integrated Controller*/External Controller* switch on the same hardware so if you want to use the integrated controller* you just flip a switch in the UI (or flash a different firmware), and then later switch to an external controller* as your needs change without having to buy a whole new box. *UniFi Network Application *UniFi Network Application *UniFi Network Application *UniFi Network Application *UniFi Network Application *UniFi Network Application *UniFi Network Application
OMG I can’t believe you have got your hands on this device so fast so early! Like it have just been released 😂😂😂 anyways, thanks for all the information and the knowledgeable sharing 🥰🥰😍😘😘
Another caveat with the traffic interceptor (true for every content filter, not just Ubiquiti's) is that a lot of mobile apps have a certificate pinned so the traffic can't be decrypted, as they will not use any user trusted certificates. Additionally, I believe with HSTS, the first time a site is loaded it pins the certificate. If the certificate changes the browser will show an error and prevent the user from accessing it (though I think this can also be ignored for enterprise deployments). Just something to keep in mind, e.g. if someone blocks a keyword for a certain website it will be blocked on desktop but potentially not through an app - I imagine if you combined it with mobile device provisioning you will have finer grained control over what the user can access on both sides.
Good point! Although with an app with a pinned certificate, the EFG would still decrypt and inspect the traffic, however the app would likely throw a certificate error - so it wouldn't be able to bypass the filtering, but it may not work correctly. The NEXT AI feature is only really viable on networks where you have full control over all of the devices on the network.
Cool that's interesting! The speed to price ratio is insane on this setup. Very impressive!
17 днів тому
Can you tell the Gateway what interfaces to enable IPS etc on? For example, I only want it on the WAN, any other internal to internal traffic just pass at max speed.
for the packet inspecting and decrypting ssl traffic, can you install the certificate directly from the EFG or do you have to do it on the client device? Can you install / inspect on mobile devices, such as iphones, ipads or androids that are on your network?
I’ve been trying to get an answer about setting up multi WAN. Does this still only support 2 WANs like the UDM’s or can this support more. I have 4 separate WANs routed through my watchguard now. Sounds excessive but is necessary for my application.
Cameron could you suggest a magazine that I could read & that will explain of how & what I need to set up my home work as I’m nearing 60 & dint understand it all
Nice video, thank you! It would be interesting to see some more extensive/representative performance testing - for instance, a larger connection count, over a range of protocols (transport and application). Likewise for the TLS interception stuff.
What was the configuration of the IDS/IPS feature during tests? To better understand the difference of ideal load vs real load. For the rest, great content!
Yep, it's a U-RACK-6U-TL - generally aimed at a test bench/lab type setup. I really like it, only thing to bear in mind is that it's "toolless" so the kit sits on shelves and it has thumbscrews on the side that will screw into the side of UniFi devices. You can of course fit non-UniFi devices into it, but there wouldn't be a way to lock the equipment in place.
Hello Cameron, How does the EFG sound? because I have the Enterprise 24 in switch in open space and it makes noise if I add it it's not good! And is the 25 Gbps WAN port 10 Gbps compatible?
Under low load it's relatively quiet but still audible however the fans are speed controlled so will likely ramp up under high load or if the ambient temperature is high. Realistically, this sort of equipment is designed to be hidden away in comms rooms, not to be used in rooms where people are working/living. The 25Gbps WAN port can be used with a 10Gbps connection with an approprate DAC/SFP+ module however you can also reassign the ports so one of the SFP+ ports acts as a WAN port leaving the SFP28 ports available as LAN ports.
Can i just get this with a unifi switch for my setup? Initially i was thinking of getting Dream Machine Pro Max with a switch, am i right to say this is just a really stronger version compared to Dream Machine Pro Max? I'm running servers , 2 ISP , 10gbps
You definitely could if your setup reqiures the power of this over a UDM Pro Max. It works essentially the same as a UDM however, unlike a UDM, the EFG can't run non-Networking UniFi applications such as Protect, Talk or Access so if you need those you'd need something to run them on such as a CloudKey or UNVR.
@@camerongray1515 Thank you! That's perfect as I don't need non-networking apps. What if I have multiple Internet service providers? Can it manage both, or is it only for "backup"? I'm looking for a way to use 2 ISPs with 2 different IP addresses, preferably being able to assign different ISPs to different servers while still allowing them to connect within the private network. Do you have any advice on this? Thank you!
not sure im sold on Ubiquiti for the enterprise or the industry is, never seen a single bit of ubiquiti in the colo’s i work in. i think they will have to work hard to change that
I generally get to keep the samples, although currently I haven't found myself using them as part of my main network as I want to be able to keep them available for testing other UniFi products or for benchmarking against new projects. For example with this video I needed to benchmark a UDM Pro Max to compare to this which would have been a complete pain had I been using it as part of my main network.
The SSL/TLS inspection is neat, but with "AI" in the name it makes me wonder, if this is using AI is it being done fully locally on the firewall or is it sending your traffic details to some cloud AI service?
What for? Threre's nothing on this that would benefit or even be able to use local storage. If you want a device with hard drive bays for UniFi Protect then you'd be best to go for a UDM. This is designed for large scale deployments to work purely as a firewall.
Unless Unifi ever adjust their privacy policy and fully stop collecting data about their customers when one specifically disables it, nobody who values anything in regards to their own data and privacy should buy any of their products. This has been a known issue for years and Unifi refuses to adress it. What goes on behind my firewall is my business and not Unify's. That's the reason why it's behind a firewall. Why this even has to be said is concerning though... They make fantastic products, no doubt about that. Especially for the price. Wondering more and more if the price isn't the CIA trojan horse here...
The subscription is for "enhanced threat updates" which is a daily updated feed of signatures for the IDS/IPS feature. It's definitely not required for using the EFG, or even for using the IDS/IPS feature in general, it's just for those users that want the additional, more up to date signatures.
Don't buy this stuff if you live in the UK. The returns process is done by sending stuff to the Netherlands. Your products get customs charges for returns! This stuff is garbage! I was offered instore credits to cover the customs charges! I will not be buying more items to send to the Netherlands! Very poor customer service.
Buy from the Ubiquiti Store (Affiliate):
- UK: uk.store.ui.com/uk/en/pro/category/all-unifi-cloud-gateways/products/efg?a_aid=CameronGray
- US: store.ui.com/us/en/pro/category/all-unifi-cloud-gateways/products/efg?a_aid=CameronGray
- EU: store.ui.com/eu/en/pro/category/all-unifi-cloud-gateways/products/efg?a_aid=CameronGray
Can you also open the case and give a Inside tour
As an MSP I started deploying Ubiquiti equipment since 2008. EdgeMax series used to be much more stable and open long before UniFi took over. My first major UniFi deployment was in 2011 in central London Lower Belgrave Street and the controller software had very basic features put together. Now back in New Delhi...we are still going strong with UniFi deployments and complete turnkey residential services. It remains the backbone of all of our other services AV, Security, Automation, Power, IoT etc..
Exciting for it to be the first test subject for your traffic generator!
Hopefully some new house setup content soon, interested to know how you've done things differently based on past learnings!
Don't worry, it's coming! Lots of extremely cool projects in the works! Just been so busy with getting the rest of the house ready for regular life (flooring, furniture, getting various "snagging" issues fixed) that I haven't got around to it all yet. Trust me, I'm desperate for it too - for this video I had to uplink the EFG to my network with a temperamental powerline adapter, it was torture!
@@camerongray1515 lol that defn seems like a pain
I need to eventuaoly run a line downstairs as atm I have a cursed wifi bridge method with a wifi repeater haha
Pretty gnarly Cameron. This would pair well for a new switch solution.
It looks like the new enterprise line with be 10Gbps Copper PoE++ as it was seen in their lastest videos too.
Nice to know they're making a version that can be controlled* by an external controller* instead of using an internal controller*, but I never understood why with the UXG/UCG and this they can't just have an Integrated Controller*/External Controller* switch on the same hardware so if you want to use the integrated controller* you just flip a switch in the UI (or flash a different firmware), and then later switch to an external controller* as your needs change without having to buy a whole new box.
*UniFi Network Application
*UniFi Network Application
*UniFi Network Application
*UniFi Network Application
*UniFi Network Application
*UniFi Network Application
*UniFi Network Application
Excellent! I think this is probably the best overview video I've seen on how the shadow mode setup and operations works. 👏🏻
thanks man, just what i wanted to hear. thanks for the detail testing...i think ill still stay with my UXG pro's but maybe do the auto shadow feature
I use Unifi gear. I like it. I can do most all of these AI tasks with NextDNS.
OMG I can’t believe you have got your hands on this device so fast so early! Like it have just been released 😂😂😂 anyways, thanks for all the information and the knowledgeable sharing 🥰🥰😍😘😘
Another caveat with the traffic interceptor (true for every content filter, not just Ubiquiti's) is that a lot of mobile apps have a certificate pinned so the traffic can't be decrypted, as they will not use any user trusted certificates. Additionally, I believe with HSTS, the first time a site is loaded it pins the certificate. If the certificate changes the browser will show an error and prevent the user from accessing it (though I think this can also be ignored for enterprise deployments). Just something to keep in mind, e.g. if someone blocks a keyword for a certain website it will be blocked on desktop but potentially not through an app - I imagine if you combined it with mobile device provisioning you will have finer grained control over what the user can access on both sides.
Good point! Although with an app with a pinned certificate, the EFG would still decrypt and inspect the traffic, however the app would likely throw a certificate error - so it wouldn't be able to bypass the filtering, but it may not work correctly. The NEXT AI feature is only really viable on networks where you have full control over all of the devices on the network.
Cool that's interesting! The speed to price ratio is insane on this setup. Very impressive!
Can you tell the Gateway what interfaces to enable IPS etc on? For example, I only want it on the WAN, any other internal to internal traffic just pass at max speed.
Reminds me of their 10 gig monster of a gateway they had
for the packet inspecting and decrypting ssl traffic, can you install the certificate directly from the EFG or do you have to do it on the client device? Can you install / inspect on mobile devices, such as iphones, ipads or androids that are on your network?
I’ve been trying to get an answer about setting up multi WAN. Does this still only support 2 WANs like the UDM’s or can this support more. I have 4 separate WANs routed through my watchguard now. Sounds excessive but is necessary for my application.
Nope! Kinda stupid that they don’t, I’d recommend running BGP on another device and passing through one ISP to your UDM
Cameron could you suggest a magazine that I could read & that will explain of how & what I need to set up my home work as I’m nearing 60 & dint understand it all
Nice video, thank you! It would be interesting to see some more extensive/representative performance testing - for instance, a larger connection count, over a range of protocols (transport and application). Likewise for the TLS interception stuff.
How much drive storage does this thing have for log files and stuff like that I can't find that information anywhere does anyone know ?
What was the configuration of the IDS/IPS feature during tests? To better understand the difference of ideal load vs real load.
For the rest, great content!
The IDS and IPS settings were just set to "Auto" for all of the "IDS/IPS On" tests and then set to "Off" for the "IDS/IPS Off" tests
I love your test rack! Where can I get one?
edit: Looks like it's a Ubiquiti product too - I didn't realise they made racks.
Yep, it's a U-RACK-6U-TL - generally aimed at a test bench/lab type setup. I really like it, only thing to bear in mind is that it's "toolless" so the kit sits on shelves and it has thumbscrews on the side that will screw into the side of UniFi devices. You can of course fit non-UniFi devices into it, but there wouldn't be a way to lock the equipment in place.
Open it up!!
Hello Cameron,
How does the EFG sound?
because I have the Enterprise 24 in switch in open space and it makes noise if I add it it's not good!
And is the 25 Gbps WAN port 10 Gbps compatible?
Under low load it's relatively quiet but still audible however the fans are speed controlled so will likely ramp up under high load or if the ambient temperature is high. Realistically, this sort of equipment is designed to be hidden away in comms rooms, not to be used in rooms where people are working/living. The 25Gbps WAN port can be used with a 10Gbps connection with an approprate DAC/SFP+ module however you can also reassign the ports so one of the SFP+ ports acts as a WAN port leaving the SFP28 ports available as LAN ports.
@@camerongray1515 thank you for the quick answers
It would be nice if we could customize the blocked content page that comes up. Add our own logo and custom text and images.
Can i just get this with a unifi switch for my setup?
Initially i was thinking of getting Dream Machine Pro Max with a switch, am i right to say this is just a really stronger version compared to Dream Machine Pro Max?
I'm running servers , 2 ISP , 10gbps
You definitely could if your setup reqiures the power of this over a UDM Pro Max. It works essentially the same as a UDM however, unlike a UDM, the EFG can't run non-Networking UniFi applications such as Protect, Talk or Access so if you need those you'd need something to run them on such as a CloudKey or UNVR.
@@camerongray1515 Thank you! That's perfect as I don't need non-networking apps. What if I have multiple Internet service providers? Can it manage both, or is it only for "backup"? I'm looking for a way to use 2 ISPs with 2 different IP addresses, preferably being able to assign different ISPs to different servers while still allowing them to connect within the private network. Do you have any advice on this? Thank you!
not sure im sold on Ubiquiti for the enterprise or the industry is, never seen a single bit of ubiquiti in the colo’s i work in. i think they will have to work hard to change that
Open it, I want to see inside to know if it really needs all that space
What about cross vlan speed?
What about noise level?
It seems quiet. Is it similar to dream machine for noise?
Great video
Will they allow you to keep this?
I generally get to keep the samples, although currently I haven't found myself using them as part of my main network as I want to be able to keep them available for testing other UniFi products or for benchmarking against new projects. For example with this video I needed to benchmark a UDM Pro Max to compare to this which would have been a complete pain had I been using it as part of my main network.
this is a good news
The SSL/TLS inspection is neat, but with "AI" in the name it makes me wonder, if this is using AI is it being done fully locally on the firewall or is it sending your traffic details to some cloud AI service?
Neat
needs 2.35 and 3.25 sata hdd storage mod
What for? Threre's nothing on this that would benefit or even be able to use local storage. If you want a device with hard drive bays for UniFi Protect then you'd be best to go for a UDM. This is designed for large scale deployments to work purely as a firewall.
The stars * ✨ 🌟
Unless Unifi ever adjust their privacy policy and fully stop collecting data about their customers when one specifically disables it, nobody who values anything in regards to their own data and privacy should buy any of their products.
This has been a known issue for years and Unifi refuses to adress it.
What goes on behind my firewall is my business and not Unify's. That's the reason why it's behind a firewall.
Why this even has to be said is concerning though...
They make fantastic products, no doubt about that. Especially for the price. Wondering more and more if the price isn't the CIA trojan horse here...
Nice Device, BUT it's also $ 2000 plus $ 800/year. USD. Thanks for testing it!
Ubiquiti said there are 0 fees... it's a big price tag at first but then it's yours..
@@agreniers The $ 800 is for the 'pro' updates with more signatures
@@jfkastner what does it include exactly ?
@@agreniers no idea, check their site, might be different also from country to country
The subscription is for "enhanced threat updates" which is a daily updated feed of signatures for the IDS/IPS feature. It's definitely not required for using the EFG, or even for using the IDS/IPS feature in general, it's just for those users that want the additional, more up to date signatures.
Don't buy this stuff if you live in the UK. The returns process is done by sending stuff to the Netherlands. Your products get customs charges for returns! This stuff is garbage! I was offered instore credits to cover the customs charges! I will not be buying more items to send to the Netherlands! Very poor customer service.