I've got a USG and it really does run warmer than I typically like, and it's in an open room, not a closet. My (admittedly low-tech) solution was to simply attach a 140mm Noctua fan to the top of the case. The fan has rubber feet which provide about an inch of clearance, and I've also placed the same rubber feet on the USG itself, to get airflow underneath the case. The Noctua fan is then connected to a Noctua fan controller, which gives me a dial that I use to control the fan speed. The temps on the USG and the 8port 150w POE switch (which has been given the same treatment) have dropped between 20c and 27c.
I used to always tell people there's no point getting UniFi APs and switches if you're not going to complete the trifecta, but now that I've lived that nightmare I tell them to avoid the USG entirely. The switches are ok... if a bit flakey sometimes, if you have something else you're comfortable with just go with that though.
I have a few of these. I fried one of them that was in the bottom of a rack. with IPS on, with DPI, it runs VERY VERY hot. It generally starts to lock up and quits responding (heartbeat), then if you're lucky it comes back. I was uploading at max speed for 3-4 hours. There actually are a lot of hacks to help cool it. Basic... position it upright and not flat in a rack. I also installed a 40mm fan in the top square in place of the light. Works perfectly after that. My rack mount one, I got a rack mount adapter (3rd party look on ebay), and put a blower fan on the side of it that moves air through it. They should have put a fan in it. Really just skip the USG and go for the pro. It's only $300 right now. Rack mounted with fans. And you can add users locally now for the VPN.
If a manufacturer fails so hardly at QA their equipment I'll pass entirely. Love their switches, but they also run very hot without a reason even in an air conditioned server room
I wish there was some greater level of interconnectivity between EdgeRouter and Unifi. EdgeMAX and UniFI is completely separated which I'm struggling to see the point of. They would be sooo good together as a team.
I think it’s intentional. I went with EdgeRouter because of the limitations of USG. Only thing holding me back some was the lack of integration. If the integration on the EdgeRouter was better they would loose USG sales and their margins are probably much better on the USG.
@@johnraahauge4552 I currently have an EdgeRouter as well, and for the customization, i love it. I just wish I could use the features that the USG offers like bandwidth monitoring and such
I use one at home and for a really affordable router, it's practically a no-brainer for the price. We don't install them at client sites though. Usually the smaller Fortigates are the go-to as they are a significant step up in features/protection/etc.
Couple of other things to add: If you set up fail-over WAN there is no GUI option to set up port forwards for WAN 2, and the rules don't transfer automatically. Therefore port forwards break if you use fail-over WAN and your WAN1 goes down. Also L2TP VPN connections are unreliable and the VPN server crashes occasionally, requiring a reboot. Forget about hot sparing or HA - you can't even provision a cold spare either.
I kinda only wanna get one personally for at home just for port fwding only so many ports you can add to most routers these days and im almost at my limit as for VPN functionality that is no issue really have other products within the home that handle that, What makes this even better is can come straight from the ONT
The Pro does support more as far as the IPS / Threat Management. As for USG and UniFi, typically locked down and not anything close to other firewall options. Many features STILL beta along with other habits like new features that are obscure or broken. The USG3 boxes should be mounted on wall in vertical style with NIC ports facing sideways to allow convective cooling. For a ambient air environment sitting flat, they cook!
I had a USG and this ran a few months without problems. After an update the problems in the Unifi controller started, whereby more and more often some Unifi AC meshes could not be provisioned properly anymore. These problems were increasing after I installed new updates. After I changed the USG to an Edgerouter 4, strangely no problems occurred since 4 months. In general the EdgeMax software seems to run much more stable.
Thank you for the great video. I'm a bit of a power user and trying to decide between the USG or USG pro version connected to my 1gig fiber connection. Would love to see a video on that! I'm leaning towards a USG+pfsense.
In a small business topology where you have multiple VLANs, do you use the USG and a switch, how do you assign the gateways? 1. Do you configure “router on a stick” using a switch and the USG or 2. Use an edge switch with SVIs?
Lawrence, thank you so much for some of the deep dive. I have one of these and my 1st set up for SOHO network. I'm learning a lot about VLANs now and hope to incorporate some of these systems to use.
Great video and very informative Lawrence !! Really appreciate your details on the limitations about the USG, which I got one and quite a few other Ubiquiti products to upgrade my Home Network to 1Gbps, though if I had watched your videos before I would have selected UDM Pro version. Keep up the great work on sharing the knowledge, appreciate that as well !!
my usg used to get real hot so I took an old am3+ stock cooler and stuck it to the top of the usg to keep it cool (yes it works as the case is metal and used to dissipate heat)
Hey Tom, nice video. I'd love to see one of those USG point to point VPN setup. I'm wondering how this would perform for sharing files between homes and maybe plex media server 🤔 how it would compare to open VPN? 👀🔓
I’d like for you to make a video on UniFi wireless dropping packets on the firmware 4.x. Seem to get random ping drops when on 4.x opposed to 3.x firmware set.
Maybe its a good product but I stay tuned with PF and Unifi manager + good old Procurve, rock solid, low cost and don't think its more difficult to manage. :)
My take exactly. This and the Cisco SMB router are in the same ball park. I ended up going to the SonicWall and it did everything I needed, but (your fault) I tried the PFSense, and just loved the interface a lot better. I also wanted to move to multi-gig internet (soon hopefully). Tom, thanks for your videos! I have learned so much from you!
What I am interested in in particular is just the threat management part. I just wanted to better manage that to protect my home network against external attacks of various kinds. I have an Asus router (RT-AC88U), which is pretty good for my home usage, but I need a better control over who and what is connecting to my network from external, for example malicious IPs. If it would base that on some open IP blacklist -- that would awesome! Would you recommend something for that purpose? Thanks in advance for your help and advice!
They do run unpleasantly warm during the summer in a room without AC. Haven't had any burn up yet unlike the 150w PoE switch. Hardware is too gimpy to enable IPS/DPI on anything faster than 100Mbit cable.
Great video; great review. I've been a unifi user for quite some time and have a new situation. I've setup my home here with CloudKey Gen2 Pro, 5 APs etc. and I'm moving now to a new house but would love to continue supporting this house. Is this a situation I can buy two security gateways, vpn them together and use the same singular cloudkey as a 'single' network? Thanks for your great work and reviews.
Usually when firewalls activate threat management it's common to see throughput hits. You'll need a pretty beefy firewall to maintain threat management AND high throughput. I run into this for smaller Palo devices as well.
I personally like the USG 4 Pro's IPS performance. We have Gb Fiber which consistently always hits 940+. With IPS enabled we still consistently hit over 400+ Mbps. I think it works great for the price. If you need an IPS with insane performance, you're probably already qualified enough to know what you need by this point...
I have to say, I had one hell of a headache when I was deciding betwene USG and ER-X... I so desperately wanted self-hosted Radius, which USG can do, but I'll most likely have to move to a place, which has rather unstable Internet access, so secondary Internet access based on different technology would also be great... I just need that freaking failover function of Edge series, which USG doesn't support! Man, it was agony! Went with ER-X in the end and I say and will always say, worth it. Personally I see USG these days best suited fo hotels. Just as was said in the video. Just need VLAN separation and no fine tuning for the rules, I do see this working perfectly, radius is a plus with USG, and captive portal, thanks to UniFi cnotroller being present, should also come very handy. And if you're a chain? No problem, IPsec site-to-site VPN and central controller got you covered.
l2tp vpn user can be assigned to a particular vlan and you can see login history in logs The feature I miss is a PCap even for smaller install. when a/v guy says 'my control4 is slow because wifi is bad'. you need to go on site to do packet capturing to show server delayed response. pfsense is a pretty cool router. however price, ease of installation and monitoring - usg and the whole ubnt line is awesome.
I love my USG, but I did have one significant issue about 8 months ago. The flash drive inside died and it had to be RMA’d. However Ubiquity replaces it quickly so it wasn’t an issue!
Not sure why, but for some reason the USG beats out my SG-3100 when it comes to perception of speed. Figured this out when I was testing a backup strategy for my home. Figured it was just DNS so I did massive changes to DNS using even external Local DNS servers with large caches and still the USG feels faster. Speedtests are about the same on FIOS between the two. Not sure, makes no sense. Going to use the USG for a while.
I am upgrading my old DELL 100/M switch in my home network and was thinking of using a Ubiquity 24 port Gigabit switch. I have a firewall for wired connections while my ISP's wireless setup is a different network.....I wanted to expand my pen testing lab so I thought of using an edgerouter instead of a switch to segment the wired private network which can allow me to protect an additional WI-FI setup I want to use only as an access point routing through the wired network.....The ISP modem and the MESH wi-fi network will have nothing to do with the rest of the network..... Essentially I segment further into the network and use the edge router as a switch and for segmentation purposes only....and you use my edge firewall for outbound traffic....I will have to buy a switch anyway so why not buy something to allow segmentation and routing between internal segments. What are your thoughts.....?? Thank YOU in advance. Peter
I even use a FortiGate 60e for my home.. mostly for my lab stuff, to justify it however... We use a lot of FG60e for any of the smaller SMB that have any level of security concerns or compliance issues, mostly because we can dump the logs into FortiAnyazler for them or even go to FortiSIEM or another SIEM if they have budget.
Hi Lawrence. Love your channel, and it has help me a lot with my NAS. What about 2022? I am on the way to update my firewall (have an old TP-wireless router atm) and I have found this one. But is the firewall updated, and do you know how long they have planned to support this unit? BR Lars
Hi, like the feedback you gave about the USG. I am currently struggling with one for my client. The network seems to be slower when connecting my network on the USG. my setup: USG > unifi 8 port POE switch with the AP pros connected > cisco gigabit switch > network devices. the throughput seems to drop. I have smart QoS disabled, it does have doubble NAT( ISP DHCP to USG and USG dhcp to network. ANy suggestions?
Thinking about upgrading our home router with the USG. We already have two APs from Ubiquiti and your WiFi is rock solid ever since but our router is still... well we have to reboot it about once a week.
USG is very solid for most home users with up to a 1Gbps connection, providing you don't need IDS/IPS which bogs down that device because it turns off hardware acceleration. I have a USG and it just runs, about the only time it gets a reboot is when the firmware is updated. I've had it run for several months at a time without issue. It does get quite warm so I have a small external computer fan that blows a low volume of air across it. May not be needed, but keeping electronics cool is better for longevity.
@@Zeric1 Thanks for the info. I don't need IDS/IPS at all, just DPI but I think that still runs with full bandwidth, right? But regardless I will at max have 400mbit down and 200mbit up
@@seelensand Correct, DPI shouldn't slow it down noticeably. I did have an issue with keeping DPI on a while back, but that was resolved at some point with a FW update. DPI has been working solid for quite some time. My connection isn't as fast as your's (~150/15), but you should be fine as many use with faster connections. I've been running the USG for about 3 years. I'm considering trying pfsense upstream of the USG to see what it's all about while retaining the nice Unifi stats, and having pfSense handle external IDS/IPS.
Informative video 👍🏾 question tho I plan on setting up WiFi mesh network in my home and just looking to increase security for my ioT devices with segmentation. Which product would be best for this?
I wanted to set up a more secure home neteork. I bought a firewall but it's really complex. My buddy is an IT guy and said I bought one of the more difficult models. I was wondering if there is an ubiquiti that is a plug and play like bitdefender or Cujo but with a little more ability like to approve certain Mac addresses?
Hi. I have a business that installs small networks in homes and businesses. I lease a lot of the equipment out and mostly connect the equipment to the businesses ISP. I use ucrm to manage the billing. The ucrm allows suspending and traffic shaping. I’m wondering, is there any gateways I can use to suspend or traffic shape routers outside my network for non payment etc?
I purchased a USG-Pro for my office, and I've been regretting it for nearly 2 years now. We've had multiple failures that just would not happen with anything else. It *can* do everything my Edgerouter at home can do, it just *won't*. It's a steaming pile of crap tbh, and it's soured my relationship with Ubiquiti, as they've repeatedly refused to own up to issues that have caused significant loss of productivity, and try to blame the user, aka the customer.
Thanks for producing the video. The London property market is driving landlords towads providing serviced offices with utilities such as gas, electric and now internet all included in the rent, as such we as a comms provider are being asked to install the external internet and internal WiFi. I see the unifi offering as a great all in solution but am struggling to find the benefits of the USG (obviously I want three green lights but that's it), we are more a telecoms provider but starting to offer (again market forces) very basic LAN/WLAN IT infrastructure solutions. Question I have is you mentioned in your video the USG does VLANs, but then just lots of things it doesn't do, is that really it? In the UK we have an ethernet handover with DHCP so you can just plug directly into the switch, what's the point in the USG in between, just another potential point of failure no? I'm hoping the answer includes: 1) Basic firewall, this is essential or like leaving your front down open. 2) Failover internet from two IPs on the second LAN port. 3) Basic stats, speed and webpages etc. Can the USG definitely do those things, can you connect two ADSL or ethernet connections for redundancy? Is the firewall any benefit out the box or do you have to configure it? Are there any other essential features it provides or could we just plug ethernet into the switch direct - not actually going to do this, but want some solid reasons why the USG "should" be plugged in? Be good to know the USG is essential and useful, or start looking for alternatives now.
I'm kind of baffled that they don't offer a hardware option that will not be a bottleneck when you turn on the features they offer in the GUI. E.g. where is the model that has the horsepower to maintain line speed with Threat Management turned on? I don't think even the Pro will. Of course, DPI style tech is getting hard to recommend anyway, considering encryption and protocol trends. I lean towards the position they should just yank it out of the GUI entirely. Especially since I'm seeing more and more 1 Gbps connections and even come across some 2 Gbps services (dual 1 gig out of the ISP box.) Having a toggle in the GUI for a feature that the hardware can't keep up with makes for dissatisfied customers IMO. For customers that have a 50 Mbps or less connection, there're no worries, but I'm seeing that less and less personally. Tom, thank you for showing those iperf results to everyone. Ubiquity used to be a little more upfront about it, showing throughput estimations with it enabled/disabled in the literature. They seem to have removed even that and replaced it with a footnote merely cautioning that Threat Management will reduce throughput. That's pretty shady business practice as far as I'm concerned since their marketing describes it as a gigabit advanced security appliance. It is understandable that a non-techie would read that and expect the product offers advanced security at gigabit speed. It's no surprise you get this question all the time. They really should be very upfront with this. An 85-90% reduction warrants more than a footnote. Expectation management and all that. I think they'd have happier customers for it. Ubiquity may not understand that, but thankfully the industry has people like you who do. :)
Seth Williamson there’s an upcoming model called the dream machine pro that can handle those speeds with the features turned on. It’s an all in one device, with controller integrated in.
Im just thinking about buying a USG or a pfsense SG-2100. I have at home 2 seperate networks running: one for my smart home and for WLAN+PCs and one for energy meters, my photovoltaik (with access to external providers) etc. to connect both, I need to have some firewalling/routing between them. What type of device would you take for this?
I'm looking at puchasing this. Currently my setup is I have my WAN for Internet, LAN 1 for Home and LAN 2 for LAB networks. Does this support say having all traffic from lab network/eth2 port going to Private Internet Access VPN? seen stuff online that you can, but only via CLI (i'm okay if this is the case). But home on LAN1 going out normal with no VPN?
Always wanted to love the Unifi gear for home. Unfortunately, I do need some mesh APs at this time. So many problems with Ubiquity's mesh implementation that I had to abandoned my Unifi gear all together. So disappointed in the waste of time and $$$.
You've given me some stuff to think about. Currently upgrading my entire home infrastructure and was thinking about using this as my main router. The lack of per-user VPN support is not a deal breaker but it's kind of a dumb limitation. Does the integrated VPN only work with other remote UniFI devices? Or will it work with any laptop / phone / tablet / whatever? Does it have *external* VPN support? And VPN routing config options? Like if I purchased a VPN subscription from a provider, could I use the USG as the client, and then set rules up about how I want my internet traffic routed, like certain traffic over the VPN and certain traffic not? I think other "prosumer" devices from the other brands have this kind of stuff baked in.
It still doesn't support PPOE over VLAN. If change ppoe over vlan on json config, it will failed WAN load balancing. I think ubnt was missed this feature
So I have a child who loves to tinker online but has fallen victim to ddos booters through his gaming. What kind of set up can I get to build a secure home wifi? It has to work with console game units that are not currently hardwired. Down the line I want to have someone run cables to each room so that we can use the wifi less but that is not something on the slate for soon. I know nothing about this stuff. I am just tired of spending hours on support calls trying to get my router back up and running.
I'm a noob and I'm looking for a at home router for my family. I'm getting Ting service installed next week so I'm pressed to make a decision soon. Any suggestions??
My USG worked great for 17 months and then just lost its mind one day. Spent a total of 2 days going through all the updates and have never been able to clone back to the cable modem. Super dumb problem to have but still... No Joy!
Site to Site VPN sounds great in theory... As long as you have a static IP on both sites! The doc says it would update the IP's over the controller... But it won't! There are many threads about it in the official forums... Ubiquiti is like "we are working on it" for almost two years now... You have to manually configure OpenVPN since IpSec does not support DDNS... I installed USG's on two of my test sites and got really disapointed. I don't want to use features not supported in a productive usage...
I have had it work, it works but running a openvpn server at the main end I got much more preformacne. Personally time for ubiquity to release a new version of the usg and or something like there own build your own usg using old computer hardware. like unifi version of pfsense
@@intertan The Dream Machine Pro is capable of 1GBIT IPS. That is over 10 times as far as the USG! Will they update the USG or will they exspect us to go to their all in one solution? I don't think they will make it "build it yourself". Yes openvpn configs are possible but not officially supported... I just hope they will expand their software and fix many know problems. iPv6 is also problematic at least in my config with "German Telekom".
pepeshopping I didn’t wrote I’m not able too 😉 I just wrote, that the auto VPN doesn’t work as described in the doc. There isn’t a by UniFi supported solution right now. There is a solution of course (using OpenVPN)... But it’s not officially supported by them (really important!)... The documentation for Auto IPsec VTI says: “Dynamically tracks IP changes on WAN”. But it won’t. It will work till the IP changes and you have to manually restart it... There are many threads about this behavior in the UniFi Community forum. UniFi told me they are working on it over a year ago... I just don’t want to deploy a solution not officially supported by UniFi to my company... -> I don’t want to use the OpenVPN solution I know it works...
pepeshopping or to quote the support team “Hi Niklas, I see that you have issues with S2S IPSec(Auto) VPN between 2 USGs breaks when WAN IP changes on either side. This is a known issue and it has already been reported to the developers. However, we do not have any ETA on the fix yet. The only possible workaround, for now, is to reprovision the USGs or delete and create a VPN network again when the WAN IP changes. I'm afraid, this is a manual process. Another way to fix this is to get a static IP from the ISP for both the sites.”
can you do policy based routing or similar with the usg for my use case? for example: apple tv to go through a vpn service to remove ads from youtube, etc. thanks.
Hello! What are your thoughts on the Dream Machine Pro? I know it’s still on early access, but when it releases, will you guys be reviewing it? It seems to offer an everything integrated in solution.
I like your videos. Very useful and I like your truthfulness. I have ATT Fiber and I wanted to replace my R8000 (about to die). What router you recommend, I have VMs (lab purposes) and also a freenas and a plex server. I also have a free Dell R410 (dual Xeon 6 core 2.4ghz w/ 32mb ram) should I just turn that into a pfsense box. Any input would be appreciated, from anyone really
Have you heard of any solid news on when they will refresh the USG-Pro 4? I just bought one but wondering if there is a refresh just around the corner.
Like you video.. Very informative for users.. I use PIA vpn on my computer.. Would this be able to run it inside the USG? I need to use the PIA in some divces like TV and not some game computer like my kids computer.. Would this do the job? thanks..
Hello Tom - I have a pretty low-level question that you probably could answer very easily. I have a Unifi system (Cloudkey, USG and APs) throughout my house - only one LAN and about 10-20 devices using it. I'm interested in the firewall security of my network but I don't want to burrow down into the deep complexities of configuration (unless I absolutely have to). I don't need any rules for any device on my LAN: I just want to feel safe about constant connection to the Internet. Scamming is rife here in Australia; I think I'm safe but, am I? With my basic network and simple needs, how effective is my USG firewall with its default settings?
Some of Ubiquity products are good, not USG. I would appreciate if you are objective in your review and point at the shortcomings also. I jumped on the bandwagon and bought a USG, after 3 days of frustration, of trying to get it to work with AT&T Fiber, I have had it. This is a junk product. The best this was able to do was 300MBps on a Gig line, most of the time, I got 120 MBps.
I'm looking for firewall and VPN to be able to view up ip cameras outside home network. I'll be running blue iris. Would you recommend USG or edgerouter-x? Home ISP speed 40/5. Thanks for your support...
USG only officially supports L2P vpn, so it would work. The edge routers are nice as long as you don't mind command line configurations for advanced features or you could get the SG-1100 by Netgate ua-cam.com/video/6VqeB5eXjq0/v-deo.html that does offer OpenVPN support or Untangle ua-cam.com/video/dmCAePgVSUY/v-deo.html
You don't *need* a CloudKey if you have another server (even a Raspberry Pi) handy to run the controller software on. The CK is just a convenient hardware host for the controller if you don't already have one. AFAIK the only other device that self-hosts the controller is the Dream Machine Pro, so unless you have a DMP you'll need to run the controller on either a CK or your own host.
The console port is a serial port, not Ethernet so it can't be used for anything other than local direct attached management, something few people will do.
What is the difference among er-x vs er-10x vs ubiquiti unifi security gateway (usg) ? looking for a home router that is not hard to set-up. Also, I hear people say you need a Cloud key? So an additional unit purchase?
You don't NEED cloud key, you need unifi controller running on something. That can be VM, rasberryPi, your daily driver computer. And it doesn't need to run 24/7, if you don't need log data. If you need logging then it should be 24/7 machine or cloud key.
As a beginner in networks, watch this to try to understand what the user case for this is. After 5 minutes i left the video, ha have no idea what you where talking about, the json file, and taking about what the community does and not does etc. If you review something, please show the product, what it does, how it should be used with other products etc. Not everyone that watches the videos have deep networking knowledge, or huge knowledge of the ubiquity product portfolio. Good luck
Basic home users or basic device-only connectivity, sure use these overpriced devices, but for the usual home or basic user, I would go with TP-Link, Netgear, or any of them, after all you DO KNOW they ALL use the SAME open source software in their devices, RIGHT?! Other than that, I simply put together a $500 dll pfsense device with an Intel J4105 Quad CPU (10 Watt), 5GB RAM, 120GB SSD and and the latest (I350) Intel quad Ethernet card. Before this Intel CPU, 2, 3 years ago, I used AMD’s Kavini 5350 Quad core (25 Watts). All of them still going 100%.
I currently run a VPN on both my iPhones and my iPad by a company called Ivacy, it lets me pick which country I appear to be in. This type of VPN would mean I. Can watch all the U.K. catchup TV, I am from the U.K.
Lawrence Systems / PC Pickup I also have watched several videos of different people putting all their IOT devices on a different VLan and a separate WiFi network. The problem I seem to have is the software seems to update so quickly and I don’t know how far the USG has come. I currently have a Cloud Key Plus G2, 24 Port unmanaged switch and an 8 port switch on order.
@@LAWRENCESYSTEMS No I understand why you asked.... I need to do a whole load of unsupported stuff with the router in order to set up a VPN, Apologies. The more I watch the less I seem to understand :(
Highly overpriced for a gourmet NAT box. It's so limited in software support/features that it's even hard to call it a firewall. It could be a great product (has the hardware for that) if UBNT was worried about enhancing its features instead of simply releasing new products. If you need a simple NAT box, USG can do it. More than that, forget about it.
While I do agree the software on the front is a bit limited but with the USG Pro 4P you get quite a bit more performance, not to mention Unifi has been updating their IDS/IPS functionality. You can go into the command line and make deeper configurations if you need too. BUT I have never used the standard USG which I WOULD imagine as not being as good, especially for any business usage.
Have you thought about doing any Ubiquiti courses for the Udemy platform? I went over there trying to find a course on Ubiquiti to take only found 11 and I think at least 4 of them were Spanish.
so i'am a bit confused. I just purchased two UAP-NANOHD, a USG, and a unifi 24 port switch. will i still need to buy the edge router? and does it go, modem-usg-router then switch?
I've got a USG and it really does run warmer than I typically like, and it's in an open room, not a closet. My (admittedly low-tech) solution was to simply attach a 140mm Noctua fan to the top of the case. The fan has rubber feet which provide about an inch of clearance, and I've also placed the same rubber feet on the USG itself, to get airflow underneath the case. The Noctua fan is then connected to a Noctua fan controller, which gives me a dial that I use to control the fan speed.
The temps on the USG and the 8port 150w POE switch (which has been given the same treatment) have dropped between 20c and 27c.
I have a fan on my usg also.. heat kills electronics and that thing runs hot enough to be uncomfortable to hold.
I switched from a USG Pro to pfSense because of this channel. The only thing I miss about the USGs would be the pretty DPI graphs; that's it.
i'll be moving to pfsense for similar reasons but would miss the integration too.
I used to always tell people there's no point getting UniFi APs and switches if you're not going to complete the trifecta, but now that I've lived that nightmare I tell them to avoid the USG entirely. The switches are ok... if a bit flakey sometimes, if you have something else you're comfortable with just go with that though.
I have a few of these. I fried one of them that was in the bottom of a rack. with IPS on, with DPI, it runs VERY VERY hot. It generally starts to lock up and quits responding (heartbeat), then if you're lucky it comes back. I was uploading at max speed for 3-4 hours. There actually are a lot of hacks to help cool it. Basic... position it upright and not flat in a rack. I also installed a 40mm fan in the top square in place of the light. Works perfectly after that. My rack mount one, I got a rack mount adapter (3rd party look on ebay), and put a blower fan on the side of it that moves air through it. They should have put a fan in it. Really just skip the USG and go for the pro. It's only $300 right now. Rack mounted with fans. And you can add users locally now for the VPN.
If a manufacturer fails so hardly at QA their equipment I'll pass entirely. Love their switches, but they also run very hot without a reason even in an air conditioned server room
I wish there was some greater level of interconnectivity between EdgeRouter and Unifi. EdgeMAX and UniFI is completely separated which I'm struggling to see the point of. They would be sooo good together as a team.
I think it’s intentional. I went with EdgeRouter because of the limitations of USG. Only thing holding me back some was the lack of integration. If the integration on the EdgeRouter was better they would loose USG sales and their margins are probably much better on the USG.
NickyNiclas that why unms exist
@@Micro776 UNMS is great for huge networks and service providers but its far from the idea I have in mind.
@@johnraahauge4552 I currently have an EdgeRouter as well, and for the customization, i love it. I just wish I could use the features that the USG offers like bandwidth monitoring and such
I use one at home and for a really affordable router, it's practically a no-brainer for the price. We don't install them at client sites though. Usually the smaller Fortigates are the go-to as they are a significant step up in features/protection/etc.
Couple of other things to add:
If you set up fail-over WAN there is no GUI option to set up port forwards for WAN 2, and the rules don't transfer automatically.
Therefore port forwards break if you use fail-over WAN and your WAN1 goes down.
Also L2TP VPN connections are unreliable and the VPN server crashes occasionally, requiring a reboot.
Forget about hot sparing or HA - you can't even provision a cold spare either.
I kinda only wanna get one personally for at home just for port fwding only so many ports you can add to most routers these days and im almost at my limit as for VPN functionality that is no issue really have other products within the home that handle that, What makes this even better is can come straight from the ONT
The Pro does support more as far as the IPS / Threat Management. As for USG and UniFi, typically locked down and not anything close to other firewall options. Many features STILL beta along with other habits like new features that are obscure or broken. The USG3 boxes should be mounted on wall in vertical style with NIC ports facing sideways to allow convective cooling. For a ambient air environment sitting flat, they cook!
I had a USG and this ran a few months without problems. After an update the problems in the Unifi controller started, whereby more and more often some Unifi AC meshes could not be provisioned properly anymore. These problems were increasing after I installed new updates. After I changed the USG to an Edgerouter 4, strangely no problems occurred since 4 months. In general the EdgeMax software seems to run much more stable.
Thank you for the great video. I'm a bit of a power user and trying to decide between the USG or USG pro version connected to my 1gig fiber connection. Would love to see a video on that! I'm leaning towards a USG+pfsense.
In a small business topology where you have multiple VLANs, do you use the USG and a switch, how do you assign the gateways?
1. Do you configure “router on a stick” using a switch and the USG
or
2. Use an edge switch with SVIs?
Lawrence, thank you so much for some of the deep dive. I have one of these and my 1st set up for SOHO network. I'm learning a lot about VLANs now and hope to incorporate some of these systems to use.
Great video I consider myself a prosumer and just deployed a USG 3P at home its nothing fancy but gets the job done
Great video and very informative Lawrence !! Really appreciate your details on the limitations about the USG, which I got one and quite a few other Ubiquiti products to upgrade my Home Network to 1Gbps, though if I had watched your videos before I would have selected UDM Pro version. Keep up the great work on sharing the knowledge, appreciate that as well !!
my usg used to get real hot so I took an old am3+ stock cooler and stuck it to the top of the usg to keep it cool (yes it works as the case is metal and used to dissipate heat)
Hey Tom, nice video. I'd love to see one of those USG point to point VPN setup. I'm wondering how this would perform for sharing files between homes and maybe plex media server 🤔 how it would compare to open VPN? 👀🔓
I’d like for you to make a video on UniFi wireless dropping packets on the firmware 4.x. Seem to get random ping drops when on 4.x opposed to 3.x firmware set.
Maybe its a good product but I stay tuned with PF and Unifi manager + good old Procurve, rock solid, low cost and don't think its more difficult to manage. :)
My take exactly. This and the Cisco SMB router are in the same ball park. I ended up going to the SonicWall and it did everything I needed, but (your fault) I tried the PFSense, and just loved the interface a lot better. I also wanted to move to multi-gig internet (soon hopefully). Tom, thanks for your videos! I have learned so much from you!
What I am interested in in particular is just the threat management part. I just wanted to better manage that to protect my home network against external attacks of various kinds. I have an Asus router (RT-AC88U), which is pretty good for my home usage, but I need a better control over who and what is connecting to my network from external, for example malicious IPs. If it would base that on some open IP blacklist -- that would awesome!
Would you recommend something for that purpose?
Thanks in advance for your help and advice!
They do run unpleasantly warm during the summer in a room without AC. Haven't had any burn up yet unlike the 150w PoE switch. Hardware is too gimpy to enable IPS/DPI on anything faster than 100Mbit cable.
Great video; great review. I've been a unifi user for quite some time and have a new situation. I've setup my home here with CloudKey Gen2 Pro, 5 APs etc. and I'm moving now to a new house but would love to continue supporting this house. Is this a situation I can buy two security gateways, vpn them together and use the same singular cloudkey as a 'single' network? Thanks for your great work and reviews.
Usually when firewalls activate threat management it's common to see throughput hits. You'll need a pretty beefy firewall to maintain threat management AND high throughput. I run into this for smaller Palo devices as well.
I personally like the USG 4 Pro's IPS performance. We have Gb Fiber which consistently always hits 940+. With IPS enabled we still consistently hit over 400+ Mbps. I think it works great for the price. If you need an IPS with insane performance, you're probably already qualified enough to know what you need by this point...
I have to say, I had one hell of a headache when I was deciding betwene USG and ER-X... I so desperately wanted self-hosted Radius, which USG can do, but I'll most likely have to move to a place, which has rather unstable Internet access, so secondary Internet access based on different technology would also be great... I just need that freaking failover function of Edge series, which USG doesn't support! Man, it was agony! Went with ER-X in the end and I say and will always say, worth it.
Personally I see USG these days best suited fo hotels. Just as was said in the video. Just need VLAN separation and no fine tuning for the rules, I do see this working perfectly, radius is a plus with USG, and captive portal, thanks to UniFi cnotroller being present, should also come very handy. And if you're a chain? No problem, IPsec site-to-site VPN and central controller got you covered.
l2tp vpn user can be assigned to a particular vlan and you can see login history in logs
The feature I miss is a PCap even for smaller install. when a/v guy says 'my control4 is slow because wifi is bad'. you need to go on site to do packet capturing to show server delayed response. pfsense is a pretty cool router. however price, ease of installation and monitoring - usg and the whole ubnt line is awesome.
Fair assessment of the system, use it here not there, quite useful.
I love my USG, but I did have one significant issue about 8 months ago. The flash drive inside died and it had to be RMA’d. However Ubiquity replaces it quickly so it wasn’t an issue!
My USG and all the other stuff i have runs hot, in relation to the other equipment i have. It's in my cellar which is always cold
Not sure why, but for some reason the USG beats out my SG-3100 when it comes to perception of speed. Figured this out when I was testing a backup strategy for my home. Figured it was just DNS so I did massive changes to DNS using even external Local DNS servers with large caches and still the USG feels faster. Speedtests are about the same on FIOS between the two. Not sure, makes no sense. Going to use the USG for a while.
Damn! This was just what I wanted to know and this was Perfect! Thank you very much!
you hit dead on. WAN block ip is what keeping me from using my 3 years old USG Pro. Its still sitting on my shelf.
What are you using currently?
I am upgrading my old DELL 100/M switch in my home network and was thinking of using a Ubiquity 24 port Gigabit switch. I have a firewall for wired connections while my ISP's wireless setup is a different network.....I wanted to expand my pen testing lab so I thought of using an edgerouter instead of a switch to segment the wired private network which can allow me to protect an additional WI-FI setup I want to use only as an access point routing through the wired network.....The ISP modem and the MESH wi-fi network will have nothing to do with the rest of the network.....
Essentially I segment further into the network and use the edge router as a switch and for segmentation purposes only....and you use my edge firewall for outbound traffic....I will have to buy a switch anyway so why not buy something to allow segmentation and routing between internal segments.
What are your thoughts.....?? Thank YOU in advance.
Peter
Its good for home user. Ive got the USG4 Pro its nice but very basics. I really prefer Fortigate for real enterprise environment.
I even use a FortiGate 60e for my home.. mostly for my lab stuff, to justify it however... We use a lot of FG60e for any of the smaller SMB that have any level of security concerns or compliance issues, mostly because we can dump the logs into FortiAnyazler for them or even go to FortiSIEM or another SIEM if they have budget.
8:04 If its a high pitched whining hat comes from the VRM's (more precisely the coils). But this issue usually plagues video cards...
Hi Lawrence.
Love your channel, and it has help me a lot with my NAS.
What about 2022? I am on the way to update my firewall (have an old TP-wireless router atm) and I have found this one. But is the firewall updated, and do you know how long they have planned to support this unit?
BR
Lars
I want all the green circles. But I have PFsense. So, I will have to live with out that. Sad face.
Hi, like the feedback you gave about the USG. I am currently struggling with one for my client. The network seems to be slower when connecting my network on the USG. my setup: USG > unifi 8 port POE switch with the AP pros connected > cisco gigabit switch > network devices. the throughput seems to drop. I have smart QoS disabled, it does have doubble NAT( ISP DHCP to USG and USG dhcp to network. ANy suggestions?
Thinking about upgrading our home router with the USG. We already have two APs from Ubiquiti and your WiFi is rock solid ever since but our router is still... well we have to reboot it about once a week.
USG is very solid for most home users with up to a 1Gbps connection, providing you don't need IDS/IPS which bogs down that device because it turns off hardware acceleration. I have a USG and it just runs, about the only time it gets a reboot is when the firmware is updated. I've had it run for several months at a time without issue. It does get quite warm so I have a small external computer fan that blows a low volume of air across it. May not be needed, but keeping electronics cool is better for longevity.
@@Zeric1 Thanks for the info. I don't need IDS/IPS at all, just DPI but I think that still runs with full bandwidth, right? But regardless I will at max have 400mbit down and 200mbit up
@@seelensand Correct, DPI shouldn't slow it down noticeably. I did have an issue with keeping DPI on a while back, but that was resolved at some point with a FW update. DPI has been working solid for quite some time. My connection isn't as fast as your's (~150/15), but you should be fine as many use with faster connections. I've been running the USG for about 3 years. I'm considering trying pfsense upstream of the USG to see what it's all about while retaining the nice Unifi stats, and having pfSense handle external IDS/IPS.
Informative video 👍🏾 question tho I plan on setting up WiFi mesh network in my home and just looking to increase security for my ioT devices with segmentation. Which product would be best for this?
I wanted to set up a more secure home neteork. I bought a firewall but it's really complex. My buddy is an IT guy and said I bought one of the more difficult models. I was wondering if there is an ubiquiti that is a plug and play like bitdefender or Cujo but with a little more ability like to approve certain Mac addresses?
Hi. I have a business that installs small networks in homes and businesses. I lease a lot of the equipment out and mostly connect the equipment to the businesses ISP. I use ucrm to manage the billing. The ucrm allows suspending and traffic shaping. I’m wondering, is there any gateways I can use to suspend or traffic shape routers outside my network for non payment etc?
I purchased a USG-Pro for my office, and I've been regretting it for nearly 2 years now. We've had multiple failures that just would not happen with anything else. It *can* do everything my Edgerouter at home can do, it just *won't*. It's a steaming pile of crap tbh, and it's soured my relationship with Ubiquiti, as they've repeatedly refused to own up to issues that have caused significant loss of productivity, and try to blame the user, aka the customer.
Thanks for producing the video. The London property market is driving landlords towads providing serviced offices with utilities such as gas, electric and now internet all included in the rent, as such we as a comms provider are being asked to install the external internet and internal WiFi. I see the unifi offering as a great all in solution but am struggling to find the benefits of the USG (obviously I want three green lights but that's it), we are more a telecoms provider but starting to offer (again market forces) very basic LAN/WLAN IT infrastructure solutions.
Question I have is you mentioned in your video the USG does VLANs, but then just lots of things it doesn't do, is that really it? In the UK we have an ethernet handover with DHCP so you can just plug directly into the switch, what's the point in the USG in between, just another potential point of failure no? I'm hoping the answer includes:
1) Basic firewall, this is essential or like leaving your front down open.
2) Failover internet from two IPs on the second LAN port.
3) Basic stats, speed and webpages etc.
Can the USG definitely do those things, can you connect two ADSL or ethernet connections for redundancy? Is the firewall any benefit out the box or do you have to configure it? Are there any other essential features it provides or could we just plug ethernet into the switch direct - not actually going to do this, but want some solid reasons why the USG "should" be plugged in?
Be good to know the USG is essential and useful, or start looking for alternatives now.
I'm kind of baffled that they don't offer a hardware option that will not be a bottleneck when you turn on the features they offer in the GUI. E.g. where is the model that has the horsepower to maintain line speed with Threat Management turned on? I don't think even the Pro will. Of course, DPI style tech is getting hard to recommend anyway, considering encryption and protocol trends.
I lean towards the position they should just yank it out of the GUI entirely. Especially since I'm seeing more and more 1 Gbps connections and even come across some 2 Gbps services (dual 1 gig out of the ISP box.) Having a toggle in the GUI for a feature that the hardware can't keep up with makes for dissatisfied customers IMO. For customers that have a 50 Mbps or less connection, there're no worries, but I'm seeing that less and less personally.
Tom, thank you for showing those iperf results to everyone. Ubiquity used to be a little more upfront about it, showing throughput estimations with it enabled/disabled in the literature. They seem to have removed even that and replaced it with a footnote merely cautioning that Threat Management will reduce throughput. That's pretty shady business practice as far as I'm concerned since their marketing describes it as a gigabit advanced security appliance. It is understandable that a non-techie would read that and expect the product offers advanced security at gigabit speed. It's no surprise you get this question all the time. They really should be very upfront with this. An 85-90% reduction warrants more than a footnote. Expectation management and all that. I think they'd have happier customers for it. Ubiquity may not understand that, but thankfully the industry has people like you who do. :)
Seth Williamson there’s an upcoming model called the dream machine pro that can handle those speeds with the features turned on. It’s an all in one device, with controller integrated in.
@@acejokerz But that's quite simply built for home users, no one would put this in a corporate environment
Im just thinking about buying a USG or a pfsense SG-2100. I have at home 2 seperate networks running: one for my smart home and for WLAN+PCs and one for energy meters, my photovoltaik (with access to external providers) etc.
to connect both, I need to have some firewalling/routing between them. What type of device would you take for this?
pfsense SG-2100
Can connection FIOS (data only) service directly to USG PRO4 WAN1 SFP port?
I feel that the unified side of the Ubiquiti is more for the residential user and not the enterprise user.
I'm looking at puchasing this. Currently my setup is I have my WAN for Internet, LAN 1 for Home and LAN 2 for LAB networks. Does this support say having all traffic from lab network/eth2 port going to Private Internet Access VPN? seen stuff online that you can, but only via CLI (i'm okay if this is the case). But home on LAN1 going out normal with no VPN?
Would you recommend a USG for a restaurant that may use the VPN feature to remote into a POS server from an event popup?
Always wanted to love the Unifi gear for home. Unfortunately, I do need some mesh APs at this time. So many problems with Ubiquity's mesh implementation that I had to abandoned my Unifi gear all together. So disappointed in the waste of time and $$$.
You've given me some stuff to think about. Currently upgrading my entire home infrastructure and was thinking about using this as my main router. The lack of per-user VPN support is not a deal breaker but it's kind of a dumb limitation. Does the integrated VPN only work with other remote UniFI devices? Or will it work with any laptop / phone / tablet / whatever? Does it have *external* VPN support? And VPN routing config options? Like if I purchased a VPN subscription from a provider, could I use the USG as the client, and then set rules up about how I want my internet traffic routed, like certain traffic over the VPN and certain traffic not? I think other "prosumer" devices from the other brands have this kind of stuff baked in.
It still doesn't support PPOE over VLAN. If change ppoe over vlan on json config, it will failed WAN load balancing.
I think ubnt was missed this feature
So I have a child who loves to tinker online but has fallen victim to ddos booters through his gaming. What kind of set up can I get to build a secure home wifi? It has to work with console game units that are not currently hardwired. Down the line I want to have someone run cables to each room so that we can use the wifi less but that is not something on the slate for soon. I know nothing about this stuff. I am just tired of spending hours on support calls trying to get my router back up and running.
Even simple things such as using an FQDN for a site-to-site VPN are missing.
So it doesn't allow DDNS for site to site vpn purposes?
I'm a noob and I'm looking for a at home router for my family. I'm getting Ting service installed next week so I'm pressed to make a decision soon. Any suggestions??
My USG worked great for 17 months and then just lost its mind one day. Spent a total of 2 days going through all the updates and have never been able to clone back to the cable modem.
Super dumb problem to have but still...
No Joy!
Site to Site VPN sounds great in theory... As long as you have a static IP on both sites! The doc says it would update the IP's over the controller... But it won't! There are many threads about it in the official forums... Ubiquiti is like "we are working on it" for almost two years now...
You have to manually configure OpenVPN since IpSec does not support DDNS...
I installed USG's on two of my test sites and got really disapointed. I don't want to use features not supported in a productive usage...
I have had it work, it works but running a openvpn server at the main end I got much more preformacne. Personally time for ubiquity to release a new version of the usg and or something like there own build your own usg using old computer hardware. like unifi version of pfsense
@@intertan The Dream Machine Pro is capable of 1GBIT IPS. That is over 10 times as far as the USG! Will they update the USG or will they exspect us to go to their all in one solution? I don't think they will make it "build it yourself". Yes openvpn configs are possible but not officially supported... I just hope they will expand their software and fix many know problems. iPv6 is also problematic at least in my config with "German Telekom".
If you cannot make VPN with non static IP addresses work, is not on them, it is on YOU!!
pepeshopping I didn’t wrote I’m not able too 😉 I just wrote, that the auto VPN doesn’t work as described in the doc. There isn’t a by UniFi supported solution right now. There is a solution of course (using OpenVPN)... But it’s not officially supported by them (really important!)...
The documentation for Auto IPsec VTI says: “Dynamically tracks IP changes on WAN”. But it won’t. It will work till the IP changes and you have to manually restart it... There are many threads about this behavior in the UniFi Community forum. UniFi told me they are working on it over a year ago...
I just don’t want to deploy a solution not officially supported by UniFi to my company... -> I don’t want to use the OpenVPN solution I know it works...
pepeshopping or to quote the support team “Hi Niklas,
I see that you have issues with S2S IPSec(Auto) VPN between 2 USGs breaks when WAN IP changes on either side.
This is a known issue and it has already been reported to the developers. However, we do not have any ETA on the fix yet.
The only possible workaround, for now, is to reprovision the USGs or delete and create a VPN network again when the WAN IP changes. I'm afraid, this is a manual process. Another way to fix this is to get a static IP from the ISP for both the sites.”
Installed USG and APs at a school and want to block Facebook on the teacher wlan. Is there a simple way to do this type of content filtering?
can you do policy based routing or similar with the usg for my use case? for example: apple tv to go through a vpn service to remove ads from youtube, etc. thanks.
works with the Dream Machine Pro?
Hello! What are your thoughts on the Dream Machine Pro? I know it’s still on early access, but when it releases, will you guys be reviewing it? It seems to offer an everything integrated in solution.
Looks interesting.
I like your videos. Very useful and I like your truthfulness. I have ATT Fiber and I wanted to replace my R8000 (about to die). What router you recommend, I have VMs (lab purposes) and also a freenas and a plex server. I also have a free Dell R410 (dual Xeon 6 core 2.4ghz w/ 32mb ram) should I just turn that into a pfsense box. Any input would be appreciated, from anyone really
If you want to run Pfsense or Untangle the bare network box sold on Amazon demoed by this guy should do fine.
Have you heard of any solid news on when they will refresh the USG-Pro 4? I just bought one but wondering if there is a refresh just around the corner.
Like you video.. Very informative for users.. I use PIA vpn on my computer.. Would this be able to run it inside the USG? I need to use the PIA in some divces like TV and not some game computer like my kids computer.. Would this do the job? thanks..
Good informative presentations!
Great, only a question, How many users per VLAN can it support?
Depends on how big of a subnet you create
One of the stupidest omissions on the USG is the total lack of support for internal DNS like pfSense has had for years.
Hello Tom - I have a pretty low-level question that you probably could answer very easily. I have a Unifi system (Cloudkey, USG and APs) throughout my house - only one LAN and about 10-20 devices using it. I'm interested in the firewall security of my network but I don't want to burrow down into the deep complexities of configuration (unless I absolutely have to). I don't need any rules for any device on my LAN: I just want to feel safe about constant connection to the Internet. Scamming is rife here in Australia; I think I'm safe but, am I? With my basic network and simple needs, how effective is my USG firewall with its default settings?
Currently in the market for one of these. Thanks!
Chris i would wait if you can. In the beta store they already sell their updated line called dream machine.
I have one for sale if your still looking??
Hi there, USG is only firewall or is router +firewall, like microtik? Because microtik is firewall router. Thnx
USG is a router and firewall
Some of Ubiquity products are good, not USG. I would appreciate if you are objective in your review and point at the shortcomings also. I jumped on the bandwagon and bought a USG, after 3 days of frustration, of trying to get it to work with AT&T Fiber, I have had it. This is a junk product. The best this was able to do was 300MBps on a Gig line, most of the time, I got 120 MBps.
I'm looking for firewall and VPN to be able to view up ip cameras outside home network. I'll be running blue iris.
Would you recommend USG or edgerouter-x?
Home ISP speed 40/5.
Thanks for your support...
USG only officially supports L2P vpn, so it would work. The edge routers are nice as long as you don't mind command line configurations for advanced features or you could get the SG-1100 by Netgate ua-cam.com/video/6VqeB5eXjq0/v-deo.html that does offer OpenVPN support or Untangle ua-cam.com/video/dmCAePgVSUY/v-deo.html
@@LAWRENCESYSTEMS Thanks for the reply. I forgot to ask about pfsense. Glad you mentioned it.
Thanks again. I'll review you links.
Good Info, a quick question, do I still need to add the CloudKey to control the AP, or the USG already has this controller?
You don't *need* a CloudKey if you have another server (even a Raspberry Pi) handy to run the controller software on. The CK is just a convenient hardware host for the controller if you don't already have one. AFAIK the only other device that self-hosts the controller is the Dream Machine Pro, so unless you have a DMP you'll need to run the controller on either a CK or your own host.
Hi there, what is the best firewall for home and small office? How about microtik?
certainly not microtik, but USG and pfsense are both good depending on your use case.
For home and small office with max 20 computer finally which firewall hardware we can suggest for that? what is your suggestion!
Does it perform internet bonding of two WAN ports?
Do you need a stand alone controller or is it built in?
i have it and it hot like fire :D i wonder is it burn my house or only burn itself?
Can you advise whether you've found a way to have 2 LANs and 2 WANs at the same time, by reusing Console port for either LAN2/WAN2? Thanks
The console port is a serial port, not Ethernet so it can't be used for anything other than local direct attached management, something few people will do.
What is the difference among er-x vs er-10x vs ubiquiti unifi security gateway (usg) ? looking for a home router that is not hard to set-up.
Also, I hear people say you need a Cloud key? So an additional unit purchase?
You don't NEED cloud key, you need unifi controller running on something. That can be VM, rasberryPi, your daily driver computer. And it doesn't need to run 24/7, if you don't need log data. If you need logging then it should be 24/7 machine or cloud key.
Mine has a coil wine too
Can it do ad blocking like pfsence? I'm running a full desktop as my router that's wastes a ton of electricity.
u can do this via adguard dns in regular router
i need a firewall. is this what i should get or is there a better option?
Don't get the USG, ua-cam.com/video/ZI7zt1Vf8vE/v-deo.html
so if I get 250+mb at home, is this the device for me? I believe I saw that the Pro was a better choice over 100Mbit.
It will do over 250 as long as you turn off IPS/IDS
could you suggest products that can control which network segment VPN users can access?
Untangle Firewall or Pfsense have option for this
@@LAWRENCESYSTEMS thank you for your reply sir
Hi there, Edgerouter or USG gatway is good as firewall or opensense firewall??
forums.lawrencesystems.com
On the USG Pro, is VPN supported?
I can't seem to get VPN working for more than 1 person at a time.
You are probably using L2TP and that type of VPN has issues with more than one user behind the same public IP.
As a beginner in networks, watch this to try to understand what the user case for this is. After 5 minutes i left the video, ha have no idea what you where talking about, the json file, and taking about what the community does and not does etc. If you review something, please show the product, what it does, how it should be used with other products etc. Not everyone that watches the videos have deep networking knowledge, or huge knowledge of the ubiquity product portfolio. Good luck
My videos are not targeted at beginner level, plenty of other channels covering that.
Basic home users or basic device-only connectivity, sure use these overpriced devices, but for the usual home or basic user, I would go with TP-Link, Netgear, or any of them, after all you DO KNOW they ALL use the SAME open source software in their devices, RIGHT?!
Other than that, I simply put together a $500 dll pfsense device with an Intel J4105 Quad CPU (10 Watt), 5GB RAM, 120GB SSD and and the latest (I350) Intel quad Ethernet card.
Before this Intel CPU, 2, 3 years ago, I used AMD’s Kavini 5350 Quad core (25 Watts). All of them still going 100%.
Great video!
Can it work as a UTM?
wait a second, how did you get a motor city riot moped club sticker?
From riding with motorcity riot. ;)
Then I'm sorry for you, they're a bunch of fascists
only ever talked mopeds, not political ideologies
@@LAWRENCESYSTEMS well when they ban you for voting for a certain canidate... kinda makes me wonder why I helped found that club
Will this USG be suitable for a Home Setup with a VPN or is the EdgeMax better suited? Question from a Novice
What type of VPN?
I currently run a VPN on both my iPhones and my iPad by a company called Ivacy, it lets me pick which country I appear to be in. This type of VPN would mean I. Can watch all the U.K. catchup TV, I am from the U.K.
Lawrence Systems / PC Pickup I also have watched several videos of different people putting all their IOT devices on a different VLan and a separate WiFi network.
The problem I seem to have is the software seems to update so quickly and I don’t know how far the USG has come.
I currently have a Cloud Key Plus G2, 24 Port unmanaged switch and an 8 port switch on order.
@@LAWRENCESYSTEMS No I understand why you asked.... I need to do a whole load of unsupported stuff with the router in order to set up a VPN, Apologies.
The more I watch the less I seem to understand :(
That USG3P is so outdated, even getting those 3 circles green doesn't justify getting one.
Yeah, hardware is not powerful but you cannot say it doesnt work. I just bought 2nd one.
Highly overpriced for a gourmet NAT box. It's so limited in software support/features that it's even hard to call it a firewall. It could be a great product (has the hardware for that) if UBNT was worried about enhancing its features instead of simply releasing new products. If you need a simple NAT box, USG can do it. More than that, forget about it.
While I do agree the software on the front is a bit limited but with the USG Pro 4P you get quite a bit more performance, not to mention Unifi has been updating their IDS/IPS functionality. You can go into the command line and make deeper configurations if you need too. BUT I have never used the standard USG which I WOULD imagine as not being as good, especially for any business usage.
Have you thought about doing any Ubiquiti courses for the Udemy platform? I went over there trying to find a course on Ubiquiti to take only found 11 and I think at least 4 of them were Spanish.
I have never done any courses and not really planning to at this time.
@@LAWRENCESYSTEMS I understand, You would be good at it.
@@LAWRENCESYSTEMS If you ever decide to let me know. I will definitely take that course.
What is the CLI that you used for the test?
Iperf3
Meraki and Palo Alto baby
Please do a video on unifi fast roaming , that don't drop my voip calls.
so i'am a bit confused. I just purchased two UAP-NANOHD, a USG, and a unifi 24 port switch. will i still need to buy the edge router? and does it go, modem-usg-router then switch?
Chris A you don’t need an edge router. Just connect the LAN from the USG to the switch.
great video, I do have question to ask how do i contact you privately
www.lawrencesystems.com/hire-us/