*** Official Ubiquiti Discussion Thread ***
- Thread starter RoyMi6
- Start date
-
- Tags
- home network rewire ubiquiti wifi
Soldato
You may as well slot in the USG. It will route 1Gbps if you don’t have IPS/IDS or Smart Queues switched on.
And unless you suspect your network is infected you don't need it but you can always switch it on if you suspect you are infected. Yes, your throughput will drop to about 130Mbps but it will tell you which clients are behaving oddly and once you have dealt with them, you can switch it back off again.
The IPS/IDS is UBNTs implementation of SNORT. It looks at your OUTGOING HTTP traffic and matches it against a list of known ‘bad’ locations (physical and virtual) and either flags that traffic (IPS) or blocks it (IDS). It can generally also spot ‘signatures’ of known vulnerabilities but if you’ve patched your systems when you should have done they’ll not be effective anyway. And to do this it needs access to the packet information so it’s crippled by anything encrypted so that’s anything HTTPS or anything over a secure VPN. It’s nearly pointless in reality.
It was added by UBNT in 2017 to the existing USG-3/USG-4P routers and all it did was make people demand and buy faster routers than the USG-3/USG-4P. And annoy users because it constantly generates false positives and blocks traffic requiring Admin level intervention to report the false positive and switch off IPS/IDS until UBNT sort out the false positive report and that can be a few days.
While the USG/UXG/UDM does the actual routing and firewall functionality, the controller is always in charge on the UniFi network so every capable device can use all the features available through the controller. Adopting the USG will give you access to every single feature the USG supports and I’d hazard to say that’s about 99% of all the currently available features. If you have a fast (300Mbps plus) connection you shouldn’t need Smart Queues and you can probably spot a PC running malware on your network without IPS/IDS yourself. It will be the one running like a dog with the hard drive light constantly flashing and maxing out its network connection. On a corporate network with dozens of servers and NAS boxes it might make it easier to track down an infected device but at home it’s likely you’ll spot it almost immediately because the whining teenager is whining about how how awful their computer is.
Try the USG - i bet it routes traffic pretty darn well. It was rated for 1Gbps at release and it’s a fairly capable router.
And unless you suspect your network is infected you don't need it but you can always switch it on if you suspect you are infected. Yes, your throughput will drop to about 130Mbps but it will tell you which clients are behaving oddly and once you have dealt with them, you can switch it back off again.
The IPS/IDS is UBNTs implementation of SNORT. It looks at your OUTGOING HTTP traffic and matches it against a list of known ‘bad’ locations (physical and virtual) and either flags that traffic (IPS) or blocks it (IDS). It can generally also spot ‘signatures’ of known vulnerabilities but if you’ve patched your systems when you should have done they’ll not be effective anyway. And to do this it needs access to the packet information so it’s crippled by anything encrypted so that’s anything HTTPS or anything over a secure VPN. It’s nearly pointless in reality.
It was added by UBNT in 2017 to the existing USG-3/USG-4P routers and all it did was make people demand and buy faster routers than the USG-3/USG-4P. And annoy users because it constantly generates false positives and blocks traffic requiring Admin level intervention to report the false positive and switch off IPS/IDS until UBNT sort out the false positive report and that can be a few days.
While the USG/UXG/UDM does the actual routing and firewall functionality, the controller is always in charge on the UniFi network so every capable device can use all the features available through the controller. Adopting the USG will give you access to every single feature the USG supports and I’d hazard to say that’s about 99% of all the currently available features. If you have a fast (300Mbps plus) connection you shouldn’t need Smart Queues and you can probably spot a PC running malware on your network without IPS/IDS yourself. It will be the one running like a dog with the hard drive light constantly flashing and maxing out its network connection. On a corporate network with dozens of servers and NAS boxes it might make it easier to track down an infected device but at home it’s likely you’ll spot it almost immediately because the whining teenager is whining about how how awful their computer is.
Try the USG - i bet it routes traffic pretty darn well. It was rated for 1Gbps at release and it’s a fairly capable router.
Last edited:
What's the verdict on the Unifi Express? Pricing seems quite attractive.
If I was to look at a starting point to eventually build out and include a second WAP to extend coverage, and one or two cameras, will it do the job, or need something else?
Weighing up ubiquity vs synology arm.
It doesn't run Protect so it won't do cameras, also 4 extra managed UniFi devices max so could be limiting if you intend to expand. If you want cameras you'd need a Cloud Key Gen 2 or an NVR, by which point you may as well use a cheap USG plus CKII, or get a UDM/UDM-SE.
For me it's a device you install at your parents/small ROBO for a very simple gateway/wifi only setup.
Soldato
Given how many here like Unifi products, I thought some might appreciate my mini rack 
. I designed and 3D printed it mid last year to help tidy the mess that used to live in this cupboard. It's a stackable modular design based on similar designs on Thingiverse but I modelled each one to fit my specific measurements and components. Each "layer" can be swapped out for a different panel to hold a different component (front and/or back), and likewise for each "spacer" between layers too. Some of the blocks on left hand side contain lugs to mount 120mm fans. I have 2x 120mm Noctua fans at a low RPM to get some airflow over things. Hidden inside at the back are a couple of PoE splitters that splits the power off an ethernet and allows you to connect a regular DC jack to help power other accessories (like the fans and fan controller, or other smart home dongles and internet bridges that usually require USB power). The EliteDesk is my home server running Plex and Home Assistant with masses of internal SSD storage, hence a specific spacer just for a CD drive 
(it's actually a BD drive that I use to rip my BD's and UHD's for Plex). I know the Unifi kit isn't the latest and greatest but it's been an absolute solid workhorse and continues doing so. Just need to do more cable tidy as always!
. I designed and 3D printed it mid last year to help tidy the mess that used to live in this cupboard. It's a stackable modular design based on similar designs on Thingiverse but I modelled each one to fit my specific measurements and components. Each "layer" can be swapped out for a different panel to hold a different component (front and/or back), and likewise for each "spacer" between layers too. Some of the blocks on left hand side contain lugs to mount 120mm fans. I have 2x 120mm Noctua fans at a low RPM to get some airflow over things. Hidden inside at the back are a couple of PoE splitters that splits the power off an ethernet and allows you to connect a regular DC jack to help power other accessories (like the fans and fan controller, or other smart home dongles and internet bridges that usually require USB power). The EliteDesk is my home server running Plex and Home Assistant with masses of internal SSD storage, hence a specific spacer just for a CD drive (it's actually a BD drive that I use to rip my BD's and UHD's for Plex). I know the Unifi kit isn't the latest and greatest but it's been an absolute solid workhorse and continues doing so. Just need to do more cable tidy as always!
Thanks that's very helpful
I'll give it a go
Soldato
Honestly no idea, it's not something I generally track. If I need something, I just print it and when I get low on filament I buy more. I'd guess maybe no more than 1kg spool's worth?? possibly less
Soldato
On mobile, can’t find the link?
Can anyone link please?
Edit:
Never mind, got the email. Seems like still with 1GBE ports(was hoping for 2.5GBE support.
Can anyone link please?
Edit:
Never mind, got the email. Seems like still with 1GBE ports(was hoping for 2.5GBE support.
Last edited:
Yeah it's not for me, they should have at least put either a single 2.5gbe LAN port on it or an SFP.
It's allowing WAN connections up to 2.5gb but no way of using that to any single host.
Another good update on the Network Application
Code:
Improvements
Added support for OSPF, limited to 1 OSPF instance. This requires a UniFi (Cloud) Gateway with firmware version 3.2.12 or newer.
Added TX retry columns to the Devices page.
Added AI Logs Network Viewer.
Added UPnP and Port Forwarding to the Network Viewer page.
Added 1h time range to Traffic Statistics.
Added additional IPv4 and IPv6 information in the ISP Panel.
Added InnerSpace for Network Application Servers.
A powerful deployment visualization tool that allows you to view your UniFi system's WiFi coverage in your own floor plan.
Allow searching clients by 802.1X Identity on the Clients page.
Improved DHCP Leased IP user experience and accuracy.
Improved Network isolation user experience.
Improved Firewall Rule creation user experience.
Improved Topology page user experience.
Improved Traffic Statistics user experience.
Improved Global Device and Client Isolation (ACL) user experience.
Show the assigned IPv6 address in Internet Settings.
List Traffic Rules in the Advanced Section of Traffic & Firewall Rules.
Hide delegation size when IPv6 is disabled in the ISP Panel.
Updated WiFi Network creation user experience when setup contains a 6GHz capable AP.
It will auto-select the 6GHz band and default to Encryption WPA2/WPA3.
Removed Score Page, we're fine-tuning it. It will make a return in a future release.
Removed VLAN range validation in the Internet Settings.
Bugfixes
Fixed inability to create more than 9 pre/post-authorization restrictions in Hotspot Manager.
Fixed the inability to add new payment options in Hotspot Manager in rare cases.
Fixed inability to complete upgrades from 8.0 to 8.1 in rare cases.
Fixed inability to specify external MongoDB.
Known issues
OSPF Default route redistribution is ineffective, this will be fixed in UniFi OS 4.0.
OSPF Hello/Dead values may different between the Network Application and the Configuration on the Gateway.
OSPF Passive Int
Last edited:
I've got the Ultra coming our £30 cheaper than the Lite? (£95 v £125)
I've have probably been tempted by a Gateway Ultra and two access points rather than an Express and an AP. Just a shame it doesn't have POE ports.
Associate
I got the UXG-Lite in January and now this essentially makes it redundant, for a much lower cost. It much be a misprice or I'm a bit
Yeah I was looking at the US store. So the question is probably even more confusing then, why is the device with the 2.5Gb port and 4 LAN interfaces cheaper? I can wait around a bit more until we get a 2.5Gb LAN as well as the WAN.
Last edited: