*** Official Ubiquiti Discussion Thread ***

[WJA96]

My USG maxes out at 125Mbs on my 250Mbs / 30Mbs fibre, running 4.4.20 fimware, so I am hoping Ubiquiti bring out something with >0.5Gbs performance. If you are looking for >1Gbs IPS/IDS performance then a Watchguard Firebox T70 for approx £1200 may give better value performance., but it isn't Unifi though.

The much-hyped, never actually seen in Beta USG-HD-4, should do 500Mbps IF it ever sees the light of day. I have one of the Beta USG-XG-8s in our office in Salford Quays Media City and, running 5.7.20 it’s completely stable with IPS/IDS running at about 950Mbps but I’m having to edit the JSON to get it to forward on our fixed IP addresses and we’re using Mikrotik SFP+ RJ45 adaptors across the board because only the incoming fibre is actually a fibre. Everything else we have is copper.

I LOVE Unifi though.

Doesn’t the Watchguard need an annual subscription as well?

 

[Steveocee]

They need to swallow down and make the ER series dual bootable and combine the lines. The ER4 and ER6PoE(?) would be just what people are crying out for in Unifi land.

 

[WJA96]

Thank you for all the constructive responses. I am pleased I had overestimated on the cost front..and yeah if it’s the Ferrari of Wi-fi I definitely want in! Will check out some options and return for some more advice before ordering

EDIT : VM350/20

Right. The VM350/20 is quite important because if you want to run the brand-new super-duper Intrusion Prevention and Detection features of the latest Unifi Security Gateway firmwares, then you’ll need a faster router than the USG-3P in your original post. And the USG-4P (Pro) is £250 and even that maxes out at about 285Mbps.

If it was me, I’d leave it and just get the 3P as in your original post and not turn IPS/IDS on. Unless you’ve got something REALLY special on your network it’s very unlikely that anyone is going to hack it through that route anyway.

 

[Super Tigers]

Thank you for all the constructive responses. I am pleased I had overestimated on the cost front..and yeah if it’s the Ferrari of Wi-fi I definitely want in! Will check out some options and return for some more advice before ordering

EDIT : VM350/20

The Unifi Security Gateway won't cut the mustard with that VM350 line, you will be resticted to 125Mb/s with IPS / IDS enabled, if you disable IPS/IDS you should be able to utilise the full band width of your VM connection. You will have to decide if you need Intrusion Detection / Intrusion Prevention systems in your network. Are you expecting Black Hat attacks on your home network? I have had IPS enabled on my system for the last couple of months, my USG detects about 20-30 intrusion attempts per day, 95% are my VPN provider pinging my VPN software, a couple are my NAS getting updates for it's apps.
You pays your money and you takes your choice.

 

[WJA96]

They need to swallow down and make the ER series dual bootable and combine the lines. The ER4 and ER6PoE(?) would be just what people are crying out for in Unifi land.

Well, the USG-HD-4 is the same hardware as the ER4 so it will either launch, or it won’t. The issue I see with Unifi is that they have all the hardware in the world, but the controller software is very slow to catch up. When they hired Chris Buechler almost 2 years ago, everyone said “we’ll have pfSense on the USG very soon” and it just hasn’t happened. Apparently the older Unifi controller software was REALLY badly written and Chris Buechler basically started big chunks of the functions again from scratch. I’m not holding my breath for anything major anytime soon.

 

[Ev0]

Are there any details on the IDS/IPS stuff, is it signature based etc?

Be interested to see what capability it has on offer

*edit* ah see it uses suricata.

Enterprise IPS historically wasn’t exactly cheap, but with home speeds now being a lot higher will be interesting to see if/how things will change at this end of the market.

Some of the high end IPS boxes I’ve seen have had silly high hardware specs

That said, for majority of home users this probably isn’t something people outside of enthusiasts are interested in!

 

[Type_R]

The Unifi Security Gateway won't cut the mustard with that VM350 line, you will be resticted to 125Mb/s with IPS / IDS enabled, if you disable IPS/IDS you should be able to utilise the full band width of your VM connection. You will have to decide if you need Intrusion Detection / Intrusion Prevention systems in your network. Are you expecting Black Hat attacks on your home network? I have had IPS enabled on my system for the last couple of months, my USG detects about 20-30 intrusion attempts per day, 95% are my VPN provider pinging my VPN software, a couple are my NAS getting updates for it's apps.
You pays your money and you takes your choice.

I am pretty sure there is nothing worth having for someone to actively try and hack into my home network!

 

[WJA96]

I am pretty sure there is nothing worth having for someone to actively try and hack into my home network!

I’m sure someone will be checking later, just to be sure....

 

[Super Tigers]

I’m sure someone will be checking later, just to be sure....

My latest batch of detections from this morning.

When and if Unifi release the HD4 , I will buy one in a heart beat.

 

[#Chri5#]

Well, the USG-HD-4 is the same hardware as the ER4 so it will either launch, or it won’t. The issue I see with Unifi is that they have all the hardware in the world, but the controller software is very slow to catch up. When they hired Chris Buechler almost 2 years ago, everyone said “we’ll have pfSense on the USG very soon” and it just hasn’t happened. Apparently the older Unifi controller software was REALLY badly written and Chris Buechler basically started big chunks of the functions again from scratch. I’m not holding my breath for anything major anytime soon.

Did Ubiquiti ever mention a number of ports and form factor for the USG-HD-4?

 

[WJA96]

Did Ubiquiti ever mention a number of ports and form factor for the USG-HD-4?

Yes, in the Beta forums UBNT-cmb (Chris Buechler) said that he had one in his rack at home and said it was the same format as the EdgeRouter 4.

https://community.ubnt.com/t5/UniFi...-what-is-it/m-p/2081706/highlight/true#M10952

 

[DIABLO]

My latest batch of detections from this morning.
When and if Unifi release the HD4 , I will buy one in a heart beat.

Yet i haven't had a single one since Ubiquiti put the feature in.

 

[WJA96]

Yet i haven't had a single one since Ubiquiti put the feature in.

Seriously? Nothing? Are you sure you have it turned on? I get 5-50 hits per day. Mostly false positives but I think I did see one genuine “probe”. The problem is it’s REALLY hard to tell what’s a false positive sometimes.

 

[DIABLO]

Seriously? Nothing? Are you sure you have it turned on? I get 5-50 hits per day. Mostly false positives but I think I did see one genuine “probe”. The problem is it’s REALLY hard to tell what’s a false positive sometimes.

Yep, my events tab is clear. So unless something is not working correctly.

 

[#Chri5#]

Yes, in the Beta forums UBNT-cmb (Chris Buechler) said that he had one in his rack at home and said it was the same format as the EdgeRouter 4.

https://community.ubnt.com/t5/UniFi...-what-is-it/m-p/2081706/highlight/true#M10952

Cheers for the link. No hurry to replace my ageing SonicWall now I've finally got round to installing my 2nd LR AP over the weekend, will see what lands in the coming months.

Also upgraded my controller VM to 5.x, quite an upgrade from 4.x

 

[Si.]

HI,

I've just installed a Unifi AP Pro but since doing that I'm getting intermittent dropouts for all devices, even wired ones. I've had no issues until I installed the AP. I'm running it from one of the POE ports on a Unifi 60w 8 port switch. My controller isn't flagging any alerts.

Any ideas?

UPDATE: It appears that my Wired connections from the switch are loosing connection, however the WiFi (which is connected to the same switch) is not loosing connectivity.

 

[WJA96]

HI,

I've just installed a Unifi AP Pro but since doing that I'm getting intermittent dropouts for all devices, even wired ones. I've had no issues until I installed the AP. I'm running it from one of the POE ports on a Unifi 60w 8 port switch. My controller isn't flagging any alerts.

Any ideas?

UPDATE: It appears that my Wired connections from the switch are loosing connection, however the WiFi (which is connected to the same switch) is not loosing connectivity.

What controller and firmware are you running?

There is an issue with the latest “stable” firmware 3.9.27.8537 and if you’re on that you can probably still see an upgrade button that will downgrade you to 3.9.24.xxxx or 3.9.21.xxxx depending on your device.

The dropouts are reported in the firmware update discussion thread https://community.ubnt.com/t5/UniFi...37-for-UAP-USW-has-been-released/td-p/2285816

And are you running 5.7.20 controller or something more exotic? The current 5.8.x Beta controllers are not very stable in my experience.

 

[bledd]

Draw your network (including each cable) sounds like you've created a network loop.

 

[Si.]

I've been chatting to Unifi support. I'm not running the latest controller (I'm on 5.6.26). They recommended upgrading the controller and then the firmware on the devices. Support have been very good. My devices are not running the latest version because my controller isn't the latest.

 

[Kol]

Hi chaps. I've done an 'in-thread' search and not super conclusive so hoping someone knowledgable here can confirm if this is possible or not.

I used to have an ER-Lite partnered with my Unifi AP (I still have this but currently it's plugged into my VM Hub). I read that it is possible, using an ER and AP have discrete VLANs, where one of those VLANs would be more normal outbound connection and another VLAN could be routed via my VPN provider. It's then possible to have it so that one SSID is on one VLAN and another SSID the other VLAN. So, for example, if there was a scenario where I needed my data to go via the VPN provider, I simply change wifi.

Is that true and if so, is the ERX or the ERLite better for this task? I regret selling my ERLite as it was a cracking workhorse.