This product that has a huge caveat that limits it to many people's applications:
> UniFi Express supports up to 5 connected UniFi Network devices, including other UniFi Express units, switches, and WiFi access points.
Even my home has one AP per floor (3x) and 3x Unifi switches. This is clearly an artificial limitation for market segmentation reasons. I'm not going to rip out Unifi switches to go unmanaged, just for the pleasure of using Express. Hopefully nobody buys it without reading the small print.
I feel like the lack of Protect and the 5 UniFi device limit are going to really limit who will buy this even at this price.
> UniFi Express supports up to 5 connected UniFi Network devices, including other UniFi Express units, switches, and WiFi access points.
What does that even mean?
That it bundles a controller that is not "capable" of handling more than 5 unifi devices? Who comes up with shit like that? Lets punish people that get too dependent on us and tries to buy too many devices. Let's squeeze some more out of them and risk them switching to a competitor instead rather than build a relationship with us.
I've been worried about the future of unifi for my needs. The USG was a good deal. A bit slow (not gbit in routing but decent enough for most, not great VPN performance) but we have been waiting for an upgrade that surely was just around the corner for well over 6 years now YIKES! Feels like it has been out of stock for many years as well so hard to get replacements. The power bricks are starting to die, easy enough to get third party for that but feels like a dead end.
The nicer units are just overkill for most, and are quite hard to justify the cost. The ones targeted for the home do too much.
And just like that, I've missed the replacment(?!): UXG-lite
First glance, seems like it is a direct replacement, perfect! Exact same thing but newer and faster. And you get to host your own controller, that is a relief.
These are cheap enough that you can recommend your immediate family to get and then manage centrally in your own network.
Need to do some more research but for once I'm hopeful about ui.
Because someone will invariably buy this thing and then hang 15 access points off of it, and it won't be able to manage given build of materials this device has.
And then they'll be pissed off because it doesn't "do" what they want it to.
This thing is designed for what 95% of household's need. A router and one or two WAPs. That's really it.
Ubiquiti isn't convinced the hacky mess of MongoDB they run won't corrupt itself when it hits a resource constraint on this device, and they also want to avoid RMAs when the controller either wears out the small amount of our device storage from too many writes, or when the whole unit bogs down from too many paired devices.
The controller should really be off board, or the on-board controller should be tuned to communicate less with the devices it s and write significantly less often to storage.
If you need 6 or more unifi devices, that's quite advanced. And quite a large area. If you have such a big house and also need WiFi for your fancy lawn mower, I can't shed a tear for the 149 USD budget unifi decice not being adequate for you.
2 floor house + Outside is immediately 3 APs. You'll also need at least one PoE switch to power them. That's 4 devices already, without adding anything else like security cameras or similar.
or you buy a different product from a different vendor, due to dissatisfaction with artificial product tiering.
isn’t that typically the implicit message being sent by disgruntled customers complaining about a company’s seeming lack of foresight or excess of greed, or both?
We live in a 3 floor 1800 sq.ft. house, with have a garage that is 300 ft away. My single UAP-AC-LR manages to cover this quite nicely, only the far corner of the garage has poor connection, out in the garden it's excellent.
Unless all the walls in your house are heavily reinforced concrete, I don't see how you need that many APs.
Are you using 2.4 or 5ghz? 2.4 will blast through walls, to an extent, where 5ghz will struggle. I’ve seen situations where the 2.4 band is completely saturated by neighbors and the solution was that every other room needs its own 5ghz puddle to achieve top speeds.
This kind of setup is easily achievable with UniFI POE gear, but will hit the 5 device limit of this router. The original USG didn’t have this limit.
Over here houses typically are built with reinforced concrete floors, and double brick walls. Also, building up instead of out is normal, so many have a basement, ground floor and 2 upper levels.
Having one AP per floor is normal for coverage, so that would be 4 to serve the inside.
I live in a wooden house, which is kind of ideal yes. You say brick, which isn't actually that bad, if you reference the classic NIST report [1].
And even in a brick house a lot of the interior walls are still just plywood or drywall, even in the UK AFAIK.
What is interesting though is that OP said it is sufficient with one AP per floor plus one outside. So apparently propagation within one floor is fine, but between floors or to the exterior is not. In that case, it has to be a building where the interior walls are mostly just drywall, and the exterior walls and floor slabs are reinforced concrete with little in terms of openings. Which sounds more like an apartment building than anything else?
I think it depends largely on age - “new builds” (1980s onwards) often have a brick partition wall down the middle and the rest plaster/wood stud. The last couple of houses (significantly older) I’ve lived in have been pretty much all brick walls.
We’ve got 3 UniFi APs downstairs here, 2 up. There are still things on the periphery that only just cling on, and when you’ve got stuff like that it takes a lot of airtime.
I guarantee you approximately everyone that does not work in tech has one AP, the one provided by their ISP. Unifi already has a range of prosumer products, this is them moving into the consumer space.
The limitation is totally product segmentation, since their prosumer equivalent all in one (the UDR) costs double, but that's fine, I feel. It's not like they're raising the price of the existing offerings because this budget model exists.
I know so many people who don't work in tech - some who work in blue collar jobs, in fact - that have Eero or Orbi or similar easy to use network extenders set up. Wanting to have wifi coverage away from the ISP-provided router isn't something that only tech insiders desire.
> I guarantee you approximately everyone that does not work in tech has one AP, the one provided by their ISP. Unifi already has a range of prosumer products, this is them moving into the consumer space.
I'm not sure what are you trying to say with this - yes, obviously, people who don't buy extra APs don't have extra APs, but why are they relevant to conversation about UniFi prosumer products?
It's not like UniFi customer base is a person who doesn't use anything outside their ISP equpiment.
This isn't a prosumer product. You aren't adding these to an existing Unifi install. The prosumer version of this device is the UDR. This is Unifi releasing a cheap consumer product so when you, as a person who knows their tech stack, need to suggest a all in one device for someone who would otherwise have just an ISP router, there is a product that costs in the same price range as the netgears and tp-link devices in that range. Or when someone curious about upgrading from the bargain basement tier to mid range equipment has a new cheaper entry level product which might encourage them to try.
This absolutely is a prosumer product - by your own sentence: normal customers do not buy routers and APs like this. They use their ISP gear with maybe something much cheaper added once in a while.
Those are different sites, you wouldn't have 8 routers in one place.
So I guess each one of those devices can manage 5 unifi devices, going only by the image it looks like in their setup there is one AP for each device (if that is how the ui works).
The former, EdgeSwitch / EdgeRouter (all black in color), didn't have this low of a limit. I still run a 48 port, 500W PoE switch in my main rack at home and it's got limit of 255 active VLAN.
Genuinely curious What do you need 50+ vlans for? It feels like you could have physical lans to separate or simply different subnets? It’s hard for me to imagine why you would want to aggregate so many vlans over a single physical connection?
In certain scenarios, it may be necessary to assign multiple VLAN tags to the same network port. This is particularly common in environments where devices connected to that port need access to different network segments simultaneously.
For example, a networked device in a conference room might require access to VLANs designated for both guest internet and internal company resources. In this case, the port would be configured as a 'trunk' port, allowing traffic from multiple VLANs (each identified by a unique tag) to pass through. This setup ensures that the device can communicate across different departmental or functional network segments, such as VLANs for e.g. IT, Marketing, or Sales, etc.
Using VLANs over physical LANs or different subnets is fundamentally about enhancing network management efficiency and flexibility. The core advantage of VLANs is that they allow network administrators to segment and manage the network logically without the need for physical rearrangements. This means an engineer can configure and reconfigure network segments without the need to physically move cables or hardware (or even be on-site).
This doesn’t answer the question about needing more than 50.
Even if there are 20 departments, a development, testing/qa, and production server environment, phones, printers, 12 conference rooms, a dmz, an IoT, staff, and guest wifi, backups on their own vlan, a management vlan, and multiple vpns, you would still come under 50 with a few more to spare.
If you have a network like this it might also behoove you to physically separate it out so guest infrastructure and production, and management interfaces are all on completely different devices and thus each network doesn’t need all vlans.
Unifi doesn’t sell the highest quality of equipment that could necessarily support more complex environments in the first place but needing more than 50 vlans on one physical network sounds almost unsustainable.
Another confused product from UniFi. Is it targeting home users or businesses? It looks like businesses from their web page yet feels very much like a better fit for home.
It only runs UniFi Network, so you have to buy more things, that also run UniFi Network, to get into any of their other products like Protect.
I like their stuff but lately a lot of their stuff feels just confused to me, like they don't know what they want to be.
I bought into their unifi ecosystem years ago. Separate devices, prosumer pricing, features and quality, single pane of glass.
... And I haven't upgraded anything since. Their new products are totally undirected, they aren't making items that are obvious and needed. Their software is falling behind and they just don't care.
Case in point: the usg pro 4 is years old but they havent released an updated affordable just-the-border device. Their new stuff like the dream machine, and now this, just isn't the right thing to replace what was there before. The VPN on there doesn't work with recent Android or iPhone, and they just don't care.
Adding even the most basic firewall rules is hard. The single pane of glass got a major interface overhaul, and they added a huge amount of hard-to-turn-off phone-home crap at the same time. Enshittification reigns supreme.
And don't forget other runty hardware like the poe ceiling lights and doorbell.
The company just needs to buckle down, make good stuff, fire the product astronauts, fix obvious major problems before adding pointless new features.
... Suffice to say, my next hardware refresh almost certainly won't be from this company.
I don't disagree, but since buying the UDM-Pro years ago, I feel like the software has gotten great. And recently, they've baked in Wireguard replacing L2TP.
Personally, I'd like to see more prosumer devices that support 2.5GbE/10GbE.
People always raise Wireguard as the end-all of VPN and yet its 2023 and there's virtually no way to deploy it in a business context.
InTune doesn't even list it as a supported VPN, and everything I see to deploy it suggests some kind of hack to bypass UAC for one specific app because the end-user software requires Admin permissions to startup and hook.
When we use L2TP with UDM Pro we get ~0.1Mbps across the wire from macOS and ~20Mbps across the wire with Windows, and yet the same VPN server running on a Mikrotik will easily achieve ~300Mbps. L2TP is so easy to deploy .. it's built into Windows and macOS. I wish they would just stop telling everyone to switch to WG and fix the performance issue that is clearly Unifi specific.
NB we are a business and our average spend for Unifi is $50K per year so we have a right to complain.
Isn't it normal that changing the destination of all of a system's network traffic would require admin permissions? Why does that make you think it's a hack?
It's completely reasonable that it requires admin permissions, but what I'm saying is that the other protocols (i.e. L2TP) that are built into macOS/Windows and mobile devices are integrated in such a way that they do not.
Most businesses never give their users admin permissions because it's a security can-of-worms, so for Unifi to push Wireguard for business doesn't make much sense. Happy for someone to point me at a turnkey Wireguard solution that just-works with InTune.
> InTune doesn't even list it as a supported VPN, and everything I see to deploy it suggests some kind of hack to bypass UAC for one specific app because the end-user software requires Admin permissions to startup and hook.
L2TP performance issues aside, I don't see how it's UniFi's fault that Microsoft's ecosystem is poor. I don't have many positive things to say about InTune.
Barely can break 350mbps with IDs and IPS enabled and starts getting buffer overload. I'm pretty sure Mikrotik had a faster router a few years before the usg4 hit the market for about the same price.
what unifi sold people on was cloud managed easy config and it just started working somewhat in the last version for me. Really feels like they need to triple down on the software front and beef the midrange hardware.
I just looked the other day - as I'm getting symmetric 2gb fiber in a few months and unifi has some wild high end router but it seems like it needs more on the CPU and ram front still, too. OpenSense here I come?
Without necessarily defending Ubiquiti's oftentimes-weird product lineup, IDS/IPS are basically useless, so there's not much point worrying about what they do to raw WAN speed.
I wouldn't say they went to shit, but their products moved away from what I wanted. I had an ER-X and APs and they worked well. I'd like an upgraded ER-X, but don't need a UDM. I ended up continuing to use my ER-X and use Eeros for the APs - got them super cheap on some Amazon deal.
Same here. I have a ER-X deployed to provide internet acces to a bunch of servers. I don't need any cloud service and stuff, just a router with some firewall and NAT.
My next product will be so ething else, because all the new stuff doesn't buy into the "KISS" anymore.
An updated ER-X with double the ports would be awesome. That's just not a market that ubnt seems to want to be in now. Cloud connected everything isn't something I want.
I just upgraded my networking and wifi and had the intention of going with unifi equipment rather than the consumer grade stuff. I was shocked to see that they don't have 2.5GbE or Wifi 6E options for their equipment.
They do have 2.5GbE through the dream machine special edition, also anything that is an SFE port you can put in a 2.5 or 10gbit ethernet jack if you need it. I get the general impression that they just want to go straight to 10gbit and not do 2.5gbit much.
But then you lose many of the benefits of a single pane of glass.
There's also the trust issue; the VPN problem has been known for years. If they won't maintain a key security component of their key security device, why would I trust them with anything?
They want to get income like a hardware store, but sell their product as if their value is software, that they then don't maintain because its not selling their latest hardware.
If you want to deploy a typical small office traditionally you’d have wifi, switching, routing, firewall, vpn. Typically some of this would be integrated into a single box (routing and firewall for example), but you have a bunch of different specialist bits of equipment to manage and interoperate.
This is unifi’s version of “we provide a one stop shop”, with your entire network managed through a single and of glass
You’re 10 years out of date. With certificate pinning the dubious benefits of breaking SSL and introducing major severity risk no longer works, far too many exceptions to manage
That’s…Not an accurate description of how things work in the real world. There are large enterprises out there with NGFWs that aren’t doing much TLS inspection.
Your average mom and pop business is more likely to have a wifi AP/router/NAT gateway combo from their ISP than something as feature rich as Unifi, let alone a real NGFW.
Every major company I’ve been at absolutely positively does NOT MitM their own traffic. They pay security people well enough to realize what a massive hole that creates in their security posture, and makes the intercepting appliance a cess pit of regulatory toxic waste. PCI, MNPI, even HIPPA from employees visiting their health insurance site? Check, check, check! All on a silver platter for insiders and hackers.
I can tell you for a fact, having worked at them in a senior executive technical role with responsibility for security, that at least the top banks do not do this, and definitely not tech giants like Amazon. I am certain others do - but this doesn’t make it a good idea. There are a lot of bone headed things that networking hardware companies convince deep pocketed customers to do that they shouldn’t. Creating the ability to intercept traffic means none of your communications are secure within their TLS tunnels because there exists a well known and discoverable single point of failure for literally all traffic in the network.
Finally URL categorization isn’t perfect, and you end up with a leaky solution that is again, as I said, a giant cess pit of regulatory toxic waste.
Several top banks ($20b revenue +) I've contracted at internationally do MITM most of their TLS traffic to the internet, either via transparent gateway or http proxy. As do top manufacturers, insurance companies, government agencies, etc. It is probably 60/40 MITM vs not in my experience. It's a pain.
We MITM traffic at places I've been at, including government/charities. If you truly have a 'NGFW' then you can easily configure it to not MITM traffic based on categories, like healthcare.
It's pretty easy when you have your own PKI infrastructure. Which is surprisingly manageable if you have decent people running active directory services. Which is usually the single source of truth for LDAP integrations with NGFW anyway.
You can do cool things like having corporate devices have their own machine certificates that enable an always on VPN to access central resources (updates, AD, etc.) and switch to a user profile certificate as soon as a user logs into the device to get VPN/firewall access to resources that user needs.
It solves the pre-pipping problem of sending out devices to remote workers without them having to login before hand to load their profile on the same network as AD. And it's secure.
The alternative is to go cloud and in-tune everything and use Entra id, etc. which seems more popular but you lose a lot of control in my opinion and have a massive attack surface because unlike on-prem AD, the cloud is just some amorphous blob that you can't lock down using the usual things like firewalls.
I'd say, based on my experience, that if there's an 'average' big corp, they do targeted TLS proxy: on most or all of their inbound traffic to hosted services and limited category by category decryption outbound. Yes, they are absolutely concerned about legitimate regulatory and privacy concerns, but they are also concerned about data being exfiltrated, phishing attempts, identifying malicious payloads, etc.
Pretty sure that is not true, almost every major security vendors recommends Deep packet inspection of unknown traffic (which requires Decryption)
Most of the time there are white lists that exempt huge amounts of known traffic to common SaaS services, and known company resources (like Health Insurance) traffic, but if it not a known service than that traffic should absolutely been decrypted and inspected.
I love ubiquiti. My entire home network runs on their gear, with self-hosted management. I have infra deployed across the country in a remote office that runs their gear, with a cloud key. It's solid stuff all around.
Don’t use any of their unifi routers tho, can’t speak to that. I have an ER-4 at home and the remote office has a pfsense 1U.
I kinda hate Ubiquiti routers. My UDM Pro felt like a total scam, with the IDS/IPS being nowhere close to advertised. They promised but never introduced WireGuard. I also experienced strange bugs in the stack.
I eventually moved to OPNSense but the router I bought from them died. The interface was too cumbersome anyways, from the perspective of someone that just wanted WireGuard server+client, IPS/IDS, and VLAN.
I finally moved to Firewalla and it is lightyears ahead of Ubiquiti, OPNSense, and any other solution I've tried from a power user perspective. I use this with Ubiquiti APs connected to my Pi running the Ubiquiti management software, which works out quite well.
The Firewalla is far easier to use, has a way better UX, and covers 95% of the power user tasks.
Firewalla looks like ~$500 for a $50 device, closed source, includes free VPN, and ad blocking DNS…
Seems like all you can do I hope they do not spy on your traffic and sell data. I run a reputable VPN for that very reason I don’t trust even my publically traded ISP.
IDK, seems suspect. Or at least requires more trust than I am willing to hand out.
You seem to be confusing the built in VPN server for a VPN provider. I do not see a "free VPN" mentioned anywhere on the website or in the app. All this enables you to do is access your home network remotely, your data isn't being funneled to a third party server because the server is your router.
The DNS defaults to Cloudflare if I remember correctly. You can replace it with Unbound or DNS over TLS with your provider of choice.
The ad blocking is done with locally downloaded blocklists.
And you can do much more than VPN/DNS, so I'm not sure why you walked away with the impression that this is all you can do. You can configure VLANs, you get IPS/IDS, push alerts to your phone, tons of other features that put it more than on par with OPNSense/PFSense for my use case.
Regarding price, the value is in the software. Firewalla's UX is so far ahead of OPNSense or a UDM that I can't fathom going back to one of those. Seriously, both feel positively prehistoric in comparison. And I'm fine with paying for that, because software is expensive, and apparently no one else has managed easy to use software that supports a prosumer featureset, and I was sick of spending hours configuring my UDM or OPNSense router.
I get your concern about closed source, but that's not a problem for me personally - most of my devices run closed source code, including my Ubiquiti gear, and it's not like anyone compiles OPNSense or PFSense from scratch when installing onto their router anyways.
The thing cools fanlessly/passively, can do IDS/IPS + WireGuard server and client at 1Gb speeds, and is trivially easy to configure even with a smartphone, which neither my OPNSense DEC-840 or my UDM Pro could do (at much greater price points.) If you can find similar functionality and ease of use at a lesser price point, I'd love to know.
I had hesitation paying so much for a gateway but I gave it a shot and it’s amazing. It does what a gateway should do - notify you when things join your network, let you know if something is using “abnormal” amounts of data.. playing games (kids)… the device is worth $50.. but the software is worth the other $450 easily. If you have any care what goes on on your home network, buy a Firewalla. I’m honestly shocked they haven’t got bought and forced to some monthly subscription BS.
> I’m honestly shocked they haven’t got bought and forced to some monthly subscription BS.
Give it time. Nothing has made me believe in community-driven FOSS like watching the alternatives over a long enough time span. And to be fair, sometimes it really is a long time span, but the outcome is nearly always the same in the end.
I upgraded from Ubiquiti USG to Firewalla (Gold). I confirm what others who have experience with both are saying: the Firewalla UX is better by a wide margin.
I regret my time spent on Ubiquiti devices at home use, in the past five years my view has changed from very positive to entirely negative. They are getting worse instead of better, I am seriously considering getting rid of all Ubiquiti devices from my home, Ubiquiti software updates lack testing and break things often, I simply don’t have time to baby sit them anymore. Their iOS app has become harder to navigate with feature loss instead of improvement as well.
My Ubiquiti setup (one LR and one lite) was done back in 2018, devices on the network is roughly the same in the past 5 years, only phones laptops changed due to upgrades. Since 2020/21 their firmware updates started dropping support of old device randomly, or support become worse (devices get disconnected frequently or full bar but not responsive). First was my Kindle 3G keyboard, then Fitbit Aria Scale, then quite a few smart switches/plugs. I literally scratched my head to understand the settings, but they just won’t connect to the Ubiquiti AP. I had to buy an Eero as backup and continuously migrate these older devices as they are unable to connect. Their most recent firmware update last week kicked my Sony TV off the network(bought in 2018), I have no idea what they are thinking and wasted 1 hour rebooting and blaming Sony, then found it connect to the Eero AP just fine.
This sounds somewhat similar to a problem I had with the same generation of equipment, but in an install with about half a dozen APs.
After I completely wiped the site configuration and migrated to the "new way" of doing it (I wish I had taken notes, I don't play with it often) and ensuring each AP got a fresh configuration, things stopped being "Weird".
I especially had issues with various IoT style sensors (e.g. ESP32) falling off, my largest annoyance was water leak sensors.
I wish I had some more technical notes to hand you, but it was definitely worth the evening of my time to basically "turn it off and back on again" from scratch.
I’ve definitely gone off their routers since they basically abandoned the EdgeRouter line. I still use their APs for now, sometimes the switches, they’re all pretty solid, but I’ve been gradually getting more and more negative about Ubiquiti in general…
Same here, I love the UDM Pro SE. Blocking application layer stuff like QUIC is just a couple clicks away. It has decent intrusion detection and response alongside other easy to configure firewall settings.
Udm pro SE is the best thing I bought.
10g, protect for camera selfhosting which works great, new updates made wireguard first class citizen, and if you want anything more complicated it's just a dumb debian underneath (which I do a bunch of stuff).
When UDM shows you QUIC eats up the majority of your bandwidth you may decide to click to add a rule to block it. You may see a large reduction in overall daily bandwidth as a result. If you watch YouTube you are using QUIC. Certain QUIC vulnerabilities are a 3 or 4 packet compromise.
QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth.
I like Google Dart and other Google products but I see too many potential issues with QUIC. From my personal experience it has behaved suspiciously on my network.
This is a particular implementation of the QUIC protocol (which is now fixed). Do you think there haven't been vulnerabilities against TCP? Certainly TCP is battle-hardened, but QUIC will get there too.
It's not a particularly good setup, but it's also not a particularly bad one.
Actual prosumer+ products like Sophos XG (free), Untangle Home, *sense blow it out of the water, though, by giving actual offerings for features where Unifi gives a diet version.
That all being said, it's definitely a cut above most consumer networking setups, maybe with the exception of Asus -- they do a pretty solid job.
The UniFi hardware is always tempting but the ecosystem is such a turn-off. I've never felt like my home network required vendor lock-in, cloud management and proprietary management software/firmware.
I was so displeased with having to run a proprietary server on my internal infrastructure (which depended on MongoDB of all things, which no distro seems to ship anymore) just to manage my UniFi AP-Lite that I flashed it with OpenWRT and never looked back.
I'll stick to my PCEngines box running OpenBSD + mikrotik managed switches + OpenWRT, thanks.
This setup is hardly much more complicated than the inherent complexity of any non-trivial home network and can be managed with SSH and a web browser.
I want to like UI products, they seem to be the choice for prosumer equipment, but the lack of 10Gb networking is disappointing. WiFi 6/6e is multi-Gig but most devices only have the capacity to route/switch at the line rate of the physical ports.
This is probably asking for too much but I would a set-up that allows me to operate at home:
- 10Gb router (packet switching to fully saturate the number of physical ports)
- 10Gb switch
- 6/6e AP
- 10Gb firewall with IPS/IDS
Even just wanting a 10Gb switch for the home is nearly impossible, I doubt I will find a 10Gb router/ngfw that runs at line rate.
It seems strange that networking, outside of the data centre and WiFi, seems to be stuck in 2001.
The lack of 10G across the board in consumer devices is disappointing.
Somewhere in the early 00s computers started to come standard with gigabit. I think you could order a PowerMac G4 with gigabit in 2000. To put that in perspective, at that time VCRs were still the most popular way to watch a movie.
gbit speeds are usually good enough for the majority of applications. even your 6e ap will not archive more than a gbit in most real world scenarios (not testing).
the tables turn slowly, but the mass market for 10gig is just not here yet besides all-10gig soho switches beeing available for some time now.
major point: 10gig uses vastly more power than 1gig, making integration (esp. in laptops) challenging.
other point: ids/dpi at 10gig line speed is challenging, requiring a powerful cpu on the router and flawless integration.
> even your 6e ap will not archive more than a gbit in most real world scenarios
au contraire; even for wifi 5 aps like original Turris Omnia (3x3 MIMO, 80 MHz) or Ubiquiti nanoHD (4x4 MIMO, 80 MHz), the gigabit uplink was the bottleneck.
> major point: 10gig uses vastly more power than 1gig, making integration (esp. in laptops) challenging.
Only 10GBase-T. For a networking equipment, you would want SFP+ anyway.
Laptops slowly are losing wired Ethernet entirely. Meanwhile, 2.5GBase-T is still good enough for laptops, and does not represent integration challenges.
There are still far more people below gigabit speeds than there are people hitting their gig. As more fiber is deployed that may change, but it's still a very functional device regardless.
Exactly my thought. Why not just spend the little extra and do 2.5G ports.
There is one potential hurdle though: they specifically mention that it can handle 1G of traffic even if you enable a bunch of features. They would have had to upgrade the processors to be able to make the same claim at 2.5
That's with all the features on though right? I'm sure a lot of folks wouldn't be using VPN, deep packet inspection, ad blocking, a large number of routes and vlans, IDS, caching etc all at once, it hardly takes any CPU processing to simply route 2.5G (or hell, even 10G) through a firewall.
Solid points, but there’s a little bit of history (the details are fuzzy for me so apologies to anything I get wrong): When 1Gbps internet connections were starting to be widely available Unifi put out some “1Gbps” products that could only route 1Gbps with nothing turned on. It quickly dropped to 300Mbps if someone wanted to use any of the Unifi features and people called them out.
If they are making it a point to address that in this current product I feel like they want to make sure that type of call out doesn’t happen again.
This is surprisingly common, SonicWall devices are kind of market segmented by how much they can process with security services enabled. We installed 50/50 fiber at a customer location and their SonicWall had a gig WAN, but with the device set to "Maximum Security" it only got about 30-35 meg download speed. "Performance Optimized" let it hit the 50/50 lmao
Why should a backup from my laptop to my file server be limited to 1gbps? Has nothing to do with outside connection. Tehre are a lot of use cases for faster home networking irrelevant of network speed to the external world
Sure, but it's just a single port LAN router. If you have a 10G switch it's going to have a MAC table and let your laptop talk directly to your file server over Ethernet.
Otherwise the wireless throughput is nowhere near gigabit so you would be limited by that anyway.
If we're being arbitrary who cares if it has fast Ethernet? 10 megabit is enough to stream Netflix.
Perhaps putting it another way will help -- according to the FCC's most recently release Internet reports[1], only 13% of subscribers have at least 940 mbps down. However, 57% are at least 100 mbps, but less than 940 mbps. There's a juicer market segment for gig and below than there is for above gig. Increasing the prices to attract 13% of the market isn't terribly worth it in this case.
From reports online the UDM-SE won’t actually NAT close to 10 Gbps and the manufacturer doesn’t provide any NAT performance numbers…so it becomes a bottle neck if you have 10 Gbps internet which is widely available and not that expensive my part of the world. (Hong Kong).
The only reasonably priced router I could find about 6 months ago that would NAT at line speed was the TP-LINK Onada ER8411. I ended up going with an all Oanda network which seems to work fine but ubiquiti had originally been my first choice.
I recently encounter this as my ISP upgraded me to 10 Gbps over fiber: the UDM-PRO/SE does/can have a 10/2.5 Gbps WAN port over SPF+, but all the Ethernet ports go over to the COU via the same 1/2.5Gbps interface bottleneck [1]. If you really want to use your 10/2.5 Gbps you’re going to have run your services directly on the UDM or go out though the SPF+ port and serve from there via another switch, but then the point of having an UDM is kinda moot. I wish this was more explicitly advertised when I first bought it.
This is to my massive irritation. I don't want to use the router built into my cable modem, but my Internet is 1.2gb and I feel like I'm throwing money away.
Routers with 2.5gbe uplink are hard to find and even more expensive.
The Mikrotik RB5009 is very affordable and has both SFP+ and 1x 2.5G Ethernet. And you can use either port as WAN or LAN depending on your setup. Will still need a switch however if you have more 2.5G clients.
Arguably, > 1G is outside the range of home equipment as most consumers have no need for it. You're asking a 2.5G router, a WiFi 6 AP, and a multi-gig switch all in one package. Most people who care about these also know better than to buy an all-in-one router since they are typically very limited in configuration options, especially if you need any sort of routing tables.
ASUS has some all-in-ones with 2x 10GbE ports but I wouldn't recommend them to anyone.
I disagree. Maybe 5 years ago that was true, but I have very affordable Comcast home internet that is 1.2gb - and it's only expected to get faster. I know very few people who don't have gigabit these days. Between Cable and Fiber it's cheap and regularly available.
The market is undeserving the everyday consumer.
It's why there are multiple YouTube channels dedicated to reviewing Chinese no-name 2.5gb switches from AliExpress. The big names have just turned to blind eye to pump out the same outdated devices they've been pumping out for years.
This is my problem too. I love Ubiquiti's stuff when it works, but my home switches 10Gig at the moment, and 10Gig from my ISP is coming soon. Right now I run a full-on firewall 1U main server/router that can do that, but I'd drop it in a heartbeat if Ubiquiti had a reasonably priced (sub $1K) 10Gig version of exactly this product.
I had one arrive yesterday and hooked it up today, was worried I'd foul things up somehow since I'd never replaced the Gateway before (my USG was 6 or 7 years old I think) but I just removed the old one, plugged in the new one, adopted it, and off we went. My cable modem seemed to need a reboot but that was it.
I had never enabled the traffic inspection stuff on the USG, so it was neat to finally get a look at that stuff after having it inactive for years. I'd been thinking about getting one of the UDM things but since the USG was working well I figured I'd wait until something like this came along. So far, so good!
This doesn't really seem comparable -- the big draw to the Express seems to be the WiFi built-in; at $149 for the Express vs $172 for the Gateway Lite + (at least) ~$100 for an AP, these are entirely different categories.
I don't think they're saying they're comparable, its just that a lot of people were waiting for the cheaper standalone firewall, which is what the gateway lite is. also its $129 not $172.
You've got it. I'm on my third boot drive replacement on my USG, have been worried that eventually something was going to break that I couldn't fix. Being able to enable traffic inspection and IDS will be great.
I am quite turned off after a short honeymoon with unifi. They push setup via their mobile apps to the point that connecting to a dreammachine and entering its ip adress just shows a download link to the app store. The app could not connect without any hint of reason so i just consider this bricket now. Even before there were many red flags such as login flows to a local device going via .com domains. Completely confusing architecture where it is not obvious to me what parts of the admin setup run on unifis servers vs on the device. Why do all companies selling great looking devices poison everything with their cloud crap.
Companies aren’t satisfied with selling a great product for a profit, they have to keep growing. Their view is that not doing things like cloud services, adverts, selling personal data, etc is “leaving money on the table”
I love unifi, I have a dream router, and three APs in an airbnb. And it's really solid.
But man, it's just too hard to find available stock. It took me time to find the dream router and even now it's out of stock, and, this new device is also out of stock.
I watched a video yesterday from a german medical cannabis business where I recognized unifi APs in the building. Their camera system was (as one would imagine) unifi too.
2. The IDS/IPS is an inadequate Suricata instance with outdated rulesets and no SSL inspection.
3. There is nothing comparable to a WAF.
Gun to my head, I'd trust ASUS AI protect for a business router to substantially outperform Unifi's security offerings.
The ASUS at least knows what it is and what it can be: basically a glorified WAF. IDS/IPS don't even work well with up to date rulesets if they can't decrypt traffic.
“Inadequate” depends a lot on what you’re doing. I wouldn’t use any of this stuff in a datacenter but for a small business or branch office it’s totally fine.
Feel free to flog their network engineers. Most businesses (likely in the order of 99%) have precisely zero network engineers. So, it’ll be a pretty quick flogging.
You are forgetting that most business' needs are extremely minimal. By volume there are more bakeries, bars, gyms, one man doctor's offices, little car dealerships, hair salons than businesses that have actual IT needs. And for those businesses a dream router is fine if not a bit overkill.
Every small business within driving distance of me seems to have Ubiquiti WiFi on their walls/ceilings. Seriously, in the businesses where they provide free customer wifi these things are everywhere.
UniFi requires a controller that gives you a single pane of glass style interface to control everything. Most of their controllers can run multiple applications, the top two being Network and Protect. Network runs their Routing, WiFi AP's, and Switches and gives you in depth data about what's going on where. Protect is their NVR system, which also does some AI stuff and ties into a few other things like Ring does.
This device is a bit low powered, so only runs Network; they do sell standalone NVR's that will tie into it and run Protect. The $50 more expensive UniFi Dream router is similar, but has a switch with POE built in to run a couple of AP's or cameras, and can run both Network and Protect (with caveats; it's not terribly powerful and it only saves Protect footage to an SD card).
So you can think of it as just a fancy AP, but it's also the base building block of a much larger ecosystem.
As a note, the weakest link of the system is, IMO, the routing. Running UniFi with a more professional router of choice is a common way to go.
Everything on one screen in a GUI with graphs. I THINK it comes from aviation, where the transition from steam gauges to MFDs to really big MFDs meant some massive UI changes.
That may not be quite accurate, but it’s as close as my brain can do this late.
It just means a unified (sorry) UI that handles everything, instead of having say one system/UI for routing, another for LAN management, another for firewall, etc etc where nothing necessarily knows about the others.
I don't get why anyone would want/need the Unifi controller but doesn't already have somewhere to run the controller. I just ran it on my NAS but presumably could be run on a Raspi or something.
> UniFi Express is a complete UniFi Networking stack in an ultra-compact, plug-and-play form factor. It runs UniFi Network and features a powerful gateway engine and built-in WiFi 6 with seamless meshing.
Read this several times. Still don't know what I am looking at. What is "UniFi Networking stack", what is "UniFi Network"? Is it a WiFi router? I use a TP-Link router at home, and they don't sell it as "TP-Link Networking stack".
While TP-Link offers simple routers and basic networking equipment (which I’ve found to be 100% reliable at home), they do also offer their Omada based products which seem to compete with Ubiquity’s products.
All their Omada products can communicate with a controller which can auto configure the devices and actively coordinate handover of clients between WiFi APs.
I’m running it in my house and I’m pretty happy. Through the controller web page UI you centrally define your VLANs and wireless networks and then it updates all your equipment configuration for you.
I don’t think I’d ever bother with their gateway product as pfSense seems to be way more capable.
More complex networks (e.g. in commercial settings, or the homes of I.T. nerds) will often consist of a router plus one or more switches and/or wireless access points, probably spread out across a site with multiple ethernet drops. A typical router sold for home consumers (like yours I'm guessing) is a combination of all three of those in one convenient package, which is enough for most home use cases.
Companies like Ubiquiti (under the UniFi brand), Meraki, etc. make these products such that they can all work together as an ecosystem, e.g. so you can log into a single dashboard and manage the network as well as every individual device's configuration from one place. This is the difference between a so-called "managed" switch (or wireless access point) versus an ordinary dumb one. UniFi also makes PoE security cameras that are managed through their ecosystem in the same manner.
This sort of ecosystem is useful for people doing I.T. in commercial settings. You can use a single interface to manage a network in a huge office building with hundreds of devices, or to manage lots of smaller networks spread across different sites. This "UniFi Express" product seems more suitable for the latter, e.g. in cafes or small retail settings where you might just use it on its own or add a small number of additional switches/APs. It's similar to your home router+AP combo, but it also contains the management software I described before which is capable of adopting more UniFi devices and provides remote administration.
I am not much of a networking guy but decided to try the Unifi stuff several years back after some frustration with one of the consumer mesh wifi things. I found the Unifi stuff incredibly confusing when reading about it prior to buying some. Some friends at work who are more networking savvy were very keen on Unifi were very helpful though, and it turns out not to be as strange as I thought, although coming from the garden variety consumer wifi router boxes, it seemed bizarre at the time. I'll try to give an explanation along the lines of what they gave me.
In a wifi router like your TP-Link, the control plane software is running on the box with the the switching hardware and wifi ap, so you've got a little single board computer running web server for the UI, and all the random dhcp/dns/etc and other doodads that can run on them.
In the Unifi world, you've got all the same functions, routing/switching/wifi etc, but instead of sharing one box, the functions are spread across a number of different devices.
As with a combination router/wifi/switch, the important part to a user like you or me is that control plane software- you plug the thing in, point your browser to 192.168.1.1 or whatever, and set things up. The Unifi world has this too, but that software component doesn't need to run in any specific place in your network. So for example, you could buy two Unifi Access Points which do nothing but talk to wifi clients, then you would need some kind of device capable of going your routing, and you might need a switch as well.
Ubiquiti sells a variety of little routers and switches that can perform those network functions, but which don't have any compute or storage resources that would be necessary to run the control plane software. However, they also sell little gizmos like the Cloud Key which can run the control plane software- it's just a tiny server with some flash storage and an ethernet port. I'll refer to that thing as The Controller.
When you change some settings on your TP-Link, the web UI app is twiddling with the the routing/switching/wifi/etc hardware or software on the device. In the Unifi world there's a web ui as well, running on the controller, but when you change a setting in the web ui, the controller decides which devices need to have their configuration updated, and sends out new configuration to them over the network.
Here's where I think things get confusing. The Controller software package can run on a wide variety of devices which are so different that the whole thing will seem nonsensical if you're used to regular wireless routers. You can buy a CloudKey and connect it to your network. You can download a copy of the Controller that will run on a Linux box on your network. Or you could do the same thing but have the Controller running on a machine that isn't on your network at all, like an EC2 vm. Or, Ubiquiti also sell some devices which combine two or more functions into a single device, like some of the "UDM" family of devices have compute and storage resources in addition to the switching/routing/wifi hardware, and have The Controller software installed in advance.
To give you an example of how flexible the controller placement is, I have a little Synology NAS that is able to run Docker, and on it I have an image that contains the Unifi Controller, so when I go the web ui for my network, I'm talking to a containerized web server on the NAS, which is managing the configuration of my devices, which are a router (I just replaced my USG 3P with a UXG-Lite yesterday), a couple of their little inexpensive switches, and a pair of Wireless Access Points.
What I like about this model is that I'm able to update pieces of it as I need to, and usually the individual pieces are fairly inexpensive. But what I dislike about it, as some other respondents on this thread have complained, choosing which devices you need is confusing as hell. They sell at least one machine which has a wifi AP, switch, router, and controller all in one box. Why not get that? The reason, I believe, is that many of the people who use this Unifi stuff are managing a bunch of networks at a bunch of different sites, like maybe at a bunch of retail locations or restaurants, where its way more convenient to have the controller running offsite, but then they decide to install some stuff at home and need a Controller which needs fewer resources so a Cloud Key or just running the stuff on your desktop would be ok.
This flexibility means that there's no single right set of hardware, no single best product, etc. Especially if you don't need multiple APs, I think a single-box wifi router will provide equal or superior performance with much less trouble, but once you need multiple APs, the Unifi stuff can be compelling if you're comfortable with the architecture, but I think it's difficult to decide which hardware bits to choose and what the best place to run the controller will be.
anyway apologies for the length- I found all this very confusing initially as well although I've grown fond of the Unifi stuff and thought it might be worth writing the whole thing out in case its useful to somebody considering this stuff.
People complain about the USG3 not being able to route 1gb/s (IIRC, it's 10 years old, and always capped at 250mb/s), or the UDMP Pro at 10GB/s IDS/IDP (It can run at 2.5GB/s with IDP and IDS). Wireguard and policy based routing (which is why most people were sticking away from their routers) are in place, and far simpler to maintain then alternating options from PFSense and Cisco. The magic VPN stuff really feels like Apple when it just works.
Their WAPs are a bit pricey on for 6E support, but otherwise are generally considered the best prosumer WAPs available, and competitive (and cheaper) then most enterprise options. They are overkill if you don't need management, but in a IoT world, you need VLAN management. The VOP and security cameras and phones are solid. Best of all this run cloudless. You buy the hardware, the software is free and runs locally. Even their enterprise software is being ported to run on device (and free for prosumer use cases)
This is part of three new devices that are strongly targeting the old Apple base station market. The third - UDR ultra - is coming out soon (it was leaked in the same art dump that this and the other device was leaked) and has 2.5GB/s WAN and LAN. IF you want to run their VOIP / camera / door system, there is the UDM Pro and UDM Pro SE. I have the base level UDM Pro with a 2.5 GB/s primary and a 1GB fiber secondary. Works great, auto-failover, firewall management, VPN, RADIUS, etc.
In general, if you want WIFI and network that just works, but still does policy based routing, VLAN management, can dump to Prometheus (with unifipoller), run VOIP and security cameras (even with Homekit secure support, thanks to Scrypted), this is the solution for you. I run my in-laws and my parents network stack remotely with UDRs. I highly recommend them.
If you want to run your own hardware, or have even more power, buy your own and run OPNsense, or go upmarket. For everyone else, this stack rocks.
And also, $192 is not at all a bad price tag. It’s actually a bit surprising as UI stuff is classically viewed as a bit overpriced.
That said, I have a UniFi router and 3 wifi 6 APs and my network is super solid. Way better than any prosumer targeted router (note that I previously ran 3 netgear nighthawk). The UniFi stack was actually cheaper and is unquestionably more reliable. If you’re looking at those very high end prosumer routers, I’d very much advise taking a step back and looking at alternatives.
I have the same basic setup and it’s been so refreshing having a network that just works.
I was an old AirPort Express user and after trying other WiFi setups like netgear, etc this has been night and day. And moving was a breeze, unplug, get internet service, and plug in
I was on unifi for a long time but I found it somewhat unreliable with a lot of issues. I switched over to TP-Link's Omada and now I never touch my network. I believe that TP-Link isn't as flashy, but they are rock solid. I prefer rock solid.
Went from unifi to Omada here as well. The APs have better specs for half the price. UI is comparable (at least for wireless, can't comment on their edge stuff but if you're familiar with the standard unifi controller setup you'll be comfortable with Omada).
Another vote for TP-Link here. I’m a big fan of how easy it is to adopt new devices too. Most recently I had to add a switch for work VLAN purposes. While waiting for it to arrive, I preconfigured the VLANs in the controller. When it arrived, it was basically just plug and play.
I bought 3 ubiquity access points a couple of years ago for my parents and was shocked to find that they could only be configured by the unify mobile app which doesn’t recognise them because they’re so old. Just be aware of that behaviour when buying into this ecosystem!
I think this happens quite frequently that people are also not aware of the controller software, which is the thing actually providing the value in the UI ecosystem.
I just picked up another UniFi Protect camera that was only taken out of the box once on a marketplace, just because the person wasn't aware of what they are buying.
Exactly, I only understood that it's basically a WiFi router by reading this thread. I guess I am not their target buyer... still, would appreciate more clarity.
Unifi AP for wifi, Unifi switches, Unifi security gateway of some kind, Unifi point to point for terrestrial wireless to share with another set of Unifi gear in a barn/shed/whatever down the road. All managed by UNMS.
Unifi is just their name for this series of products that all work together with their (free) controller. So you buy an AP, a switch, a router, all from the Unifi line of products and they all get setup from a single controller and work together pretty effortlessly
I see, thanks. So basically a suite of networking hardware solutions? What I found the most confusing is that they sort of differentiate UniFi from WiFi. E.g. "Instant WiFi for retail POS" - yes, like any other WiFi router? Or is this box going to connect to a global mesh that's called UniFi?..
For the "Instant WIFI for retail POS" it could be describing a meshed wifi solution, where it then acts as a wireless backhaul and bridges to the LAN port you can connect to the POS system that doesn't have wifi built in.
Most of their stuff can be set up without needing a Unifi Controller, but for configuring wifi and gathering stats the software is used. They make a device called a Cloud Key that has the controller built in that can then be used to manage the Unifi gear from the cloud. UNMS is used for more Terrestrial wireless ISP stuff but the switches and point to points can be added to UNMS or the Controller.
All their dedicated hardware like APs do but the device in the link (as well as pretty much all their new gateway products - the "Dream" series) have a controller built-in
It looks really cool, but personally I'm starting to give up on wifi. The spectrum in my neighborhood is so over utilized that at certain points during the evening I get random dropout in my wifi coverage.
Every single thing that can be wired will be wired. The UniFi Express seems to be geared towards mesh networking, I still don't trust that to be reliable.
If they had taken the opportunity to make it like an AirPort Express and included airplay and maybe chrome casting audio. It would replace my airport expresses in my UniFi stack immediately. I’d buy 3. But also the device limitation is brutal.
which comes with a 2.5 Gbit ethernet port (the UniFI Express caps out at 1 Gbit ports) and OpenWRT based firmware which looks like a decent price/value/form factor combo at ~USD 90.
Anyone who has more experience with UI: is this a comparable product?
Edit: it sounds like the UI products have a fleet management concept and are designed to work together (Apple-esque sum is greater, plug and play …)
For a home setup like mine this thing is awesome. I’m happy with my UniFi AP which costs about as much as this thing does but doesn’t run the service nor does it mesh. Cool little unit. I think it’ll sell rather well.
This is the Unifi device hackers can recommend to their friends and family, but not actually use themselves because they already have the more sophisticated set ups.
The reason I "hacker" don't use Unifi is because it's not trusted. It's a closed source device which requires proprietary apps to use and collects data on your network and connected devices without explicit consent - colloquially known as a "backdoor".
After some FW update made 2.4Ghz wifi unusable on the UDM I will never again buy anything from them. Tons of bug reports from users that never got answered.
The hardware is mediocre anyway.
Either buy Mikrotik as cheap and cheerful or go for broke with Ruckus/Meraki/etc.
With Ruckus the 2x2 stuff has turned out not too impressive so would need to shell out even more with 4x4. Meraki is incredible but the subscription model is hard to swallow.
This is effectively a Dream Router minus any other app support and the switch.
For a typical home user who doesn't want/need Protect this seems decent, but I think the $50 upcharge for the UDR is absolutely worth it.
That said, the UDR is heavily limited in running Protect. I started hitting occasional problems running Network and Protect together when I hit 4 cameras.
The dream router can’t route faster than 500mbit, which is a huge limitation. This claims to do 1gbit routing, so pairing with a switch gives you a dream router that can actually route at 1gbit.
With IDS and IPS turned off I can get routing at over 800Mbit consistently with my UDR.
It has the typical foibles of UniFi routing so I'm replacing it, but I haven't had too many issues with it tapping out the Gb port (when my cable line allows).
I wouldn't even try to add any fancy features to it and expect it to hold up though; it just doesn't have the power.
Oh, and one of the foibles is that if I do hit the router with a connection that saturates it it drops every other device on the network. So it being able to route above 500Mbit is kind of a non-starter I guess, as it can't do it to more than one client.
Not sure what you settings you used, but I never was able to achieve above ~500Mbit even with everything disabled.
The other thing I noticed: you literally cannot access or use the management UI when you're saturating the connection. It just straight up will not load.
I'm pretty light on settings, but I don't remember offhand.
I agree on the UI. Now that we are running the Protect app on an iPad all the time (my child is special needs so we use the cameras to keep an eye on everything) it has throttled pretty hard. Maybe 400Mbit now? I honestly hadn't tested it in a while, and haven't had the time to do in depth. It's absolutely slower now.
I have a Mikrotik CCR2004-1G-2XS-PCIE that will be my new router when I get around to it, and the UDR will be an AP and run the Network and Protect apps. We've been seeing weird issues ever since leaning on it harder, so I'm going to see how it does just being a Controller and AP.
Ubiquiti lost me as an advocate when they stopped releasing Protect software as a software package and required running it on their hardware.
I was intrigued to run protect on a cloud server with a 5g failure wan connection. But they got greedy. And now this.
I still run a uap6 and will do so until I get a wifi7 router. Currently running opnsense vm on proxmox but that crashes upon occasion and I need to stop start the vm.
The USG is seems to be consistently unpopular in proper engineering circles but I rather like my one. It runs off PoE (with an adapter, sadly), doesn't fall over, doesn't take any of my time keeping it working.
OK, I've had several high-end ASUS routers and I know that your ASUS router is probably not stable and needs to be restarted all the time. At very least, Unifi is a huge step up from that and it will easily run at max performance for 3+ months at a time without a reboot.
So I started seriously using UniFi I think in 2016-ish after using some of their PtP/PtMP stuff for longer. I never ran anything massive peaking at under 200 devices total across various sites, but we did put it pretty hard, and I did enjoy it and find the value proposition excellent. And having said that I'd sound a real note of caution, which is why I've eliminated most of them in favor the same-niche positioned Omada. Ubiquiti turned into a real development dumpster fire, every bad tech trope right from the textbook. They have a long history of introducing constant new hardware that, particular for routing/firewall/gateway services then languishes even as it gets sold new without a single update for ages. Various touted efforts that then got unceremoniously wiped. Really basic core functionality neglected for constant UX churn, let alone useful important new features. "Dumpster fire" has not been an unreasonable descriptor. They've also added a concerning trend towards proprietary lock-in and pushing of cloud, even though to their great credit full local control remains a key selling point.
Omada isn't perfect either, and the hardware design is worse, though it's been more reliable and with a lot of basics better locked down for me. I'd be delighted to have two strong competitors there, and there have been a few promising glimmers on UniFi, like PPSK getting some initial attention (4 years late is better than nothing). And certainly the basic switching and WiFi mostly works. Having a whole single pane of glass remains attractive, and either is a big upgrade over the kind of stuff a lot of people are coming from. Just take some of their promotional gloss with a grain of salt is all.
And as always AIO is something to balance as well. When I switched out the routing side of things for OPNsense I could maintain the whole rest of the stack as I pleased, including APs in optimal positions. The latter is less of a (or zero) concern in small spaces, but even then WiFi, switching, and routing needs don't always evolve in sync.
I am lucky enough to have FTTH service where the provider furnishes me with an SFP stick with simple DHCP (no PPPoE). Beyond UniFi, Microtik, and rolling your own, there’s very little option in consumer routers.
Yep, just had my ISP take my SFP ONT back for a regular RJ45 ONT so I could use a different firewall with RJ45 only WAN. Hard to find a good box with SFP WAN.
Had a UDR but switched to OPNsense. But the biggest issue with the UDR is that it can only handle about 500 Mbps due to the subpar CPU. Anyone know if this can actually run gigabit speeds?
I too switched to OPNsense., which has been awesome. Partly due to weird dns failure issues, but mostly due to what turned out to be the bullshit claims about security issues :/ krebs did real damage to them by pushing that story.
Yup, pretty much why I swapped mine. I think the final nail of the coffin was when they were like, “ok, we need to remove the free shipping so we can stay competitive without increasing prices”. Then a couple months later “jk, we gotta increase the prices too” (surprise to no one).
My OPNSense N100 PC + omada switch and AP was like $400 all said and done.
UniFi Express can route traffic at speeds up to 1 Gbps. Security features such as Device Identification, Traffic Identification, Country Restrictions, and Ad Blocking can all be enabled without impacting routing performance.
Their hardware is quite good. Their consumer line (AmpliFi) is Solidly Okay.
From a management perspective, their UniFi system is bar none one of the better solutions for large deployments where you've bought into their whole stack: Routers, switches, Firewalls, APs, everything. There's some things it does OK with other vendors (particularly switches) but it's meant to be managed under their garden.
The nice part is that you can preconfigure hardware, chuck them into a bin, and make it Just Work on the other side. Deploying 100 APs to a new location? Ship 'em direct to the site, they'll just Show Up in the unifi interface. New deployment? Drop a few bits of hardware on a bench, set it up locally, yeet to new location, install the rest, configure over the 'net.
Some people have sworn off them for a lot of papercuts: There's a few points where their UI just Doesn't Work. There's occasional spots where if you preconfigure it manually then try to use the management interface, you might exhaust a DHCP pool in an hour.
But the hardware has, and continues to be, maybe not "cutting edge" but slightly behind it at a price point that makes enterprises salivate and Prosumers go "Hmmm I could probably swing that." And it works for a lot of people.
That isn't to say every product they've put out has been a Banger. The Dream Machine was, at first, very much a mixed bag (and took several YEARS of True Believers really working with Ubiquti to get it right) and this is absolutely them recouping some design loss from their Aplifi Instant product (the case, design, even the screen is Very Similar to it). There's been versions of the controller hardware (and software) that have been... let's put it: Enough to send some people selling all their gear and moving vendors.
It's funny the screenshots include their traffic accounting graphs. The data in those are complete garbage and have been for years. I run the installable controller on an Ubuntu server. It shows me last month my Playstation downloaded 66.7GB, or 6GB, or 1.66GB. Two of those on the same screen! (The real number may be close to 66.7GB.)
Always been intrigued by UniFi stuff, is it still the case you need an app to set up and configure their devices? I don't have an app store, and they don't publish their app elsewhere, so this was always a non-starter for me, and a weird design choice at that.
I am willing to bet it runs the unifi software on an arm chip. Which is kind of funny considering they dropped official support for arm on third party devices.
Why do you want to purchase it before you know what it does?
It's an entry-level WiFi router with UniFi's Network software, which provides the ability to buy more UniFi gear (switches and additional APs) if you have a really big house and/or wish to connect more than 1 device over ethernet. Unlike its bigger siblings, the Dream Router and the Dream Machine, it lacks additional built-in ethernet ports (i.e. you'd need to buy a switch) and can't host security cameras (the UniFi Protect product line).
> UniFi Express supports up to 5 connected UniFi Network devices, including other UniFi Express units, switches, and WiFi access points.
Even my home has one AP per floor (3x) and 3x Unifi switches. This is clearly an artificial limitation for market segmentation reasons. I'm not going to rip out Unifi switches to go unmanaged, just for the pleasure of using Express. Hopefully nobody buys it without reading the small print.
I feel like the lack of Protect and the 5 UniFi device limit are going to really limit who will buy this even at this price.