I love ubiquiti. My entire home network runs on their gear, with self-hosted management. I have infra deployed across the country in a remote office that runs their gear, with a cloud key. It's solid stuff all around.
Don’t use any of their unifi routers tho, can’t speak to that. I have an ER-4 at home and the remote office has a pfsense 1U.
I kinda hate Ubiquiti routers. My UDM Pro felt like a total scam, with the IDS/IPS being nowhere close to advertised. They promised but never introduced WireGuard. I also experienced strange bugs in the stack.
I eventually moved to OPNSense but the router I bought from them died. The interface was too cumbersome anyways, from the perspective of someone that just wanted WireGuard server+client, IPS/IDS, and VLAN.
I finally moved to Firewalla and it is lightyears ahead of Ubiquiti, OPNSense, and any other solution I've tried from a power user perspective. I use this with Ubiquiti APs connected to my Pi running the Ubiquiti management software, which works out quite well.
The Firewalla is far easier to use, has a way better UX, and covers 95% of the power user tasks.
Firewalla looks like ~$500 for a $50 device, closed source, includes free VPN, and ad blocking DNS…
Seems like all you can do I hope they do not spy on your traffic and sell data. I run a reputable VPN for that very reason I don’t trust even my publically traded ISP.
IDK, seems suspect. Or at least requires more trust than I am willing to hand out.
You seem to be confusing the built in VPN server for a VPN provider. I do not see a "free VPN" mentioned anywhere on the website or in the app. All this enables you to do is access your home network remotely, your data isn't being funneled to a third party server because the server is your router.
The DNS defaults to Cloudflare if I remember correctly. You can replace it with Unbound or DNS over TLS with your provider of choice.
The ad blocking is done with locally downloaded blocklists.
And you can do much more than VPN/DNS, so I'm not sure why you walked away with the impression that this is all you can do. You can configure VLANs, you get IPS/IDS, push alerts to your phone, tons of other features that put it more than on par with OPNSense/PFSense for my use case.
Regarding price, the value is in the software. Firewalla's UX is so far ahead of OPNSense or a UDM that I can't fathom going back to one of those. Seriously, both feel positively prehistoric in comparison. And I'm fine with paying for that, because software is expensive, and apparently no one else has managed easy to use software that supports a prosumer featureset, and I was sick of spending hours configuring my UDM or OPNSense router.
I get your concern about closed source, but that's not a problem for me personally - most of my devices run closed source code, including my Ubiquiti gear, and it's not like anyone compiles OPNSense or PFSense from scratch when installing onto their router anyways.
The thing cools fanlessly/passively, can do IDS/IPS + WireGuard server and client at 1Gb speeds, and is trivially easy to configure even with a smartphone, which neither my OPNSense DEC-840 or my UDM Pro could do (at much greater price points.) If you can find similar functionality and ease of use at a lesser price point, I'd love to know.
I had hesitation paying so much for a gateway but I gave it a shot and it’s amazing. It does what a gateway should do - notify you when things join your network, let you know if something is using “abnormal” amounts of data.. playing games (kids)… the device is worth $50.. but the software is worth the other $450 easily. If you have any care what goes on on your home network, buy a Firewalla. I’m honestly shocked they haven’t got bought and forced to some monthly subscription BS.
> I’m honestly shocked they haven’t got bought and forced to some monthly subscription BS.
Give it time. Nothing has made me believe in community-driven FOSS like watching the alternatives over a long enough time span. And to be fair, sometimes it really is a long time span, but the outcome is nearly always the same in the end.
I upgraded from Ubiquiti USG to Firewalla (Gold). I confirm what others who have experience with both are saying: the Firewalla UX is better by a wide margin.
I regret my time spent on Ubiquiti devices at home use, in the past five years my view has changed from very positive to entirely negative. They are getting worse instead of better, I am seriously considering getting rid of all Ubiquiti devices from my home, Ubiquiti software updates lack testing and break things often, I simply don’t have time to baby sit them anymore. Their iOS app has become harder to navigate with feature loss instead of improvement as well.
My Ubiquiti setup (one LR and one lite) was done back in 2018, devices on the network is roughly the same in the past 5 years, only phones laptops changed due to upgrades. Since 2020/21 their firmware updates started dropping support of old device randomly, or support become worse (devices get disconnected frequently or full bar but not responsive). First was my Kindle 3G keyboard, then Fitbit Aria Scale, then quite a few smart switches/plugs. I literally scratched my head to understand the settings, but they just won’t connect to the Ubiquiti AP. I had to buy an Eero as backup and continuously migrate these older devices as they are unable to connect. Their most recent firmware update last week kicked my Sony TV off the network(bought in 2018), I have no idea what they are thinking and wasted 1 hour rebooting and blaming Sony, then found it connect to the Eero AP just fine.
This sounds somewhat similar to a problem I had with the same generation of equipment, but in an install with about half a dozen APs.
After I completely wiped the site configuration and migrated to the "new way" of doing it (I wish I had taken notes, I don't play with it often) and ensuring each AP got a fresh configuration, things stopped being "Weird".
I especially had issues with various IoT style sensors (e.g. ESP32) falling off, my largest annoyance was water leak sensors.
I wish I had some more technical notes to hand you, but it was definitely worth the evening of my time to basically "turn it off and back on again" from scratch.
I’ve definitely gone off their routers since they basically abandoned the EdgeRouter line. I still use their APs for now, sometimes the switches, they’re all pretty solid, but I’ve been gradually getting more and more negative about Ubiquiti in general…
Same here, I love the UDM Pro SE. Blocking application layer stuff like QUIC is just a couple clicks away. It has decent intrusion detection and response alongside other easy to configure firewall settings.
Udm pro SE is the best thing I bought.
10g, protect for camera selfhosting which works great, new updates made wireguard first class citizen, and if you want anything more complicated it's just a dumb debian underneath (which I do a bunch of stuff).
When UDM shows you QUIC eats up the majority of your bandwidth you may decide to click to add a rule to block it. You may see a large reduction in overall daily bandwidth as a result. If you watch YouTube you are using QUIC. Certain QUIC vulnerabilities are a 3 or 4 packet compromise.
QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth.
I like Google Dart and other Google products but I see too many potential issues with QUIC. From my personal experience it has behaved suspiciously on my network.
This is a particular implementation of the QUIC protocol (which is now fixed). Do you think there haven't been vulnerabilities against TCP? Certainly TCP is battle-hardened, but QUIC will get there too.
It's not a particularly good setup, but it's also not a particularly bad one.
Actual prosumer+ products like Sophos XG (free), Untangle Home, *sense blow it out of the water, though, by giving actual offerings for features where Unifi gives a diet version.
That all being said, it's definitely a cut above most consumer networking setups, maybe with the exception of Asus -- they do a pretty solid job.
Don’t use any of their unifi routers tho, can’t speak to that. I have an ER-4 at home and the remote office has a pfsense 1U.