I am looking for some advice, as I have never setup/used the Unifi EdgeRouter before (AP’s only). I am hoping that some genius here can assist me.
I am looking at changing the Juniper SSG5 (EOL) to a Unifi EdgeRouter (maybe X) and I want to make sure that the current setup will still work. I have done some research and I think that it should all work okay, but some advice and confirmation before purchasing the EdgeRouter would be great.
SSG5
PPOE - port 0 (ISP)
Public IP’s - port 1 & 2 (grouped) 1 cable to lab, 1 cable to main lan.
Wireless - port 3 & 4 (grouped)
Management - port 5 (goes to main lan switch)
One public IP is sent to a test lab (separate switch and firewall, all traffic comes in and out only on this IP) and the rest to the main network.
The wireless network uses a dedicated public IP from the main network range. All traffic is only on this IP address (no lan access). I am thinking about moving the wireless into a vlan so it frees up the router port, but I’m not sure yet. Its also currently only using one of the two ports as I never did add another wireless point.
All traffic on the main network goes out on a specified public IP.
I hope all this makes sense, thank you in advance.
While the edge routers are nice, once you get into more complicated setups you will likely be editing from the command line to get a more advanced configuration going. This is why I prefer pfsense.
I have heard that before (love your youtube videos by the way) I do run pfSense and have done for years its just in a VM (superb firewall). The SSG5 just passes the public IP’s through. I would prefer to have a physical netgate appliance but its too expensive, and I don’t want even more computers everywhere (the wife moans). I don’t mind configuring it from the command line its just a case of whether its can easily be done.
Are you sure that a physical netgate appliance is too expensive? The SG-1100 is $159 which is $100 more than an EdgeRouter X but isn’t that much money to spend on a good firewall. The difference in UI between the SG-1100 and an EdgeRouter is completely worth the different for me. You might not be scared of the command line, but I don’t think you understand what that means for EdgeRouter. The EdgeRouter series are basically VyOS with a basic web interface on top. What this means is that when you want to do something that isn’t in the interface, you have to dig into the Linux-based guts to make changes.