Hello All, I have been considering for a while now to move away from my current Ubiquiti USG to a PFSense based device, potentially a Netgate SG1100. The reset of my network is all based upon Ubiquiti devices using the Gen2 Controller. One of the main drivers is I need a way to better monitor traffic stats, mostly on the WAN interface, the traffic stats function in the USG is far from adequate, in fact is not even accurate. As my only source of internet access is 4G Cellular, I need to continually evaluate who is using what and when, plus I need it to be accurate. The question is, does PFSense cater for this functionality and to what extent ? Any comments or advise would be appreciated. Regards Steve
You might want to look at the ntopng package for pfSense to see if it gives you what you need.
The ntopng package does offer some insight into who is using what data, but I don’t think that package would run well on the SG1000. There is also a pfsense plugin called Darkstat that does not offer anything more that qty of data per IP which may work better on that device. Or get a faster device such as a SG 5100 / 6100 that can handle ntop.
Thanks Tom for the response 
If I needed better monitoring I would rather mirror the uplink switch port that connects to the router and connect that port mirror to a server running whatever software such as PRTG than put another package on pfSense. I like my router/firewall to route… and firewall, and that’s about it. But that’s just me.
I cant help but wonder if maybe the USG was reporting something wrong because if I look at my clients page in Unifi and sort by traffic I can get a pretty good albeit not terribly granular idea of which devices are using my bandwidth (I use pfSense as my router with Unifi switches and APs). If I need more details I can capture traffic on pfSense and analyze it with Wireshark.
In pfSense take a look at Status > Monitoring and hit the gear button in the upper right to adjust the graph for stats for the interfaces to get total traffic. It wont get you individual IPs but bear with me here and keep reading. Ntopng is nice but upgrading from an SG1100 to a 5100 or 6100 can be a bit of money ($189 vs $699 or $799). Let’s assume you have Unifi APs and switches to go along with your controller and if you don’t then consider getting them else you will be missing out on some features and I have a feeling it might cause issues for the stats you are after. If you are using Unifi APs and switches with the controller then the traffic stats for clients in the Unifi controller should be pretty close and you can get an accurate traffic total from pfSense as I mentioned earlier. It’s not perfect but it is cheap and if you already have the hardware then it’s worth looking at.
Thanks for the feedback, I had overlooked your response.
I’m only using Ubiquiti switches and WiFi devices with a USG first gen controller, everything works well and I agree to some extent that the client stats look OK, I also have a PFSense setup on my other ‘backup’ 4G connection, its just in test so I can familiarise myself with PFSense, with the view that I will move this into my production system and just remove the USG all together. I have PFSense running on a Dell OptiPlex PC, lots of horsepower so no issues with performance. I’ll keep at this for a while then cut it all over. Thanks again for your response. Steve