I’m currently running a pfsense firewall (virtualized in Proxmox), with unifi switches/WiFi AP (self-hosted unifi network appliance), and I’m wanting to move to a ubiquiti firewall. I’ve watched so many videos, and I’m still a little confused about some of the ubiquiti terminology (controllers, cloud keys, gateways, ubiquiti OS), how they interact, and which pieces of hardware/software I need, so I’m hoping someone can help me out.
I’m currently looking at the “UXG Gateway Fiber” as it’s compact, and I need 10G SFP+ and GbE WAN, 10G LAN, and to route at over 2.5Gbps with IDS/IPS. I do not need to access it remotely, so it won’t be tied into Unifi’s cloud.
Can I self-host the firewall now that Ubiquiti released self-hosted Unifi OS? Or do I still need a hardware firewall like the Gateway Fiber?
Do I have to adopt all my devices to the Gateway Fiber, or can I continue using my self-hosted Network Appliance? (I like the flexibility of self-hosted, as then I have full control of backups / restores / rollbacks)
If I went with this firewall, do I need any other hardware/software? e.g. A cloudkey, or self-hosting anything else?
Are there any other gotchas that I should be aware of?
Why even bother to self-host? If you get a UCG-Max or UCG-Fiber the gateway itself will be able to run the entire unifi stack…network, Protect, Talk, Identity…etc. With the one piece of hardware you can just log into the Unifi Cloud, or direct into the gateway.
I’ve just seen that there’s a “UXG-Fiber” and “UCG-Fiber” which have almost identical specs (UCG supports NVR storage), and the same price. What’s are the differences between the UXG and UCG line?
Is there anything else I should be aware of if I went with the UCG over the UXG?
With the UCG, can I opt to not connect to Unifi’s Cloud at all (local only)?
If I’m reading this right, the UXG cannot run the equivalent of the self-hosted Network Appliance, but by the sound of Jeff’s post, the UCG can, so I would have to ditch self-hosted and move my devices to the UCG?
Edit: Crossed-out some questions I had. Tom answers these in one of his videos :
UXG needs a hosting device for operation. A self-hosted controller, a cloud key, or a cloud based host like Ubiquiti or Hostifi. A UCG is for most users and can operate with its internal controller. And use the full stack of Unifi applications.
I recently replaced a netgate with a UCG-Fiber. The ubiquiti ecosystem is fantastic! But, as far as I know, I will be doing some research on this, there is no NTP server in UCG-Fiber. So in my case, there is an isolated network with no access to internet so devices can’t use a public NTP server. Either I get some NTP server functionality in UCG-Fiber somehow or I have to delegate this to a device in the network that act as an NTP server.
If someone knows how to enable NTP server in the UCG-Fiber, please let me know.
In the Network controller, look in settings, system, general. NTP is 4th item down. Mine is set to auto but you can uncheck auto and choose whatever servers you want.
It has NTP Client for the router itself, but acting as an NTP server I think the UCG-Fiber doesn’t have that one. In my case, I have an isolated network and no access to internet, for example, a network surveillance camera, and in the device I put the router’s IP in the NTP setting in the camera, the camera did not sync the time. I activated internet access on that VLAN, the used a public NTP server, and the camera was able to sync. The point is that I don’t want internet access in the network where I put the security cameras so before UCG-Fiber, the netgate has the NTP server capability so to sync the time for the cameras I just put the router’s IP to sync time on that isolated network and it works. Previously I was using a Synology Server and used it as an NTP server with success. I can retest this later this week.
:
