Netgate SG-3100 + UniFi Security Gateway = Redundant?

I currently run pfsense on an old computer and I am in the process of getting a Netgate SG-3100. I currently use Cisco Switches (SG300-24/10/8) and looking at moving to UniFi switches. For the experts out there, would getting a UniFi Security Gateway be redundant if getting a Netgate? Also, can a UniFi Cloud Key work without the USG’s?
I currently have a break-fix business model and looking at moving towards a MSP model.

  • You can use a Cloud Key without the USG

  • If you have pfSense and a USG you would have two routers so it would be redundant.

  • By having a USG you gain some additional insights about your network in the Unifi dashboard but at a loss of features compared to the pfSense(in my opinion)


I also run a UniFi Cloud Key without a USG. My UTM/router is running pfSense on a repurposed Dell r210 gen 2. My switch is a Cisco SG300 and I have UniFi APs managed by a UniFi Cloud Key. In the future I will be investing in a EdgeSwitch 16 XG for my 10Gbe needs. The Netgate SG-3100 is an excellent appliance and I think you would be very happy. pfSense is a very feature rich OS and offers IDS/IPS packages as-well-as many other bells and whistles. PfSense has far more features than a USG.

@MrCaseyJames I too like 4ED have some questions about the Unifi Cloud Key. Do I need a Cloud Key to set up my Unifi equipment or to manage it, or can I just take download the software the Cloud Key uses and install it on my computer, or create a Virtual Machine to run it?

Guess it depends on your objective. I run USG as my edge firewall, and pfsense in front of my lab. I like USG’s captive portal more than pfsense’s as well.

What I am thinking of doing is purchasing a custom firewall appliance (installing Pfsense on it) use Pfsense to take care of my router and firewall needs. Connect the purchased custom firewall appliance to either the ethernet cable or the provided router from my ISP provider to an L2 switch (Unfi or Cisco). I have heard two different answers to the question, do you really need a Cloud Key to manage and configure Unfi equipment, and was trying to get an answer to if I would need to add the purchase of a cloud key if I decided to purchase an Unfi L2 switch and a couple of Unfi Access Points.

The cloud key question is off topic for this thread, but in short:
The Unifi controller software can run on almost anything, including regular computers and raspberry pis. The cloud key is a convenient way to have the controller running 24/7. There are only a few features (guest portal) that require the controller to run. Also statistics on the devices and clients are only collected when the controller is running. If you don’t care about the statistics and guest portal then its fine to install it on a regular computer and turn it off when you aren’t changing the network. Just make sure to make backups of the controller, in case your device is lost, stolen, etc - because if you don’t have a backup then you need to rebuild the network from scratch.

1 Like

While the “single pane of glass” I got when using a USG Pro with my UniFi switches and APs was nice, I don’t miss it. It’s much easier configuring things firewall-related in pfSense. Accomplishing some of the things I needed with a USG required editing json files.

Concerning the UniFi controller, at home I run it in a Debian VM on a Synology DS718+. At other locations, I use either Raspberry Pis or Cloud Keys.

1 Like

I have a UniFi switch connected to my pfsense box and for my needs, I do not need the cloud key. As long as you dont need logs saved or portal running you don’t need cloud key or controller software running at all times.

I installed the UniFi controller to a VM, configured the switch, done. That VM has been turned off since. I get my net traffic data from pfsense.

SG-3100 > USG by a long shot. I just upgraded a client that was using a USG to a 3100…