Network kit recommendations

Hi Guys,

Have recently moved into a new place and have a 1GBps ethernet link. I have been watching the Youtube channel and hope people don’t mind me posting some requirements here but wondered what people thought would be the best options available. I want to get a configurable router and network to work with this and have the following requirements:

  • Needs to support the bandwidth available;
  • Needs to support IPV4 and IPV6 out of the box;
  • Needs to support remote VPN to an Azure VPN site;
  • The ability to use a local DNS server to host the records for IPs obtained via DHCP on both IPV4 and IPV6;
  • Looking at using Cloudflare DNS over HTTPS at some point but that may be via another DNS server;

I have the following kit:

  • Unmanaged PoE switch;
  • Sophos SG135 appliance with AP 100 powered via the PoE. I used this for a long while with another company I was with but unfortunately it doesn’t properly support IPV6.
  • Synology DS918+ with some VMs and containers running on it mainly for development purposes.

What I have looked into:

  • Cheap option Synology 2600AC router, may be a stopgap until the Sophos supports IPV6 properly, main issue with this is inflexability later on down the line with upgraded wireless;
  • Ubiquiti kit: Cloudkey Gen2, Nano HD AP, standard SG and US-8-60W. I was worried about the specs on the USG to be honest and whether it will do the remote VPN connection. I liked the idea of being able to agrigate the NICs on the Synology using this switch;
  • Potentially use PFSense instead of the USG, if the USG does what I need it may be a simpler option as I don’t want to be managing this firewall every day, could also go with the unmanaged PoE switch so just buy the Cloudkey and AP at this stage.

Anyone had similar choices or can see any clear direction?

Either build a custom pfsense or go for a Netgate XG-7100 as it will have all the performance you are looking for.


As @LTS_Tom stated, go with a pfSense solution for a router/firewall. The “single pane of glass” interface with an all-UniFi network is nice, but advanced configurations require editing .json files (moved from a USG Pro to a Qotom box for pfSense). Not only that, even a USG Pro will top out at around 300 Mbps with Suricata IPS enabled.

Since you already have a Synology DS918+, skip the Cloud Key and just use a Debian VM and install the UniFi controller in that (that’s what I use at home with a DS718+; I also run a Pi-hole server in that same VM). If something breaks after a controller update, just roll back to a previous snapshot.