Hi!
Im a bit intrested in the EFG, it looks really promising.
However, could it replace a FG100F? I wonder how is the IPS/DNS filtering on the Unifi, is it comparable? Its hard to get a staight answer…
Also, how does the VPN access work on the Unifi FWs? Is it possible to use AD to manage users like in the FG?
IPS is just suricata with Proofpoint ETOpen (Free) or ETPro ($75/month) rules https://www.proofpoint.com/sites/default/files/data-sheets/pfpt-us-ds-etpro-vs-etopen-ruleset.pdf
Plus you can set up SSL Decryption if you like.
DNS filtering uses some unknown (at least I haven’t seen anyone confirm) third party block list. They advertise it mainly for adblock, not malicious activity, but without knowing the upstream we don’t know the actual intent or pedigree.
If you aren’t in a regulated industry and can either accept the low level of support Ubiquiti offers, or pay for the Site Support option, then it may be an acceptable replacement. Even with Site Support I wouldn’t expect them to get involved as an expert/vendor in a ransomware or other serious malicious event that involves FBI and such. I don’t know how good Fortniet is in that regard but its something my company expects and has used with Palo Alto and another vendor before.
Unifi VPN supports RADIUS for authentication for OpenVPN. You can set up something like Microsoft NPS to bridge between RADIUS and AD. I believe the “Unifi way” though is to set up Unifi Identity to sync with AD, then use Identity to manage the VPN. I haven’t tried this myself.