Unifi Product Portfolio ready for Enterprises?

At work we have had a 10 Gbit/s Internet connection. No issue with that as the Pfsense on an old Sophos SG300 is capable of doing 10 Gbit/s. But then the University (we are an research institute) upgraded our Internet connection to 25Gbit/s for free. We are still at 10 Gbit/s for above reasons.

That’s why I’m looking into faster options to make use of 25 Gbit/s upstream connection and also considering Unifi. But I have the impression that the current Unifi portfolio is somewhat inconsistent for Enterprises. Here’s why:

There is the UXG Enterprise Gateway which features 2x 25 Gbit/s, 2x 10 Gbit/s and 2x 2.5 Gbit/s. Seems like a good option for a 25 Gbit/s Internet connection - until you have to feed in 2x 25 Gbit/s for redundancy, which we have. As the UXG-Enterprise features Shadow Mode it would make sense to run a pair for redundancy. of course.

So we have 2x 25 Gbit/s fibers coming in from the provider and… well, what then? Either you need to put a 25 Gbit/s switch in front of the UXGs to be able to get the active/backup setup of the fiber into the UXG-Enterprise or you could think of the WAN Switch (USW-WAN). But this device only features 10 Gbit/s, which rules it out for 25 Gbit/s.

Basically that’s leaving us with the option to put a 25 Gbit/s switch in front of UXG-Enterprise or Enterprise Fortress Gateway (EFG, apparently the same hardware). So that would give us 25 Gbit/s in active/backup to a pair of UXG-Enterprise/EFG. Both devices can output 25 Gbit/s as well, but what then? With a bunch of different VLANs inside of the “Enterprise” you would want to have a firewall between those as well. But either UXG-Enterprise nor EFG have enough ports for them to be directly connected to them as Enterprise firewall. This would leave us in need for another firewall within the network. Not much gained then, because UXG-Enterprise/EFG would purely act as Border Gateway Firewalls for the outside world. Using the 25 Gbit/s LAN port and VLANs on that would feel wrong to me as there might limit the bandwidth to the outside as well when the traffic of all VLANs need to pass the LAN port of the UXG-Enterprise/EFG.

Conclusion:
I see and recognize that Unifi is aiming to the Enterprise market as well, but their portfolio lacks some products/features. I do favour the Enterprise Campus Aggregation (ECA) switch which features 48 ports with 25 Gbit/s and 6 ports with 100 Gbit/s. But compared to Cisco Nexus switches with 36x 100 Gbit/s switches or more, there is still room for improvement. Sure: Unifis ECA has a nice competitive price, but I just got a quote for a refurbished Cisco Nexus for like “just” less than twice the price, which is also a nice offer. 36x full 100 Gbit/s vs 48x 25 Gbit/s + 6x 100 Gbit/s - the former offers more flexibility and throughput, the latter more ports. Benefit of the Unifi platform: competive pricing and no support fees. Cisco is a more fully featured switch, really Enterprise.

Unifi has still a way to go for the Enterprise, but it is on the right path.

What do you think about the Enterprise lineup of Unifi? Is it really Enterprise or more advanced SMB sector?

I have been testing both and I would not consider the UXG-Enterprise (shadow mode is buggy) but the EFG / Enterprise Fortress Gateway is much more stable. They do both have 25G WAN/LAN and some models of UniFi switches do support routing if you need that as opposed to having the switch do all of that, but it’s not something I have used often as their layer 3 switch routing was not mature last I tested it.

The reality is having a 25G WAN is not really mass market therefore there are somewhat fewer routing options available. If you are happy with pfsense I would stay with that and use one of their hardware devices.

Nah, that’s the point: basically I’m happy with pfsense, but two major issues that make me look for alternatives:

1. Neither our current hardware nor a Netgate device is ready for >10Gbps. Or you need to make the switch to TNSR.
2. No identity-based firewall rules in pfsense and most likely not to come.

Number 1) is making me look at Unifi, 2) is making me look for alternatives such as Palo Alto, which would be a major investement for us.

Yeah, I know we are somewhat in a special position that we got a free upgrade from 10 to 25G for free, but it somehow bothers me that we can’t make use of it.

Would you even saturate 25Gb? Or better question, would you even saturate you current 10Gb link?

Depends. In peaks we would saturate it. Over time: not very likely to come even close.

But: we are a research institute with lots of data and scientists doing many compute jobs outside of the institute. Having more bandwidth could introduce new ways of working on the data like mounting remote shares directly instead of copying files or even sending around harddrives. Some projects have data in sizes of 100 TB or more, eg. for folding proteins.

Nonetheless: the topic is about Unifi being ready for Enterprise and not how much we saturate our current bandwidth.

Speaking of another point Unifis Enterprise Fortress Gateway and being Enterprise:
In Enterprises you usually will have multiple redundant uplinks for redundancy (“3 is 2, 2 is none”). Either you need to setup a EFG in front of each uplink or you’ll need another solution to hook the uplinks together.

Again: I do like Unifi and eager to see how the Enterprise line-up will evolve, but currently I see gaps in their product portfolio. What other gaps do you see?