Hi All, I’m new to networking and this forum. I’m upgrading my home/office network from a Netgear router and 8 port switch to UniFi. My R7000 has served me well but is now starting to have issues with a number of devices connected and data load, cause me to reboot the router daily.
I have decided to upgrade my network with UniFi equipment. I currently have the following:
1 AP AC-Pro (main used by house users for laptops, phones, tablets, and IoT devices. I also plan on having a separate Wifi network for guest and one for IoT devices.
1 UniFi 16 Port POE Switch.
My internet connection is currently 100/20 (possibly 200/50 in the near future). All my office and multimedia devices are hardwired i.e. (Servers, Desktop PC, TV’s/media players). Some of my servers are exposed to the internet and I need IDS to deter bad guys.
So here is my question, from a functionality, simplicity of admin and performance point of view which firewall should I deploy,
Simplicity is the USG , features is pfsense. The USG offer very basic options and lacks any advanced options. The SG-3100 can be using as a basic router, or you can do really advanced configurations well beyond what the USG can do. The USG (any model) is good hardware, just lacks the software to take advantage of it.
I can tell you from experience that you should go with a pfSense solution instead of the USG Pro. Having the USG Pro with other UniFi devices is nice in that you have the “single pane of glass” interface and the pretty graphs for DPI. However, configuring the firewall is a real “pain,” and to do any advanced configuration requires editing json files. Assuming you enable Suricata on the Netgate for IDS/IPS, don’t immediately turn on IPS/blocking; it takes time to “tune” the system to your needs (@LTS_Tom has a YouTube video on that).
It depends on how deep you want to get into the settings. Like Tom said, go pfsense for features. A pfsense box will probably give you more room for future speed increases. The USG Pro will only give you about 250 Mbps with IPS on. Something like the SG-3100 will be faster.
Thanks for sharing your config info. This will be helpful as I plan out my network.
I took a look to see just how many devices I have on my network and was surprised see over 35 devices and the count did not include the VMs I normally have running.
