My current network is a Bitdefender BOX 2. It provides WiFi and serves as a firewall, and in theory inspects all traffic looking at my IoT stuff etc., detecting anomalous activity. I've never really been comfortable with the plug-and-play "they look after me automatically" approach. Someone here once said, "If you don't run your firewall, you don't have a firewall". Seemed quite reasonably correct.

So after a lot of research, I think I'm settled on the Ubiquity line of gear. I'm starting with a Dream Machine Pro for the core router/firewall component. It can also contain an HDD for aggregating video surveillance feeds, which,.. I can already see is going to be a slippery slope.

I'll add a few of their APs for WiFi, and set it up with four SSID/VLANS each firewalled from one another. One for financial work -- banking, investments (dedicated laptop). One for normal computing (SigForum and stuff). One for video cameras. And one for IoT.

Anybody here using Ubiquity? The stuff is hard to come by right now. A lot of it is sold out. Any pointers, or gotchas in this plan?

That's "Ubiquiti" btw.
Yes, but I use the Edge Products not the UniFI lineup.
I am not crazy about the AP's and Primarily use/promote Engenius but they are very capable nonetheless.

quote:

Originally posted by smschulz:
That's "Ubiquiti" btw.
Yes, but I use the Edge Products not the UniFI lineup.
I am not crazy about the AP's and Primarily use/promote Engenius but they are very capable nonetheless.

I agree with all the above.

I had a UniFi AC AP Pro. I now use an EnGenius AP. I like it much better than I ever liked the Ubiquiti AP.

Maybe I'll FR that Ubiquiti AP and put it up here for sale...

Btw: With the right APs, you don't need a physically separate one for each "zone." You can have multiple SSIDs and a separate VLAN for each.

quote:

Originally posted by ensigmatic:
... Btw: With the right APs, you don't need a physically separate one for each "zone." You can have multiple SSIDs and a separate VLAN for each.

That's what I do with my EnGenius AP. I have a VLAN and SSID for the mobile devices in our home, another set for guests (with a qr code for friends to use to log in) and another for IoT equipment.

Ubiquiti left a bad taste in everyone's mouth earlier this year after their security breach that they handled poorly by attempting to pass the blame.

I’ve had Ubiquiti equipment at my house for several years. I got the LR AP, a switch and the cloud key. No real complaints. No failures or issues either. The long range AP gave me great coverage for the house and will automatically use either 2.4 or 5.x GHz depending on whatever the device needs. I’m streaming an Apple TV 4K on the WiFi signal without issues.

The newer Dream Machine stuff sounds very good, combining my cloud key and AP into a single unit. My understanding is, if you desire, you can setup a VPN connection from the DM Pro to something like NordVPN and everything can be fed through a VPN. You can’t do that with the standard DM. An interesting YouTube channel for some of this is NetworkChuck.

I switched to ubiquiti because the dream machine pro looked pretty robust and I liked the idea of everything being local to my house, not cloud with fees. I have a dream machine pro, unvr, access points, cameras, doorbell, few switches &misc stuff. Have had it a few months and still learning but everything is working well. I like the device that shows your camera feeds on tvs.

Another source is Crosstalk Solutions on YouTube. They have a series on setting up the DM Pro.

I used EnGenius for my office and use tp-link mesh at home.

I really like the mesh at home.

It gives a lot of information in the logs, enough to see really what is going on.

I am very happy with the Ubiquiti routers that I use at home, and have placed at client sites (EdgeMax series). I find they excel at premises boundaries, and for site-to-site tunneling.

I actually like the UniFi APs, and prefer them to EnGenius as they seem to have a little better range and a more reliable handoff for clients moving around an office (single SSID among multiple AP's connected/backhauled by 1000baseT). Anyway, one office where I had EnGenius APs deployed exhibited a marked improvement when they were replaced with UI APs in an identical coverage pattern. A small sample size indeed, but I wouldn't hesitate to employ EnGenius APs if budget, availability, or other considerations favored that option.

For those who have requirements for content-oriented firewalling/"deep inspection," you will want to look into dedicated firewall appliances that have these capabilities, such as products from Palo Alto Networks, Fortinet, etc. Be prepared for sticker shock, probably too spendy for most home networks, but the packet filters in router operating systems are not designed to do this. In any case, configuring firewall rules can be a complex and challenging effort, especially for someone without a fair amount of knowledge and experience.

The only real issue I have had with a UI product is an e100 (EdgeRouter Lite) that suffered a sudden power loss while operating. This corrupted the SquashFS partition on the internal USB drive, and rendered the unit unbootable. It wasn't a tremendously difficult fix, but it was inconvenient. I'd recommend either having a spare router available, keeping a backup configured thumb drive on the shelf, and making sure you have a good copy of the config file (the recovery procedure zeros the configuration). The thumb drive is physically tinier than most, and it is 4GB which can be hard to find these days.

quote:

they seem to have a little better range and a more reliable handoff for clients

Since you are an IT guy I know you know that describing an AP with "more range" is misleading and that roaming decisions are largely the clients decision.
However, nothing wrong with UniFi AP's performance ~ personally it's the controller that is not my favorite part.
YMMV

quote:

the internal USB drive, and rendered the unit unbootable. It wasn't a tremendously difficult fix, but it was inconvenient.

Completely agree but this isn't extremely prevalent but it can happen, been there done that.

quote:

Originally posted by ensigmatic:
...I now use an EnGenius AP. I like it much better than I ever liked the Ubiquiti AP.

-clip-

Btw: With the right APs, you don't need a physically separate one for each "zone." You can have multiple SSIDs and a separate VLAN for each.

Yeah, I was thinking multi SSID on both APs uniformly. Which EnGenius is the best currently? Or, if not the best necessarily , which ones do you like?

quote:

Which EnGenius is the best currently? Or, if not the best necessarily , which ones do you like?

EnGenius management is the key to choice > On Premise vs Cloud.
Larger deployments or multi-site environments benefit more from the cloud management.
On Premise is better if you have closer control.
As far as which particular AP depends on your individual circumstances/requirements.
I would opt one that is WiFi Six moving forward as this will be better performing (especially with like clients) and more clients are available.
The EWS377AP is a great one but might not always perform better than others - there are always several factors to consider in a deployment.
Also in difficult deployments consider one with detachable antennas where an appropriate antenna can be used.
They like others make outdoor AP's as well.
Management of multiple AP's can be done easily in any case.

Check them out > https://www.engeniustech.com/e...r-access-points.html

quote:

Originally posted by smschulz:

quote:

they seem to have a little better range and a more reliable handoff for clients

Since you are an IT guy I know you know that describing an AP with "more range" is misleading and that roaming decisions are largely the clients decision.

Beat me to the punch. Maybe he really meant band steering? (Which I do not recommend, regardless of AP product.)

Re: Roaming

At work I had three NetGear APs and an Ubiquity UniFi AP AC Pro. I did repeated, extensive testing by means of doing walk-abouts with a laptop while maintaining a persistent connection to a server. I roamed seamlessly throughout the building on both 2.4GHz and 5GHz.

At home I recently threw a Comtrend Ethernet-over-Power module with a built in 2.4GHz AP out in the µBarn (just for grins). Turned it down a notch to reduce overlap with the EnGenius EAP1300 in the house. Phone, tablet, and even my watch, roamed seamlessly between the two.

The thing I like about EnGenius APs, other than the fact the one we've had has performed flawlessly, is you have a choice of device management: Individually (they have a built-in browser interface), via EnGenius' on-site management built into their switches, or cloud.

I hated Ubiquiti's controller and the requirement for it.

Even if I put a real AP out in the µBarn, as I've been threatening to do for a while, I'll still manage them discreetly. Despite the fact either of my two EnGenius switches could manage them, two APs doesn't demand the extra complexity of centralized management and I'm a strong adherent to the KISS philosophy.

quote:

Originally posted by r0gue:
... Which EnGenius is the best currently? Or, if not the best necessarily , which ones do you like?

I have the EWS377AP right now. I have no complaints. I haven't mounted it on the main floor yet, I've just got it setting in the basement for now. I've got some wire to run.

I went Ubiquity for their router/firewall (Dream Machine Pro) and to get centralized management I figured I'd stick with their APs. Also I wanted WiFi6 because it seems to get good reviews as a major advancement.

I cannot seem to find their PoE switches in stock anywhere (the 24 port version).

Yeah, you may as well go with all of the Ubiquiti stuff because it can be centrally controlled. (Something like that.)

It is nice stuff.

quote:

Originally posted by r0gue:
I went Ubiquity for their router/firewall (Dream Machine Pro) and to get centralized management I figured I'd stick with their APs. Also I wanted WiFi6 because it seems to get good reviews as a major advancement.

I cannot seem to find their PoE switches in stock anywhere (the 24 port version).

It looks like they basically just released a whole new lineup of everything and the inventory and supply chain of the new stuff just isn't there yet and the old stuff is fading out.

There are some scalpers selling the stuff at very elevated prices online (50-100% over list) if you absolutely have to have something now.