The official Ubiquiti Devices Q&A Thread

Genisys

Executive Member
Joined
Jan 12, 2016
Messages
9,444
I wouldn't count on CLI with USG, it is problematic. If you have to use CLI, you should better chose one of EgdeRouter instead to avoid disappointments.
Or just buy decent equipment to avoid disappointments. This isn't a personal attack on anymone, a USG/Edgerouter might be perfect for some use case, doesn't mean its perfect for everyone. If you want a no compromises all the way to the end firewall your best option is a PFsense box or something decent from Cisco, Dell or the like. Fact is the USG isn't as great as many people on this forum make it out to be, nor is any Mikrotik (I know someone is going to call me out for being bias so lets settle it now). IF you want simple to set up and manage, USG is probably the closest option. IF you want more power, Mikrotik or an EdgeRouter. If you are done playing in this small pond Cisco is where the serious networking happens.
 

sajunky

Honorary Master
Joined
Nov 1, 2010
Messages
13,125
Usg definitely does hardware offloading.

Switching IPS on disables the offloading, hence the throughput limitations
Definitely it does hardware offloading, but definitely NOT for bridging, it was a topic of my post. I did research when planing my project and it was a one of the reason deciding for ER-X instead of USG. There was a nice table on Ubiquiti website, I can't find it now, but quick search brings this, refreshing my memory:
https://www.reddit.com/r/Ubiquiti/comments/9apavj Read here, post by briellie:
Bridging isn't offloaded and never has been. Some ERs have a built in network switch, like the ER5POE and ER-X - the rest of them don't, and none of the Unifi routers have a built in switch.
EDIT: Here is a link to my project, and YES I do accept all comments from @Genisys. It needs lot of tinkering when using not expensive equipment, but it can be done: https://mybroadband.co.za/forum/threads/a-small-office-home-network-project-feedback-welcome.934158/
 
Last edited:

access

Executive Member
Joined
Mar 17, 2009
Messages
8,828
smart queues slow it down a bit more

also, their edgerouters are nice, it does not give you the unifi features which was mentioned. i mentioned the cli for usg because when ive used it, it worked fine. various guides on forums..
 
Last edited:

access

Executive Member
Joined
Mar 17, 2009
Messages
8,828
Controller still reports:

Warning: Enabling IDS/IPS will affect the device maximum throughput. USG: 85 Mbps, USG-Pro: 250 Mbps, USG-XG-8: 1 Gbps.
seen speed test results show different though. so.. 'not sure'
 

access

Executive Member
Joined
Mar 17, 2009
Messages
8,828
Surely this only applies to the wan interface right ? Or does IPS enabling drop performance across all interfaces. In my use case, Lan 1/Lan 2 should operate at gigabit especially when traffic is routed/switched between the two interfaces. For wan, 80mbps is ok for me as I only have 20mbp FTTH connection?

If it against all interfaces, is there a way to only make IPS work on a specific interface i.e. wan?
It says throughput so I imagine it's between all ports on the device including between lan1 and lan2.
the new xg-8 is 8x10gbps ports, dropping down to 1gpbs total throughput doesnt sound right. that thing is like 35k


Fact is the USG isn't as great as many people on this forum make it out to be
simple to set up and manage, USG is probably the closest option
dont know about making it out to be like that, its as you say and decent spec for price on top of that.
 

SilverNodashi

Expert Member
Joined
Oct 12, 2007
Messages
3,315
I wish there was another way of managing the Unify's than the Unify App. Makes it quite a nightmare to get into a remote AP if I'm not on the same physical LAN and the VPN is on a different subnet
 

Sinbad

Honorary Master
Joined
Jun 5, 2006
Messages
65,686
I wish there was another way of managing the Unify's than the Unify App. Makes it quite a nightmare to get into a remote AP if I'm not on the same physical LAN and the VPN is on a different subnet
That's what the controller is for.
 

access

Executive Member
Joined
Mar 17, 2009
Messages
8,828

access

Executive Member
Joined
Mar 17, 2009
Messages
8,828
These are things I would like to keep disabled. Keep my affairs away from Ubiquiti servers - means private.
im generally the same, ive tried this recently though and was impressed.

unless hes talking about the ubnt gateway that puts its vpn subnet in a different subnet to the lan, it automatically nats everything though, ive not had problems accessing the lan via vpn in this manner.
 

PhireSide

Executive Member
Joined
Dec 31, 2006
Messages
8,611
That's a paid service isn't it?
I have this running on my Rpi that handles my DynDNS, a small Mumble server, PiHole and a primitive file server and the Unifi Controller as well. It's really nice to be able to remote in with the Android app and see what's going on on the network at any time.

Free, too, which is a bonus
 

access

Executive Member
Joined
Mar 17, 2009
Messages
8,828
That's a paid service isn't it?
Free with cloud key
i dont have a cloud key and im using it, just tested again to make sure, upgraded an ap firmware. the controller must be running on the pc though. i think with the key you dont need the controller running on the pc?

sometimes the ips on the usg messes with the connection to the controller, disabled it and i could connect again. activate it again and it still works.. ips is in beta i guess...
 

Genisys

Executive Member
Joined
Jan 12, 2016
Messages
9,444
Definitely it does hardware offloading, but definitely NOT for bridging, it was a topic of my post. I did research when planing my project and it was a one of the reason deciding for ER-X instead of USG. There was a nice table on Ubiquiti website, I can't find it now, but quick search brings this, refreshing my memory:
https://www.reddit.com/r/Ubiquiti/comments/9apavj Read here, post by briellie:

EDIT: Here is a link to my project, and YES I do accept all comments from @Genisys. It needs lot of tinkering when using not expensive equipment, but it can be done: https://mybroadband.co.za/forum/threads/a-small-office-home-network-project-feedback-welcome.934158/
There is nothing wrong with the Access points (I love my Unifi Access point I currently have), when my next upgrade cycle for AP's come along in three or so months time I'll be going for a few Unifi access points, just need to decide what I want to do with regards to switching as my RB2011 is a terrible switch and I need multiple smaller switches that can handle Gigabit speeds as well, I need something with way more potential, possibly some Cisco kit, SG300 series likely. I looked at the Unifi switches and they don't satisfy my requirements and needs, being linked to a controller makes it almost pointless to me.

I moved away from my USG to a Mikrotik RB4011 (and RB3011, and a CCR1009) so I have compromised in a few aspects as well, there are things like DPI, and IDS/IPS which I miss, but things I also don't miss from the USG (The need to have a controller running for any changes you make is annoying). Yes, comparing a USG to a RB4011 and a CCR1009 isn't particularly fair as both can easily route close to 10Gigabit a second without braking a sweat (and the RB3011 is more than capable of going over gigabit speeds), but when you need the power you want it available, don't want to upgrade an entire firewall.

If the USG-Pro had better throughput I'd have gotten one instead of a 4011 in a heart beat, but for my needs, 4011 was a better option.
 

access

Executive Member
Joined
Mar 17, 2009
Messages
8,828
Ah. I don't have a cloud key
the controller application just needs to be running on a pc in the network, then you can access it through their service without the cloud key. sorry if i was unclear earlier, i was on the way out.
 

Sinbad

Honorary Master
Joined
Jun 5, 2006
Messages
65,686
the controller application just needs to be running on a pc in the network, then you can access it through their service without the cloud key. sorry if i was unclear earlier, i was on the way out.
Really? That's new
 

access

Executive Member
Joined
Mar 17, 2009
Messages
8,828
Really? That's new
well unless im doing something really wrong..

i dont have a cloud key, i signed up on their site, put the details in the cloud access section in the controller, now i can access my controller via their cloud, if its running.
 
Top