UniFi Cloud Gateway Ultra or pFsense?

[Burner27]

Since Arista (previous firewall software I was using) decided to exponentially increase its pricing for the Home User license, thereby making it cost-prohibitive to renew - I have been using different devices as my home firewall. I was using pFsense for a while. I really do like it even with its learning curve and getting things set up. (So many tutorials out there as well) But once you do, you pretty much leave it alone. Currently, I am using a Ubiquiti Cloud Gateway Ultra, and I do like its simplicity in setting things up and getting it configured. I do like how it uses Linux as its OS base, it uses very little in terms of resources (was surprised to see is only has 3GB ram and a quad-core ARM CPU), and is such a small hardware footprint. I guess my reason for this post is - is anyone else using a CGU? Do you find there to be any shortcomings? The only things I am not too keen on is the lack of reports; there isnt any customization for the Ad-blocking feature; content filtering is kinda limited; and the IDS/IPS seems very basic as well. I am guessing that's the 'simplicity' of it. I found pFsense to be a lot more customizable - but then is that needed for home use?

Yes I did see the reviews on it, especially the one from Tom Lawrence regarding the two in question.

Thanks to anyone who decides to chime in.

B27

 

[zandor]

Linux is in all sorts of things these days. It's almost become the default OS kernel for any sort of gizmo that has a little power.

I used to use a Linux machine as a router/firewall years ago. I've since soured on software solutions running on a PC after trying out a commercial router. Software routers are just a bunch of extra hassle and maintenance unless you need something a low end commercial router costing a few hundred bucks can't do.

I'm currently using a Mikrotik RB5009, which I can't generally recommend due to a pesky bug. I bought it because it has a 2.5Gb port and an SFP+ (10Gb) port to support a 1200Mbps Internet connection. Gigabit and slower devices connected through the 10Gb port with the 2.5Gb port connected to the modem suffer severely degraded performance, like 250Mbps. I managed to mostly work around it using VLANs and routing traffic to slower devices through a 1Gb port on the router, but these things are a pain in the ass if your Internet is faster than gigabit. Mikrotik RouterOS is also not simple, so it's more pFsense than Ubiquiti in terms of complexity and learning curve.

I personally wouldn't consider a Ubiquiti Cloud Gateway Ultra acceptable simply because it only has one 2.5Gb port. I need at least 2 ports that are 2.5Gbps or faster, and prefer having an SFP+ port so I can use fiber for lightning protection. My router connects to my main switch via fiber, so if Comcast gets zapped hopefully only the cable modem and router will get fried. I use a media converter to run the 1Gb connection over fiber as well as the 10Gb.

If I had to do it over I'd probably give TP-Link Omada a try. I've been very pleased with their Omada WiFi access points. They've just been rock solid stable. Omada is commercial grade gear, but has a nice GUI. I understand networking pretty well (write network code for a living...) but don't mess with routers and switches enough to remember how to do shit on a command line, so I like a nice GUI. TP-Link has a web controller you can run on a computer (It's written in Java, so can be made to run on all sorts of hardware) or you can buy a hardware controller for a couple hundred bucks. Next time I have to mess with my network I'll probably buy the controller.