Question Home network security.

Page 2 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
kanewolf said:
All the Ubiquiti UniFI routers (they call them gateways) have the same feature set.
Most new users chose one of the Cloud gateways -- https://store.ui.com/us/en?category=all-cloud-gateways
The cloud gateways run the management software internally so they are more convenient for new users.
Maybe here is a good place to start -- https://ui.com/us/en/introduction
Click to expand...
Hi Kanewolf.
I was looking at the Ubiquiti website, and i think these two are the most similar in price and features to what I'm looking for:
-https://eu.store.ui.com/eu/en/category/all-cloud-gateways/products/ux7
-https://eu.store.ui.com/eu/en/category/cloud-gateways-compact/collections/cloud-gateway-max

One has Wi-Fi and the other doesnt, although the one without Wi-Fi has better security and deployment options.

Although its not entirely clear to me what they mean by cloud, i mean, it doesnt seem very secure to me that everything is in the cloud; perhaps i misunderstood.

Thanks!
 
Values said:
Hi Kanewolf.
I was looking at the Ubiquiti website, and i think these two are the most similar in price and features to what I'm looking for:
-https://eu.store.ui.com/eu/en/category/all-cloud-gateways/products/ux7
-https://eu.store.ui.com/eu/en/category/cloud-gateways-compact/collections/cloud-gateway-max

One has Wi-Fi and the other doesnt, although the one without Wi-Fi has better security and deployment options.

Although its not entirely clear to me what they mean by cloud, i mean, it doesnt seem very secure to me that everything is in the cloud; perhaps i misunderstood.

Thanks!
Click to expand...
Features between the UX7 and UCG-MAX from a security perspective would be the same. They use the same software for configuration and management. The UX7 is the newer product, released about a month ago.
They use the word "cloud" because if you were managing multiple sites, you would do that through a cloud portal. You do have to create a cloud login (I think), but you can also create local admin logins. The cloud login does require 2FA every time, so it is pretty secure.
All management can be done through a LAN IP address. You don't have to use the cloud URL.
Obviously the UX7 only has the single wired port. You would have to add a wired switch to expand the wired connectivity. The Utility tab of switching is a good place to start -- https://eu.store.ui.com/eu/en?category=switching-utility

As you can see from this display of my network I have multiple types of switches in my network. The equivalent of the UCG-MAX for me is the UXG-MAX.

OKPYL1Q.jpeg
 
kanewolf said:
Features between the UX7 and UCG-MAX from a security perspective would be the same. They use the same software for configuration and management. The UX7 is the newer product, released about a month ago.
They use the word "cloud" because if you were managing multiple sites, you would do that through a cloud portal. You do have to create a cloud login (I think), but you can also create local admin logins. The cloud login does require 2FA every time, so it is pretty secure.
All management can be done through a LAN IP address. You don't have to use the cloud URL.
Obviously the UX7 only has the single wired port. You would have to add a wired switch to expand the wired connectivity. The Utility tab of switching is a good place to start -- https://eu.store.ui.com/eu/en?category=switching-utility

As you can see from this display of my network I have multiple types of switches in my network. The equivalent of the UCG-MAX for me is the UXG-MAX.

OKPYL1Q.jpeg
Click to expand...

Hi Kanewolf, how are you? Wow, you have a gigantic network.
I was comparing these two:
https://eu.store.ui.com/eu/en/category/all-advanced-hosting/products/uxg-max
https://eu.store.ui.com/eu/en/category/cloud-gateways-compact/collections/cloud-gateway-max

The main difference is that the UXG-MAX requires a controller or hosting, so that one would be ruled out.
It seems like the decision would be between:
https://eu.store.ui.com/eu/en/category/all-advanced-hosting/products/uxg-max
https://eu.store.ui.com/eu/en/category/all-cloud-gateways/products/ux7

The only problem is that with Express7 I would only have one free port, and i dont know why it shows no support for security cameras and other devices.

Thank you so much.
 
Values said:
Hi Kanewolf, how are you? Wow, you have a gigantic network.
I was comparing these two:
https://eu.store.ui.com/eu/en/category/all-advanced-hosting/products/uxg-max
https://eu.store.ui.com/eu/en/category/cloud-gateways-compact/collections/cloud-gateway-max

The main difference is that the UXG-MAX requires a controller or hosting, so that one would be ruled out.
It seems like the decision would be between:
https://eu.store.ui.com/eu/en/category/all-advanced-hosting/products/uxg-max
https://eu.store.ui.com/eu/en/category/all-cloud-gateways/products/ux7

The only problem is that with Express7 I would only have one free port, and i dont know why it shows no support for security cameras and other devices.

Thank you so much.
Click to expand...
The difference between the UCG and UXG lines is the separation of the hosting of the management software. Personally I like the separation, so I chose the UXG line. I don't see a separate physical device that manages my network as a downside. Some people do. The management software is a free download and can run on just about any hardware. Windows or Linux. I use a PI4 to host the management software and PIHole for DNS. If you already have VMs (or Docker containers) in your LAN, then another small VM running the network management software is not a significant issue. It is also the case that the management software is NOT required to run 24/7 unless you use the guest WIFI portal. You can run it ONLY when you want to make configuration changes or check for firmware updates.
The UCG-MAX has a slot for an NVMe disk. That can be useful if you want cameras or access control. Those features require the integrated software on the UCG rather than the UXG. If you just want a router then the UXG is more equivalent to the MikroTik.
 
kanewolf said:
The difference between the UCG and UXG lines is the separation of the hosting of the management software. Personally I like the separation, so I chose the UXG line. I don't see a separate physical device that manages my network as a downside. Some people do. The management software is a free download and can run on just about any hardware. Windows or Linux. I use a PI4 to host the management software and PIHole for DNS. If you already have VMs (or Docker containers) in your LAN, then another small VM running the network management software is not a significant issue. It is also the case that the management software is NOT required to run 24/7 unless you use the guest WIFI portal. You can run it ONLY when you want to make configuration changes or check for firmware updates.
The UCG-MAX has a slot for an NVMe disk. That can be useful if you want cameras or access control. Those features require the integrated software on the UCG rather than the UXG. If you just want a router then the UXG is more equivalent to the MikroTik.
Click to expand...

Hello Kanewolf, as always, its a pleasure to read your feedback.

I have several questions about UXG:
1. Since it depends on proprietary Unify software to manage the firewall itself, wouldnt this be an inconvenience and a handicap?
2. Since it has to rely on a server, even if its a virtual machine, wouldnt this increase the potential attack surface even more?

Im sorry if so many questions bother you. Im not questioning your opinion or your knowledge, but i like to research and think you have a wealth of knowledge, and i take your opinions very seriously.

Thank you very much.
 
Values said:
Hello Kanewolf, as always, its a pleasure to read your feedback.

I have several questions about UXG:
1. Since it depends on proprietary Unify software to manage the firewall itself, wouldnt this be an inconvenience and a handicap?
2. Since it has to rely on a server, even if its a virtual machine, wouldnt this increase the potential attack surface even more?

Im sorry if so many questions bother you. Im not questioning your opinion or your knowledge, but i like to research and think you have a wealth of knowledge, and i take your opinions very seriously.

Thank you very much.
Click to expand...
The UXG only requires the management software for configuration changes and firmware updates. You don't have to run it 24/7 unless you use specific features like the guest portal.
Is there a greater attack vector? I suppose that depends on how secure you make the host. If you properly harden the host, then I don't believe it is worse than any other host on the LAN. If you believe a separate physical host is a downside, then you would go with the UCG line rather than the UXG line. As I said, earlier, many new users go for the simplicity of the all-in-one UCG hardware.
Is the proprietary software a handicap? I don't see it as such. It is free, and available for almost all platforms. It uses a standard browser to access the management software. It provides a single place to manage router, firewall, switches, access points. Is that a handicap compared to trying to use four or five different interfaces to manage creating a single VLAN from router to switch to access point ? I don't think so.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom