Network upgrade

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

B O Terry

New Around Here
I am working to upgrade my environment and trying to narrow down my choices on which product.

I am currently considering:
UDM
UDM Pro
Amplifi Alien

Goals/Needs:
*built-in firewall to the existing environment (See below)
*Compatibility with other AP/Mesh brands to extend wifi (such as AT&T, eero, Netgear, etc).
*Ability to create a separate network for home office. This can come later if needed and/or I can do this later or with a switch.
*Will eventually upgrade AP/Mesh but anything added will need to be plug-in vs PoE as network wiring is not in place and will not be added.


This first one will be my own So/Ho. Once I get the first setup configured, I will likely be adding two more soon after. I understand that management interfaces will be separate for any non-Ubiquiti/UniFi devices.

Existing environment:
AT&T gateway
AT&T mesh
Typical equipment including wired desktop, Wired printer (Both wired devices are near the Gateway), 3 wifi laptops, smartphones, RING doorbell, Smart TV's, etc.
 

coxhaus

Part of the Furniture
You might consider the Cisco RV340 router as it is cheaper than what you are looking at. It is a stable unit. If you want better a firewall than a small router you might want to look at Untangle firewall software. It is only $50 to run at home and it has a much better firewall than any small business router.
 

B O Terry

New Around Here
@coxhaus, is the Untangle firewall software for home $50 for what length of time? Would I use that with my existing equipment or still need to add a piece of hardware somewhere?
 

Trip

Very Senior Member
@B O Terry - Here's how I'd approach this, moving from initial upgrade to complete network overhaul:

To begin with, if all you want is enriched firewall capability on top of the AT&T gear, then I would introduce a discrete firewall running in "drop-in" mode (as a layer 2 bridge) between the AT&T gateway and the AT&T mesh points. Per @coxhaus's suggestion, Untangle is probably the best tool for the job, given the NGFW feature set and cost ($50/year for Home Pro). For hardware, you can either roll your own x86 box (like a Qotom Q555G6) or purchase one of Untangle's pre-built appliances (a wired-only mode).

The next step would be a wifi upgrade. It wasn't clear from your writing, so I apologize if this is obvious to you, but each vendor's "mesh" products, be they consumer or business-grade, are proprietary and do not "extend" nor "sync" with off-brand equivalents, so if you wanted to keep AT&T's mesh product, you'd need to add more of those nodes exclusively, at least if you wanted to retain central management and seamless roaming. If the AT&T mesh gear is too flaky or under-performs too far beneath a standard access point or wireless router, I'd rip and replace them with better gear.

If you do replace the AT&T mesh gear, the primary question to answer would be: would you want private/guest functionality to extend to wireless access? If yes, then I'd look to VLAN-capable, SMB-class wifi APs and skip consumer gear altogether (which don't support VLANs, required for proper segmentation). If you didn't need to segment wifi clients, then you could run something like Eero, Orbi or Velop in bridge/AP mode, and all wifi traffic would be part of your private/management subnet. That said, I would suggest the former (SMB gear) so you'd have the option to properly segment, without having to rip and replace hardware yet again. Most of the SMB-grade APs can be AC/plug-powered and will support wireless uplink (aka "mesh"), although some products may function better than others when most APs are meshed. This is where something like used/refurbished Ruckus gear would do very well, as its SmartMesh is a higher-order beast than the likes of UniFi or Omada. Cisco CBW may be a nice go-between in capability/cost.

If you end up phasing out the AT&T mesh points, you're no longer reliant on the AT&T gateway for anything special, and at that point I would put it into IP-passthrough mode, so you can run NAT, routing and all other network services off the Untangle firewall (taking it out of "drop-in" mode and running it in its default "router" mode). This will streamline your network and probably make it more reliable, as well.

So there you go. That's the order in which I'd proceed. Any questions, feel free.
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top