Ubiquity Unifi Security Gateway or EdgeRouter 4?

[TaylorH]

I've been flirting with going all in with Ubiquiti Unifi products for a couple of years and I may be read to pull the trigger. Where I'm stuck is deciding between EdgeRouter or USG. I understand the key difference which is that EdgeRouter is a standalone router (sounds good to me) while USG is managed by the CloudKey which is also fine as I will have one managing the APs and cameras (eventually.).

But which do I get? My requirements are relatively simple and consumer. This is for a house with nothing fancy except I do want to run VPN so I can remote access from iPhone, Windows, and Mac clients. It is trivial to set up OpenVPN on my Asus WRT-AC68U with Merlin and that has served me well for years. Aside from that the ordinary stuff like port forwarding, UPNP, DHCP address assignments, IPv6, DDNS, and some basic logging and traffic monitoring which both have.

It sounds like I can do VPN with both of these products but I have read that they are underpowered for OpenVPN and it is suggested you use IPSec. iPhone supports IPsec, L2TP, and IKEv2 but previous experience with IPSec was that it was a pain in the butt to configure. I'm really fine with any of them if they work. OpenVPN is super easy. I really have no experience with IPSec or IKEv2. It sounds like L2TP would be something to try?

Or should I not get either and stick with consumer routers like the Asus and just deploy the ubiquity for everything else?

I have Comcast Gigabit with 1Gbps down/45 up so the VPN needs to support at least my up speed.

Thanks

 

[TaylorH]

After reading many more reddit and other forum posts I think I’m going with USG. I’m fairly confident that I’ll get tbe performance I need out of it which is Gigabit throughput and VPN of at least 45Mbps.

 

[coxhaus]

What USG router does a gig? I don't use Ubiquiti but I thought you had to go Edge if you wanted a full gig internet support.

 

[TaylorH]

From what I've read, several people have demonstrated proof that USG can do gigabit throughput as long as you don't enable DPI and maybe QoS. It chokes on some VLAN routing and other more complicated stuff that's processor intensive. But it can operate at gigabit, supposedly. The only thing I'm worried about is the VPN server which from what I read may max out at about 25Mbps. I guess that's OK but I'm used to the ASUS RT-AC68U which cand handle OpenVPN nicely and I'm contemplating moving to an ISP that's 200Mbps symmetrical (from Comcast 1000/42) . So I would like the performance for the VPN, but I don't need the throughput of gigabit if I go that route.

I actually ended up picking up the EdgeRouter 4. It's quite capable and what little time I've spent with it I'm learning how to configure the way I like it. I may stick with it, especially knowing that it's not underpowered.

I recently replaced my Asus RC-AC68U with a Netgear R7800 and wow, the range and performance on the Netgear is pretty impressive. This one AP alone seems to be perfectly fine for my home so I'm re-evaluating my intent to go with Ubiquity and multiple APs at all and going all-in with Unifi was kind of the motivation for considering the USG.

I kind of hate the router software on the Netgear so I'm operating it as an AP only for now and still using the Asus as a router (without wifi.) I'm probably going to swap the router out for the EdgeRouter 4 when I get a chance (I've been a little busy.)

Thanks

 

[Trip]

The main reasons to go all-UniFi for gateway, switching and wifi are: 1) price and 2) single pane of glass/control, especially for MSPs. Otherwise, if your stack has even a single separate vendor in there, you can find way better capability per dollar by staying mixed and buying on individual merits alone. Notice I said per dollar, not cheapest outright. If MSRP is your primary driver, than yeah, UniFi may be the best choice across the board. Otherwise:

For a gateway, EdgeRouter wins out per cost/benefit. Mikrotik is good if you know what you're doing, or an x86 box running whatever distro, or for turn-key and support, a private UTM/NGFW product (Fortinet, Sophos, Juniper SRX, etc.).

For switching, UniFi is decent; a better choice than EdgeSwitch, which isn't proven enough yet, plus hardware is lagging very badly behind UniFi. I'd stay away from Mikrotik (flaky SwitchOS + no support). Best bang for your buck in the space is still HPE (or HPE Renew), or Cisco SG for DIY'ers, small/flat networks and no SDN needed. Juniper EX is better still, but way overkill in just about every way.

Lastly, wifi. UniFi's strongest area, but still based on generics with a healthy dose of "good enough" engineering. You very well might be able to get away with a whole-house consumer product, be it Asus AiMesh, Eero, Google Wifi, etc. In the commercial space, Ruckus offers a way better connectivity and roaming experience in most scenarios, and so much of their gear can be had discounted and/or refurb that the price aspect is almost null at this point.

So, while UniFi will work, and provides fantastic value, especially when run "full stack", it's most certainly not the end-all, be-all for every prosumer.

 

[coxhaus]

I have no problem with roaming using Cisco small business wireless APs. Multiple APs setup as a cluster which seems to work well in my house. They are very easy to setup. They also support VLANs for setting a separate guest network.

 

[Gitsum]

What USG router does a gig? I don't use Ubiquiti but I thought you had to go Edge if you wanted a full gig internet support.

I recently purchased UniFi gear including the $140 USG router and it does 1gig no problem unless you turn on IPS and IDS.