I recently joined the seemingly popular Ubiquiti cult of networking devices at home. I've read about these a lot, and heard nothing but good things. I've also wanted to improve my home network, especially having some intelligence on what's talking to what, by whom and where.
For the last few years, I've been using a Netgear router running DD-WRT which I installed.
It's been fantastic, and has served me very well. It's SPI firewall is leaps and miles ahead of any factory router firmware, and the level of control has been great. I heavily used the OpenVPN server to VPN home for checking my NVR/IP cameras, while restricting their ability to access the internet.
If I had time, I'd build more upon my home lab to ingest a lot of the syslog generated from the DD-WRT router, including netflow traffic, and even thought about introducing PFSense and Security Onion.
Then I thought, based on the reviews, how about I just throw a few hundred bucks at Ubiquiti and let it (supposedly) do it all for me!
This is what ~$900 gives you:
- Ubiquti 24 port POE switch
- Ubiquiti Security Gateway
- Ubiquiti AC-PRO Wireless AP
And here it is all wired up in my (ghetto) rack:
I didn't buy the official cloud key, instead opted to install the UniFI controller (UniFiPi) on a spare RP3 I had. I tell you what, save yourself $$$ and use the RP. While I can't compare to the cloud key. UniFiPi on my RP3 has been running flawlessly.
Check out UniFiPi here: https://unifipi.com/
What's the difference between the cloud key and UniFiPi. Not much. See here:
https://unifipi.com/2018/10/08/unifipi-vs-cloud-key/
In terms of installing and setup, it literally is plug it all in, access your UniFi controller, adopt all UniFi devices into your network and magic happens. Done.
Within a few minutes, the Deep Packing Inspection (DPI) on the security gateway immediately started analysing net-flow traffic and presenting it all in a nice pretty dashboard.
Some examples:
UniFi adopted devices:
Connected clients:
Summary of traffic:
Deep dive into PC traffic:
I've only had this running for a day. I need to spend more time on understanding what data is available. I want to implement an L2TP VPN back home, using 2FA with Google Authenticator. I've also enable the IDS/IPS. Luckily the dashboard is empty :)
So happy with my purchase and I highly recommend for a no fuss setup if you're looking for a product to understand your home network more.
--> n33dle
