How good is Ubiquiti's Security Gateway compared to Sophos UTM?

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

spyrule

Active Member
Hey guys,

I'm currently running Sophos UTM 9 for my firewall/gateway at home, and for the most part, it works great. However, I'd like to switch my Wifi to Ubiquiti's APs, and I'm considering the Security Gateway Pro device as well to make it all more easily managable. My only concern is that there is very little documentation on what features the Security Gateway (USG‑PRO‑4) actually contains.

Besides the normal WAN/Lan management (DHCP,DNS) firewall and web filtering, I also use the IPS service, Anti-Port scan and Anti-DDOS services. Are these supported in the Gateway?

Any and all suggestions are very much welcome.
 

pyro_

Active Member
Oct 4, 2013
747
165
43
The USG is not a utm. At this point it is really only going to to your wan/lan management and firewall. It does not have web filtering, and ips is currently only in beta. I am unsure if it does the anti ddos or anti port scan
 

apnar

Member
Mar 5, 2011
115
23
18
The USG have fairly limited set of options but more and more things get added in each release. The nice thing is if you’re reasonably technical you can implement just about anything that’s supported on their much more capable Edge Routers on the USG. You need to do the configs manually then drop it as json on the controller (I had to do this for my ipv6 support and PXE booting options for DHCP). I made the jump over to all Unifi at home (APs, USG pro, and switches) last year and I’ve been pretty happy with the unified management.
 
Jan 4, 2014
89
13
8
Hey guys,

I'm currently running Sophos UTM 9 for my firewall/gateway at home, and for the most part, it works great. However, I'd like to switch my Wifi to Ubiquiti's APs, and I'm considering the Security Gateway Pro device as well to make it all more easily managable. My only concern is that there is very little documentation on what features the Security Gateway (USG‑PRO‑4) actually contains.

Besides the normal WAN/Lan management (DHCP,DNS) firewall and web filtering, I also use the IPS service, Anti-Port scan and Anti-DDOS services. Are these supported in the Gateway?

Any and all suggestions are very much welcome.
ips is in beta, others are basic firewall functions.
doesnt have inline virus scanning, but in general, most utms are faking it anyway, onky being able to scan small files.


send from a mobile device, so typo's are to be expected
 

Nnyan

Active Member
Mar 5, 2012
142
42
28
As I'm moving away from my Eero pro units (I just deployed my Unifi Controller onto Google Cloud Product and have my Unifi AP's up and running. I get my USG tomorrow and my 24 port switch the next day) I plan on running the USG as the gateway/router and Sophos XG in bridge mode for other UTM features. But so far I've found most of the features I need (with the exception of things like AV).
 

spyrule

Active Member
Thanks guys,

I've done more research and after discovering how easy VPN tunneling is on these products I'm even more keen to get moved over.

Question: Are the ~2000 users devices truly capable of that, or is that utter nonsense (like so many other firewalls come to be) ?

My plan is to connect 2 satalite offices with our main office. Total user count between the 3 offices is ~50 users total, albeit 20-25 won't be using the vpn directly (warehouse workers, etc).

I'd love to do their Voip phones, but it doesn't look like they are quite ready for mainstream yet, and I cannot afford mud on my face for a spotty phone network.
 
Jan 4, 2014
89
13
8
Thanks guys,

I've done more research and after discovering how easy VPN tunneling is on these products I'm even more keen to get moved over.

Question: Are the ~2000 users devices truly capable of that, or is that utter nonsense (like so many other firewalls come to be) ?

My plan is to connect 2 satalite offices with our main office. Total user count between the 3 offices is ~50 users total, albeit 20-25 won't be using the vpn directly (warehouse workers, etc).

I'd love to do their Voip phones, but it doesn't look like they are quite ready for mainstream yet, and I cannot afford mud on my face for a spotty phone network.
pro's should be fine, if you're feeling adventurous, or bw constrained buy the infinity 10g for the main office

send from a mobile device, so typo's are to be expected
 

Nnyan

Active Member
Mar 5, 2012
142
42
28
I finally got the last piece and got it online. Moved some clients over and I'll see how it goes. Nmap scans are good and so far so good. The device adoption process is a bit scattered found multiple docs and it seems like the version of the firmware your devices have will have an impact on how difficult the process is. all three of my AP's and the USG were a PITA to adopt but the switch (which had a newer firmware on it) almost did it itself.

Ubiquiti Deployed.png
 
  • Like
Reactions: Palvelinvirhe

vrod

Active Member
Jan 18, 2015
241
43
28
31
The USG is the only part of the unifi family that I could not recommend to anything near enterprise or bigger corporations. For homes and small businesses it it’s ideal but it’s not mature enough yet for big businesses. The Sophos UTM’s are much more focused on security whereas Unifi is focused on simplicity and functionality.