Managing multiple UniFi sites

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

IamSpartacus

Well-Known Member
Mar 14, 2016
2,507
645
113
For anyone using UniFi to manage small/medium businesses, are any of you using their USG's? I've never really considered them for an edge router/firewall solution but just curious about them. I have some clients that only have low level tech's to manage their network so the idea of having everything accessible via the UniFi controller is attractive to them. But i do not want to recommend/go that route if the USG is not up to snuff.
 

NashBrydges

Member
Apr 30, 2015
86
24
8
57
What specific functions are you lookig for at the network edge? The USG will perform fine for standard firewall functions and simple NAT but if you want complex routing rules, you'll want to get familiar with their CLI and manually changing their config files. Certainly not ideal for complex scenarios. If you turn on VPN or the new IDS functionality, the USG3 simply won't have the power to manage high throughputs and will cap out at around 80Mbps. The USG Pro will be good up to around 350 or 400Mbps if I remember correctly. If no plans on VPN or IDS then the USG3 can handle near 1Gbps.

Why haven't you considered them for your clients? Just curious.
 

IamSpartacus

Well-Known Member
Mar 14, 2016
2,507
645
113
What specific functions are you lookig for at the network edge? The USG will perform fine for standard firewall functions and simple NAT but if you want complex routing rules, you'll want to get familiar with their CLI and manually changing their config files. Certainly not ideal for complex scenarios. If you turn on VPN or the new IDS functionality, the USG3 simply won't have the power to manage high throughputs and will cap out at around 80Mbps. The USG Pro will be good up to around 350 or 400Mbps if I remember correctly. If no plans on VPN or IDS then the USG3 can handle near 1Gbps.

Why haven't you considered them for your clients? Just curious.
To be honest I've always worked with more robust edge solutions that require a lot more configuration options. However, this new client of mine is looking to connect a bunch of small branch offices (basically running stock ISP routers) back to their main office (Sonicwall). So yes, VPN connectivity is a must though it likely won't need a lot of throughput. I'm in the process of migrating all their branch office switches and AP's (all UniFi) into a VPS hosted cloud controller which is what made look into the USG.

The branch locations pretty much just need internet for their POS systems and not much else so I'm thinking bandwidth isn't a major concern. I just don't want to lock myself out of more configuration options and these devices would need to be able to maintain consistent site-to-site IPsec VPN connections.
 

NashBrydges

Member
Apr 30, 2015
86
24
8
57
I only have one client with a site-to-site VPN between a USG Pro and USG3 and it's been working quite well. Hard to beat the simplicity of setting up site-to-site with Unify but their simple firewall requirements made them ideal. No in-house servers and locking the SIP trunk provider to their IP address was simple enough to be managed on these devices.
 

Jerry Renwick

Active Member
Aug 7, 2014
200
36
28
43
Layer 3 adoption and management works really well, all of my production APs are managed on a single controller on a different subnet, all across the internet.