I’m moving into a new home and I was going to with Ubiquiti system as that’s what I’m using now but I’m not sure anymore. Are they ok? I was planning to buy a Dream Machine Pro and 3 APs
I have used OPNsense in the past and have looked into the hardware I would use and I’d go down this route I would get a Protectli Vault. What could I use for APs? I will be installing 3 of them get cover the whole house as I’ve had issues with single APs not doing that.
It might be helpful to provide a bit more detail if you comfortable, as there are many many options out there depending on the need. Will the APs be hardwired? What Gen Wifi do you want? How much square footage are you trying to cover?
I want APs that are hardwired, at least WiFi 6 and I’m not sure how much square footage just know that I’ll need 3.
At the moment I think I’m going to stick with Ubiquiti AP and use the controller in a docker container and just turn it off when I’m done configuring it.
Well if you buy a Dream Machine Pro you can’t run the controller software separately.
Yeah I’m aware that why I’m stuck between going with a full Ubiquiti system or going with OPNsense in which case I need to decide what APs to get.
If I go with OPNsense and still use UniFi APs I’ll want to manage them in controller to get them configured.
If I were starting from scratch I would look at a Firewalla router and APs. They recently released two wifi 7 APs (ceiling and tabletop).
@phnx wondering why the thumbs down here?
Looking at a similar exercise myself and Firewalla is on my list, simply due to the ease of use; I can’t see anything particularly concerning about Firewalla (except anonymous Google analytics in the app, and of course, cloud!)
If cloud access can be disabled like it can with UniFi equipment then I don’t really see it as a major problem. I just don’t think Firewalla products are a good purchase compared to UniFi, especially their access points. You pay more money for an inferior product.
I have been running a UDM Pro + many UniFi access points for ~5 years and it has been rock solid not to mention it remains extremely well supported with new features arriving all the time.
Fair enough. I’m in Europe and they don’t offer the AP here - was just wondering if there was an underlying cause for your response I had missed when looking at them.
Personally, I don’t trust Ubiquiti after their security issue a few years back where access to other peoples gateways was possible, and their ToS / Privacy Policy seems to suggest they can harvest internal network data. They seem quite focussed on the bottom line, so I’m concerned if they are looking to monetise this data somehow.
Shame really - I used to run UDM-SE, UniFi switches and U6-Pro AP’s and was impressed with them and the new v9 software looks awesome for traffic visibility / filtering.
I could quite happily drop some money on the new Fiber gateway, a switch and some of the new XG AP’s if I was confidant in them as a company…
Fair enough, but all those issues are completely avoided by entirely disabling telemetry and cloud access.
I’m sorry but thats a ridiculous statement imo. They charge no licensing fees for any of their products, they have pretty much the lowest prices in the industry, and their 5 year old €400 UDM Pro gets all the same features as their most expensive gateways (besides SSL inspection on some enterprise gateways).
I really think you should reconsider. You can use their products fully locally and you won’t get anything comparable for the money. If anything my confidence in them as a company has increased over the last couple of years.
To me at least, the main selling point of Ubiquiti is Unifi Protect. I know there are open source alternatives for NVRs and security cameras, but the whole “single pane of glass” thing and the ease of integration is really quite appealing. Not sure if monitoring of camera feeds would be possible without an online account though. If you already have your camera security sorted (or don’t need it, lucky you), then there are likely more private alternatives out there with regards to routing.
It absolutely is possible without any cloud connection, you can just use a WireGuard VPN back to your gateway.
I’m not really convinced you can get much more private than fully local with no analytics.
I think the whole single pane of glass principle applies to their wider range of products. I’m quite happy with UniFi Network, Protect and Access and I don’t see a real alternative.
Appreciate that they support their kit well but I’m talking at the company level, rather than kit, and your comment supports my point.
The cheap hardware and long support has to be funded from somewhere, and not so long back their CEO (or CFO?) was boasting that they had relocated most of their DEV team to India and saved a lot of money doing so.
This kind of thing makes me wonder if they are looking for other opportunities and sale of data could be such a method to increase cash flow…
I am looking at them closely - hardware and firmware is pretty much a no-brainer; it’s just I’m not sure how much I trust them!
Guess it’s down to my threat model threshold being a bit on the paranoid side 
When in doubt, roll your own with OpenWrt
I currently run OPNSense > IPFire > Unifi UDM-Pro w/UAP-Lite > Linksys Unmanaged Switch > Netgear PoE switch > Unifi Cameras…Runs beautifully zero complaints. My house is 2400 Sq.Ft and the AP covers my entire house including my garage and driveway.
why both of these?
why both of these?
Redundancy, attack diversification, enhanced segmentation but mainly just an extra layer of protection.
Linksys feeds everything on the LAN plus my wireless AP. And the Netgear PoE switch is for my cameras.
I was mostly comparing the alternatives vs Unifi with a UI account. If it’s possible to remotely connect back to the console/gateway to manage the network and view security feeds without an account as you have clarified, then yes, it’s likely as private as one can get.