So, I have taken the plunge and replaced my PFSense firewall with a Ubiquity USG. This is an affordable device, around $110 on Amazon, and is the perfect companion to Ubiquiti Unifi wireless access points and its controller if you happen to use any. For the same reason as "rockstar" did with his PFSense thread, I decided to open up a separate topic for those searching for information, without having to go through the "True Bypass" monster thread.
During my research before purchasing, I came across this gem:
https://blog.taylorsmith.xyz/att-uverse-modem-bypass-unifi-usg/
It explains in clear steps what you have to do. The most difficult portion is the trimming of the .json file somewhere halfway. I spent a good 20 minutes on it, and the examples that were given on the site above were of good help.
Remember: when you start following the guide above, you will eventually disconnect from the internet, so make sure you have all the sites open you want open, and have all the files you need before proceeding. Make sure you read every step, don't skip any.
PROS:
Latency decrease. As if the gigapower itself wasn't good enough, a ping to 8.8.8.8 has changed from 3-4ms to a solid 2ms. If you are further away from bigger datacenters, the latency decrease can actually be noticeable.
Speed: Speedtests are the same, really.... 930/930 to 940/940, the maximum you can push through gigabit. No change.
DPI: This is with deep packet inspection enabled on the USG, so you can really keep check to see where your data is going. This is actually a cool feature, it shows you exactly how much hundreds of applications take in data, ranging from Facebook to P2P/Torrent to Netflix to OneDrive to Speedtest.net to Gmail to online games, you name it, and all displayed in a userfriendly and accessible way.
CONS:
No decent IPv6 support yet. Ubiquiti is working on it, and current firmware has "alpha" support for it, but it will be coming soon. If you need IPv6 NOW, don't use this.... if you can wait a few months till Ubiquiti really has their IPv6 ironed out, we may be able to get it to work in a similar fashion. It may actually work now, I just haven't gotten around to really testing it yet.
NEUTRAL:
I have static IP's. I have them mostly "just because", for the geekness of it, to run servers etc.... but the reality is I managed to consolidate all those back to the one DHCP IP for now (which never changes anyways), so I can take my sweet time figuring out how to get them to work. I'm sure its not that hard, just will take some digging.
↧