So I realize this may not be the place for this question, but since I trust you people and there are a bunch of us that are in the IT space, I thought I'd give it a try.
So, I'm going to attempt to detail out my current network install to see what you guys think. Bear with me as it's a bit complex.
I have a Sophos UTM box in front of everything in my network. The only reason it doesn't control everything is because it's a home license that is free so I'm limited to 50 IP addresses. I'm far over that sadly. If you know anything about their stuff it's supposed to be among the best at blocking threats. It's been in place for years and has never given me any trouble. If anything, I'm spoiled on how configurable everything is. The down side is that it's massively complex to configure requiring a lot of reading to resolve certain issues.
The rest of my network is all Unifi stuff. I've been using their stuff for years, but their recent antics have me looking elsewhere. Those that know are aware of their security issues around Unifi accounts, but more than that their UI direction is just idiotic. They change things, then roll back, then move to something else and it's all fluff and no substance. Couple that with the fact that my USG (router, security gateway) sucks. It's just not a good piece of equipment. Just getting it up and running had me seriously considering smashing it with a hammer. Before that, all my Unifi APs worked wonderfully when directly connect to the Sophos box.
They still work, but are older tech so no mesh, no fast AP roaming. It's becoming an issue since I'm constantly on conference calls. I can't have drops or garbled voice when doing a presentation. Used to not be an issue, but now it is and I'm done with this stuff.
I had considered upgrading to a better security gateway from Unifi as I'm almost positive most of my issues are with the USG just being underpowered. I had high hopes that their Dream Machine pro could replace my Sophos box, but I don't trust them anymore.
Having said all that, I've currently got two of their AP-LR models that are Wifi 5. One upstairs, one down. I've also got 5 of their flex mini switches that are 5 port managed switches. These are awesome. I have a USG too, but it's honestly not that great and it's only real job is DHCP and traffic monitoring. I just want to be able to see what my devices are doing and how much data they use. I've been able to stop some rouge things from happening so this is a must have feature. Their DPI is also good, but lately it's been resetting the data. Not a fan. I'm also not a fan of the limited configuration options.
As an example, I'm using the Sophos box to do everything firewall, NAT, DNS, webserver, etc. so it's doing 99% of the heavy lifting. The USG won't let me disable NAT since I've already got that set up on my Sophos box. Not cool, but not the end of the world. If the USG were better, I'd get rid of the Sophos box and simplify my setup to an extent. The USG doesn't have nearly the features that Sophos does when it comes to web serving and the like.
So, that leads me to today. I need help trying to figure out what product suite would replace what I currently have. I looked at TP-link Omada per
@jinjuku suggestion and it looks very much like a Unifi clone, but more stable from what I've read. Slow to update firmware so that's a concern, but I don't necessarily update unless I need to so maybe not an issue. I installed the Omada controller and it's pretty similar in what their devices can and can't do. It's all pretty simple still, so I'd probably still use my Sophos box for the heavy lifting.
I know that
@BoredSysAdmin has similar complaints about Unifi that I do so I'm curious to see what he plans to move to. I really like what I'm seeing about the TP-link stuff, but I feel it's a lateral move rather than an upgrade. Then I look at more advanced stuff and get sticker shock.
So, what do you guys think? I'd love to hear what you use or what you've done for customers. I think a fresh start would be good.
