I'm done with Ubiquiti Unifi. Need help with alternatives.

panteragstk

panteragstk

Audioholic Warlord
So I realize this may not be the place for this question, but since I trust you people and there are a bunch of us that are in the IT space, I thought I'd give it a try.

So, I'm going to attempt to detail out my current network install to see what you guys think. Bear with me as it's a bit complex.

I have a Sophos UTM box in front of everything in my network. The only reason it doesn't control everything is because it's a home license that is free so I'm limited to 50 IP addresses. I'm far over that sadly. If you know anything about their stuff it's supposed to be among the best at blocking threats. It's been in place for years and has never given me any trouble. If anything, I'm spoiled on how configurable everything is. The down side is that it's massively complex to configure requiring a lot of reading to resolve certain issues.

The rest of my network is all Unifi stuff. I've been using their stuff for years, but their recent antics have me looking elsewhere. Those that know are aware of their security issues around Unifi accounts, but more than that their UI direction is just idiotic. They change things, then roll back, then move to something else and it's all fluff and no substance. Couple that with the fact that my USG (router, security gateway) sucks. It's just not a good piece of equipment. Just getting it up and running had me seriously considering smashing it with a hammer. Before that, all my Unifi APs worked wonderfully when directly connect to the Sophos box.

They still work, but are older tech so no mesh, no fast AP roaming. It's becoming an issue since I'm constantly on conference calls. I can't have drops or garbled voice when doing a presentation. Used to not be an issue, but now it is and I'm done with this stuff.

I had considered upgrading to a better security gateway from Unifi as I'm almost positive most of my issues are with the USG just being underpowered. I had high hopes that their Dream Machine pro could replace my Sophos box, but I don't trust them anymore.

Having said all that, I've currently got two of their AP-LR models that are Wifi 5. One upstairs, one down. I've also got 5 of their flex mini switches that are 5 port managed switches. These are awesome. I have a USG too, but it's honestly not that great and it's only real job is DHCP and traffic monitoring. I just want to be able to see what my devices are doing and how much data they use. I've been able to stop some rouge things from happening so this is a must have feature. Their DPI is also good, but lately it's been resetting the data. Not a fan. I'm also not a fan of the limited configuration options.

As an example, I'm using the Sophos box to do everything firewall, NAT, DNS, webserver, etc. so it's doing 99% of the heavy lifting. The USG won't let me disable NAT since I've already got that set up on my Sophos box. Not cool, but not the end of the world. If the USG were better, I'd get rid of the Sophos box and simplify my setup to an extent. The USG doesn't have nearly the features that Sophos does when it comes to web serving and the like.

So, that leads me to today. I need help trying to figure out what product suite would replace what I currently have. I looked at TP-link Omada per @jinjuku suggestion and it looks very much like a Unifi clone, but more stable from what I've read. Slow to update firmware so that's a concern, but I don't necessarily update unless I need to so maybe not an issue. I installed the Omada controller and it's pretty similar in what their devices can and can't do. It's all pretty simple still, so I'd probably still use my Sophos box for the heavy lifting.

I know that @BoredSysAdmin has similar complaints about Unifi that I do so I'm curious to see what he plans to move to. I really like what I'm seeing about the TP-link stuff, but I feel it's a lateral move rather than an upgrade. Then I look at more advanced stuff and get sticker shock.

So, what do you guys think? I'd love to hear what you use or what you've done for customers. I think a fresh start would be good.
 
ryanosaur

ryanosaur

Audioholic Overlord
The IT guy that managed our coffee shops' networks loved their stuff, but frankly we always had network problems.

(I'm leaning heavily toward ASUS Zen Wifi XT8 for our next router, which needs to be soon. I haven't made up my mind yet, but we have a long house and could easily use a 3 pk mesh system to cover everything. Reviews seem to be favoring ASUS gear lately, and they are much less expensive than the Orbi systems. *shrugs)
 
lovinthehd

lovinthehd

Audioholic Jedi
Ubiquity was one of our customers during my last gig, and I handled massive amounts of returned/defective gear they'd import (back to HQ in San Jose at the time, not manufacturing point IIRC it was all made in China) from various places around the globe....but supposedly was really good stuff which I never understood.....
 
BoredSysAdmin

BoredSysAdmin

Audioholic Slumlord
I've looked over Amada demos, and they are nearly there in terms of the on-prem controller, but the global auto-setup seems to be kept to more expensive cloud-only offerings.
TP-Link also gets not great reviews for their Amada firewalls.

Another option is Enginius, and they are very close to tp-link Amada in most ways. TP-link APs are bulky but have more range/power.
I don't have a strong opinion on which way to go, but I don't want to go back to managing my APs with CLI each individually.

As far as firewall/router appliance, Did you consider (free) Sophos XG Home - it's hardware limited, but not by 50 clients.
You could also consider OpnSense (a better fork of pfSense), free editions of ClearOS, or Endian.

For now, I have to access a large quantity of Dell Wyse 5070 Extended thin clients.
These have 4gig ram (or more), Pentium Silver J5005 CPU, and support for M2. SATA (only) storage and most critically have low-profile PCIe slot you could use to add one or more ports nic. It is straightforward for you to install any x86 firewall on it. PM me if you're interested in a special one-off deal ;-)
 
panteragstk

panteragstk

Audioholic Warlord
I've looked over Amada demos, and they are nearly there in terms of the on-prem controller, but the global auto-setup seems to be kept to more expensive cloud-only offerings.
TP-Link also gets not great reviews for their Amada firewalls.

Another option is Enginius, and they are very close to tp-link Amada in most ways. TP-link APs are bulky but have more range/power.
I don't have a strong opinion on which way to go, but I don't want to go back to managing my APs with CLI each individually.

As far as firewall/router appliance, Did you consider (free) Sophos XG Home - it's hardware limited, but not by 50 clients.
You could also consider OpnSense (a better fork of pfSense), free editions of ClearOS, or Endian.

For now, I have to access a large quantity of Dell Wyse 5070 Extended thin clients.
These have 4gig ram (or more), Pentium Silver J5005 CPU, and support for M2. SATA (only) storage and most critically have low-profile PCIe slot you could use to add one or more ports nic. It is straightforward for you to install any x86 firewall on it. PM me if you're interested in a special one-off deal ;-)
Might have to take you up on one of those. Just to mess around with instead of confusing my network by creating VMs to test those OS. I've messed with some of them, and they seem to be good, but replacing what I have would still be using multiple UIs. I'm trying to get an everything under one hood type solution.

I'm with you on not doing everything via CLI. I did that for many years when I actually did networking professionally, but that's been damn near 20 years ago. Google mesh is great for the people I know that have it, but it's just too dumb.

I may have to re-think this whole thing.
 
panteragstk

panteragstk

Audioholic Warlord
The IT guy that managed our coffee shops' networks loved their stuff, but frankly we always had network problems.

(I'm leaning heavily toward ASUS Zen Wifi XT8 for our next router, which needs to be soon. I haven't made up my mind yet, but we have a long house and could easily use a 3 pk mesh system to cover everything. Reviews seem to be favoring ASUS gear lately, and they are much less expensive than the Orbi systems. *shrugs)
A 3pk mesh would suite me fine, but I'd need it to play second fiddle since most of those things are pretty wimpy on features. That's my main issue, but I'm going to keep an open mind.

I may have to go back to my APs and switches being on one interface, and my firewall being on another. Two is fine, but more than that is annoying.
 
ryanosaur

ryanosaur

Audioholic Overlord
A 3pk mesh would suite me fine, but I'd need it to play second fiddle since most of those things are pretty wimpy on features. That's my main issue, but I'm going to keep an open mind.

I may have to go back to my APs and switches being on one interface, and my firewall being on another. Two is fine, but more than that is annoying.
I am absolutely not a network hero. ;) The biggest problem is I need to also replace the cable modem/router with a cable modem. The Airport was much better before the cable insertion. regardless, that thing is ancient by today's standards and as all our new gadgets are stepping up in tech, It's simply just time.

I had actually talked to that IT guy I mentioned about the Ubiquity stuff. His biggest pro for it was that he could access it from anywhere and run some troubleshooting or straight reset the network. Regardless, there's something fishy about this brand of modem/router Xfinity uses that I think makes other networking gear very unhappy.

I'm eager to learn a little about what you end up doing. It sounds like you are much more advanced in Network needs than I, but there's always room to learn! ;)
I think that's one of the things that really drew my attention to the XT* line is that most people seem happy with the security features. For a simple household, I suppose that may be fine.
 
j_garcia

j_garcia

Audioholic Jedi
Amplifi Alien? If you need to mesh it, they have a dual setup with a slave AP. Son in law is a network geek and swears by them. I stuck with ASUS since I don't really need mesh. If you don't need something as heavy duty as the Alien, they offer lower models as well in a variety of mesh options.

 
panteragstk

panteragstk

Audioholic Warlord
Amplifi Alien? If you need to mesh it, they have a dual setup with a slave AP. Son in law is a network geek and swears by them. I stuck with ASUS since I don't really need mesh. If you don't need something as heavy duty as the Alien, they offer lower models as well in a variety of mesh options.

Well, that's a sister product to the Unifi stuff I'm considering ditching. Both made by Ubiquiti.

That's what sucks, they make great stuff, but they've been going down a weird path that's making loyal customers like me mad.
 
McC

McC

Audioholic Intern
So I realize this may not be the place for this question, but since I trust you people and there are a bunch of us that are in the IT space, I thought I'd give it a try.

So, I'm going to attempt to detail out my current network install to see what you guys think. Bear with me as it's a bit complex.

I have a Sophos UTM box in front of everything in my network. The only reason it doesn't control everything is because it's a home license that is free so I'm limited to 50 IP addresses. I'm far over that sadly. If you know anything about their stuff it's supposed to be among the best at blocking threats. It's been in place for years and has never given me any trouble. If anything, I'm spoiled on how configurable everything is. The down side is that it's massively complex to configure requiring a lot of reading to resolve certain issues.

The rest of my network is all Unifi stuff. I've been using their stuff for years, but their recent antics have me looking elsewhere. Those that know are aware of their security issues around Unifi accounts, but more than that their UI direction is just idiotic. They change things, then roll back, then move to something else and it's all fluff and no substance. Couple that with the fact that my USG (router, security gateway) sucks. It's just not a good piece of equipment. Just getting it up and running had me seriously considering smashing it with a hammer. Before that, all my Unifi APs worked wonderfully when directly connect to the Sophos box.

They still work, but are older tech so no mesh, no fast AP roaming. It's becoming an issue since I'm constantly on conference calls. I can't have drops or garbled voice when doing a presentation. Used to not be an issue, but now it is and I'm done with this stuff.

I had considered upgrading to a better security gateway from Unifi as I'm almost positive most of my issues are with the USG just being underpowered. I had high hopes that their Dream Machine pro could replace my Sophos box, but I don't trust them anymore.

Having said all that, I've currently got two of their AP-LR models that are Wifi 5. One upstairs, one down. I've also got 5 of their flex mini switches that are 5 port managed switches. These are awesome. I have a USG too, but it's honestly not that great and it's only real job is DHCP and traffic monitoring. I just want to be able to see what my devices are doing and how much data they use. I've been able to stop some rouge things from happening so this is a must have feature. Their DPI is also good, but lately it's been resetting the data. Not a fan. I'm also not a fan of the limited configuration options.

As an example, I'm using the Sophos box to do everything firewall, NAT, DNS, webserver, etc. so it's doing 99% of the heavy lifting. The USG won't let me disable NAT since I've already got that set up on my Sophos box. Not cool, but not the end of the world. If the USG were better, I'd get rid of the Sophos box and simplify my setup to an extent. The USG doesn't have nearly the features that Sophos does when it comes to web serving and the like.

So, that leads me to today. I need help trying to figure out what product suite would replace what I currently have. I looked at TP-link Omada per @jinjuku suggestion and it looks very much like a Unifi clone, but more stable from what I've read. Slow to update firmware so that's a concern, but I don't necessarily update unless I need to so maybe not an issue. I installed the Omada controller and it's pretty similar in what their devices can and can't do. It's all pretty simple still, so I'd probably still use my Sophos box for the heavy lifting.

I know that @BoredSysAdmin has similar complaints about Unifi that I do so I'm curious to see what he plans to move to. I really like what I'm seeing about the TP-link stuff, but I feel it's a lateral move rather than an upgrade. Then I look at more advanced stuff and get sticker shock.

So, what do you guys think? I'd love to hear what you use or what you've done for customers. I think a fresh start would be good.
I use the community edition of Untangle (recently purchased by Arista), for my edge UTM. It runs on a 4-port Protectli device and handles my firewall, intrusion prevention, a virus blocker, captive portal, and reports. It also handles DNS and DHCP for 3 separate LANs. Each LAN has its own Unifi switch, and one also has an Unifi AC-Pro. I have an IP phone in my office and an Ooma Telo on a different LAN. My network is stable and call quality is good. The USG's aren't worth having in my opinion. I've used Untangle for a number of years and am well pleased with it. It might be worth looking at in your circumstance.
 
jinjuku

jinjuku

Moderator
If you want an upmarket experience from TP-Link then Aruba Instant On would be something for you to look at.
 
panteragstk

panteragstk

Audioholic Warlord
If you want an upmarket experience from TP-Link then Aruba Instant On would be something for you to look at.
I did and got sticker shock. Granted I was looking at the new wifi 6 APs, but they're considerably higher in price. Not thrilled with cloud only management. At least, that's what it seemed like.

I think the tplink Amanda Omada stuff will work with me if my testing if the Sophis xg firewall works. Then I'll just need high quality APs instead of what unifi is doing for me now.

EDIT: EnGenius is what gave me sticker shock. Sorry for the confusion. I went directly to high end with them and shouldn't have.
 
Last edited:
panteragstk

panteragstk

Audioholic Warlord
I use the community edition of Untangle (recently purchased by Arista), for my edge UTM. It runs on a 4-port Protectli device and handles my firewall, intrusion prevention, a virus blocker, captive portal, and reports. It also handles DNS and DHCP for 3 separate LANs. Each LAN has its own Unifi switch, and one also has an Unifi AC-Pro. I have an IP phone in my office and an Ooma Telo on a different LAN. My network is stable and call quality is good. The USG's aren't worth having in my opinion. I've used Untangle for a number of years and am well pleased with it. It might be worth looking at in your circumstance.
I've kept my eye on untangled for years. It's nice, but I never made the jump. Testing the xg firewall now to see if it'll replace the full utm. That would solve most of my issues other than my APs being old and out of date
 
jinjuku

jinjuku

Moderator
I did and got sticker shock. Granted I was looking at the new wifi 6 APs, but they're considerably higher in price. Not thrilled with cloud only management. At least, that's what it seemed like.

I think the tplink Amanda stuff will work with me if my testing if the Sophis xg firewall works. Then I'll just need high quality APs instead of what unifi is doing for me now.
Their AP 22 is less than $200. You have to consider what you get with a company like Aruba. They are probably THE market leader in wireless. A few examples would be Auto Channel Planning, Spectrum Analysis, and RF Monitoring.

While I like and use TP-Link I have to do those things manually.

BTW it's Omada...
 
panteragstk

panteragstk

Audioholic Warlord
Their AP 22 is less than $200. You have to consider what you get with a company like Aruba. They are probably THE market leader in wireless. A few examples would be Auto Channel Planning, Spectrum Analysis, and RF Monitoring.

While I like and use TP-Link I have to do those things manually.

BTW it's Omada...
Phone got me on auto correct. I corrected my post. Also corrected that EnGenius is what gave me sticker shock. Aruba price seems great, but I want to get into the management console to check out the settings to see if it has what I want, well more of what you pointed out that it should have for proper roaming between APs.

I'm heavily leaning toward the Omada stuff since their feature set looks really good for the money. The EAP610 V2 looks to be an good replacement for what I've got now and appears to support all the newest stuff except for the highest data rates, which doesn't necessarily matter to me. Mesh support and AX1800 Wifi 6 is the main thing I'm after. If I get 5 years out of them like I did with my Unifi APs I'll be happy. The $100 price tag is VERY appealing too.
 
Last edited:
panteragstk

panteragstk

Audioholic Warlord
I put together a very basic comparison of the features that I care about for different APs that are in the range I'm looking for. I'm pretty positive I'm going the TP-Link route, but the other options might be good for some others to see.

Doing all this research made me realize I've been out of the networking game a lot longer than I realized. Thanks to everyone for the help on all this.

2022-05-13 10_17_38-Wi-fi 6 ap comparison.xlsx - Excel.png
 
jinjuku

jinjuku

Moderator
Remember the AP22 can also act as your router. Another thing is with the AP 22 you get to use all channels including DFS and that Aruba does automatic channel planning.

There are features that aren't in your comparison and it matters in certain situations. I have one install coming up with 67AP's. I don't want to have to manually do the channel and power selection 67 times.
 
panteragstk

panteragstk

Audioholic Warlord
Remember the AP22 can also act as your router. Another thing is with the AP 22 you get to use all channels including DFS and that Aruba does automatic channel planning.

There are features that aren't in your comparison and it matters in certain situations. I have one install coming up with 67AP's. I don't want to have to manually do the channel and power selection 67 times.
For folks that do installs like you do, that auto channel selection is very handy, for me, I'm good without it. Since TP-link has pretty much cloned the Unifi controller I should be able to do a survey from what I'm seeing, so that should cover it.

The ability to use all channels is very appealing though. They didn't really advertise that as a feature, so thanks for pointing that out.
 
newsletter

  • RBHsound.com
  • BlueJeansCable.com
  • SVS Sound Subwoofers
  • Experience the Martin Logan Montis
Top