Ubiquiti Security Gateway
-
@anthonyh said in Ubiquiti Security Gateway:
The only thing that turns me off regarding the Unifi Security Gateway is the way you have to manage it. Correct me if I'm wrong, but I believe you either have to run the Unifi management console somewhere or use their cloud management platform. Neither of those options are appealing to me which is why I opted for the ERPoE-5.
Correct, at least in regards to using the Unifi Controller software. This to me is only a hassle because of the lack of feature access via that interface. You can get access to most of the same features via a config file that has to be stored on the controller, which the USG downloads upon each refresh.. but it's still not at 100% feature parity to the ER series.
-
@scottalanmiller said in Ubiquiti Security Gateway:
@fateknollogee said in Ubiquiti Security Gateway:
@fateknollogee said in Ubiquiti Security Gateway:
How's the VPN performance on the ERL?
Anyone??
I don't use VPNs
LANless world for me.
What if users are connecting via ZeroTier. Is this device able to handle multiple users connecting to resources behind it?
-
@fateknollogee said in Ubiquiti Security Gateway:
@scottalanmiller said in Ubiquiti Security Gateway:
@fateknollogee said in Ubiquiti Security Gateway:
@fateknollogee said in Ubiquiti Security Gateway:
How's the VPN performance on the ERL?
Anyone??
I don't use VPNs
LANless world for me.
What if users are connecting via ZeroTier. Is this device able to handle multiple users connecting to resources behind it?
To the ERL it's just normal traffic.
-
@fateknollogee said in Ubiquiti Security Gateway:
@scottalanmiller said in Ubiquiti Security Gateway:
@fateknollogee said in Ubiquiti Security Gateway:
@fateknollogee said in Ubiquiti Security Gateway:
How's the VPN performance on the ERL?
Anyone??
I don't use VPNs
LANless world for me.
What if users are connecting via ZeroTier. Is this device able to handle multiple users connecting to resources behind it?
Do you mean... is it a router? Networking gear is not aware of users, that's not a thing. Routers just process packets one direction or the other. That's all that they do.
-
@dashrender said in Ubiquiti Security Gateway:
@fateknollogee said in Ubiquiti Security Gateway:
@scottalanmiller said in Ubiquiti Security Gateway:
@fateknollogee said in Ubiquiti Security Gateway:
@fateknollogee said in Ubiquiti Security Gateway:
How's the VPN performance on the ERL?
Anyone??
I don't use VPNs
LANless world for me.
What if users are connecting via ZeroTier. Is this device able to handle multiple users connecting to resources behind it?
To the ERL it's just normal traffic.
Yup, ZeroTier looks basically like just another website.
-
Old school VPN usage (eg, site-to-site) can be a problem
but
New school VPN usage (eg, ZeroTier) is not a problem.Is this a correct statement?
-
Is VPN performance "better" with the ER, ER-Pro or ER-Infinity?
-
@fateknollogee said in Ubiquiti Security Gateway:
Old school VPN usage (eg, site-to-site) can be a problem
but
New school VPN usage (eg, ZeroTier) is not a problem.Is this a correct statement?
No.
The thing that limits speed it traffic control policies, not VPN usage.
Traffic control policies hit limits because in order to inspect the traffic to apply a policy, the traffic cannot be offloaded. Because the traffic is not offloaded, it can only go as fast as the CPU can process it.
-
@fateknollogee said in Ubiquiti Security Gateway:
Old school VPN usage (eg, site-to-site) can be a problem
but
New school VPN usage (eg, ZeroTier) is not a problem.These are really weird ways to think about VPN. Site to Site or peer to peer are not older or younger than each other. We've had and used both since day one of VPN being invented decades ago.
-
@fateknollogee said in Ubiquiti Security Gateway:
Old school VPN usage (eg, site-to-site) can be a problem
but
New school VPN usage (eg, ZeroTier) is not a problem.Is this a correct statement?
ZeroTier isn't about a new VPN, it's about making a borderless LAN, i.e. transparent access to the LAN regardless of where you are. And while ZT is newer, this idea is not new at all.
-
@dashrender said in Ubiquiti Security Gateway:
@fateknollogee said in Ubiquiti Security Gateway:
Old school VPN usage (eg, site-to-site) can be a problem
but
New school VPN usage (eg, ZeroTier) is not a problem.Is this a correct statement?
ZeroTier isn't about a new VPN, it's about making a borderless LAN, i.e. transparent access to the LAN regardless of where you are. And while ZT is newer, this idea is not new at all.
Agent based network abstraction is an interesting alternative to traditional VPN. For IoT stuff it's pretty handy (have device bridge itself into a stretched VxLAN), but for other stuff (accessing Citrix) it's kind of an unnecessary kludge vs. an external SSL broker.
-
@storageninja said in Ubiquiti Security Gateway:
Agent based network abstraction is an interesting alternative to traditional VPN.
It's still traditional VPN, though. Other than automating the configuration, it's all stuff you could have done with OpenVPN or whatever decades ago. It's nice that it auto-configures and it is a great product (or was, appears mostly abandoned now) but it's not an alternative or new VPN, it's just a mesh VPN setup.
