TECH REVIEW: UniFi Security Gateway Pro (USG Pro)

If you’ve spent any time in the tech world, you’ve certainly come across a UniFi product. They’re known for their sleek looks, intuitive user interface, and highly competitive pricing, and the Security Gateway Pro is no exception. However, it’s not all rainbows and butterflies when it comes to this security appliance. In this review I'll go over a few of the pros and the cons to help you decide whether or not a USG Pro is the right product for you.

First lets take a look at the pros:

1. The UniFi user interface: One of my favorite things about UniFi products is the clean, easy to use interface. Right away, you’ll be given the status of all of the devices on your network, from whether or not the device needs a firmware update to the signal quality on your access points (assuming you have UniFi access points as well). Not to mention, all of this info is available in an app as well. So from a quick look at my phone, I can monitor the status of my entire network, saving me time and energy.

2. The software features: Another great thing about the USG Pro is that it’s not just a simple firewall or router. For example, on my network I am using a RADIUS server to authenticate users for WPA2 Enterprise encryption. Although you may want a separate device running your RADIUS server, with the USG Pro you have that feature built right in. When I first added the USG Pro to my network, I was running a separate server to handle RADIUS authentication for my network and I would have to log into that server to make changes or add users. With the USG Pro handling RADIUS authentication, I am able to make all of those changes from that same intuitive app I mentioned earlier. Besides RADIUS authentication, you also get features like deep packet inspection and an intrusion prevention system to keep your network protected.

3. Dual WAN connections: One of the features of the USG Pro that was the reason I added it to my network was the dual WAN ports. Although a dual WAN setup is possible with other devices, having dedicated ports allows for quick and easy setup of a backup internet connection. Many business ISPs are starting to offer their own devices with a services that gives you a cellular backup, but you’ll be stuck with whomever that ISP chooses for your backup, and you’ll be paying for it too. Having a dual WAN setup with the USG Pro allows you to pick your own backup option or even connect the port to a separate network of your own. It’s a small feature that makes a big difference in a security appliance like this.

Now let’s talk about the cons:

1. Lack of LAN ports: While it’s nice having dual WAN ports, it’s not nice having dual LAN ports. That’s right. You only get TWO LAN ports (using either the SFP or RJ45 ports), so expect to buy a separate switch if you plan on running multiple devices on your network. Even the Netgate SG-3100 offers 4 ports, which may be enough if you’re installing it on a small business or home network.

2. Device connection failures: This goes back to the RADIUS service I mentioned earlier. Although I love having it on the USG Pro, I’ve had more device connection failures than ever before after switching to the USG. Often times this requires multiple connection attempts on the device or even forcing a reconnection through the Unifi software in order to finally get on the WiFi network. It’s a small issue that can lead to plenty of headaches, especially if you’re installing this on a clients network and will be dealing with the phone calls when they can’t get their laptop or phone onto their network. Hopefully, future firmware updates will take care of this issue.

3. Not enough configurability: One of the downsides of having a simple, intuitive interface is that there are a lot of options that need to be left out in order to keep things simple. While this can be a bonus if you’re not a networking professional, but if you’re used to something like pfSense, you’re going to find there are a lot of things you used to be able to do that now require extra steps and workaround work, or are just downright not offered. With pfSense, you’re working with open source software that not only has a rich built in feature set, but also a plethora of additional plugins that can help you customize your network to fit your needs. Furthermore, if you want quick detailed access to detailed system logs, the USG Pro doesn’t offer the same access you’d get in the pfSense Something like pfSense can even run on your own hardware or a virtual machine, so you can turn an old computer into your new network firewall and router with 0 up front cost.

These are just a few of my thoughts on the Unifi Security Gateway Pro, and there are certainly other aspects to consider. If you really want a sleek looking networking rack for those sweet, sweet r/homelab or r/cableporn posts, Ubiquiti products are hard to beat. As you can probably tell, I also work mainly with pfSense, which is why it is my goto for comparison. There are certainly other options out there for firewalls, but I wanted to try to keep my comparison to products I am more familiar with.

If you’d like to check out the USG Pro for yourself on the Ubiquiti website here's a link:

https://www.ui.com/unifi-routing/unifi-security-gateway-pro-4/

Feel free to shoot me an email, phone call, or text if you would like advice on a network security appliance or if you just want to add some more information to my review here.

Cheers,