I have a mostly Unifi home network.  Untangle server on a home-built i3, Unifi 8 port switch, an AC-Pro, and AC-Lite, and a Nano M5.

I want deep packet inspection and better integration and information on traffic than Untangle is giving.  I also use a pi-hole for most blocking, and now that I'm using the NG version of Untangle ($50/yr) I realize I'm not using any of the features over the free version.

I've got some Ring cameras that could benefit from a range extender or two.  2900 sq ft house, two-story.  

I'm looking at upgrading to a Dream Machine Pro, and possibly upgrading the entire wifi network to current hardware.  Probably $600-1000 depending on if I go with the range extenders that offer ethernet bridging, which I also use.

Wondering what other brands are out there that I should be considering.  I'm not interested in a mesh network from google or amazon or whatever other big companies are offering spy devices.  But back in the day TP Link had a similar product line to the UniFi stuff, and I think netgear did too.  Just curious if other brands have caught up to, or surpassed, UniFi.

There are plenty of great things about UniFi stuff, and a lot I don't like, too.

Opinions welcome.

I haven't used it myself, but if I ever wanted more than what my USG can do I'd probably build myself a pfSense box.  I have Unifi nanoHDs through my house, and they've been fine.  Also heard good things about Ruckus if you aren't wanting to stay in the Unifi ecosystem.

Been using dream machine pro for 9 months almost and it’s been flawless.

I've been running a Dream Machine (not Pro) for several months. I replaced my Unifi USG-4 with it. Much faster processor and better specs overall. Built-in cloud key and access point. I've been happy with it.

I also have two other Unifi access points on it, a 16 camera POE NVR, a 48 port Cisco switch and a QNAP 8 bay NAS (with a Pi-hole docker on it). It gives a pretty good view of the network.

My UDM Pro works great, but the APs have been buggy lately

Will the 6P do everything the DM Pro will do?

They are making it so you can't run your own NVR anymore. Have to buy theirs.

I have a PfSense box Core i3 ($300ish).
Cisco 2690 $80ish used.
2x  Cisco Aironets - $80-100ish used.

100% uptime other than reboots for updates in something like 3 years. Not bad for < $600 worth of used equipment. I do keep cold spares of power supplies, though.

Going from Untangle to a USG Pro would be a HUGE downgrade in my opinion.

The USG Pro can't do half of what Untangle can do.  You just need to learn to better utilize Untangle.

As I age I not only lose patience but also the ability to learn and remember cognitively-intensive tasks, such as building routing and firewall rules from scratch.

Untangle has been good, I actually like pfsense better but I felt like I needed a PhD to use it.  I may try IPFire again just to see where its at, haven't used it in years.

I am using the $50/yr subscription of Untangle and I'm not getting anywhere near the information I want, such as packet inspection stuff that I believe is possible, but I have not figured out.

I love my Palo Alto 220 at home. However it takes some weed and feed every month to keep things humming along. It also helps I manage PAs at work too.

It's all in the reports or you can create your own reports.  What specifically are you looking for?


UniFi traffic stats are complete bullshit.  Mine wonve said that my thermostat use 1.2TB in a single month

I almost got one of those but their throughput is horrible for the price with most features enabled unless you have a sub 100Mbps connection.

Handles my 600-700Mbps connection just fine. My one complaint on performance is the management page and commit times. Other than that it's been fantastic.

You must not run IPS or Threat Prevention?

https://www.paloaltonetworks.com/resources/datasheets/pa-220-specsheet

The $400/yr license fee drove me away too.

All services are turned on. PA usually under specs the hardware performance. They have upped it since initial release with some operating system performance improvements.

I have a bunch of hard block rules before anything gets to the IPS and threat prevention. It keeps the logs much cleaner. About two dozen threat intelligence feeds deduped and optimized.

also under 20 rules keeps traffic running smoothly as well.

I purchased a lab unit. License cost is $100/yr. initial hardware cost $400. Having a very good partner is helpful.

Global Protect is what will bog it down the most. Debating on using a second lab unit for GP if I start using it more.

My dream Machine Pro has been running fine for a while now.  

It is currently just acting as a router but I am about to start adding cameras and a hard drive for the protect system.

I was quoted $500/yr by Virtual Graffiti (Threat Prevention, PANDB URL Filtering, GlobalProtect, etc) for the PA-220 lab after the first year which was $200 and a unit cost of $600.

That's why I bailed.

The Untangle box you have now will be a better product for DPI compared to anything Ubiquiti currently has on the market.

I honestly wouldn't really look for a new machine unless you need something in a different form factor.

If you buy a PA-220 lab bundle you're looking at ~$600 for the first year.  That's inclusive of the hardware, 1-year subs/support, and tax/fees.  Your year-two price would be ~$100 for the sub/support bundle renewal.

Alternatively, you could look at a FortiGate 60F/61F for better performance but at a higher price per year since they have gotten away from NFR/lab SKUs.

Yeah I could have lived with that pricing for the PA-220 at the time but when I was quoted much higher for the yearly I bailed as I couldn't find another vendor that would sell to me.  That led us to just go with Untangle at work since I had a good experience with it at home.

I haven't looked into FortiGate much but have heard good things about them.

PA did it right with the lab bundles. It’s not as good as it used to be when they would toss PA-200s around like candy but it’s better than the others. PM if you want help running this stuff down in the future. That goes for anyone. At a minimum, I can tell you what SKUs to ask for.

I spend most of my professional time working on PAs or FortiGates. They all have their pros and cons but you can’t go wrong with either of them.