USG UTM Anti-malware/Antivirus

Submitted by -
Status: Duplicate

To compete with some of the other SOHO firewall appliances out there, it would be great if the USG could perform packet/data filtering based on signatures. The intent would be to use the USG as an appliance to filter out malware based on signature. A similar-priced product that has this feature is the Sonicwall TZ series.

by Ubiquiti Employee
on ‎10-11-2017 03:03 AM
Status changed to: Duplicate
on ‎10-30-2017 11:07 PM


on ‎11-10-2017 01:43 PM

Unless they can come up with a cost-effective FPGA processor then no, I do not want it added to the USG. Most FPGA's are 1000's of dollars and without one Suracata or Snort performance would degrade the USG.


This is actually one of the reasons I have been asking for the addition of 40Gbps ports to the switches and USGs, because you can setup a server with PCAP FPGA that connects to each switch and the USG that runs Suracata for IDS/IPS ... yes this can be done with 10G models but the performance would be much better with 40G uplink ports.


This also has the ability to scan lateral attacks at the switch level, not just USG.


Having it setup as an addon device that handles the processing is much better in terms of east-west-north-south traffic monitoring and the PCAP FPGA's can be purchased upto 100Gbps so no bottlenecks there like there.

on ‎11-14-2017 05:11 PM

The USG is not an UTM and does not have the cpu power nor the ram to be an is a firewall..that is all Unifi claims to be.  In the firewlal market it completes extremely well.

on ‎11-17-2017 12:25 AM

thanks for the nice post about the USG-UTM anti-malware Antivirus   This is really informative. 



on ‎11-20-2017 09:10 PM
I’d like to see other products that are labeled as “firewalls” with no additional layer 4+ inspection/mitigation features aside from ACLs and stateful firewall. For me, this puts the USG slightly above a home router with a built-in firewall. It simply has cloud visibility. A simple Google search shows this for “security gateway” “security appliance”, etc.

I agree the specs may need to be raised and would advocate paying a little more for a quality product that has somethings by like SNORT or fail2ban or any other rate control mechanisms built in. The honest truth is that the USG can not protect a server or application at the network later from a malicious attack to an intentionally left open service/port. The USG can only drop traffic destined for ports/applications not intended to be used on the network.