Reply
New Member
Posts: 3
Registered: ‎10-04-2018

Throughput with VPN/Ubiquiti UniFi Security Gateway Pro 4

Hello,

Not 100% sure this is the right forum but I'll give it a shot Man Happy 

 

Am about to replace the current firewall at our company and have been looking at the Security Gateway Pro 4. Our current has problems with slow throughput and even worse when starting adding a few VPN-tunnels (we are currently using L2TP). 

 

Been trying to find the specs for the Gateway Pro 4 but couldn't find any statesment of how many vpn-tunnels that are supported and if it affects the overall throughput in any way. 

 

Any help or pointers would be appreciated. 


(Also, found this guide on how to setup L2TP on the USG, I guess/imagine it is something similar for the SGP4.)

BR

Anders

 

Member
Posts: 227
Registered: ‎01-23-2017
Kudos: 66
Solutions: 4

Re: Throughput with VPN/Ubiquiti UniFi Security Gateway Pro 4

It's exactly the same process as yo ulinked.

 

I recently have one site with the PRO 4, very small scale evaluation on my part.  But here you go... Even with IDS and DPI on which kills the HW routing engine... I max out my home internet 175/12 connection while logged in via the remoteUser L2TP/IPSEC VPN.

 

There is no limit to the number of users... only a limit where performance dips.  That customer only has 2 users who get VPN access + me doing some admin stuff in a pinch. So... I don't know where that goes.

 

But USG does have a hw accelerated ipsec engine, so it should scale pretty well.

New Member
Posts: 3
Registered: ‎10-04-2018

Re: Throughput with VPN/Ubiquiti UniFi Security Gateway Pro 4

Thanks for the reply, sounds promising. After posting here it struck me I could ask directly to the sales/support dep of Ubi, so I am also waiting for some response from them. I'll let you know if I find out anything else, or if we go with this solution - I for sure can give some first hand feedback (to myself) in this thread aswell :-)
Established Member
Posts: 2,117
Registered: ‎01-29-2015
Kudos: 309
Solutions: 80

Re: Throughput with VPN/Ubiquiti UniFi Security Gateway Pro 4

[ Edited ]

Ubiquiti is geared a little more toward "self-support" than other manufacturers. You will get most of your help here from the forum. Another option is to install the controller software as a "test", then hit the "Live Chat" button at the bottom left to speak with a support person. The benefit of this model is you don't have to pay annual support fees like you do with Cisco - all patches and updates are free for the life of the product.

 

What is the speed of your internet service? That's the first place to start.

 

I'll say this, for a company I would not be afraid to jump up to the top of the line XG. $2500 retail is dirt cheap compared to what I've paid for firewalls for networks I've managed in the past. At that price, buy two, that way if one fails you can simply drop the other in and be back up. (Hopefully someday they'll implement load balancing/fail-over in a hot/hot config - I was doing that with Netscreen 208s back in the early 2000s)

New Member
Posts: 3
Registered: ‎10-04-2018

Re: Throughput with VPN/Ubiquiti UniFi Security Gateway Pro 4

Robbie: Thanks for your input. Up until recently we had a Clavister firewall with annual support fee, the Ubiquity-way of charging/forum support will suit us better. Also we have been using Unifi APs for a couple of years now.

Today we have a 1Gbps full duplex internet connection. I think our current firewall limits us to about 200 Gbps, and even more when we start VPN-ing, we of course want as much throughput as possible.

We have a quite small office, about 15-20 employees, we need to be able to use about 3-5 concurrent VPN-tunnels. (Perhaps a 10 Gbps top of the line xg-router is over-speced, if there is such a word..)

BR
Anders
Member
Posts: 227
Registered: ‎01-23-2017
Kudos: 66
Solutions: 4

Re: Throughput with VPN/Ubiquiti UniFi Security Gateway Pro 4

[ Edited ]

@aDNers2k wrote:
Robbie: Thanks for your input. Up until recently we had a Clavister firewall with annual support fee, the Ubiquity-way of charging/forum support will suit us better. Also we have been using Unifi APs for a couple of years now.

Today we have a 1Gbps full duplex internet connection. I think our current firewall limits us to about 200 Gbps, and even more when we start VPN-ing, we of course want as much throughput as possible.

We have a quite small office, about 15-20 employees, we need to be able to use about 3-5 concurrent VPN-tunnels. (Perhaps a 10 Gbps top of the line xg-router is over-speced, if there is such a word..)

BR
Anders

Maybe, Maybe not.

 

With the USG-PRO-4 if you want to maintain your 1g/1g connection, you can't run IDS/IPS or Smart Queues. But that may not be so bad...

IDS/IPS is still roughly a beta system, and I see a lot of annoying false positives... IMO it's too big a price jump to the XG for a beta feature, YMMV. But you should be aware of limitations.

With 1g/1g and such a small amount of users, SmartQueues wouldn't likely be desired anyway.

 

 

New Member
Posts: 5
Registered: ‎10-12-2018

Re: Throughput with VPN/Ubiquiti UniFi Security Gateway Pro 4

According to the instructions, you need a Unifi managed switch in order to setup VPN on the UniFi SGP-4. Is that true? Thank you.

Established Member
Posts: 854
Registered: ‎04-24-2014
Kudos: 461
Solutions: 17

Re: Throughput with VPN/Ubiquiti UniFi Security Gateway Pro 4


@stonepondtech wrote:

According to the instructions, you need a Unifi managed switch in order to setup VPN on the UniFi SGP-4. Is that true? Thank you.


No a switch is not needed for VPN.  

Matt W
New Member
Posts: 5
Registered: ‎10-12-2018

Re: Throughput with VPN/Ubiquiti UniFi Security Gateway Pro 4

Thanks Matt, I should have specified - remote client VPN, not router to router. Same deal?

Reply