Recently my Apple Airport Extreme died, so I decided to go ahead and do something I have been thinking about for a while now, and redid my home network with UniFi gear.
I live in a 3 year old house, which had a single Cat6 outlet in each of the 5 bedrooms and 2 living spaces, wired back to a small in-wall cabinet in the garage. Running additional Cat6 to ceiling mounted APs was not really an option, so I decided to use 3 of the AC In-Wall APs, which gives me good 5GHz coverage throughout the house and small section. I have the 2.4GHz power set to minimum, which gives me plenty of coverage for non 5GHz devices.
I got a USG, Switch 8-50W, and CloudKey, mounted in the cabinet, along with the Mac Mini which is running ESXi 6.5. This hosts a couple of VMs including an Untangle NGF which I use for content filtering. The cabling has changed slightly since I took this photo. The USG LAN port now connects to the Thunderbolt ethernet adapter on the Mac Mini, which is the external interface for the Untangle VM.
I was able to do away with the ISP provided router. The USG connects directly to the Fibre ONT.
Untangle web filtering gives me much more comprehensive information and control over what is happening on the network than what can be achieved with UniFi alone. I wish Ubiquity would build something like this into the USG, but the Untangle Home subscription is only US$50 a year.
Untangle runs in transparent bridge mode between the USG and Garage Switch. Lets just say that Untangle has shown that my children (13, and 17) aren't as sweet and inocent as I would have liked to believe (but never really did.)
A couple of issues that I have encountered with my setup:
- The WiFi adapter on my ducted heat pump system requires WPS to connect. I have seen reports of people using a WPS enabled AP to program the WiFi adapter, and then turning it off and it connecting to a UniFi network with the same SSID and password, but I have been unable to get this to work. As a workaround I enabled WiFi on my old Apple Time Capsule, and connected the heat pump to that. (I intended to keep the Time Capsule on the network as a backup target for my daughters MacBook, but with WiFi disabled.)
- If I set the Guest network purpose to Guest (as opposed to Corporate) clients cannot connect to the internet, and get "to many redirects" errors. If I remove Untangle, or setup the network as corporate the problem doesn't occur, so it is something about how those 2 interact. Disabling ICMP redirects on Untangle has no effect. I haven't worked it out yet, so have the network set as corporate for now.
I still have some work to do to lock down IOT devices etc, but it is all running smoothly, and I am much happier with the security of the network now.
My next project is improving my video surveillance, which after my good experience with the WiFi, UniFi is on the short list for. I'm very interested in the UVC-G3-Micro when stock becomes available in NZ. Most of the consumer grade products seem to be created for the purpose of selling over priced cloud storage subscriptions to users!