I bought into their unifi ecosystem years ago. Separate devices, prosumer pricing, features and quality, single pane of glass.
... And I haven't upgraded anything since. Their new products are totally undirected, they aren't making items that are obvious and needed. Their software is falling behind and they just don't care.
Case in point: the usg pro 4 is years old but they havent released an updated affordable just-the-border device. Their new stuff like the dream machine, and now this, just isn't the right thing to replace what was there before. The VPN on there doesn't work with recent Android or iPhone, and they just don't care.
Adding even the most basic firewall rules is hard. The single pane of glass got a major interface overhaul, and they added a huge amount of hard-to-turn-off phone-home crap at the same time. Enshittification reigns supreme.
And don't forget other runty hardware like the poe ceiling lights and doorbell.
The company just needs to buckle down, make good stuff, fire the product astronauts, fix obvious major problems before adding pointless new features.
... Suffice to say, my next hardware refresh almost certainly won't be from this company.
I don't disagree, but since buying the UDM-Pro years ago, I feel like the software has gotten great. And recently, they've baked in Wireguard replacing L2TP.
Personally, I'd like to see more prosumer devices that support 2.5GbE/10GbE.
People always raise Wireguard as the end-all of VPN and yet its 2023 and there's virtually no way to deploy it in a business context.
InTune doesn't even list it as a supported VPN, and everything I see to deploy it suggests some kind of hack to bypass UAC for one specific app because the end-user software requires Admin permissions to startup and hook.
When we use L2TP with UDM Pro we get ~0.1Mbps across the wire from macOS and ~20Mbps across the wire with Windows, and yet the same VPN server running on a Mikrotik will easily achieve ~300Mbps. L2TP is so easy to deploy .. it's built into Windows and macOS. I wish they would just stop telling everyone to switch to WG and fix the performance issue that is clearly Unifi specific.
NB we are a business and our average spend for Unifi is $50K per year so we have a right to complain.
Isn't it normal that changing the destination of all of a system's network traffic would require admin permissions? Why does that make you think it's a hack?
It's completely reasonable that it requires admin permissions, but what I'm saying is that the other protocols (i.e. L2TP) that are built into macOS/Windows and mobile devices are integrated in such a way that they do not.
Most businesses never give their users admin permissions because it's a security can-of-worms, so for Unifi to push Wireguard for business doesn't make much sense. Happy for someone to point me at a turnkey Wireguard solution that just-works with InTune.
> InTune doesn't even list it as a supported VPN, and everything I see to deploy it suggests some kind of hack to bypass UAC for one specific app because the end-user software requires Admin permissions to startup and hook.
L2TP performance issues aside, I don't see how it's UniFi's fault that Microsoft's ecosystem is poor. I don't have many positive things to say about InTune.
Barely can break 350mbps with IDs and IPS enabled and starts getting buffer overload. I'm pretty sure Mikrotik had a faster router a few years before the usg4 hit the market for about the same price.
what unifi sold people on was cloud managed easy config and it just started working somewhat in the last version for me. Really feels like they need to triple down on the software front and beef the midrange hardware.
I just looked the other day - as I'm getting symmetric 2gb fiber in a few months and unifi has some wild high end router but it seems like it needs more on the CPU and ram front still, too. OpenSense here I come?
Without necessarily defending Ubiquiti's oftentimes-weird product lineup, IDS/IPS are basically useless, so there's not much point worrying about what they do to raw WAN speed.
I wouldn't say they went to shit, but their products moved away from what I wanted. I had an ER-X and APs and they worked well. I'd like an upgraded ER-X, but don't need a UDM. I ended up continuing to use my ER-X and use Eeros for the APs - got them super cheap on some Amazon deal.
Same here. I have a ER-X deployed to provide internet acces to a bunch of servers. I don't need any cloud service and stuff, just a router with some firewall and NAT.
My next product will be so ething else, because all the new stuff doesn't buy into the "KISS" anymore.
An updated ER-X with double the ports would be awesome. That's just not a market that ubnt seems to want to be in now. Cloud connected everything isn't something I want.
I just upgraded my networking and wifi and had the intention of going with unifi equipment rather than the consumer grade stuff. I was shocked to see that they don't have 2.5GbE or Wifi 6E options for their equipment.
They do have 2.5GbE through the dream machine special edition, also anything that is an SFE port you can put in a 2.5 or 10gbit ethernet jack if you need it. I get the general impression that they just want to go straight to 10gbit and not do 2.5gbit much.
But then you lose many of the benefits of a single pane of glass.
There's also the trust issue; the VPN problem has been known for years. If they won't maintain a key security component of their key security device, why would I trust them with anything?
... And I haven't upgraded anything since. Their new products are totally undirected, they aren't making items that are obvious and needed. Their software is falling behind and they just don't care.
Case in point: the usg pro 4 is years old but they havent released an updated affordable just-the-border device. Their new stuff like the dream machine, and now this, just isn't the right thing to replace what was there before. The VPN on there doesn't work with recent Android or iPhone, and they just don't care.
Adding even the most basic firewall rules is hard. The single pane of glass got a major interface overhaul, and they added a huge amount of hard-to-turn-off phone-home crap at the same time. Enshittification reigns supreme.
And don't forget other runty hardware like the poe ceiling lights and doorbell.
The company just needs to buckle down, make good stuff, fire the product astronauts, fix obvious major problems before adding pointless new features.
... Suffice to say, my next hardware refresh almost certainly won't be from this company.