WatchGuard to Unifi USG

So I have been very keen to get more into Unifi for a few months now. As I have mentioned in a previous blog post. I have a single access-point for a while now and I think the Unifi system, is very good!

What I currently have

The WatchGuard firewall arrived into my network as of luck more than anything else. I had the opportunity to acquire it locally and all I was looking for was a a layer-3 device that could route and control traffic between vLANs. The WatchGuard fitted this perfectly! It does not have an active feature key (required for anti-virus and content filtering), but this did not bother me too much. The WatchGuard worked perfectly apart from one small problem. It was loud! The fan noise did not bother me too much, but the rest of the family was a different story.

What did I do?

So I knew I had todo something about the noise and I did consider replacing the fans, but I did not want to mess with it too much. Seeing many of my fellow, YouTubers such as: ItsMyNaturalColour and CraftComputing upgrade to Unifi Dream Machines, hinted that I should defiantly take more of a look at the Unifi range. However during the covid-19 pandemic, I could not stretch to a Dream machine, I then looked at the USG (Unifi Security Gateway) and found that this is a perfect placement for me, it is fan-less so no noise as with the WatchGuard. But most of all, I get the security features for free! The price of the USG is amazing too. I only paid £103 for this little powerful box.

So I ordered it on good old Amazon! But I also snuck in a cheeky new access-point at the same time…

Being Amazon it arrived fairly quickly, but as I am a very impatient person I could do most of the configuration before it arrived.

Configuring the USG

So as mentioned in ‘Raspberry Pi – Unifi Cloud Controller’, I already had Unifi controller and access-point (AP-LR). So I could pre-configure my Unifi network on my existing controller before the physical kit arrived. This is amazing for someone that cannot wait for the kit to be delivered, even on Amazon Prime!

At home I run many vLANs for security. Now days it is very important with Internet-of-things (IoT) devices to consider the security of these devices, as we are putting out trust into companies such as Amazon, Philips and Hive. To name a few that I use. So I keep all of these devices on a separate vLAN away from anything that has my data on it. Below is a table outlining my vLANs and what they are used for.

VLAN	Description
1	Management devices such as WatchGuard and Switches.
2	Internet-of-Things devices.
3	WiFi devices such as phones and tablets.
4	Guest network
5	DMZ (demilitarized zone) for servers
10	Home network for my desktops and some servers

Plugging in the kit

When the physical kit arrived. I took it right out of the box and plugged it in to my network. Once adopting, the USG provisioned with in a minute or two will all the settings I had pre-configured and…. 90{dd02ca53089cac2432c56b1281023466f904f5e47d54aa45d3c7a4cebb0a242f} of it worked. I had made a few mistakes that caused some problems, but they where my fault not the devices. Once I had ironed them out. It worked with ease. I had to re-configure my existing switches slightly, due to a few things being different. But it kind of just worked. But this time with no fan-noise.

The only negative for the project was. The firewall configuration; controlling what vLANs can route to other vLANs, is not so easy on the USG as compared with the WatchGuard. But I think this is because the devices are for different markets.

I don’t have much to say about the new AP. As I just plugged it in and it worked! I will try and do a network tour video soon.

Networking, Tech, Ubiquiti

November 17, 2020