Can we get an update from pfsense team on 24.08 status?
-
@behemyth said in Can we get an update from pfsense team on 24.08 status?:
@DefenderLLC said in Can we get an update from pfsense team on 24.08 status?:
UniFi finally offers DoH to custom providers now which will get me by for the time being.
I agree, Ubiquity has spent the past few years really struggling, but this year they hired a ton of talent to their software teams, and their cranking out good software with nice features, let alone some of the nice hardware they have released lately that is considerably cheaper than most competitors.
Check out the new Enterprise Fortress Gateway. It offers full SSL/TLS decryption and inspection with no subscription fees. it might be my next firewall.
https://store.ui.com/us/en/pro/category/all-unifi-cloud-gateways/products/efg
-
@DefenderLLC
Fortress gateway is on the radar for a bid im submitting (i'll win easily)
IIts going to be a perimeter firewall and its already an existing Unifi deployment.To be fair, Netgate and Unifi are the same regarding transparency. There is none. Unifi gives no EOL dates, no roadmap on features. Netgate has no roadmap for any of its products (maybe TNSR if I'm being generous). The last thing stated on 24.08 is that it will be released along with the beta preview of the pfsense management platform. Other than a very blurry photo on reddit there's been silence on the matter.
I give Unifi credit for delivering a nice showcase at the world conference tour. As someone who deals with Enterprise solutions, it was nice seeing an organization step forward and offer enhancements to its feature set.Netgate plays things very close to the chest (really unclear why as its very odd to do so) but that's how they roll. It is what it is. The world moves forward while some cling to the past.
-
Yeah that Fortress Gateway is insane, its very nice for the price. They released some new gateways, specifically the max which has 2.5 ports on it that are very nice for smb/homes to use. They have also been really working on feature sets in the Unifi suite.
I guess that's why companies still pay tons of money for support. The big network companies all have roadmaps and guarantee you updates and timely security fixes when found.
The not big companies don't do any of this, as you pointed out Michmoor.
-
@michmoor correct. UniFi does not really cater to the Enterprise. I've worked in network architecture at Dell, GM, and AIG. None of those companies would ever use UniFi network gear at scale. Never.
-
@DefenderLLC Haha agree completely. BUT, at least ubiquity is looking to cater to that market. There’s BGP/OSPF coming, there’s SSL decryption…there’s still a lot lacking though
-
@michmoor They are slow to release the newest technologies, but I've been happy with their stuff over the last 4 or 5 years. I currently have the following at home (LOL):
UDM-SE
USW Aggregation
USW Enterprise 48 PoE
(8) downstream UniFi switches
(4) U6 Enterprise APsI have been using my 6100 MAX as a transparent bridge sitting between my UniFi WAN and my AT&T Fiber gateway - primarily for Suricata IPS and pfBlockerNG with DoT to my Cloudflare Zero Trust tenant.
Total dweebage, but I really want that SSL/TLS decryption. It's hard not having that when we're managing over 400 Palo Alto firewalls at a large insurance company.
-
@DefenderLLC haha im very simple at home.
6100 at the perimeter and also acting as my L3 gateway for my vlans.
Unifi APs and Unifi switchesTo be honest...Im looking at putting the EFG at the edge and moving the 6100 down a layer. I still need pfsense for al the wireguard and ipsec connectivity (to many to move over ) so that's a simple port forward.
I would swing over the vlans to the EFG. This will also allow me to start seriously looking at the Unifi Protect line. I have RING and i want to get away from that system as quickly as possible. -
@michmoor said in Can we get an update from pfsense team on 24.08 status?:
@DefenderLLC haha im very simple at home.
6100 at the perimeter and also acting as my L3 gateway for my vlans.
Unifi APs and Unifi switchesTo be honest...Im looking at putting the EFG at the edge and moving the 6100 down a layer. I still need pfsense for al the wireguard and ipsec connectivity (to many to move over ) so that's a simple port forward.
I would swing over the vlans to the EFG. This will also allow me to start seriously looking at the Unifi Protect line. I have RING and i want to get away from that system as quickly as possible.The Protect cameras are almost as good as their APs and switches. Just stay away from UniFi Talk. That service is complete garbage. Don’t ask.
-
@michmoor said in Can we get an update from pfsense team on 24.08 status?:
@DefenderLLC haha im very simple at home.
6100 at the perimeter and also acting as my L3 gateway for my vlans.
Unifi APs and Unifi switchesTo be honest...Im looking at putting the EFG at the edge and moving the 6100 down a layer. I still need pfsense for al the wireguard and ipsec connectivity (to many to move over ) so that's a simple port forward.
I would swing over the vlans to the EFG. This will also allow me to start seriously looking at the Unifi Protect line. I have RING and i want to get away from that system as quickly as possible.Just in case you’re not aware, the EFG does not run Protect. It’s only a network controller. The UDM family will run any UniFi app, but at the enterprise level, it’s pretty much a one for one thing . You would need one of their two NVR‘s for storage and to run the protect app.
-
@michmoor said in Can we get an update from pfsense team on 24.08 status?:
@DefenderLLC haha im very simple at home.
6100 at the perimeter and also acting as my L3 gateway for my vlans.
Unifi APs and Unifi switchesTo be honest...Im looking at putting the EFG at the edge and moving the 6100 down a layer. I still need pfsense for al the wireguard and ipsec connectivity (to many to move over ) so that's a simple port forward.
I would swing over the vlans to the EFG. This will also allow me to start seriously looking at the Unifi Protect line. I have RING and i want to get away from that system as quickly as possible.I have a UDM-SE, which I will be keeping just to run protect and talk. It’s not ideal though because NAT cannot be disabled officially so I’ll have to run it in a dual-NAT scenario like I used to do with my 6100 MAX.
-
@DefenderLLC said in Can we get an update from pfsense team on 24.08 status?:
Just in case you’re not aware, the EFG does not run Protect.
Ahhh good looking out. I didn't know that. Thats ok. Do still plan on getting a UDM or some variant.
-
@michmoor said in Can we get an update from pfsense team on 24.08 status?:
@DefenderLLC said in Can we get an update from pfsense team on 24.08 status?:
Just in case you’re not aware, the EFG does not run Protect.
Ahhh good looking out. I didn't know that. Thats ok. Do still plan on getting a UDM or some variant.
I’m happy to speak with you about this before you make that decision. It’s not ideal to have two UniFi gateways connected to each other. It won’t work as intended unless you’re OK with a dual-NAT scenario. You can only have one network controller in use and one can’t manage the other.
If you don’t plan on running the other UniFi apps like talk or door access, I would just get one of their protect NVR‘s instead since it’s just a layer 2 device. Just something to think about.
-
@michmoor said in Can we get an update from pfsense team on 24.08 status?:
@DefenderLLC said in Can we get an update from pfsense team on 24.08 status?:
Just in case you’re not aware, the EFG does not run Protect.
Ahhh good looking out. I didn't know that. Thats ok. Do still plan on getting a UDM or some variant.
Just ordered my EFG. :)
-
@DefenderLLC need detailed review asap
-
@michmoor said in Can we get an update from pfsense team on 24.08 status?:
@DefenderLLC need detailed review asap
Will do! Know anyone that wants to buy a 6100 MAX with rack mount kit in pristine condition?
-
@DefenderLLC Hmmmm…..
DM me
-
To be fair, Unifi is great and all, with the UI design, simplicity, getting started with new devices, but you all seem to be forgetting about it's proprietary nature, which sure, if you're building a network for someone else, who cares, but for your homelab? I don't think I'd ever want to run an Unifi router as my main one. Protect on the other hand, being fully isolated from the internet, is plausible.
-
@FoolCoconut said in Can we get an update from pfsense team on 24.08 status?:
To be fair, Unifi is great and all, with the UI design, simplicity, getting started with new devices, but you all seem to be forgetting about it's proprietary nature, which sure, if you're building a network for someone else, who cares, but for your homelab? I don't think I'd ever want to run an Unifi router as my main one. Protect on the other hand, being fully isolated from the internet, is plausible.
They've really come around in the past year. The interface is just better. It's much easier to manage and you can easily integrate it with non-UniFi gear. I have doing that for several years including my 6100 MAX. It's gotten to the point where I don't really need pfSense anymore. Plus their switches and APs are awesome.
I say use what you want to use. My home lab is separate from all of this anyway.
-
Side note I would like a new 2100 with dual Arm Cortex A76 processors. Man that would be wicked fast… also dual SSD ports one specifically for swap use, and maybe 8GB ram
-
@michmoor PM sent.