New home network sanity check

[emrys]

Hey all

I'm building a network for my home which right now consists of the terrible cable modem from my ISP and that's it. The good news is that I have nothing to mess up, so this should go well .

I'd like to go with Unifi for the AP's and the switch and this is the basic diagram that I've come up with:
Cable Modem (bridge mode) -> U25 -> USG -> Unifi Switch -> 2 or more AP AC Pro

I think this looks reasonable, but I keep questioning if I need the USG there at all. The untangle appliance can act as a router correct?

Thanks
M

P.S. My networking knowledge is over 20 years old and super rusty, so please forgive any mistakes

[jcoffin]

What is USG?

[JasonJoel]

UniFi Security Gateway - router/firewall.

It can definitely work that way, although I've only done WAN - USG - Untangle in bridge - UniFi switches/AP. Not WAN - Untangle - USG.

I quickly figured out the USG added exactly zero benefit over just using Untangle as the edge router and removed it. Leaving the USG in adds complexity and admin overhead for no (good) reason.

[jcoehoorn]

Agree with JasonJoel. I'd replace the USG with a Cloudkey, or even just run the software on a computer in the network. The Unify dashboard will complain at you because it can't find a USG, but when it comes down to it adding the USG doesn't really give you anything you don't also get from Untangle except for removing those warning messages. Untangle, on the other hand, can do a number of things the USG can't, or can't do as well.

[emrys]

Sorry I've seen USG referred here, I assumed it was a common acronym .

JasonJoel, so you're saying that you now have WAN - Untangle - Unifi switch? This is what I'm hoping to do, so I'm hoping I read that correctly.

jcoehoorn, that sounds great. I'm perfectly adept at ignoring warning messages and good to see I'm on the right track.

[bluechris]

In work i was with ISP --> untangle --> usg --> unifi ap pro (6 of them) and in a server i had for 2 years installed the controller.
I was like your plan but many times i got troubles updating the controller. Ubiquity did some stupid things in controller updates like forced requirement of newer java etc that maked my hair go away till i found the correct way to restore the controller backup after a clean install and make the controller to own again the unifi AP's.

2 months now i bought the cloud key and i am a happy pappy because this damn thing updates itself so my advice for a set & forget system is to buy also the cloud key because it will make your life extremely easier.
I have also replaced in work all my small routers in offices with unifi usg 8port switches (4poe and i have 9 of them) and the beauty in this is that from the unifi software you do 1 click like a new vlan and everything in the network learns this new vlan.

[JasonJoel]

Sorry I've seen USG referred here, I assumed it was a common acronym .

JasonJoel, so you're saying that you now have WAN - Untangle - Unifi switch? This is what I'm hoping to do, so I'm hoping I read that correctly.

jcoehoorn, that sounds great. I'm perfectly adept at ignoring warning messages and good to see I'm on the right track.

Correct. I went WAN - Untangle - UniFi switches & APs. And sold my USG.

Don't get me wrong, you CAN use the USG in addition to Untangle if you really want to for whatever reason. It WILL work - so it is up to you. Its just that my position (with almost all things technical, anyway) is that each piece should serve a specific purpose, and that more pieces=less reliability/higher admin overhead. So I tend to remove pieces that overlap in functionality with others.

[emrys]

Yeah which is why I asked the question. There seems to be some redundancy in the initial structure which is fine if it adds the right value. If there's no benefit then all I'm going to be doing is spending more time maintaining my home network than I want to.

Plus the initial cost is cheaper, so there's that too.

Thanks for the help everyone, this forum is great! I'm sure I'll be here with plenty of questions when I try to execute my plan.

M

[JasonJoel]

Please do! There are some things about Untangle that are a little different from other firewall/gateway/UTM products.

One of my suggestions to new users it to go read some of the Wiki page and understand the difference between Firewall app rules, Bypass Rules, Filter Rules, and Access rules. It will almost definitely save some time/confusion later if you like to implement granular rules for traffic in/out your network.

[Loudog2]

In work i was with ISP --> untangle --> usg --> unifi ap pro (6 of them) and in a server i had for 2 years installed the controller.
I was like your plan but many times i got troubles updating the controller. Ubiquity did some stupid things in controller updates like forced requirement of newer java etc that maked my hair go away till i found the correct way to restore the controller backup after a clean install and make the controller to own again the unifi AP's.

2 months now i bought the cloud key and i am a happy pappy because this damn thing updates itself so my advice for a set & forget system is to buy also the cloud key because it will make your life extremely easier.
I have also replaced in work all my small routers in offices with unifi usg 8port switches (4poe and i have 9 of them) and the beauty in this is that from the unifi software you do 1 click like a new vlan and everything in the network learns this new vlan.

Are you double nat’ing with the untangle and USG configured like that?