I have had the same network setup for a long time now. Unifi stuff just works most of the time. I didn't really pick it. Its not open source and now that I have fiber and have been having some issues with some of the Unifi hardware its time to make the call.
Do I just upgrade with Unifi or start migrating to something more in line with what I value.
So I've been chatting with my very helpful colleges at Red Hat and after mentioning PfSense to them I was told to check out Opnsense instead.
- I want to slowly move to 10g network gear
- I need PoE switches that are 10g
- I want a robust firewall / router
- I don't really wanna build my router due to time
Currently looking at Protectli Buyer’s Guide who sell hardware that is pre-installed with many options. I haven't decided which one to get yet. I wanna buy with the future in mind though so 10g connections are a must and support for two WAN connection is as well. I'm glad I ran CAT6 in my house years ago instead of cheaping out.
After I replace my router / firewall I will want to replace my Unifi switches. I'm considering buying used Cisco switches from eBay.
Anyone have any advice on this plan or advice?
I am using opnsense on mini-itx, for me it is ok because I have slow internet. Then I have unifi switch and two AP. My net is just 1g speed and it is enough for my family. Probably if I am going to upgrade I will stay in this setup, I mean router will be running opnsense and switch and AP will be unifi devices.
dont forget, cat6 can do 10g speed but if I remember correctly only up to limit distance.
maybe you need that speed, but mostly between few devices, e.g. server and workstation, so I think that you can use smaller switch for that.
maybe you already watch Toms video comparing pfsense and unifi firewall
Thanks! Aware of several of these factors but haven't seen that video. He does good work, I'll check it out.
When I switched to fiber I upgraded to a Netgate 4200 running pfSense and have been quite happy ever since. The support is awesome and the hardware is robust. What do you need 10 Gbps connections for? You can probably get away with 2.5 Gbps for most use cases.
Max performance of course ;) I have cat6 in the house so file transfer mostly. Just not wanting to make limiting points in the system as I replace parts of the system. Exploring ideas right now so you comment is helpful!
deleted by author
This might be the lowest cost that would for me from these guys at least.
Buying old cisco devices can be a pain to get the newest patched firmware.
Cisco will gate this behind subscriptions and maintenance contracts.
I'm not familiar with the Protectli kit, but it does look decent hardware for a good price, with no software vendor lock in.
I'd probably go the i7 core over the i3, and run several instances in a hypervisor, maybe up the ram.
Good to know. I'm not a network guy but I dabble. Why run several instances?
Hypervisor on the metal vs running an network/firewall os on metal (pf/opn/openwrt/etc):
disadvantages:
Very helpful. Thanks.
Id add that https://vyos.io/ is another open source alternative Firewall OS that implements the cisco configuration language, if that's your thing.
I tend to prefer Linux firewalls over BSD based, but that's generally a preference in features over simplicity.
A hypervisor lets you try them all with as minimal effort in swapping them out.
Is there a good alternative switch manufacturer besides Cisco that doesn't have these subscription / licensing issues but also can be found used on eBay?
Thanks, I haven't seen this product before.
I've actually had a few of their routers. Still have some for travel. They're great. I recommend them to friends and family.
The 10g thing is the requirement that might drive up my costs. I might need to build my own from a 1 liter PC to save some money. Its always time vs. money.
Yea a spare laptop would be plenty powerful to run any router software stack.
Yeah... The issue is the network side and I don't want a laptop form factor. I have a server rack this will go into. My setup is super over-kill.