Unifi – The cure for bad WIFI (April 2019, updated June 2021)
At ITW4 we’ve been doing a lot of work with our clients on public facing WIFI where coverage, security and bandwidth management are all key components. We’ve used many brands for this in the past; Draytek, SonicWall, and Cisco to name a few. They all have their own strengths and weaknesses when it comes to this sort of shared environment but new kit from Unifi has impressed us a lot and has allowed us to re-think small and large projects alike. And the best thing about is the price. No more £1,200 routers with ugly £150 access points; we can kit out a hotel with 10 AP’s with a quality brand enterprise router for less than the price of some of the high end routers on the market.
- Swish UI on the Unifi Controller – It looks beautiful and is extremely well designed. Although the clients don’t get to see it, it’s not something we’re used to in the IT industry. Everything is usually mundane grey with tables and black text. Having this just adds a level of interaction that is pleasant to use as well as functional.
- Deep Packet Inspection – You can open the stats on a per machine basis or on a per website basis and get a full view of who’s using Facebook or other social media during work ours as well as how much time and traffic has gone between. It’s also very useful for keeping an eye on staff internet usage, for instance is someone taking company documents off-site to a personal Dropbox. Anything you can think of tracking, can be tracked.
- Building Layout – Extremely handy for keeping track of your network infrastructure, you can tag devices by MAC address and then overlay them over a blueprint. Great for asset tracking, locating faulty equipment and possible WIFI dead zones. Extremely efficient for engineers who are unfamiliar with the client’s setup. They can park themselves at a PC and get familiar with the network within seconds.
- Guest Wifi Control and Portal – The ability to limit guest’s usage and bandwidth is an absolute must. Guests cannot be allowed to interfere with internal operations on the private network. The Unifi USG range makes this extremely easy to carry out with tagged vLANs and multiple SSID’s. You can also set up a captive portal with your companies branding, setting terms and conditions for WIFI usage as we have below;
Intrusion Detection and Geo-IP Filtering – The Unifi USG routers log break in attempts on the device itself and the ports you forward. For instance, you’re seeing a lot of failed logon attempts on your mail server from a batch of IP’s in Russia, so we block the entire Russian IP range from contacting any of your equipment.
- Initial setup – We have a few routes we can go down to get the devices set up. Set the Unifi controller up on a local network PC on a per site basis. Buy a cloud key and have to take it on-site when checking the network. Use Ubiquiti’s own cloud for management, usually free for a number of years then costs to run it past this. Set up your own Cloud controller and be able to manage multiple sites from the one place. We’ve opted for the last option as we have a solid infrastructure to back it, we’re also not charging out customers to use it!
- WAN2 port forwarding – There is currently no option to port forward WAN 2’s connection from the GUI. It is possible from the CLI but it has a complex setup. Saying this, we can load balance between to connections and only have open ports on a single WAN, won’t be a problem for most businesses. [UPDATE JUNE 2021 : This is a feature that IS now available]
It’s very nice to see such a functional UI. Management of AP’s across a whole network is seamless, which makes setting up devices a breeze compared to manually provisioning them and then having to log into their web UI’s individually to check on basic stats. Expansion is easy and the equipment is very well made and very presentable. It would be considered ‘normal’ to see these in any high-end office or hotel and being fully POE cables can be hidden away out of sight very discretely.
Overall a very good contender in the service industry where people need constant access to data via mobile devices. The firewall, with Geo-IP blocking and Deep Packet Inspection, is well above the expectations in this price bracket and is a saving grace for the security of your network.