I have been happily using Unifi for my home network but am now in a situation of having to design an installation for a small company (an office with 4 people). My first take would be to get a Dream Machine SE with a U6 pro access point, as it’s what I’m familiar with but would you recommend it in a professional environment? Looking at what similar businesses went for, I can see:
I would need something that can be trusted and forgotten while being secure (my knowledge in networking is limited and I don’t have time to spend in regular maintenance).
Totally. This is exactly what we have at our office (35 people) and it replaced a router who’s license fees would have cost more that the new hardware.
My only suggestion is to install two APs. This way, if a cable goes bad or a poe port fails you are still up and running.
Both Meraki and Fortigate are going to have annual licensing fees, but they might be worth it depending on your needs. What are the security requirements at the company? Are there servers or are these just computers accessing the internet? If no major security requirements, the UDM is probably fine. If you’ve got requirements for data protection and specific features you might need something a bit more full featured.
I despise Meraki personally. I am a proponent of Fortigate, and I have some 60F units for messing with, but while I’ll recommend Fortigate, which model you use depends on how big your small computer actually is. How many nodes, what’s your Internet connection?
When it says “for up to 50 users” in the description, does that mean literally or can that number be expanded through the use of AP’s? Could the Ubiquiti EdgeRouter Infinity ER-8-XG handle more users? I have 500Mbps single mode fiber internet. I am trying to build 300+user wifi network.
Avoid Ubiquiti routers at all costs. They simply don’t have the features required to be considered a business grade product. My usual recommendation is pfsense, Fortigate, or Palo Alto if budget allows. But no matter what you go with, someone needs to set it up and maintain it. You can’t just set it and forget it.
Full disclosure, this is a loaded question because everyone is going to have a different opinion.
For 4 users, I wouldn’t bother doing a separate access point with Unifi if you’re going to use a Forti, Meraki, etc.
Just use an all-in-one solution like an MX67W (MX67 with wireless), that will easily cover the 4 users and you can manage everything from a single cloud console. Meraki will handle the updates automatically, you just give it a maintenance window when to run the updates. Meraki isn’t cheap, but if you want something easy to manage that you won’t have to mess with a bunch, they’re solid.
I think you’re over killing it; a simple UDR and maybe a U6 pro is more than enough unless you need a lot of security.
I currently run a coffee shop with a lot of coming and going freelance internet consuming costumers and a u6 pro and a use are more than enough to have a reliable internet
I never recommend Unifi routers. They have very limited security features. There are 3 reasons why someone gets them:
They have no budget for a proper firewall
They don’t know what they’re doing
They are offloading all L7 inspection to the client and use the Unifi router just as an internet box with some extra features.
To the people who claim pfsense is the same (or better) than fortigate: That might be the case if you don’t get licences for your fortigate. Fortigate has some nice features that work out of the box (sd-wan, ssl vpn, ipsec, sso integrations,…) but the main added value lies in their security features. These come with a yearly fee. IMO these are a must to buy if you go for fortigate. You should realize that using these features also requires some configuration time and cost.
Ubiquiti is great for affordability, and I personally like it for that reason. However, if security is a top priority, you might want to consider Meraki or Aruba. They come with a yearly fee, but that’s because they invest in regular security updates and testing to protect your network from vulnerabilities.
Fortinet is a mid-range option, quite popular in NZ. However, Sonicwall and Ruckus are also worth looking into, especially Ruckus for its advanced features.
Ubiquiti is more entry-level, which makes it budget-friendly. However, it may not receive patches and security updates as quickly as the others. It has a user-friendly interface and gets the job done, but you might need to weigh cost against security in your decision.
Also note TP-Link Omada is nearly identical if not same to ubiquity but even cheaper.
If security is key, fortinet be my lowest entry. Ubiquiti would not be considered. Though even with top shelf Meraki you are never auto secure. MDR would improve security but only artic wolf takes on smaller firms I think.
Just review what are you protecting. On prem data or cloud. Is cloud secure. Maybe u can use WAF firewall like cloudflare or Barracuda.
Fortigate is worthless unless you enable / pay for content filtering. Remove this from the equation and they are stupidly over priced. Hardware is robust.
I would rather have better dedicated endpoint AV than Fortigate fully loaded. Too much fiddling with the Fortigate. If you have a mixed environment of a lot of different endpoints and you can’t wrangle them under endpoint AV (Bitdefender, etc) then Fortigate is a good choice. That’s what they are good at. Otherwise, if you’re just managing half a dozen Windows PCs just invest in good endpoint AV and get a cheaper Firewall.
Meraki if you have multiple locations you want to manage under a single page of glass.
Watchguard if you want a balance of other features like backups, etc. A bit under-rated. They are usually MSP centric, but a good product.
Mikrotik on a budget.
OpnSense was the most bang out feature rich platform I looked at. Lacks content filtering like Fortigate, but Jesus does it do everything.
Just not a fan of recent Ubiquiti perimeter devices. I liked the edgerouters, but mikrotik is a better option now in that space.
If you are running a classic cable internet you will want a wifi failover more than a Firewall failover. Pretty much all of the products above will do failover. UPS on your Firewall is also a must.
Personally I love Fortigate. I have several in production. There is an annual licensing fee but they are great NGFWs. I have used Meraki in the past and do not care for them at all, if you don’t pay for the license it becomes a paperweight.
Yeah no problems until you need to engage the next to non existent support team.
If I installed for a small business I wouldnt go ubiquiti for this one reason. Their ignorance can cripple a small business unless your retailer/supplier is decent and takes care of any rma issue with speed.
Yes, mostly computers accessing the internet. Very interested by being able to VPN as well. A network intrusion would be very bad though as it’s a company with lots of intellectual property. Ideally I would want something that would be secure just after unboxing without having to fiddle with many settings and options. Is that what you pay extra for with FortiGate?