Have a look at one of the Mikrotik routers. Carrier grade functionality for dirt cheap.
For many years I've used a tool called The Dude from Mikrotik. It's a generic IP sniffer and really works well to identify your IP devices. Locate and download the v4 version (it was beta). They new versions they create require additional software.
I had the same issue once upon a time, multiple vlans, subnets, separate wifi for IoT vs. guest vs. family etc... plus a dozen servers, blade chassis, VMs and NAS on their own networks with complex rules. VPN inbound, ports open, POE yadda yadda yadda.
I opted to flatten everything, just like you, and went with a Ubiquiti Dream Machine Pro, so I can still do packet sniffing. With a Ubiquiti UDM, a Ubiquiti switch and some Unifi WAPs i was able to setup and manage everything from one interface, i can still vlan tag if I want, and I can do LAN, DHCP, Wifi configuration, open ports, forward ports all in one place, it's really quite nice.
Did I like having vmware, Cisco, Netgear, HP and other equipment all on the network, sure, but when we moved in Dec it was SOOOO nice to just be able to unplug 5 network devices (UDM, Switch, 3 WAP) and plug it back in at the new place and just work.
1 Like
1 Like
Good luck finding a dream machine pro that the price gougers haven't already snatched up.
2 Likes
Yup.
The only path forward is random lottery, or back to brick and mortar purchases with quantity limits. Thanks purchasing bots!
I even checked all the retailers in texas and they're all sold out. Maybe by the time the supply chain gets sorted out they'll have a new product line.
1 Like
Yup. 'tis bull****.
If I were starting from scratch I'd possibly look at going all in on Unifi, but that's a significant investment to rip all the existing stuff out when there's nothing really wrong with it.
Plus, I did look at the DM and DMP but from what I could see, like the USG and USG4 Pro, they don't have any sort of live-logging in their UI either? Which is one of the main requirements really, I'd like to be able to see what's going on first before deciding what needs blocking / unblocking.
Might see if I can pick up a reasonably cheap fanless embedded board / PC and revisit pfSense or look at OPNSense / Untangle.
Iβd love to be able to run one of the smaller PaloAlto Network firewalls at home. They sure produced some great logging. But not something that can be picked up for home and certainly not very easy.
They must have resolved most of the issues. My UDMP has been rock solid since I bought it. I already had the 3 WAPs and a cloud key, so the transition was as simple as 1) setup UDMP 2) restore cloud key settings. That said, I do wish the UDMP had more ports, and supported POE, but I simply added a 16 port Ubiquiti switch with enough POE for my 3 WAP and 3 of their mini POE powered switches.
I use PiHole in a docker container on my NAS, so not everything is Ubi, but honestly I couldn't be happier. I am able to do SPI on my 1Gb internet connection and dont have any of the performance issues that earlier versions of the UDM had.
I agree STP and gig backend are a miss, but stacked up against everything else the UDMP \ switches have been rock solid so I've got no complaints...
I've thought about getting a UDM (non-pro) a few times as I need another AP anyway. BUT, around here the only place that sells them charges $50 over MSRP which turns me off. And then I've just been too lazy to Amazon one.
I lucked out and got mine right from Ubiquiti, in fact it showed up literally a day and a half later, no special shipping options selected. I havent tried sourcing one since, but I haven't had the need.
In fact I have a Cisco POE switch, Netgear router and Ubi CloudKey sitting around I really need to sell, those 2 Ubi devices replaced them...
If you have an old PC and a network card, try pfsense. It's come a long way and dam it's free. Took some time to customize, but out of the box it just works. I'll never go back to expensive hardware when this does everything, free.
- view a live log of what that device IP is trying to do - protocol / port / target IP ..... including any domain and url if it's http / https
A DD-WRT router (and the code will load onto almost anything) is a fine tool to have, as issues like this are addressed not just by the code, but also by add-on freeware and variants.
For this, you'd telnet to the router, or use the "command" window on the web GUI, and type
watch -tn5 'cat /proc/net/nf_conntrack |grep 192.168.1.99'
You will then see all the IPs with which 192.168.1.99 is trying to connect. (Change the IP to whatever IP is the device at issue.) The data will show up in pretty much realtime, so you can push buttons and such, and see what the "smart device" is trying to do.
Block/allow is by domain, subdomain, IP, whatever.
I'm familiar with DD-WRT. Ive run it on several routers.... Working with watchguard though is much easier though and much more powerful, and you don't have to go through loading it on something. DD-WRT is fine for what it is. I mean hell, I used to have clients running squid... It's just gotten to the point though where I recommend things that are fairly set and forget. If you need support you have direct live support from either a network engineer like me or directly from Watchguard (because even I get stumped sometimes).
1 Like
A lot of people that donβt need advanced advanced features like unifi
I had a TP-Link mesh and used the Tether app. It's easy to set up and affordable and the Tether app is simple and powerful.
I replaced it with Ubiquiti Dream Machine Pro and assorted Ubiquiti access points at comparatively much greater expense.
I am not overwhelmed by the improvement and the considerably increased complexity of use. The closed system is a major compromise and expense if you use the Ubiquiti security cameras and software.
The more I learn about the hardware and software the more I appreciate the Unifi system but it is definitely not for the casual user.
1 Like
I have a partial ubiquiti setup - cloudkey2, some wifi units and a few switches. Have not done the UDM Pro thing yet.. even without it the ui is great.
1 Like
