[Advice needed] Replacing Fortigate 60C + DDWrt AP - with router and 2-3 access points

[confuded]

I work in IT. Moving to a new home in a month. Now I have:

• a Fortigate 60C - which has a dying fan and was always very noisy in any case
• some 20$ Asus router I installed DDWRT on and use it as an AP
• Draytek with VDSL2+ modem (that's fine and it is staying)

In the new place I am wiring CAT7 and have a small 6U networking closet to put modem, router and a NAS in. Have RJ45 wall sockets almost in every room. It's a one floor apartment, but it has walls from concrete blocks.

 

I am looking for:

• a good router (it not need be an AP at all):
  • capable of IPSec - i need to be able to make tunnels to various networks for testing when working from home
  • vlans
  • IPv4 policies
  • PPPOE dialing (via the DrayTek modem)
  • At least 1 Gbps switch built in; PoE is a bonus
  • not terribly noisy (not IT closet type fans please)
  • DDNS.net support would be cool
  • some internal logging would be nice too
• 2-3 access points:
  • PoE
  • without a need for an eternal controller(e.g not Ubiquity)
  • AC support
  • 2.4 GHZ+ 5 Ghz
  • allows adding removing AP without hassle
  • vlan support with multiple SSIDs (for light bulbs and other IOT junk that I want far away from my internal network)
  • something discreet like the the nice and shiny Ubiquity dishes or Aruba squares. Don't want big spider antenas like ASUS. Its going to be on the wall or roof (prefer wall though)
  • something stable i can setup and forget

NOTE: The max internet connection I will get with VDSL2+ is only 100 mbits down and 3 mbits up. But I do lots of local file transfers.

I want to invest in my home network, but am clueless about home networking hardware (routers and APs). I don't want to splurge on enterprise hardware (i.e. just buy a Fortigate, Ubiqyity APs with a controller).

I am comfortable with Fortigates and know my way around a Mikrotik, but thats not really home hardware.

 

I would appreciate any advice!

[scottyseng]

8 hours ago, confuded said:

-snip-

Just wanted to clarify, the Ubiquiti APs only need a controller for the initial setup (You can install it as a program on your PC, phone, etc) then after being programmed they're pretty much automatic. You only need a controller 24/7 if you want logging info (If you already have a homelab with a server that runs 24/7, you can install unifi controller as a software if you'd like. You don't need something like the Ubiquiti cloud key). Oh, you will need the controller to push firmware updates as needed though (At least if you don't want to do it the hardcore way via ssh).

 

As for a router, maybe look into the Ubiquiti Edgerouter 4 or Lite (It doesn't have a switch built in though). I'm not sure how much IPsec throughput you need.

 

I don't think the normal consumer brands would please you in terms of features in my opinion.

[mynameisjuan]

11 hours ago, confuded said:

I want to invest in my home network, but am clueless about home networking hardware (routers and APs). I don't want to splurge on enterprise hardware (i.e. just buy a Fortigate, Ubiqyity APs with a controller).

I am comfortable with Fortigates and know my way around a Mikrotik, but thats not really home hardware.

Your only choices are Fotigate, Ubiquity and Mikrotik. You are not getting all those features anywhere else.

 

I would go Mikrotik because cost but if decent wireless you pretty much have to go Ubiquity. I have a couple sites with Mikrotik APs and they are not terrible though.

[pogoemt]

At my work, we use Ubiquity for most internal networking. I love it to death, it was very easy to pick up and their support is responsive if I can't find any good forum posts/help articles.

 

I have no experience with Mikrotik and not enough experience with Fortigate to offer a good comparison. 

[mynameisjuan]

19 minutes ago, pogoemt said:

At my work, we use Ubiquity for most internal networking. I love it to death, it was very easy to pick up and their support is responsive if I can't find any good forum posts/help articles.

 

I have no experience with Mikrotik and not enough experience with Fortigate to offer a good comparison. 

We deploy all 3

 

 

Ubiquiti is a good all rounder. Wireless is where it shines

Fortigate is very powerful with licensing with firewalls and deep packet inspection

Mikrotik is even more powerful with a very very steep learning curve. 

[confuded]

21 hours ago, scottyseng said:

Just wanted to clarify, the Ubiquiti APs only need a controller for the initial setup (You can install it as a program on your PC, phone, etc) then after being programmed they're pretty much automatic. You only need a controller 24/7 if you want logging info (If you already have a homelab with a server that runs 24/7, you can install unifi controller as a software if you'd like. You don't need something like the Ubiquiti cloud key). Oh, you will need the controller to push firmware updates as needed though (At least if you don't want to do it the hardcore way via ssh).

 

As for a router, maybe look into the Ubiquiti Edgerouter 4 or Lite (It doesn't have a switch built in though). I'm not sure how much IPsec throughput you need.

  

I don't think the normal consumer brands would please you in terms of features in my opinion.

Thats good to know. I thought it always needed a controller.

 

I got suggestions also for a pfsense box from a small for factor PC with two 1 Ggbps NICs...

I'll look for a used fortigate. Everyone uses the old ones for a backup one in case the primary fails before the warranty brings a new one.

 

Anyone has experience with TP-Link Omada EAP225? Lot cheaper than Ubiquity.

 

Thanks for all the suggestions!

[scottyseng]

10 minutes ago, confuded said:

-snip-

Yeah, a pfsense box would work great. Or if you want to buy something off the shelf for pfsense, netgate makes retail pfsense routers (not exactly cheap though).

 

Hmm, those tp-link APs are pretty interesting / solid value. Never seen them before.