Ubiquiti or pfsense router?

[Russsell]

Hi,

 

I'd like to bridge my ISP provided router and use my own to have a bit more control over my network and not have to chat in for any network change to my ISP. 

I'm currently thinking about using either some Ubiquiti router (don't need wifi) as I already have U6+ and hosting unifi controller on my Synology NAS. Or the second option would be bying some 4x2,5gbps device from Ali and using pfsense. 

I know first option would be more plug and play, however not sure which gives more control. My idea is to be able to use pi-hole, possibly block certain sites from getting to the network and ideally traffic monitoring. 

 

Would apreciate any advise about which one to choose. 

 

Thanks and best regards

[Sir Asvald]

If you already have Ubiquiti devices, then it'll make more sense to get the the Ubiquiti router to keep everything the same.

[OddOod]

35 minutes ago, Russsell said:

be able to use pi-hole, possibly block certain sites from getting to the network and ideally traffic monitoring. 

How much have you dug into the ISP provided router? Most I've seen let you set DNS manually which allows you to pihole which does both blocking and minor traffic monitoring

[OhioYJ]

I went pfsense, well until some of the shenanigans, then switched over to OPNsense. (The nice part of running your own hardware is you can run whatever you want). I use Ubquiti access points. Any (some are easier than others, as support  for some hardware is better than others) device with at least two LAN ports can be your firewall. 

 

Is there a reason you are set on pihole? Nothing wrong with it, but it maybe just be adding devices and complication that may not be needed. Many people would just leave the ad blocking up to the firewall, these things can also be done by pfsense or OPNsense.  I know I haven't used my pihole since the switch over. 

[Russsell]

2 hours ago, OddOod said:

How much have you dug into the ISP provided router? Most I've seen let you set DNS manually which allows you to pihole which does both blocking and minor traffic monitoring

Not at all, ISP provided router is blocked from my access unless I pay them to use their wifi. Since I have no intention of doing that, cannot access it 

 

1 hour ago, OhioYJ said:

Is there a reason you are set on pihole?

Not specifically Pihole, that is one thing I've heard about. I'd like to have the option to block certain sites, addresses (for example to stop Samsung TV showing ads in the menu). And if it blocks some of the ads itself, even better. 

 

 

 

To clarify, I have one U6+ AP, so not really dug into Ubiquiti yet. Controller is self hosted on Synology. 

[LIGISTX]

47 minutes ago, Russsell said:

ISP provided router is blocked from my access unless I pay them to use their wifi

Will you be able to have them put the router in bridge/DMZ mode if you get your own router behind it? You will need this unless you don’t mind being double NATed. 
 

I run pfsense as my edge router (don’t use pfsense as a switch, even if you buy a 4 port NIC, use one port for WAN and one for LAN…. Use switches as switches, pfsense is not a switch, it’s a firewall), and then I run UniFi switches and AP’s. Vlans all play perfectly nicely, and I run pfblockerNG on the firewall instead of pihole… so I can fully block garbage at the edge of my network. 
 

I believe the newer UniFi firewall/routers are decent options as well, I just personally don’t know much about them. 

[OhioYJ]

5 hours ago, Russsell said:

To clarify, I have one U6+ AP, so not really dug into Ubiquiti yet. Controller is self hosted on Synology. 

Just to make sure, you are aware, that you don't need anything special to run the APs right. They can be setup from anything. I started with a pair of U6 Lites, then swapped them out with U6 Enterprises, but they are just plugged into a switch in my network. I just set them up on my local PC.  The "controller" doesn't need to be running all the time.

[Russsell]

4 hours ago, LIGISTX said:

Will you be able to have them put the router in bridge/DMZ mode if you get your own router behind it? You will need this unless you don’t mind being double NATed. 
 

I run pfsense as my edge router (don’t use pfsense as a switch, even if you buy a 4 port NIC, use one port for WAN and one for LAN…. Use switches as switches, pfsense is not a switch, it’s a firewall), and then I run UniFi switches and AP’s. Vlans all play perfectly nicely, and I run pfblockerNG on the firewall instead of pihole… so I can fully block garbage at the edge of my network. 
 

I believe the newer UniFi firewall/routers are decent options as well, I just personally don’t know much about them. 

Yes, I have it confirmed they can bridge it for me. They offered proactively after my multiple requests for LAN IP assignement

14 minutes ago, OhioYJ said:

Just to make sure, you are aware, that you don't need anything special to run the APs right. They can be setup from anything. I started with a pair of U6 Lites, then swapped them out with U6 Enterprises, but they are just plugged into a switch in my network. I just set them up on my local PC.  The "controller" doesn't need to be running all the time.

Yes, I know. I had it hosted on my PC at first, but wanted to try docker and hosting it on synology. And in the end just kept it to see the devices connected. 

 

 

For now it seems Cloud gateway Ultra might be the off the shelf solution, then I wouldn't even have to self host the controller. Or since it seems to be hard to get now, maybe Unifi Express, but that has wifi AP that I don't need.

 

Is there anything similar to pihole on Unifi devices? Will have to research that a bit more. 

[DoctorNick]

15 hours ago, Russsell said:

Hi,

 

I'd like to bridge my ISP provided router and use my own to have a bit more control over my network and not have to chat in for any network change to my ISP. 

I'm currently thinking about using either some Ubiquiti router (don't need wifi) as I already have U6+ and hosting unifi controller on my Synology NAS. Or the second option would be bying some 4x2,5gbps device from Ali and using pfsense. 

I know first option would be more plug and play, however not sure which gives more control. My idea is to be able to use pi-hole, possibly block certain sites from getting to the network and ideally traffic monitoring. 

 

Would apreciate any advise about which one to choose. 

 

Thanks and best regards

I don't think you'll need a cloud gateway tbh. Why not just get a ER-X or something like that?

[Bdavis]

Getting the dream machine or dm pro or dm SE is nice because it allows you to control all your ubiquiti devices from one interface. I have the DM special edition and like the POE ports. It's been rock solid and was easy to set up.

 

Pfsense is good, and I used it before buying the dream machine SE. I would recommend it if you want complete control of every possible option for your network, and are willing to invest the time to learn it. For me the main reason to switch was to control my access points and switches.

[LIGISTX]

15 minutes ago, Bdavis said:

For me the main reason to switch was to control my access points and switches.

Not that this isn’t valid because it is much edited, but just didn’t want anyone to be under the assumption you need UniFi routers to control their AP’s and switches. You can control them just fine for free with their software which has versions for windows and Linux.