We help IT Professionals succeed at work.

I am unsure of the functions of the Ubiquiti Unifi Security Gateway.

I am unsure of the functions of the Ubiquiti Unifi Security Gateway.

The installation I am working on has 8 Ubiquiti Unifi wireless access points.  At the present time I have the Ubiquiti Unifi controller running on a Windows machine.

Is the Security Gateway also a router?  The cable company - Optimum Online - provided a cable modem and a wireless router. Can I replace the cable company's equipment and connect the Security Gateway between the cable modem and the network switch?  

The website says "Integration with UniFi Controller.  This is unclear as to whether the UniFi Controller is built into the Security Gateway, or whether I need to continue using the controller computer.
(I assume that I program the Security Gateway using a computer.)

Ubiquiti also mentioned that the device allows remote management.
Does this require purchasing two units, and then setting up the VPN server?

Thanks and Merry Christmas to all!
Comment
Watch Question

IT Consultant
CERTIFIED EXPERT
Commented:
If you remove the marketing BS, the "Security Gateway" is a basic router. You'll need an UniFi controller somewhere, to manage all your Ubiquity devices.
No VPN mention in the documentation, so you'll need to setup a VPN server yourself: https://dl.ubnt.com/datasheets/unifi/UniFi_Security_Gateway_DS.pdf

HTH,
Dan
CERTIFIED EXPERT
Commented:
The USG is a close releative of the Edge Router and has basic routing and NAT/PAT functionality, but instead of being managed on the device like an edge router, it is managed from a Unifi Controller in just the same way as a UniFi access point.

The controller does not need to be on the same LAN as the USG. I manage several USGs at different locations that connect to a controller that is accessible from the Internet. It is also possible to access a UniFi controller via the UniFi cloud.

In theory you should be able to replace your ISP supplied router with a USG, In practice the ISP cable modem might be tied to the ISP supplied router MAC address, and it could also be that the ISP router performs some other unknown authentication. A simple test would be to connect a computerdirect to the modem and see if it gets an IP address and is able to access the Internet.
Andrew Hancock (VMware vExpert / EE Fellow)VMware and Virtualization Consultant
CERTIFIED EXPERT
Fellow
Expert of the Year 2017
Commented:
USG = Router....(also provides VPN functions but no OpenVPN), IPS and IDS.

I would argue it's not a basic router! like your bog standard Linksys, Netgear crap, it's a cross between Linksys, Netgear and Cisco...

it's very sophisticated and can provide very complex configurations, vLANs, traffic management for Guest Networks, Internet Access.... but if sophisticated and command line is not for you maybe avoid....

BUT, it will compliment your existing environment well...e.g. controller and WiFI Access points... as at present you may notice your current controller is not fully featured without the USG!

and then you'll want to add a Ubiquiti Switch with POE
If you add the USG to your current environment, it also provides traffic management, and can also display and break down the traffic which comes in and out of your internet.

It also has the ability to filter internet traffic using IPS/IDS

https://help.ubnt.com/hc/en-us/articles/360006893234-UniFi-USG-Configuring-Intrusion-Prevention-Detection-System-IPS-IDS- 

BUT you may consider holding off for the UDM Pro, which now contains the Router, Controller and CloudKey all in one single box!!

Also note that if you enable IPS/IDS it restricts the throughout depending upon USG, USG-Pro or USG-XG

To be honest with you check Ubiquiti site because all their stuff is in flux, and being discontinued as the new UDM Pro is launched...

https://store.ui.com/products/udm-pro-beta

We've got all the Ubquiti kit here, so ask away.....

Some people believe that the traffic stats are a bit of a gimmick, but it can provide quick diagnosis of splitting you traffic out into traffic which USG can identify....on your LAN...

2019-12-28-17_01_06-UniFi.png
here is a map of the world, with Attacks which have been blocked by packet inspection!

2019-12-28-17_06_51-UniFi.png
Overview Dashboard which you are currently familiar with..... but you do not have USG enabled! (because you do not have one!)

2019-12-28-17_09_20-UniFi.png
At present it's Saturday so, backups are being uploaded to Cloud.... hence 5MB/s upload... is running...
CERTIFIED EXPERT

Commented:
@Andrew Hancock, the USG does have OpenVPN
ubnt-openvpn.PNG
Andrew Hancock (VMware vExpert / EE Fellow)VMware and Virtualization Consultant
CERTIFIED EXPERT
Fellow
Expert of the Year 2017

Commented:
@ArneLovius

That's in BETA, and I believe Site to Site, and not VPN Client.

 I was picking up on the first comment, which states no VPN function "you need to setup a VPN server", at present it supports PPTP and L2TP VPN Client "dial-in".

Ubiquiti do not support anything in BETA!

So if you want to use OpenVPN Client, you'll still need to setup an OpenVPN server behind the USG!
CERTIFIED EXPERT

Commented:
@Andrew Hancock, the OpenVPN setting is in 5.12.35 (current release, not beta https://www.ui.com/download/unifi) and from the OP "purchasing two units, and then setting up the VPN server?" is fairly obviously site to site.
Andrew Hancock (VMware vExpert / EE Fellow)VMware and Virtualization Consultant
CERTIFIED EXPERT
Fellow
Expert of the Year 2017

Commented:
@ArneLovius

In your screenshot it states BETA, if that is 5.12.35 you have a screenshot of.

I think clarification is required here....from the OP.... but re-reading....

Ubiquiti also mentioned that the device allows remote management.
Does this require purchasing two units, and then setting up the VPN server?

I think the OP is asking if he needs to purchase Two Units for Remote Management. I don't think he implies here he wants to do site to site VPN!

I don't believe you need two units to perform Remote Management! (that's already been discussed).

But we will wait and see if he returns to the question.
CERTIFIED EXPERT

Commented:
@Andrew Hancock, the "Beta" icon is against VPN Type", not just OpenVPN. Might I suggest that you ran up a 5.12.35 instance and had a look.

I was presuming that he was asking if a Site to Site VPN was needed for Remote Management, but I on re-reading the OP I take your point that it could be meant to have one USG just as a VPN server.

It is only possible to have one USG per Unifi Controller "Site".
Andrew Hancock (VMware vExpert / EE Fellow)VMware and Virtualization Consultant
CERTIFIED EXPERT
Fellow
Expert of the Year 2017

Commented:
@ArneLovius

@Andrew Hancock, the "Beta" icon is against VPN Type", not just OpenVPN. Might I suggest that you ran up a 5.12.35 instance and had a look.

I don't need to, OpenVPN has been there for two years+ for Site to Site VPN, not Client VPN.
CERTIFIED EXPERT

Commented:
@Andrew Hancock "also provides VPN functions but no OpenVPN", if you had said "also provides VPN functions but no Client OpenVPN", or also "provides VPN functions but onlly site to site OpenVPN", then I would not have posted...