yeah there are many great security devices out there but most have some yearly subscription....I think thats where the ubiqiti stuff is great, its cheap, fast, no subscription services at all, has most the features you would need...
Especially good when tied with its UnifiAP's! The wireless kit is brilliant too
the support is a bit weird in that there isnt really any, its more community/forum based
also it doesnt have any gateway AV, yes it does IDS/IPS/DPI/Content filtering/app control/geo blocking etc.. but there is no "AV" so if thats what your looking for, look elsewhere (fortinet/sonicwall/watchguard/sophos/paloalto etc but be prepared to pay)
there are a few different versions of the "dream machine" line
UDR - is a more home style router and wifi bundled into one cylinder type device
Dream Router less than £100
UDM-Pro - 1u rack everything built in including a hard drive bay for the optional protect/surveillance stuff (note the 8 port switch in this model isnt POE)
UDM-Pro SE - same as above, except it has POE ports and a 128gb ssd built in
the SE version also runs a different software /OS version, both non SE & SE are still updated and maintained, and while they share mostly the same features, the underlying OS is completely different.
if you already have a controller doing other stuff (.e.g a cloudkey) then the next-gen model is better as it can be adopted by other unifi controllers (useful if you are managing multiple sites)
Dual-WAN security gateway designed to protect medium to large-sized networks with enterprise-class firewall configuration and threat management features.
store.ui.com
my biggest gripes
- the "dual wan" can only work as failover and not in a load balancing mode (apparently load balancing is being re-added in the next firmware revision)
- stock VPN is L2TP only (also something called teleport, a unifi only take on wireguard but only works from ios/android devices) **you can using ssh install wireguard etc but needs some ssh wizardry
- when a hard drive is fitted in the UDM-PRO - the fans are loud! (otherwise without a drive its silent) **Hard drive is only needed if you want to record video from unifi protect/cameras**
- default setup has everything cloud based/remote access enabled, while secure and 2fa is enabled, I prefer to disable the remote access.
also worth noting from a security point.... some people were hit by the log4j vulnerability as the unif controller uses that... but unifi were ontop of this and updating super quick.... the people affected were just not updating their controllers for weeks/months.
My main reason for buying was my old draytek was EOL, and firmware no longer updated... I never run any router past its EOL date, I also needed something with faster firewall throughput and this ticked the boxes. 3.5GPS firewall throughput with DPI on in a box this cheap... that was reason enough for me.