Unifi's NEW Enterprise Fortress Gateway: An MSP's Review
Hey, everybody. Clay Archer, CEO, DPC Technology. I've got another great one today. You may have noticed a theme that I've been kind of leaning in towards lately of is Unify, trying to get into the main and service provider space, or are they trying to work in the SMB, an enterprise markets? Well, I've got a really cool video today about their new product, the EFG. So by the specs this new Enterprise Fortress Gateway is a very impressive device Unifi with super generous and sent a couple of these over for me to review. I've been playing with them for the past few weeks and this video is going to be my review of the product and who I think this product is really for.
This is a very, very impressive piece of hardware and let's get into who this is for. So without any further ado, let's jump right into the software. So I'm gonna break this up into two parts. The first part will be a deep dive into the Enterprise Fortress Gateway and the second part and probably the part I'm even more excited about is the new MSP program that they're putting together. So. So let's jump into the Enterprise Fortress Gateway itself.
As you can see by the specs here, this is an amazing device. This is a device that you had brought in a large branch or a campus type environment where there are a lot of devices and a lot of people that you are managing. Let's jump into those specs real quick. So it does 12.5 gigabit per second routing with IDS and IPS on So this is a monster of a router.
It's got two 25 gig SFP28 ports, it's got two 10 gig SFP plus ports and 2.5 gigabit Ethernet ports and all of those are LAN. WAN compatible which is really cool. It will do license free real time inspection of encrypted packets with their next inspection tool.
I'll go deep into that. We'll play with that tool here in a bit in the future, But there is a free version of that and then there is a paid version of that and we'll go into what those two look like and we'll go ahead and turn that on and show you what the differences are. It's got shadow mode, high availability with automatic failover, which is awesome, very similar to the other devices that they've been putting out lately, like the UDM, Promax. It also runs the full unified network for Stack Management.
I think that's a real game changer and I'll talk a little bit more about that in the MSP portion of this video. The other features they have dual hotspot power supplies for power redundancy, which is awesome, and they sell those power supplies separately. So that's awesome that that's a serviceable part of this device. And obviously if you put two of these together in that high availability, you would have four hot swappable power supplies, which is pretty incredible.
They are also going to be releasing an independent gateway counterpart to the EFG called the Gateway Enterprise, and that could be managed with a cloud key official unify hosting or you can self-hosted it with the unified network server. And I'm not going to go too much into that, but that is going to be available with the same pricing at time of launch. So let's jump into the software. Will Quick. I just want to kind of go through what's new and what's different here.
I will start off by saying two things. One, Unify was really gracious to send these two units out. But second of all, it is very difficult to test enterprise hardware in a home lab type environment. Second of all, this really needs to be tested in production. Obviously, these devices that can control thousands of endpoints need to really be pushed and no home lab is really going to be pushing, you know, 12 gigabit per second throughput with IPS. But that being said, I have had this for the last couple months and I've been putting in three spaces and some very, very impressive device.
So the first thing right off the bat is it is the Unifi network interface that you're always used to seeing. If we go into the controller itself, you can see that I've got the tube in there. They are in sync. I am not in failover mode right now. I've been playing with that, turning it on and off and I will show you how that goes through. To set up the Shadow Gateway is very similar to the way the UTM probes Max was.
You take a line out of one of the land ports on the primary EFG and you put it into the way in port in that up port on the shadow gateway. It will then recognize it and you will just add it to protect like you normally did. They will recognize that device and then it will walk you through what it's doing, either on the display on the unit itself or on your screen. Once you get them connected, it's super easy. It walks you through with explainers
the same way that it did with the EDM Promax. So that's awesome. You know, if one fails it’ll automatically switch over to the next one going into your network. You know, this I think is one of the biggest features of this device, is that it is the network interface that we're used to seeing. So it is using the the firewall that you would get on a union pro in our MSP. We are a sonicwall shop.
I particularly like the UniFi interface. I like the way the routing in the setup works in the unify interface. So that may be different for you. I am a like I said, we were sonicwall shop. I think the Sonicwall interface is very cryptic and very hard to understand.
Why has an I find the unified interface to be much easier to navigate. So let's just jump in really quickly. I'm going to go into kind of the biggest feature here that we've got under security.
There is this new feature called Next Day. I basically what it's doing is it's taking the all encrypted traffic, it's decrypting it, it's reading it, and then it's re encrypting it. Obviously in here it's analyzing. Is this the bad stuff? Is this, you know, stuff that we don't want coming through or is it something that we want coming through? It's also logging search history, which you will be able to see inspection so that it records, it sends it on on its way. You can see in here there are several different ways that you can set this up.
I'm not going to change it right now. I'll come back here in a second because if I change it, I'll have to reset up. But I've been running it on Simple for the most part. I think that the defaults are pretty good. You can see target networks are default.
You could edit your networks here and you could put it on other networks. I've just been running it on default. Default traffic likes.
I can change the traffic types here to just do web browsing, email, email, imap or email SMTPS So yeah, obviously you can change any of the levels that you want to do this back and inspection. Obviously, you know, for security purposes, there may be certain areas that you do not want to inspect all packet. You know, if this was a bank or a health care provider or something where you know, there are certain strictures as to what you can or cannot do, you may or may not want to turn the other things on or off for certain segments of those environments. So you can do inspected domains, you can do all, you can do specific, you can do exclusions and you can create actions. And so then under actions, you can actually, you know, block specific queries, block specific file types or block specific URLs.
So that's pretty cool. You can do kind of granularly there. You can say, I don't want any bitmap files. And that brings back kind of to, you know, who this device is for. There is a certain amount of management that you're going to have to do on these devices.
Obviously, if you're going to put this in a large environment, it's going to have to be managed because you're going to get service requests when you start blocking things. And that's really just a balancing act between, you know, the tightest security possible and letting end users do their day to day activities. But this is not the type of device that you just throw on the network. You click one button. Yeah, let it run. That's not the case for this. And obviously, you know, with its competition and where its place in the market, nobody is just going to put this in and not manage this device without being said.
So you go in here and you can edit the different blocked websites, you know, invalid certificates, untrusted certificates, insecure high risk, medium risk, invalid domains, all really cool. But there's a pretty neat feature here. And this is again has to be managed that this is doing this with a UniFi SSL certificate. And what you're able to do here is all the machines that are going to be using this. You download an SSL certificate and you put it on that machine for each user that is going to be using the machine that you need to manage this for everybody that is going to be inside of the network that has next day. I turned on.
So if somebody goes in without the certificate, they're going to get a bunch of weird blocked sites. That's the way that it is, managing what is able to go through this machine and not able to go through the machine as with this SSL certificate. So that's another thing to consider. If you were going to deploy this to a 300 user office, you are going to have to deploy these SSL certificates to all of their devices.
The rest of it is very similar to a normal unified interface. I will show you here. Let's go hand over into insights and let me go.
And inspections here. And under inspections, I'm going to go to queries here. And under queries it is now showing me every query that I've made on my PC to Google is logging all those.
So you can see I've gone to a bunch different places. I was looking up the prices of the competitors. Here you can see me. I went to the Pirate Bay. I'll show you here what you see if you click on the Pirate Bay.
Obviously it blocked that as an unsafe website. So you can also click on blocked, you can click on allowed, you can click on intrusion and it's giving you incredible logging into all of this and if you know I wanted to block this here all my true dos which I probably do I would go in here and I would just go block connection. And what that's going to do really quickly in here is it's just going to add a firewall rule to block that that traffic between those two spots.
Very easy, very simple to manage. You go in here and it's going to give you a ton of information about that. I can click on advance here. It's going to give me even more information about that particular incident.
The logging on this thing is incredible, as you would expect for a router of this quality. So you can see that right out of the box. This is a very strong device with really impressive capabilities and sticking with UniFis ethos This is a incredible value. Yeah, this is a ton of device for very low price.
We'll get into pricing here in a minute. But what you're receiving here is a tremendous value. It'll top of that. All of the features that I've shown you so far come for free. There will be an enhanced threat update component with this and that will be a monthly charge. I'll show you really quickly how to you go ahead and turn that on.
You go into UniFi site manager and you click a little button here to activate the Advanced Protection and it'll bring you a page here that it shows you exactly what you're going to get with the enhanced features. Now, this is $75, and I don't know if that's the final price at the time of shipping. I will put it down below if that changes. But you can see here you're going to get more signatures. It's going to go from 20,000 plus to 90,000 plus. They're going to go from around five signatures today to 30 to 50.
They're going to give you a dedicated threat research team and they're going to give you inclusion in the Microsoft Active protection program coverage, which is all things that probably mean more and better. So is $75 a month, worth it or not, and vise like this, I think it's kind of a no brainer when you go out and you look at the competition. So the competition that I filed in, you know, obviously you take this with a grain of salt. This is just me doing some research. But when you go to look for the competition for these devices, I came back with the FortiGate 400F the Meraki MX450 and the Sonicwall 4700, although they've set up a 4700, probably really a 6700.
It's hard to get aa1 to one comparison here. You know, the big feature here is the 12 gigabit per second throughput. And to get this, you have to go to pretty high end devices. But Sonicwall also has those 25 gig SFP connections, which, you know, on the Sonicwall, you have to go up to a higher end unit to even get that.
Now you can see pretty quickly here we're at $10,000 plus devices here and that's not even the kicker. The kicker for me is, you know, being a Sonicwall house, I know that the licensing is almost as expensive and sometimes in some cases more expensive than the hardware, and you're going to pay for it individually. You're not paid for a VPN, you're going to pay for, you know, advanced threat protection. It's going to go on and on and on. Hey, future Clay here, I just want to jump in real quick.
I was editing the video and I want to be very clear. There are zero fees to run this next AI feature. So you get all of this, you know, advanced inspections, decryption, infection, encryption, all of this stuff for free.
So the $75 is for the more advanced detections on that. So I think $75 a month is a no brainer for a router of this quality and type. But that being said, you can run this router with all of its features and all of the benefits that you're going to get from this next hour for $0 on versus the competition that it's going to have monthly subscriptions for almost every feature in it. So I just want to be very clear on this. You can run this router with full functionality at zero cost per month. And the super big kicker for me is the price of this.
The price, you know, at this point is $1,999 and a broker power supply is going to be $119 and the UXG enterprise device is going to be $1,999 as well. That's an incredible deal for this piece of hardware. I didn't jump in here to show you how snappy it is.
Obviously, in my house, I can't really push this as hard as this device needs to be. But, you know, with full next AI turned on, you know, you probably see a little tiny bit of latency. Obviously anything that's going to inspect anything has got some time over turning it completely off. But this is super snappy and I've been through several point updates on the software and it's gotten better and better and better and better. And honestly, the point now, or if I turn it on or off, it's hard for me to know.
Obviously, you know, very quickly when you turn things over because you're not able to go to all the sites that you normally would go to by default. And as I said before, this is something that needs to be managed by a professional or, you know, you're going to drive people crazy with how secure this device is. Two last little things that I want to mention before we get to the MSP part of this video that aren't necessarily EFG specific is one site manager and the ability to manage multiple units from one single data nas I still have a few things about site manager that I would like to improve on, but its ability to manage multiple devices from a single pane of glass is amazing here.
Some of the other vendors charge you for the right to do that. I would like to see a feature where you have you need 2FA to log in to a second machine from the single pane of glass. While I don't think the site manager is perfect at this point, I do think it's a it's a really nice feature and it is free and others charging for it. And the other thing is UID Enterprise, you might know that we use UID enterprise here.
The technology, we use it to manage our access instead, but the ability to have a complete stack with protect, access and network all controlled by UID. Meaning if like somebody leaves the organization, you're managing that from one spot and it's going to filter all the way down through UID enterprise to all the different appropriate spots. But the ability to manage a huge portfolio, people want a single pane of glass for a very reasonable amount I think is pretty incredible. The reasons I cover those a little bit separately is because those features kind of lean, lean me into the next part of this discussion where we're going to talk about being a service providers and my UDM Promax video, I’ll leave a link down in the description or in the card above I started to broach the topic of is UniFi ready for the MSSP marketplace. Yet I had a little bit of insider knowledge.
I've had this EFG for a while now and and I see what's coming down the road. The ‘E’ in the EFG here that enterprise is going to be a part of Ubiquiti’s new naming structure. You'll see like the ultra line be their inexpensive line, their Max kind of be their their step above line. And the year enterprise is going to be basically stuff that is aimed towards the MSP market or the enterprise market. So what does this mean for us? Yeah, most of the feedback that I got in the forums when I talked about UniFi for MSPs was about procurement and availability and support.
And so I think that that is what UniFi has leaned into here. And let me read you I'll just read you the statement from UniFi directly here. It says, This also marks the launch of our Enterprise Partner program for MSPs, system integrators and installers to gain a competitive edge in the market and ultimately realize greater business opportunities. This program will begin with EFG and expand to new products, including many of our upcoming high head enterprise products.
More details open to all MSPs and integrators. The MSP slash integrator will work with participating distributors on deals through the program. It's going to be based on your region. There will be a form on our website which will allow us to facilitate an introduction with a participating distributor for MSPs integrators that don't currently have one, and the benefits will be deal registration for increased profitability and deal security, a dedicated pre-sales support and product sales and training. So that's awesome.
I think distribution is the right answer here. One of the big problems we've had selling UniFi products is that the MSRP is the price that you pay for the device. out to the public is hard to make any margin on that. You know best in class margin for me the service providers right now for hardware is 23%. Hard to mark something up.
It's $1,000 to 1230 dollars if it's stated out there on the Web. Everywhere, that is $1,000. So the distribution kind of gives us a wholesale market to get that margin built back in there. I don't know what those discounts are going to be. They may not be 23%, they may be 5%, they may be 10%.
I don't know. I'll have any insight into what those are going to be. But having something in there to have some margin without having to go back to the client and say why yours is more expensive than what it is online, that will be very welcome. Also in distribution, you'll be able to kind of go out there and see what inventory is in real time, like we can with most of our distribution partners. If you've been around a UniFi at all over the last 24 months, let's say you can see that there has been a concerted effort really to focus in to bring out some incredible hardware and software at an incredible value and all the software into things, their firewall software today, their network software today versus 36 months ago is it's just night and day different. This is a really nice piece of equipment. Their software is really good.
Is there stuff that I would improve still? Yes. But you can see point after point after point release on their stuff, it's getting better and better and better. Same thing. You know, I do a lot of camera reviews there, Protect software. It's just gotten incredibly good over the last couple of years and it is very similar in this realm.
I do think it's time for MSPs, to look at UniFi as a real player in this market. And that brings me to one more thing that I really think is the trump card here. The most expensive thing to me about rolling out a new piece of hardware is training.
It is the usability for my staff to get your staff to understand something and be able to use it and deploy it at a high level is expensive. It takes time. It is not an easy thing to do. Also, most of these gateway firewall systems, they are very cryptic, they're hard to learn, they're not intuitive and they take some time to get used to.
That brings me to UniFi I think this interface is good. I think this is a really good interface, You know, coming from Sonic well, my opinion may be different than yours. You may be coming from Meraki or Fortinet or whatever it is, and go, Hey, my soffaces are great and I love them. And that may be true, but I think this is a great interface.
And the big kicker for me, if we do move to UniFi for our routing needs, is the ease of use in this interface is the same interface that is in a new cloud gateway Ultra for $129. Let's just say I wanted to teach ten employees how to use this interface. I can buy ten of those for $129. Given all of them or for $199, give them all the new Gateway Maxes and they have a device now that they can bring to their house and play with on a daily basis. And one of the big things for main service providers in teaching people stuff is our employees are curious, they are smart, they are techies.
And if you give them a cool piece of gear to use at home and say, Hey install a plex server, install some cameras, install some WAPs, install proximal, see some virtualization, do a reverse proxy, set up those kind of things in the fact that that interface and now $129 device is very very similar almost identical to the interface in this $1,999.00 device is awesome. So you can let them go home, play with that, spark their own curiosity, play with it, get deep into it and understand it. And I will tell you, there is not a better way for your employees to learn something than to be using on a daily basis and being, you know, curious about it and play with it and figure out how to use all the little nooks and crannies of it.
So with that, I'm super excited about not only this new piece of incredible hardware, but this new chapter in UniFis story and what that means for us as a service providers going forward. I'd love to hear what you think down in the comments below. I'm sure this is going to be a pretty interesting topic of discussion. Please like and subscribe. And as always, we'll see you guys in the next video.
2024-08-04 15:47
