 It's been a little while since I did an updated video on the Unify USG. Now, a lot of people have asked me this question just repeatedly comes out throughout the channel when I show a big network design, especially when we use a lot of Unify equipment. They said, hey, the head of the network seems to be missing a USG and you are correct. There's very frequently on some of the larger projects that we did not use a USG as the firewall. And I want to explain exactly why. So do I think the product is good? Yes. It has to fit your use case. It really comes down to what are the features you need and do the features you require to get your network up and running or use your network in general exceed what this can do. And I don't mean speed. I mean features. So while I do know that officially there is only a limited amount of support for the EPS in terms of like OpenVPN and some of the other real advanced things you can run on here because the hardware does support it, I will only support myself with my clients or what we'll even do work on the official Unify support for the USG. Let me start there. And while I'm very aware that there are scripts to get all kinds of fun things running on here and you can edit the JSON file and this is essentially a small Linux box with quite a bit of power in terms of functionality. But right here, Unify support cannot assist in the creation and configuration of the config.gateway.json and file. Normally, assist provided from the command line configuration of this isn't needed. Feel free to visit the community and myself being part of the Unify community. I feel and we've helped a lot of people with Unify setups. We will not help them do the customizations on here. They have generally proved to be somewhat of a headache. It's it's fun. It's a great thing to tinker with. And if that's what you want to do, have at it. You have a very powerful box for a really reasonable price. But when it comes to official support, let's talk about the features that it's missing. So when you go over here to the Unify site and it does have one, we got a great price. We got $139 for the USG and I think it's under $400 right now in September 2019 for the USG4 Pro, which it's bigger brother, which is just faster. It's actually one of the things that a lot of people get misconceptions. I think the features that are missing from the USG must be on the USG Pro. It is bigger. It is faster. It has much more speed than the USG, but suffers from the same limitations. So convenient VLAN support, definitely awesome. If we're putting this in a small business that doesn't have any other features which we'll get to in a second that are missing, being able to create a VLAN and have it on the firewall, the access points in a switch, and propagate immediately between all of them. That's a great feature. VPN server for secure communication. This is wonderful as the way they've done this where if you have one unified controller and you have two USGs at each one at each site, you can just check a box and it builds a VPN between them. Hands down an awesome VPN setup because it takes very little knowledge to set up. It's like one of the quickest, easy to deploy, easy to manage. I really like it. That's really nice. QoS for enterprise void, it does have that. And it does also have threat management in a very basic way. And that's where things start to go sideways on this. So if you have a per user VPN, the only support this officially has is through L2P, not the best per user VPN support. So that railway becomes a problem where clients want really granular controls over user VPN and what they want to restrict them to, what networks they want to restrict them to. And I've done plenty of videos on this with advanced radius configurations that assign IPs and have particular rules assigned to a particular user. That's an advanced configuration that a lot of companies do want if they need to remote in. Therefore, the USG will fall flat on that. The USG will also fall flat if you have a block of WAN IP addresses. Blowing my mind here that this is not something I thought would be true, but when I reviewed this a while ago, I said, hey, you can't do multiple WAN IPs. Here we are in September of 2019. Even though we know it's officially, it's not officially supported in the UI, we know we can add the JSON file. And once again, you're playing with fire a little bit and add those extra IPs to the WAN address if you have a whole block assigned to you from your internet provider. I can't believe there's no official way to do it still through the software. This is obviously a big hang up for any larger clients wanting to use it. So the VPN problem and that those are like the two biggest reasons we don't always put these in frequently. They want to get in there and, you know, have all these per user rules. Also, even some whole users that go, hey, I want to use selective and policy routing and I need some really detailed rules because I need certain things going out over certain VPNs and other things going on. Another this falls flat again on that process, especially if you have endpoints that are open VPN and I've had other people tell me they've had a lot of trouble with interoperability of connecting to non unified devices with VPN. But that's a little bit loaded because that's generally when you're using two separate firewalls as much as everyone should be following standards. We know people tweak standards sometimes and that can cause a problem. Now, where we do use this a lot, if we have a restaurant, these are awesome. If you have a restaurant that says, hey, I need a VLAN for my point of sale. I need a VLAN for guests. And I have a few computers that we want, you know, that handle quick books or whatever their back end is, separating them out. So the point of sale has its own restricted VLAN. That's very locked down for PCI compliance. We have their computers that may do some of the other functions of the business and maybe another VLAN for their guests. Wow, this makes it easy. You can visibility and all of them I can deploy and manage remotely. And they generally don't need to VPN back to their office. So this works out perfectly fine. That type of use case is great for a lot of basic home users that don't have any real advanced needs, like, look, I just need a good internet system for home. You tie this with a. Unify switch with some unified access points. You have an awesome, amazing home setup that is really great. You don't usually need to with exceptions. I know if you're more advanced, you want to VPN in, but for those users, we've deployed them. As a matter of fact, a lot of the owners of businesses, because we interact with them a lot. If we do their business, they frequently wants to put things at home. They frequently have larger homes that need almost like a commercial install. And I've done a couple of videos on that. These are great because they're just going, I just want internet throughout my entire 8000 square foot house and maybe on my yacht as well. And we've got a video about that and these were great. That whole scenario is a wonderful spot for the USG. Now, a couple of other questions that people still have about the USG that I'll cover real quick is we'll look at the interface on it and we'll talk about this. So it still looks the same, you know, varied a little bit from when I reviewed this a while ago, but you can still not do a ton of things in here. Now, the threat management has been updated a lot. And I think that's really cool. So we can go over here to threat management and I've got it turned on. And that's cool, but it's also very basic again. And this is one of the challenges is if you want to do fine rule tuning. And I've talked about this when you set up Seracada to make Seracada or Snort, whichever you're using, very effective. You need really fine grain rule tuning actually quite frequently. This is like the real basic. But for a basic user, maybe that does the trick right here. There is an exception now when you're on the USG. And this is one of the reasons they have the USG Pro. If you're on here and I'll do a test, this was the test run on this system. When it was with the threat management off, you can see it can run at pretty much line speed, you know, about gigabit. Once you turn threat management on, it's peeking out here at only 116, 117 megs. And I have threat management turned on and something I don't know if it's going to pick it up on a microphone or not. But when you run it, there's a little bit of chirping that comes out, which I think it's kind of interesting to you. Like it's certainly I can't tell if that's picking up on mic or not. But it certainly makes a little bit of noise when it gets under stress. I thought that was weird. I'll also address this has been on for a while and this has not been an issue. People said it gets really, really hot. And I'm like, maybe the environment you have in is too hot. I haven't really found and we haven't had any of the ones we've had on the field. They've been solid. There hasn't been any failures of them. The product itself, I've not had to go out there and frequently rebooted or anything like that. I've seen people comment that they think they run a little hot. I imagine if you turn on threat management and you're constantly peeking it at the full throughput all the time, maybe, but I really haven't experienced that with any of our clients that are running it. And like I said, we have them just at a handful of small businesses and some of these other business owners homes. But I still think it's a good product. As long as it fits your use case, it is nice to have a complete unified setup from the firewall all the way to the switch to the access point. So everything is all in one beautiful dashboard and you get the cool menus and the graphs and everything else. They're still good by as long as you don't have those other advanced use cases. And that's probably the reason I made this video too is frequently people buy them and then they contact us to help integrate it into their network and then they find out it doesn't do what they thought it would do. It doesn't even have the ability to sign a block of IPs and that sometimes becomes the first problem they have with it. And just being fully up front here, if you want help configuring the JSON file, reach out to the community forums and not to Tom because Tom's not really big on configuring the JSON file of these. So still a good purchase. Just think about your use case and I'll leave links below to where you can get these. It's like I said, still still relevant here in 2019 and I am very hopeful that at some point in the future, Unify will update their software because we know if we can do it in the JSON file, it's just a matter of updating the software to make this thing work better. All right, thanks. And thank you for making it to the end of the video. If you liked this video, please give it a thumbs up. If you'd like to see more content from the channel, hit the subscribe button and hit the bell icon. If you'd like YouTube to notify you when new videos come out. If you'd like to hire us, head over to LawrenceSystems.com, fill out our contact page and let us know what we can help you with and what projects you'd like us to work together on. If you want to carry on the discussion, head over to forums.laurancesystems.com where we can carry on the discussion about this video, other videos or other tech topics in general, even suggestions for new videos that are accepted right there on our forums, which are free. Also, if you'd like to help the channel in other ways, head over to our affiliate page. We have a lot of great tech offers for you. And once again, thanks for watching and see you next time.