 So there's a sticker on the bottom of my laptop that says, you own it, you own it. And it's from the EFF. Definitely a sticker that rings true to my heart as someone who anything I've owned, I've probably taken apart at some point and dive deeper into it. Cause, you know, curiosity. And well, it's my device that I have purchased therefore I wanna know more about it. Now I'm not gonna physically tear this apart but we will show some inside photos from someone else who did. I think it's part of the FCC registration. This is the Unified Dream Machine. I have a video talking about the setup of my overall thoughts on it. Real briefly, this is an integrated Wi-Fi unit, four port, managed switch and router all tied into one. Now it is kind of like a USG but different because when you have the USG or the USG Pro, there's not a lot of advanced features. This is the thing I've complained about before. And this kind of has some of the same limitations like I don't still see a way to add multiple IPs on the WAN but I wanna dive into a couple things I did find out about this device that I didn't cover in my first reviews. I just didn't know they existed and I couldn't find the person's name that they had mentioned in a comment. Hey, check out the fact that it has a honeypot and I'm like, there's a honeypot on this? So that got my curiosity going. So we're gonna start with photos of the inside. This is actually, looks like the certification submitting when you're doing product. I believe this is an FCC thing but this is the teardown of it and this is also why I don't wanna take it apart myself. You can see the way these little clips are. It would probably be challenging to get inside of those little clips without damaging the box in some way because of the way the edges are on it. It feels like I would scuff it up, scratch it up. So I didn't wanna do that. So I figured I'll just show you and I'll leave a link to this so you can stare at it and it dives down in the teardown of the device itself. The way the LEDs are hooked up on this little top thing, the way it's designed. Overall looks pretty good and like I said, these are the diving into each little component of it and sizing and scaling and how it looks. So for those of you curious, here's what it looks like and I'm not, like I said, tearing it apart myself. I just didn't wanna go that far with it and destroy it because I like the unit. It physically looks nice. But now we can talk about the other things that are interesting about this. So I turned the threat management on. I wanna see how it worked and because this routes with threat management turned on faster than previous USG devices. So there's the first thing, GOIP filtering. I've got that turned on. DNS filter. Not a lot of information on how this works. It lets you choose a setting and that's not very in depth. But then again, for maybe something that's targeted to less advanced users, they just want an on and off switch for things. Deep packet inspection, I got this turned on so it's doing this and you can add restrictions and categories and things like that. I haven't really tested to see how good that is but it's cool they added it. This is where it's really something that's a turn that I haven't seen in any of the other softwares. Now, I don't know if this is the controller software Unlocks because it's on a unified dream machine and these just become exposed and it's some backend that's been there for a little while they've been working on. Not sure, but interesting is there is and a lack of documentation I can find on it, an endpoint scanner. And I don't have anything to show up in the endpoint scanner to show you what it looks like because I don't know what it's looking for. I am assuming if I put a host on here that had some open ports it would find said open ports and let us know about them. Internal honeypot, this is where it creates and if you, I only have one LAN so there's only option is just to tie it to the LAN. It apparently doesn't have an external honeypot option not that I can find. And it says pick a honeypot IP. So my LAN IP is 192.168.11 and 192.168.12 I did for the honeypot. And then we did some testing to figure out what the honeypot sees and that actually shows up over here under threat management. So if we go over here threat management and we can look at the honeypot and we'll start here. So I just tell netted from my IP address of my laptop which is the 116, tell netted over to FTP, SSH and SMTP. It doesn't really tell you what I was doing here I just mash in buttons and sending data but it does give you the option when you click to blacklist or kick that client. Now why would you want a honeypot on a network? Well honeypots are generally a indicator that something on your network is scanning that maybe you, if you go in here and find it you go that's interesting something shouldn't be scanning there and then gives you a further reason to investigate further on that host and try and figure out why it's doing what it's doing. So that's pretty cool. Like I said, the end point scan, no threats detected. I don't know what to stick on the network that it's looking for but I don't have any ports open on my laptop so if I can find some documentation on that or maybe I'll hook up a handful of computers and open up some ports and see if it finds something on there. Now traffic log, I have Tor running on my system right now. So by opening up the Tor browser I was able to get it to flag that I was using Tor. Okay, cool, it's seen it. It's just categorized as miscellaneous attack but this didn't get flagged. And this is testmyids and alls it does is send, this is the only thing that's on that site testmyids.com, uuid, zero root, gid, zero groups, zero root. And it assumes it's some type of privilege escalation when it gets flagged in Saracota or Snort there's a rule set for it. It does not seem to flag that site in any way but it did at least recognize Tor. So it does something. It is a challenge with IDS systems is if they don't give you a lot of findering control or the backend access to it in detail then it's hard to really know why something or something is just suppressed because they suppressed the test site. They're like, yeah, we suppressed that rule. So they don't give you a lot of that. I mean they do give you control let's jump over here back to the Dream Machine and you can go through here and suppress block, blacklist, whitelist, these type of things. So it does give you some tuning options but it doesn't give you like the backend access of like for example, why it didn't flag that. And this is in the trouble with any IDS system you have to sometimes just trust their magic or get and start doing it yourself and then you have to work the magic of figuring out what to flag or not to flag. I didn't, it says you have zero countries blocked. I had people mention and I don't know the truth of this because I don't have this on a public-facing IP that the GUIP database is not 100% accurate in there so I didn't really dive into that. But now let's take a look at the backend on this. So the backend and oh, here's the Tor browser running it's still running right now in the background here. It does have and I'll show you where I'm at here. So this is, I was digging around to see what files I can find on there. So here's user share, UBIOS, UAPI server, config board. And interesting, I see both the config for UDM Pro 2x by 10 and a UDM.json file. So I do see where you can start customizing and maybe changing some things in here. So it does have a few different little things. I was just kind of poking around through where you can do some configuration. So it looks like there's some potential but not documented and I bring this up too. If we go over here, one of the things is this is on the Unify Advanced Configuration note and requirements, Ubiquity support cannot assist in the creation of a config.json file nor will they assist to be right up on the command line configuration. And I kind of feel I didn't find a same notice for the UDM but I'm pretty sure the dream machine is going to fall into the same policy of this ain't supported. And by the way, for those of you that contact us to hire us to help you with your setups and network setups, we don't support it either. We do get a lot of people requesting that we write some very custom config file to do something advanced with the USG. It's just not, we don't offer it because it can be a real pain to support. And so, other than me poking around with it or when I wanna test things, I don't really officially support doing this but I encourage people to tinker and do some learning on your own. So, if you go over here and look at some of the things under slash Etsy here, this is like I said, running standard Linux. Like I said in the first review, it is a flavor of Debian but it's a lot of customization that's gone in here. And I also not clear on how all the config files are managed on this. I did do some digging to figure out like how the Honeypot, that it's just listening on ports and saying that something hit the port but it doesn't really seem to do that I found at least of our log, any particular logging of the Honeypot that I could find. So, it doesn't, I don't think it's collecting any of that data. But you can get under the hood of some of the other things and like, well, kind of like serocatalog. Here it is, it's got zero bytes. So, even though we have current data in there, it's actually doesn't seem to be doing anything. So, that's, you know, November 21st, that's today's date, but there's nothing in the log. And we'll do a quick look at all the logs here. So, there's a few different, so like that unify log and everything else. So, there's a few things you can dig into and learn a little about the system, system.config. But like I said, so far I haven't found any good documentation about this to really dive deep into how it works. Well, one thing I did find interesting is that they're not using it in this particular model, but maybe other models support this to be my assumption, but Docker seems to be part of the image that's in here. And so, maybe they're gonna add more features and I believe there's a Docker image, but not set up on here for Unify Protect. So, maybe there's a way to make the Unify Protect work on here, but there's no external hard drive storage, so that would be a problem. And maybe some of the other devices that's how they're gonna be pulling it is with Docker images. So, I found that under the hood, which was kind of interesting. Now, the device itself is a lot different than a USG because unlike a USG where this just handles basically routing, and this is, you know, the USG is basically in some backend fashioned forked from the earlier, I believe it's called Viata project, but it's just a dedicated router box. This is a lot different overall because you're running on here the MongoDB for the Unify Controller, so the database engine backend, EngineX for the web interface to get to the Unify Controller, and then running all the switch management and Wi-Fi management and everything all inside of one system. So, this does make it a little bit different in a box, but to me, having it all right here with a reasonably powerful board, it seems like there's gonna be some more people exploring and coming up with some new fancy things that they can do on it. So, the Threat Management is a nice advanced feature. The teardown of it looks like it's pretty well designed to put together. I wanted to take a part, like I said, but these edges right here, I just feel as though I'm going to really rough this thing up and I don't want it all ugly looking unless we decide to completely hack it apart and make it something more fun. But for the most part, I'll leave it in its current configuration. I was satisfied with those pictures for seeing inside of it. But I'm looking forward, if anyone has some links that they can send me, post in the forums or have a discussion, just link me to the Unify Forum where it's posted of people who maybe have made some advanced changes on it or done some playing with it to see what other functionality you can get out of it or what's coming out of it. I'd be interested in learning. I did some digging. There's not a ton of information out of there, but you can SSH into this pretty straightforward. It's just your UI.com because you have to register an account to set this up. But when you SSH into it, it's just your route and that password you get into it and SSH is open. So, I'm glad Unify left it open that we can tinker around. They seem to not mind when people start playing around with stuff. But of course, like they said on their site, it's not officially supported. So, let me know if you know of any more advanced stuff on there, but it's pretty neat. So, that's kind of the tear down in part two and a couple of interesting looks at those advanced features on there. Better than a consumer equipment, most consumer equipment is not gonna have Honeypot, not gonna have any level of threat management. So, even though the threat management's basic. So, I think it's a good thing that they put this all in there and for home users or even a small little two or three person office that may want these. We have a salon that we might put one of these in. It's a perfect solution for them. It's a small four person salon. So, we need Wi-Fi in that. We can give them Wi-Fi, a guest network and all that and one little compact thing. And it actually kinda looks cool. So, it's not like we have to hide it somewhere. It's not ugly. I gotta admit, it's cylinder shaped. So, it's kinda cool. Thanks. And thank you for making it to the end of the video. If you like this video, please give it a thumbs up. If you'd like to see more content from the channel, hit the subscribe button and hit the bell icon. If you'd like YouTube to notify you when new videos come out. If you'd like to hire us, head over to laurancesystems.com, fill out our contact page and let us know what we can help you with and what projects you'd like us to work together on. If you wanna carry on the discussion, head over to forums.laurancesystems.com where we can carry on the discussion about this video, other videos or other tech topics in general, even suggestions for new videos that are accepted right there on our forums, which are free. Also, if you'd like to help the channel in other ways, head over to our affiliate page. We have a lot of great tech offers for you. And once again, thanks for watching and see you next time.