 So I take a look today at the Unify Security Gateway. It's their basic model It's about a hundred dollars. I think I paid for it a hundred nine I maybe can find it in a cell for a little less, but it's pretty straightforward I don't really get deep into unboxings. I just want to show you what it comes with and what's inside So we have the Unify box itself Power cord manual. I did already open it. There was some plastic in here I did remove I opened it and did a couple tests with it I just wanted to get the testing done and do some uploading while I was shooting this part of the video later Anyways, gotta get started manual. I think it says that the VoIP on here because here's the ports on there, which is Console for serial console and we'll talk about that later because a lot of what you have to do on this comes from the command Line you have the WAN LAN and VoIP, but the VoIP can be set to really easy click of a button a Secondary WAN so this can be used for a failover or load balancing Now I will note this is a pretty solid build It is metal and it is wall-mountable and it comes with the screws inside of here to wall-mount it So it's an all-metal build everything which is kind of cool Just except for these little rubber feet on the bottom and it lights up like any other Unify So nothing nothing too much to write about as far as that But it does look nice and you can mount it and on the wall and keep your wiring clean So let's get into the adoption provisioning and all the software set up on it So we have the Unify Gateway set up and plugged in now by default you it is a 192.168.1.1 Is the default address of the device as stated in the little book that they give you You can edit the configuration to save DHCP, which is the default or static IP So you can get it internally set up and this is only allowing you to configure the WAN side of it We're gonna leave it at DHCP because for our lab network. That's why you're seeing a Non-routable IP non-externally routable IP right here So it picked up, you know right through the DCP server the primary DNS and everything else Now you notice it says please install the Unify Controller software to manage the gateway And it does have the option to change the inform your URL Which that's that's what allows you to configure this gateway to be managed remotely so you can change this and point It to your cloud install by default that's gonna look locally for Unify 88 like all the other unified devices do so Let's go over to the software and look at it adopting it So here it is and we're gonna go ahead and adopt it into this network This is the same network I created at the last video So we're gonna go ahead and adopt Provisioning Okay, now we have a provision. So now we're gonna go ahead and do a firmware upgrade on it All right, so we have the device updated and to the latest 4.334 firmware. It's up and running everything's working. It's provisioned And it's I've been using it for a little while so I can have some statistics in there Well, the first thing I did as soon as I got it running was turn on the deep packet inspection Now what this allows it to do is not really see inside the packets common question I get is can it see all the network and can I see and filter certain traffic? Well, the problem is most traffic is encrypted now not all of it But it is really moving quickly towards all traffic being encrypted So all your major sites Facebook Google and all them you don't see within the traffic Now you can block those sites based on DNS information But you can't see within the packets to do things like web acceleration or or Specific types of URL filtering outside of the DNS So it does do deep packet inspection as it is looking through the packets But it's not able to see directly into the traffic So we'll go back up here. So our way our networking is you know It's the same software we use to set up this is our same one We had set up in a previous tutorial for our test Wi-Fi Then we have our networks themselves Here is the LAN networking and now we can edit this and it shows up and gives us some detail and Here is where you set the DHCP range This is right out of the box default which is 6 to 254 So pretty much makes all of the IP addresses available. You can override name servers on here set the least times It does have DHCP Guarding is available, but it has features that integrate further with a unified switch on a nice note here You have these green lights over on the side of the device Which is the WAN land green is for 1 gig connections and oranges for a 10 100 or 10 mega bit connection So you actually know right now and plugged into a gigabit switch, which is kind of cool I like the way it does that so you can like see the status lights on there There's not a whole lot in here Then you have the routing and firewalls so you can create static routes and There's standard static route creation next hop distance black hole it next hop so you could do some type of routing in here if you needed to and For example black hole certain subnets if you wanted then it's got the firewall rules now These are the default firewall rules basically to allow traffic to pass except drop WAN WAN local LAN in LAN out LAN local And when you want to create new rules, it's a little bit confusing You can do it by creating the group here first or within the rule when we create a rule When you want to create the destinations or the sources you can create the address group or address port for example like port 80 and Name it so it also has the option to pick port groups Which is kind of interesting so you could say this group belongs to let's say a nvr system And it has like four ports to need be open well that port group can belong to that I've messed around with a little bit the firewall is not intuitive at all I didn't find it to be the easiest firewall one thing I did like is it defaults to secure by default It wants to drop all the packets and you have to choose except whether you want to disable p2p whether or not it matches Any the IP sec rules so there's a lot of rules you can create in here But it's not an intuitive interface and a lot of it's because the firewall rules for both the edge router OS and this usg, which is very similar are done from the command line So you actually would do all the firewalls From here is how it normally works That's why a lot of the routing of firewalls little beta next to it because traditionally with these devices You can figure them from the command line now it's there's a config dot boot You can do a show firewall states. There's a few commands. You can do I'm not gonna get in a whole tutorial and nose I'm not that great at it. I'm more of a PF sense guy and you see using a web interface It is what it is the config dot boot is at least a text file and I'm not gonna bother looking at it here I pulled it up over in something a little bit easier to read SFTP den I'll open it with genie here and you can kind of get a look at it So you can look at how the ports work and all the settings the networks As long as you file a format it should work fine now This does offer when you're setting up some of these a save state and a Running state so you can config things but not save them into memory then push them in It's like this on a lot of other commercial firewalls like Cisco and things like that where you can Test a firewall show the differences. There's some tutorials and in documentation You can find through them and of course Manuals on how to write these firewall rules, but like I said, that's beyond the scope of what I'm going to be doing today I just want to get any be quicker view of the USG system Nice thing is this is getting better and better with each iteration of the unified software They're adding more and more features within this Whole interface that we don't have to go to the command line to do everything You're back up some maintenance all that's the same as it is not the enemy five software But now it's also backing up this as a device the device though. One thing is port forwarding Little bit weird. I you know you can play with it through here and there's a lot of options But they I'm really glad they added this I can go over to configuration whenever you have the device open over here on the side and Then we can just go to port forwarding create name, let's say a web server Then the ports 80 the IP address apply it provisions and That port forward works it takes about 20 seconds to provision is pretty fast So thought there was weird that it's over here not in the firewall rules So that's a little bit confusing. I think the other partly confusing part is I don't know what happens if you have more than one of These devices how these firewall rules work in terms of showing the Settings in here the other weird thing is the firewall rule that I just provisioned doesn't show up anywhere in these rules So I guess it just I don't know this confuses me a little bit the way it works That I know the port forwarding works. I did test it not a problem there So it's just kind of weird. It doesn't show up in here, but I did test in the config file so after this is done now, this is provisioned we can go back over here and Right there's the port forward rule in the config dot boot file. So it does work. It does save it It just doesn't show up back over in this part, which I just find kind of strange, but I won't dwell on that too much I just want to show you how it worked now with the deep action inspection and gather some statistics We can show you what that looks like it starts out and we'll clear all the categories It's kind of weird because it just blanks it all out like there's no information here But that's because you have to click on each thing So you can break down the data in here. So instant messaging data network Management data remote access terminals. So you can clear them and then say I only want to see traffic from this It does have options to add different categories in here So I thought this was kind of neat so you can really track down what people are doing, but I didn't really see any type of Method by which you can block as I can tell all that has to be done from the command lines I was kind of hoping there's some easy way to Go through and say okay, I just want to edit this traffic and block this traffic But there's nothing really here It just lets you see all the traffic and let you see all the client data so you can see who's doing what but it doesn't give You much in the way of actually Editing that data that I'm aware of But it's so pretty cool. You can also look on a per device basis for the deep packet inspection So like this I only have that my computer and I think my phone is connected to this too through the Wi-Fi You don't get a whole lot of things that you can do it there It's more of a so you can view but doesn't give you a lot so you can do the best way to describe it Be test on it and this is speed test of my ISP itself who is Comcast we have a 50 megabit connection and It does fine showing that said 50 megs come through I did my usual I perf speed test as well through this and I was really impressed full gigabit speed pretty much through it I really like one or two meg slower than when I connected it directly, but it was not consistent I think there's always some jitter that you get back and forth when you're doing that testing But it's within one megabyte of what it was directly through the switch. No need to even Display the speed routing through this. I'm really impressed with how fast the device is. I did this with the deep packet inspection turned on so you if you have a gigabit internet connection, this has a capability of routing it without really any issues So you have your usual insights, which of course now it gives us more information Then it did when you had just the wireless Because you have the deep packet inspection and going through the firewall all in all though It's it's not a bad little device. These cost around a hundred dollars. I other than being able to see in the traffic They're really not the most impressive. They're fast. They give you some insights into your Network, but they don't really do much else Not overly impressed with that I mean, it's I guess if you really wanted pretty interface and a good firewall You can use it for that and see statistics on you know How much data is being pulled by different devices on your network with this really nice interface? But feature-wise unless you're ready to break out the command line It's a little tricky to configure and the firewall routing is not super intuitive But as a basic box that does work now the good news is you have the option even though it's labeled VoIP in there You can check a box that lets you turn the WAN2 on via Instead of being a WAN it was some sorry instead of being VoIP it turns into a WAN very cool It also offers smart cues, but they're really really basic and a smart cues are their version of QoS But it doesn't give you much drill down like Prioritizing of protocols it just lets you filter Specifically like let's say we're gonna slow down these ports to this speed But on a good note you can do a failover WAN by having a second WAN connection on here And it's an inexpensive device for that because you can have WAN1, WAN2 and it allows you to Set them by default as a failover and you can set a DHCP or static and say okay I have two internet connections and I want it to just fail over on there now It does have a weighted load balancing so when one of the WANs is too saturated and you can set the threshold for by default it's 50% That's kind of cool too because then you can have okay There's a failover automatically if it's just too saturated start using this connection Which will probably work in the failover configuration in terms of when one of the connections drop because it then technically become saturated But I'm not really gonna get deep into testing that it's just not it's not that advice I'd recommend I'd still go with the PFSense for that because it gives you so much more detailed control over both load balancing and the Ability to do failover, but all the device itself is nice. It's metal. It seems solid the reputation of Unify for producing solid reliable hardware is definitely there the update says they keep coming through to the new Unify software Do keep adding features So I'm looking forward to reviewing this again in the future when it has more features in the web interface So we don't have to break the command line out to do it overall Like I said, it's a good device not bad for the price, but not amazing But I do the deep happy I got him at the interfaces that Unify gives are really nice So if you're really into the nice interface for this traffic information, it's definitely might be something for you if not It's skip it and go with my usual recommendation of a nice PFSense box So you get all the bells and whistles and features or just go with their basic edge router That mostly does the same thing with the less pretty interface but gets fast routing done for $49 with the edge router X Oh Something fun though. You can make it blink. So I thought that was kind of cool, too It does have the blinking option on there I guess if you had a few of these you could make each one blink Kind of novel. That's it for my short little review of the Unify USG and some of the port forwarding in it Like I said, that was oddly placed over in the side But it works if you like the content here like and subscribe and I'll keep an eye out for the new firmware and Re-review this device with the updated firmware as it adds more features. Thanks again