 So I'm here from Warren systems and we're gonna dive into TP link omata and all the different gear that we have out in front of me Now TP link omata is kind of interesting and I will be of course addressing yellow fin in the room Doesn't this look a lot like ubiquities here and specifically the ubiquity unify line and doesn't the controller look a whole lot? Like the ubiquity controller software and doesn't everything kind of work in a very similar way. Yes That's absolutely true And I know that's one of the reasons there's been a lot of people requesting that a review this and TP link did reach out to Me and offer to send me all this equipment But that being said yes, this was sent to me that does not buy a review from me I take my time. We evaluate it We make a determination of what we think on things and offer an opinion on us Whether we buy it or a company sends it to us The opinions are my own and not at all influenced by that particular company that sent me the product in this case TP link They were nice enough. So thank you for them to sending this out But I'm still going to remain objective of my thoughts on this product Now another thing that I want to get out up front. We've only been testing this for a couple weeks That means I don't have a ton of long term. Hey, what does this look like deployed? And what does this look like deployed with let's say 300 devices and we have sites with 300 plus devices running unify equipment So my reviews of that have been Because we have it installed literally thousands of those units and we Managed thousands of them as well. So my reviews of unify come from a longer time experience This is going to be a shorter term review But the next place for all this equipment is actually going to be my house And I'm going to switch out all the gear I have at my house with this So we can actually use it because there's people watching tv and netflix and using phones and Using outside access and everything else. So I'll be able to give a follow-up review later after I've done a little bit more Throw testing but let's start with what do we have in front of me here? And I guess we can start with the omada controller. This is the oc 200 model It has a msrp right now in april of 2021 of 89 dollars supports up to 100 devices This is essentially the brains of the operation This is very similar and I referenced a couple times for those you looking at all unify alternatives The tp link cloud controller is very similar to the way a cloud key works with unify This runs the central sdn software to find networking controller that you Load set up configure. We'll get into how to configure that and adopt all these devices into it Now you can run this without this model as well You can load the software to find networking controller You can load this on your own linux server. It even does support windows You can load the controller software Adopt and manage all these so this is a nice way to Run it on a piece of hardware But if you would like to just run it on your own and run it in your own stack on your own server and not Tie to one of their devices you can do that also of note If you use their cloud controller, it does not force you to register with their cloud at all It does have an option to but that option can be bypassed and we'll show that in the controller setup And that does work the same for the self-hosted controller You can host that yourself and I did take the time to do a little bit of testing And it does not do any callouts even to the web You can actually have a controller with no internet access And just local network access and it doesn't make any unusual callouts So do a little testing on that to make sure it's not Reaching out to stranger rogue ip's or sending any type of data All right next we have the firewall firewall is a little bit of a confusing one and let me explain why Now the firewall is got a couple different model numbers and I say a couple different Because the TLR 605 which is listed right here on their site the safe stream gigabit multi-wan vpn router designed for remote office Reliable flexible and all the other marketing terms we have here. And yes, it does support philance. We'll get to that later Um, it has more than one number. So this is safe stream TLR 605 But when we go on to the what devices are compatible and we scroll down a little bit It says the compatible one is the er 605 now, I'm sure it's just a slight variation But well, it can be a little bit confusing when you're going is this really the one compatible And I found that a little bit strange because it is marked specifically on this one tl r 605 And this just says e r 605 without the tl. So it has an e in front of the tl I know it's it's tiny But there's those nuances when you're buying products that you want to know the answer to is You know, how does that work? Then we have their outdoor unit right here The outdoor unit is the eap 225 Outdoor which is sells for 69 dollars and then we have the inwall unit Now the inwall unit is kind of neat because this is the eap 225 dash wall And it's only 49 dollars, but it has three ports on there which you can assign v-lands to Then we have the switch down here now the switch is the tlsg 2210 mp sells for 149 dollars And it's a 10 port managed switch with eight port poe all eight ports have poe and a budget of 150 watts So not bad and by the way, this is not powered off a brick It's got a built-in power supply with your standard connector on the back So pretty straightforward the way that's hooked up standard power cord the way we go metal It is not passively cool. It does have a fan, but it's extremely quiet. You just don't hear it Which hey, that's nice Each of these devices including this all have kensington locks on the back of them, which I think was kind of cool There's an additional micro usb on the back of The tp link oc 200 controller so you can power it over that if you do not have a Poe to power it over right now it's powered over the poe from the managed switch Last but not least we have this eap 620 and yes, this thing's bulky By the way, it's hard to see but you can kind of see into it The device is actually not near as big as the plastic I'm not sure what made them decide they should put this giant plastic piece on there This device can be powered over poe or via a little 12 volt 1 amp adapter And of course, there's a little reset button in there, but it's kind of unneedly big I found that to be kind of odd, but it mounts nice But even when you mount it think about that hanging from the ceiling it is uh It's big. I don't know. It's a little Feels awkward doesn't weigh that much It's just a lot of big empty plastic has a little mounting bracket on there And I might cover these a little bit more in depth later on an individual basis And then the reason I want to cover these on an individual basis later Is an interesting facet of weight all this works Now we're going to cover the omata software and how it ties all these together But I also want to mention each one of these has their own management interface So these don't have to work with the omata. That's kind of interesting idea because Unlike and this makes them very divergent from the way unify does it when you have the unify equipment It only ties to the unify controller and doesn't have its own management This has a complete management system in it. So you can actually Take this not adopt it to the omata software and load it up Use it on its own as an independent device completely without any other special software or Anything special you need to load has a web interface on it gets an ip you can program it for Over using it just that way same with this device here and this device and the firewall and the switch Each one has its own management interface now once you adopt them to the omata that management interface becomes disabled And it just gives you a warning that hey, this is under management by omata But you can unadopt them and it just go through a factory reset And then you can go back to managing them individually now any of the changes you do when you manage them Individually don't carry over it erases it when you adopt them back into the omata controller But I think that's a first standout feature They have compared to some of the competitors is offering a device going you know I just want one and I don't want to buy a whole Kit and build out a whole network you can start with one but later when you have five of them You're going how do I change the ssid and five devices without logging into five devices? That's where the omata software is nice because it will glue it all together and allow you to have that level of control So you have one control plane the control multi But if you only want to start with one you can start with just one device now Let's dive right into the omata software itself now before we get into loading a software in the interface I thought this was kind of a novel thing pointed out by Level one techs. So thanks wendell for tweeting this and he had tagged me in this post He said if you go over on places like theme Forest and look up admin dashboards and I look through just a couple of these You'll find a few that look extremely Similar to ubiquities dashboard, and I thought that was kind of interesting And we are completely speculating and hypothesizing But I think it's worth noting that yes while the omata controller software certainly does have a similar look to ubiquity It also has a very similar look to a lot of the other theme templates that are out there So that's at least one thing I will note that that might be speculative as to where that came from But hey, uh thought it was interesting now on to the controller itself Now they have a whole instruction on how to set up the controller You can as I said download it for linux or windows And this is if you don't want to buy one of their cloud controller Softwares and either way you do it as I said you don't have to register things online You can just set it up all with local admin Now whether you use local admin or titan or cloud there is no two factor at this time For the latest four series of their software, which is 4.15 I don't know why but that's the way they did it second problem It is based on mongo db 3.6 which end of life is april 2021 So yes, we are reaching the end of life for the database software that they tell you to load to set this up Which is mongo db and I don't understand why they're not supporting the newer versions of mongo But they want the older version on here So that's kind of concerning right off the bat by the way for those wondering Yes, unify also says use the older versions of mongo. I don't know why But yes, they've chose to still build this controller on older software Once you've recovered from those kind of unusual issues The next one you have is yes, it also needs java 8 Which can be a little bit tricky for doing it on linux if there's enough demand I'll do a video on it But if you look at how to install uh, you can google search quickly how to install java 8 on linux And that's another dependency it has so java 8 mongo db 3.6 And then you can then go load the controller. Now, let's look at the controller when you set it up Let's get started And this is interesting and I can't find any documentation after reading through the documentation as to what this does I think it's nice. Is it a hotel? Is it a restaurant? Is it an office? You can check these different boxes I'm assuming it does some type of tuning based on that template But I don't know what the differences are between each one and I've actually reloaded it and changed it You can change these posts later as well I'm not exactly sure where where the changes. I didn't see a grid That I could easily find it said if you set this it changes these settings Or if you said it's a restaurant or airport it changes these settings. So Nice that it does it nice that it has a custom option that we can call toms So easy enough we can change the time zone to match my time zone. So that's important Give it the controller name toms controller And by the way, I'm setting this up on the self-hosted. This is not on the oc200 that one's already set up All right, do we want to adopt any devices for now? We won't we'll sit skip network sID. We'll skip that We don't really want to name a network. We just want to show you how it works Create a user tom we can skip the email Yeah, I know it's a weak password Password one two three not the best password don't do this because especially because there's no 2fa But protect your control plane don't publicly have an internet facing and away you go And if you don't want to have cloud access now The cloud access is you can register over at tp link and it's a bridging system So you can remotely from outside of your network getting your network without opening up any ports But that also means you're tied to the tp link cloud system So it's up to you whether or not you want that you can just say no and move on to the next There we go. We have the application name the user name and cloud access off we hit finish And then we can log in And as I said before I tested this it doesn't do any call outs or send any data out when you don't register for the cloud What you do obviously it reaches out to their cloud for the registration And then we can log in now We're going to move over to the oc200 one where I have everything set up But this is what you first are seen when you log in is this and as I said you can go into the admin settings Or settings over here and when choose the different hotel restaurant and save And it will change it of note The ssh accounts when you enable them are down here. There's the username and it generates a different password So I used password 123 to set this controller up But the password is randomly generated but can be set So your username is actually the same when you enable ssh But you can actually reset a different password, but I want to point out something here So if we put tom And not the right password Incorrect password try again, but if we put Invalid username, this is another security fail. I noticed right away It should not tell you whether or not you've guessed a username properly and not the password So when you try to log in it says that one's wrong. Oh wait, it's because we had a tom All right, now we know it's the password wrong. So I've been trying to evaluate. I did not do a full I'm not a pen tester pen test on this I did notice if you dig around and look for some cvs. They had some older security vulnerabilities that were updated and patched in these systems So they do seem to be actively responding to Things that are found in these systems, but still there's a few other ones that aren't necessarily A actual exploit, but there's still not good security practice such as letting me know what usernames are valid and which ones are not That's just generally not good Now this is the dashboard on our oc200 and we do have it cloud enabled and linked and it's not had any issues We tried accessing it through their cloud tried accessing it locally. It's actually been very stable We've randomly been pulling the plug and powering this off so we can make sure that we've done some testing So every time we pop this on and off it rebooted fine. I never had a recovery problem I am uncertain of any way to actually get Like command line level access in this because it doesn't seem to open up ssh available For me to log into this device But unless I haven't had any recovery issues with it and it was part of the testing that we had on there I will also note for those of you wondering what are those little yellow post-its on here That is my staff being funny from all their testing because I said which one's the firewall a couple too many times So they put little post-it notes on there for me. Thanks Device does take a couple minutes to boot up from one of first powers It does take about three or four minutes But my controller that I built locally boots up in I don't know less than 60 seconds So obviously they didn't use really powerful hardware in here, but you know, that keeps the price low Now there's not going to be a lot in this dashboard right here But I at least would cover the dashboard and this is what it looks like it offers some customizations to see networks clients I even created a dashboard called test. We can edit that test dashboard And then from there you can start adding things to it. So I created that one You can create another one and call it test two Just give you guys an idea here And once you're on there So here add the widget add the widget And build your own dashboard. They seem to do a nice job of customization on here to allow you to Customize a view that you are comfortable with or how you want to see it I did like the fact that they've done this click the little done button up here and Here we go. Now we have a different dashboard for test two. We still don't anything to test one But maybe test one. We only want one thing on there. So we'll click the gear again Keep being tempted to click the little edit over there And maybe we'll just add this widget right here Hit done. All right. Now we have that widget on here for client association activities pretty simple So you can create these and I'm going to say this is a very responsive interface Even though the hardware on here may not be very high end The responsiveness has been absolutely great for it. We have a stats page. We can get performance stats switch stats You can set up speed tests and do a series of speed test stats There is no dark theme by the way for those of you going switch is a dark theme. You're blinding me I'm sorry. There's not This is uh, obviously very familiar. I really like the auto building topology maps Like I've seen in the unify system. They did a nice job of this here and offering in different types of overview maps such as Being able to load in your own templates and this allows you to Drag devices and have them in different locations. So, you know where the access points are So nice job on doing that of note What I didn't see in here is unable to do an outdoor map and load it based on like a google Location, uh, this is something that unify does have so for those of you looking for that one-to-one comparison That is not something I seen an option for in here So that's missing but onto the Devices themselves now the device menus are obviously where you get to control everything and it's Neat the fact that these have independent control But also have the control inside of here, but not at the same time I just bring that up because it's an interesting facet of the way They design these how you can buy an individual device and later adopt them all in But as far as features go right away I want to talk about the fact that the wan is missing the multi ip option Just like the unify system is so the unify usg It's been a feature a long time requested to be able to have a block of ip's assigned to it Someone may point out it's a beta feature coming. That's fine But it's really an issue when it's a common feature And if you're going to copy someone and make a very similar product You shouldn't copy some of those same flaws like that But that is definitely an issue with the way this works of note though How they implemented this is a little bit different So when we go into the Settings for the site and we go to wired networks and we go to internet which is not called wan This firewall has Several ports on it. So on the end we have a land port and on the other end We have a wan port and the way that works is kind of interesting The wan and land ports are either or and then you choose them with the software you go through and click Like do I want two wan ports in one land or do I want three wan ports? Or all well not all but all but the last one or four wan ports So even though I can't assign multiple ip's to a single wan port I could for example put a switch in front of this from a isp And then add all the additional wan addresses I haven't tested that but it seems like it should work from a design concept Now when you don't assign these wan and you have it like this where ones wan connect to your isp And the rest are not checked. They all end up becoming just standard Land ports unless you assign them otherwise. So this all just kind of a shared port system So interesting how they did that it's implemented a little bit different than the way it was over at the unify side But at least it's programmable and something you can do. Oh and by the way when you don't plug a device in because I unplugged it to Show that it does say heartbeat mist kind of a familiar if you're in the unify world That's the same exact phrase you unify does when it doesn't get the stun protocol sent back and forth to it I haven't done a lot of protocol analyzing to see how close the protocols are the same or done any security To see whether or not they use the same type of Encryption when sending all that different data back and forth and it uses adoption and it readops that Now when you get down here to the system here, we have the same nomenclature to easily go through It's all labeled right here for whether it's a poe whether it's just adopted as a switch or Powering 100 powering one gig and they have it all right here Except the thing that's kind of interesting me Let's go ahead and edit one of the ports if we go here to the config I'm sorry we go here to the ports and let's say we want to edit a port which I have this set up to a test flan When you're doing that and we maybe want to go to a profile override because we want to override the link speed Hey, awesome. I can link this at 10 gig, but didn't you see this as a one gig sure is good news is when I try to do that I'm not getting the error now If you try to do some of these it won't let you save it It's kind of interesting there we go And then we'll hit it for here Here so let's hit it for 10 gig apply And you get this little invalid link speed and duplex setting So it's interesting they didn't bother filtering out They kind of seem to be applying the same generic template to all of these But then I'll telling the switch like when you try to apply it It goes no you can't apply something that doesn't make sense because it's not a 10 gig switch So I thought it was interesting if they had that in there, but um, yeah You can override it but not override it to an invalid setting at least it does some checking because That would probably cause a lot of people problems when they just try to set things in different settings So that's how you manage all the switch in the details of the switch It does also offer the ability to set a management vlan And that's kind of important because something else I noticed about the switch is that there's telnet enabled on it so yes, I just telnetted to 192 168074 which is the IP address of the switch and uh, yes, it responds now what it doesn't respond to is Username password no matter what I've tried quite a few combinations It does not seem to allow me to log in So I could not telnet in now. I tried sshing into the switch So if we ssh It only wants SSH keys so I get an invalid So I was unable to get to the command line of the switch You can get into the command line of the individual devices themselves that I didn't have a problem doing The username password does seem to work for those but it does not work for the switch or the firewall So if I wanted to do the same thing with the firewall No key exchange and I didn't see any way to upload my ssh keys To allow access to the switch or the firewall so just of note But having telnet enabled that seemed to be somewhat bothersome to me The good news is even with telnet enabled if you put it on its own management vlan that you create for the control plane for all of these Uh, I tried vlan hopping a little bit and a few other things. I've actually tried with uh older tp link device I read a long time ago one of their man switches that I was told has been fixed now But I was able to do it on these ones I was not able to vlan hop or reassign different ip's to try to get back to it It seems to respect when you trunk a port that that port is trunked and will not allow access to the telnet interface So it might be something from a design standpoint that you think about because telnet old protocol and potentially has issues Uh, so it's of note even though it's not using telnet to actually manage it having that exposed is to me a little bit of uh security concern Now back on to the other devices like the in wall one and we'll go to the config And just like the other wi-fi devices you have radio options, but the interesting thing is how they handle Under here if we go scroll down ETH vlan I mentioned you could set vlands on these and you can But unlike the normal switch way of doing it of when you create a vlan in a network and being able to do a pulldown You enable it and then have to type in the vlan tag So to me this feels like a little bit of a put together interface for this device versus the Way as I mentioned I would mention unify a few times unify does it with just a series of pulldowns and port configs You have to remember which tag you had on there I'm happy that you can do it, but it is of note that you just have to go Oh, what was the vlan tag that I had set to these now throughout all this interface and this is actually true for all of them There's an ip settings option where it lets you choose static or dhcp the dcp is my preferred way to do this and you could set some static assignments on these but the static options are also uh a fallback ip option that way if for some reason the firewall Isn't handing out dhcp addresses You could in theory say this is what address it will fall back to and getting if it's not dhcp So I thought that's nice that they included that and like I said that is consistent across All these devices now we'll scroll all the way down to the bottom hit manage device You do have the option to push firmware into it You have the option to move it between more than one controller if you notice up here where it says default site Yes, this is a multi site controller So we could add more sites to it and then we have the option to forget the device And one thing's i'll point out and let's go ahead and forget one of these devices Let's go to this one here go to config and we'll forget that device Right here. Do we like to forget this access point? We sure would before we do that Let's note the ip address of the one we're going to forget which is 0.15 here So we'll forget this device Because I want to show you what the interface looks like real quick when you forget it and the adoption process All right, you can see the device is on the network and now pending adoption when you release it It does a factory default reset and I've refreshed the page here and with it being Not adopted. I can actually go in here admin admin Which is the default when you have a brand new one and it will start the process So let's go ahead and set a new username and password on this Tom Not yeah. Yeah password 123. It lets me know that's not a great password. We'll skip setting that up Finish and now we're into it. So we have local control now Let's talk about what happens when you try to adopt these devices Now you don't have to set it up like that You can actually just leave it in the admin admin and not log into the web panel and just adopt it once it discovers on a network it will find it But now let's see if we can adopt it after we did this without having a factory reset it again So let's go here And we'll hit adopt and it should prompt me for whatever credentials I have already on that system all right Let's try adopting it now. It says fail with them prompt So let's see if that does the adoption properly We'd adopted them previously without setting each one of them up. So we're doing a test in real time in learning this And the device is adopted and provisioning right back into the network. So that's that's how that process goes easy to forget these Easy to move them easy to migrate them Now let's go down to clients. There's not much on here right now We just have a few devices, but it does have some statistics and does give you some real time activity and speed on there There's not a lot though that you get in terms of the statistics There's not a ton of stats, but it's got some of the basic stats on here Then we have some insights and has some information on connections past connections Past portal authorizations. I have not tried the active portal yet. I'll do that in a later video rogue ap's if it finds any of them Then we have the log and notices and yeah all the different little things that are going on here disconnects And this seems pretty thorough That's something I really like now on to the settings themselves talking about the site in a way this works So we go here Here is all the site options where we can control the led services I kind of like that because maybe you don't want the lights But the concern to me is not the light with this I don't think the light is what's the distraction people are like What is the giant white plate looking thing that you have over on the wall over there? But you can't turn off the light on it So if that's the part that bothers you does support meshing not 100 clear on what models support it But I do know some devices that shows up and some it doesn't so once again, that'll be some cross compatibility things We'll get to compatibility and towards the end of the video Periodic speed test that you can enable where you can tell it to do that and populate that speed test We currently haven't done that alert emails Remote logging options. I like that they have the ability to dump all this to remote logging because You can't get into the controller to see details, but hey, we can actually push all of them to assist log server I've done a video on gray log. It's a great system for ingesting lots of logs And I do have our current unified system tied to it. So throughout the testing And maybe I'll tie some of this to it as well And then here's that device username and the Username here once again is going to be different than a generated one for the ssh access Now back on to the wired networks as we were showing how this is allowing you to configure things dynamic ip or we can set it to static ip ppoe l2tp pptp So if we have a ppoe connection username and password with some advanced settings But those advanced settings do not include when you set a we'll actually switch it to static ip No option for setting a block of ip address to this. So yeah, they copied that flaw right from the competition On to the land side of the world We have this land. We have a test v land. We can create another test v land So let's call it test v land to Call it whatever you want. Is it an interface or v land only so you can Without having the firewall involved just program all the devices to be aware of a v land and a tag So you can assign it that is something supported in here along with igmp stooping is a feature that is supported on this gear that I have Then we have profiles where you can create separate profiles for each setting of the network and then individual switch settings And you can edit the port profile switching on these I thought was kind of neat They give you a couple different grouping options on here for this to be able to manage it pretty Pretty well thought out. I think in the overall onto the creation No, let's go ahead and create that test to interface and we'll go ahead and attach it to land Which is interesting that you can attach it to this as well Kind of curious about what other extensibility I have if I do it that way But it does allow you to build it now when you build it like this when you're attaching it This is a way to build it without a being a v land But just being a separate land on one of the other ports on the firewall versus if you want to actually create it as a v land it's kind of interesting so we're Giving it a v land id and attaching it to land or Without giving you a v land id you can attach it to one of the other Ports on the firewall. So like I said a little bit of flexibility you have in creating it We're going to attach it to the lengths. We want it to be a normal v land We'll give it 5 5 5 Dot 5 dot 5 5 dot 1 we'll make it a slash 24 or 23 actually make it a little bit bigger. Let's say it's a big guest network And it automatically update the dhcp range And hit save It'll provision it out and then now it's an option. So this one we called vlan 6 6 6 This one we called vlan 5 5 5 and if we go back over here to the devices Choose a port Edit the port Hey, there's our test and test vlan 2 Now one thing of note when it comes to the firewall rules on this let's get back over here I wanted to make that network so I can talk about the default firewall rules Which are backwards to people who are network engineers that when you create a separate network You would think I would have to implicitly create rules for it to talk The opposite is true by default to talks So that network can see all the other network until you take them down and lock them down If there's enough interest, maybe I'll do a video on that and uh, yeah, it's one thing that's kind of interesting that they By default the way the rules work in here is not Is not secured by default and under network security acl That's where I believe you create all of these rules. I haven't created any I just know for each network I create the default is everything can talk and everything can get out So then you go through here to start creating the implicit ip group or ip port group rules And protocols by default and you want to do a deny or permit So do we want to You know deny traffic from here to there and then you build out each of the rule sets inside of here Haven't done much testing with it. So I don't want to get it wrong in this video But I'll leave it up note that when you're building these Yeah, that's kind of interesting thing that they have about how they do the firewall rules Now before we get ahead of ourselves, let's talk about the wireless networks A lot of people just want this for wi-fi and for wi-fi they have a pretty simple way to create this So here is the lts o model lab 2.4 and 5 checked guest network now the nice thing if you don't want a network to talk They do have a guest option. So a Lockdown will be put on that network. So yes a wi-fi guest network can be created with those basic rules Then we have the advanced security setting tray here Where you have the broadcast if we wanted to go to a specific vlan we can do that Wlan scheduling is on here. So we're able to turn them on and off based on certain times create new time range entry So if you want your wi-fi not on all the time Uh, if you're a business and read about security You could set this up. So it's only operating when people are in your office and when it's not Someone can't sit in the parking lot and guess kind of a neat feature rate control options and mac filtering options in here Now as far as creating multiple ss id's we can go ahead here and uh, just add another one. So we'll create another network Test to go through wp personal enterprise. It still supports web And you have the option to create radius profiles if you're using wp enterprise on here But pretty much pretty straightforward on all the settings work and Easy enough to create a second s id and it by default already creates these and pushes it out to all the devices adopted in the wi-fi For that particular group It does support and I say group because you can create multiple wi-fi groups And if you're doing a larger deployment group these things together and have them Differentiated that way so you can have one group with one ss id another group with another ss id And each one can have its own vlan set up if that was necessary Now let's get down to all this we've covered acl and we have url filtering I thought this was clever that they built this in uh, it seems to be doing dns sync holding I didn't really work hard to bypass it, but the basics of it work quite well I can't type in websites. I create a block for so I put the block in and we'll block something like let's say my website So we'll call this lts Source network or ip group and you can create a group or an ip any so there's options there, but we'll say this the whole network What do we want to block laurence? systems.com I'm actually we'll open that up here So there's my website loading And it's loaded in the background great. All right. So now that we blocked and we hit apply We'll say liana does make you choose what network you want this blocked on All right, we've now blocked that particular network and you can go back in and edit this you can add more than one So we'll block like new egg.com We don't want people buying stuff from there. All right, we've blocked them Okay, that took a little bit longer to provision and actually I just skip ahead a minute here It did block my website took a little bit longer than expected But I also want to note when you do block a site It just does this site can't be reached and if we try to get it from the command line And we do something like looking up a dig It's still able to get the dns for the website So it is actively looking and blocking it at a url level, but i'm still able to Get to my website and look up its ip address via dns. So I thought that was interesting It's definitely doing some url type filtering not just dns sink holding it But a neat feature that they've added in there to the fact that they have url featuring filtering options in there Attack defense is interesting. I did not play with this. It's got a couple packet anomaly defense Basically, it's looking for unusual packets and offers the ability to Block certain attacks and then really test the validity of how well that works Then we have routing and we can create special route rules policy routing rules And i'm unclear on all the features that you can do with this once again I didn't deeply test it But it interesting they put them on there where you can say here are certain policy Routings of how I want something to go and maybe which one address you want it to apply to So if the current one is down is able to create new route And also the static route options here where you can say next hop or interface At least they do give you some options to control the firewall inside of here So not the most advanced options, but a few options in there indeed For things like failover we did not we know it supports multi-wan failover We're not sure if it supports how many different wan interfaces for failover But there are things like session limitations in here down below So you can say session limit create new rule And apply the rule to a network for example maximum number of sessions that can be done odd way to put it because a once Device can have quite a few sessions, but at least you can do some type of restrictions on there I'm not sure what happens if it just doesn't create new connections and they get weird timeouts But nonetheless they have that feature bandwidth control and you can apply bandwidth control Put test here what network do you want to apply this to? Which wan does it go to upstream limits back Downstream limits and this is you know per this entire network or a per a individual on each network on there So it's not exactly traffic shaping But it's limiting the amount of traffic and volume that an individual can take up on there Now vpn This is the one I know a lot of people are hoping it's going to be exciting and it's not at all Once again, they have very weak vpn policies here. They have a nice site to site system I only have one system set up right now So I didn't try with two firewalls the cf2 Merged together with site to site It does have an option if you have multi-site to be able to pull them together No way to test that you can do client to site And it has in the options here VPN server l2tp pptp ip second open vpn and vpn client Being open vpn now when you set this up as vpn server open vpn And we can put all the presets in here tie it to wan What's the ip pool? one 24 create It does create the file But it does not seem to have like a full user management system that I was able to find in this So it's basically once again only for site tonight site Not managing like a connection to a bunch of users using like open vpn Maybe it has a feature in a month. We were thought to set it up. I didn't dive deep into it, but it's definitely Not normally you would see all the stuff in here. So I'm gonna say I don't think it really does that I don't see an easy like user management tie in as when you go to the settings I don't see any way to say here's your authentication server and here's where you authenticate all these vpn users against Now this was an interesting feature to even notice in here The fact that you can create time ranges to for tasks where you can say this Time range apply and then that is that time range that would apply to other sections of it So you could say this is what I want these things to operate and a few different devices A few different options are available where you have those time ranges Then we have groups Same thing. It's a rising a little bit of aliases so you can create an ip group ip Or a mac group so you could take a block of devices to apply rules to and I thought this was kind of cool It's very similar what a lot of firewalls may call an alias system or an object system So you can have objects that you can assign a parameter to and then you can group a sign it later So that's an option here. I don't know how extensive or how well it works But I do see they have the features in here They do offer captive portal authentication 802 11x mac base and radius profiles can be set up Onto the services menu. They have dynamic dns s and mp upnp So good news is by default that's turned off for those you worried about that You can turn it on and then apply it only do certain networks This is very handy because sometimes gaming devices just work best like xboxes and playstations with upnp They're the easiest way to configure them But you may not want that on your main network because of a security risk And they do have the option to apply it to an individual network ssh access you can turn it on and change what port that's on And actually nice feature when this feature is enabled the layer 3 accessibility check This is so you can say only allow devices locally on there not remotely to get to it Until you enable it and then allows remote devices outside the network to be able to get to it for through routing So actually a little bit of security they put on there A reboot schedule. This is weird But hey, if you want to schedule a time that your device should reboot you can schedule a reboot schedule for your device And the same thing with the power schedule I guess if you're on a power budget and you say, you know what I would like these things not to be on That the access points phones or whatever you have plugged into the poe They let you schedule the poe kind of novel And then we get to the controller itself And here's the general settings and the controller same system where the controller itself has a dhcp But can fall back to a static ip or can be statically assigned It has an option to import certificate Now I didn't mess much with this But I think the idea is if you wanted to have your own certificate and import it in there But without any automation around it importing a certificate Like if you wanted to use something like maybe let's encrypt and maybe if there's a way to do that Not having it automated means you're going to be doing it all the time So kind of novel they had it but hey cool, I guess Maintenance wise here's the controller and we have survived an update I bring that up because that was something we were excited to see if there was an update See how the update worked and we pushed an update to it. No problem didn't have an issue now The not being able to get into the controller means I can't really get into the guts of how it does its updates But when you tell it to check for update, which is over here, we'll show that in setting It checks for the update and just pushed and applied it Same with the firmware updates that it pushed to the device as that really wasn't a problem And the last couple things are the backup where you can download a backup file for settings only Reboot factory default. This is that check for the upgrade down here at the bottom And the migration options they both have a site migration and the controller migration So you can migrate a site to another site or you can migrate an entire controller to another device So let's say you started with the oc200 model what wanted to migrate that to on prem They have that as an option as well And then the auto backup if you turn this on it will look for the usb device on there So you turn on auto backup right there But it does note that you have to be plugged into a poe device for that to work And of course the cloud if you choose but it's optional as I said to to connect this to the cloud There's our oc200 in the lts lab and when we launch this I have not opened up any ports matter of fact. This is triple-naded because of the way our network is set up So it reaches through all the gnats and has no problem Getting to the device because it's reaching out to make that connection So I do like these cloud features when you have that so you can get into something without opening ports The downside is of course now you have to make sure that their cloud doesn't have some type of breach They forgot to tell you all the details about Because that would be really bad and kind of a problem So the final verdict of course is I mentioned unify several times is would you replace unify with all this? Well on paper, this is a very complete system And I say on paper as far as like all the features it supports having not deployed these I don't have the confidence yet that this device setup would You know scale because I just don't know I'm hoping some of you will leave some comments down below of large deployments I didn't really find anyone or could not within my friend circle find anyone who says tom I've deployed two or three hundred of these at a site and manage them all with the omata system And it's been working great. I just don't have a lot of information in that So I will be taking this home to do a little bit longer term review of it and actually put some use to it Good news is where I put this because I don't my my wife will kill me if this is in the living room Um, I will have a place to hide this will cover to be putting in at my house for some of the testing Um, I have a place that I'll mount all this so it's a little bit more obscure But when I do that longer term testing, I'll have some better answers as to Is it stable does it crash at least a few weeks? It's been here all the devices we connected to it and all the little speed tests we did internally never had a problem Yes, the router does route at one gig. That was never an issue Um, Wi-Fi speed testing christened some tests go watch this video on it But one challenge with Wi-Fi speed testing is it's very very subjective But I will do some Wi-Fi six videos because I know people are asking me for them and with this at home And I'll load up a Wi-Fi six setup at my house So I can do some speed tests around the house and see how it compares And maybe also do a test between this and I'll put these in exact same location as unify So I have some real world numbers and know exactly how long the unify has been where it's out of my house So we'll see if I have the same range on these. So those comparisons are coming. That's not a verdict I can really answer right now for home users. I think the price is right. I think it's something that is great to Play with I just don't have that long-term confidence in this product yet But I've been using tp link for a while for some of the other things we've had lots of random dump switches We've gotten from tp link for different use cases. They always have held up really well, but Please note the things I mentioned earlier in the security like having telnet and not a way to disable telnet That worries me a little bit because that's a real concern that that's enabled even if it is on the local management plane I did test the firewall By default no ports are open on it But nonetheless, you know ssh access to this is not available for me to really dive into the inner workings But maybe I'll poke at it or if I have some my security research friends that can spare a few minutes to poke at this system I will certainly open up access to them. Uh, who are curious about it and see what other Interesting things they may find but I'll leave a link to chris's video And I believe mac telcom networks has done a few videos on these as well I'll leave those linked because you know when you're making a decision of what gear to start with or what gear to put in Your network, um It can be challenging I'll also have some affiliate links down below that do not cost you anything more But do help out the channel if you want to buy them on amazon Is all of these were available on amazon as of recording of this video and pretty easily Accessible for you wanted to get any of these and as I said if you didn't want to get all complicated And want to try a single device at a time Check each one because they do have their own interfaces on at least the devices we have here And last but not least what else by omada support? They have a omada compatibility list and I'll leave this link down below as well And these are the current devices that they have on their support list I'd mentioned earlier though the little bit of confusion about the firewall But the er 7206 and er 605 er 605 one that we have here Even though it says tl on mine. So when I look it up on amazon, it's tl, but it's er here It does appear to seem to be one I can't vouch because I haven't tested but I'm assuming maybe there's the same nomenclature change Or way they labeled it on here either way their jet stream series appears to be all the ones that are fully supported on the motto So that was those switches that are compatible in controller mode That says they like to put it and these are the access points compatible in controller and standalone modes right here So I imagine that's what the list is now Maybe when you're watching this in the future that list gets bigger But hey, nonetheless, I have a lot of hope for this I think tp link will see how their commitment goes to this product. But uh, yeah, this is not a bad setup so far I think they're really off to a good start off to a good start But I do know they've been out for a little while and a couple different versions And if you look back at version three, this is all the version four of the omada It did look a lot different So I would kind of say it's new for version four because it's kind of a facelift from the version three interface But yeah, as I said so far in all my testing everything's worked I didn't find any glaring flaws that have done the lack of 2fa and the weird desire to run this on mango 3.6 But if you're using a lockdown controller, that's more of a weird you chose old software that's end of life But it's not publicly exposed the internet and doesn't require it to be for you to run it. So It's an issue, but yeah, it's an odd one. All right, leave links to everything I talked about below in those other videos I mentioned and thank you And thank you for making it to the end of this video if you enjoyed this content Please give it a thumbs up if you like to see more content from this channel Hit the subscribe button and the bell icon to hire a sure project head over to laurance systems.com And click on the highest button right at the top to help this channel out in other ways There's a join button here for youtube and a patreon page where your support is greatly appreciated For deals discounts and offers check out our affiliate links in the descriptions of all of our videos Including a link to our shirt store where we have a wide variety of shirts and new designs come out Well randomly so check back frequently And finally our forums forums.laurancesystems.com is where you can have a more in-depth discussion about this video and other tech topics covered on this channel Thank you again, and we look forward to hearing from you in the meantime check out some of our other videos