Powerful protection for your network! // Unifi Express

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

this is a UniFi Express a small and Sleek device that comes with a full UniFi networking stack and manages and protects your entire network it's a router a security Gateway a Wi-Fi access point yes that's all in this little box here it was sent to me by ubiquity for review and as this is my very first UniFi device ever I want to tell you my honest and humble opinion as somebody who is entirely new to their system and what I can say right away this UniFi Express here is an outstanding device for small home or business networks for me it was probably the best way to get started with UniFi s it gives me tons and tons of options how to use it and it is super simple let me show you first let's discuss some of the specs it is powered by USBC and has two network interfaces a 1 GB Lan port and a 1 GB W Port it comes with built-in Wi-Fi 6 using 2x2 mimo supporting 2.4 and 5 GHz and it can handle up to 60 Wi-Fi clients all at one so that's pretty impressive for such a small device it also has this little LCD screen where it displays the network status in real time as well as how many clients are connected to your network that really looks so cool and furthermore it can manage up to four additional UniFi networking devices when it's operating in Gateway mode so that basically means when you're connecting the wport to your Uplink and your clients to the landport but you can also Mees it together with other UniFi Express devices or set it into access point only mode so when you want to use it in an existing network no I'm not sure whether you are already experienced with other UniFi devices or not they by the way have many exciting and professional devices like gateways firewalls access points switches or cameras and they are all well integrated into the UniFi networking stack for me as I said this is my very first UniFi device ever and I mean I've worked with several other brands before both in the home network space but also in the professional Enterprise field as some of you might know and this device here is somewhere positioned in the middle it is not a fullblown Enterprise security Gateway but you should not underestimate this as it has some very compelling features and it is great for managing a small home network or even protecting small and mediumsized business networks we'll cover some of those Advanced features here in a few minutes but first I just want to show you how I've installed it and set it up as a new Gateway in my existing Network installing the UniFi Express is very simple once you unpack it you just need to plug in the included USBC power supply and connect it to your Uplink on the W Port because it has Bluetooth on board you just need to download the UniFi app on your smartphone and once you plug in the UniFi express it should be immediately detected even for someone who is entirely new to it it is all made super intuitive but you don't don't have to use your phone you can also set up this device from any computer on the network just connect your switch to the lanport or do the initial setup on your phone and then connect your client over Wi-Fi it automatically configures a 1921 16810 Network so you just need to connect with your browser to the gateway's IP address and then you're locked in to the web dashboard and that basically gives you all the same features as UniFi app just on a wider screen don't forget to go into settings and enable dark mode I really love that and then you can start configuring your device like changing network settings setup firewall policies and rules we'll dive into some of those settings and what you can do with this device here in a minute I just have one more thing to say about the configuration or the administration of this device because during the setup process it asks you to sign in with your UniFi account and even though you can set it up and use it without an account account I would absolutely recommend you to do that because it allows you to see and manage it from remote using the UniFi site manager this by the way also works with any other UniFi devices which is great for me because when I decide to use some other products in the future and I like to manage them all in one place I don't need to think about so how do I configure remote access or worry about IP addresses and so on I can just connect to the UniFi site manager from anywhere and I know for some people who like to do on their own and control everything sure you still have the option to not connect it but I think the site manager is a pretty big plus and it makes Remote Management of your network simple secure and convenient now let me walk you through some of the basic settings in this web UI before we dive a little deeper into the security features and advanced networking settings because I think this UniFi Express has a great balance between Simplicity and advanced features that you would expect from a security Gateway for example on the left side you can get more information about the device itself such as when IP Gateway IP system up time or internet connection and on the right side it gives you a deeper insight into the entire network for example you can get upload and download Based on traffic or website so it can actually identify applications based on network patterns which is pretty cool and we will have a closer look at that in a few minutes but it will also show you all the connected Wi-Fi Dev devices here which active channels the device has what are the most active clients and what actually do they download what do they upload and you get some cool and detailed graphs of your internet activity which is really great for a home network now what is also nice is the topology Tab and as you can see this is currently not very exciting here because I just have a small network with the UniFi Express and one client connected but if you would have a bigger network with many other UniFi devices like access points switches and so on they would all show up here in this menu and you get a great overview of how is the traffic flow from your gateways to your actual clients how many clients are connected how many access points and so on so this is really great if you're managing a bigger Network and I think we will need to come back to this in the future when I got some more UniFi devices for testing of course you can also see and manage all the connected UniFi devices that are managed by the UniFi Express here in my network it's just UniFi Express itself of course but it is great for Central management of other devices and access points you can also get more insight into the actual clients you get the IP addresses you can see download upload and for how long they are connected and when you click on this it will also show you more insight into the actual Wi-Fi connection so how good is this signal what type of standards are these devices using to connect to the UniFi Express and what is the overall latency and yeah download and upload so really nice if you go into the settings menu this is where you can configure all the networking and security features of your UniFi Express for example in the Wi-Fi menu you can add new SS IDs or change existing Wi-Fi networks such as configuring the name password or some general Wi-Fi settings such as the security protocol you can see it supports up to wpa3 Enterprise or enable and disable Wi-Fi bands for example 2.4 or 5 GHz depending on what type of band you're using but it also has some really nice Advanced security features for Wi-Fi networks and sometimes professional environments such as hotspot portals uh a client device isolation which is great in public Wi-Fi networks where you need to protect the clients from each other set up proxy ARP or fast roaming set up Wi-Fi speed limitations add Mech address filtering or configure radius authentication which is great for some professional environments or set up a Wi-Fi schuer so you can enable or disable some ssids based on date and time which can be very useful in some environments what I really love about this is that for most of these settings here even if you don't know what they are actually doing UniFi has small information icons that give you some short explanations on what this setting is actually about and I really love this because then you can configure it all from that menu do you don't need to look it up somewhere in a documentation this is really a great user experience let us also go through some of the general networking settings so here you can create more networks so you can change IP addresses you can even configure content filtering so this seems to be pretty nice for blocking malicious content fishing content you can set up two profiles based on work or family profile and of course you can configure settings like the DHCP server set up D DHCP relays uh configure the ranges or even set up some advanced DHCP service settings no what I really like and I don't know if most of the other networking devices have such a feature it can also autoscale networks so of course you can manually set up uh an IP address range and a subnet mask but it can also set up Auto scale so I assume that will expand the network when it is needed so if you have more than 250 for usable host addresses I don't know if that's true for your home network at least it's not for mine but in any professional environments where you have multiple Wi-Fi clients and they are frequently changing you probably want to enable this so you don't run out of IP addresses so pretty useful feature that you don't need to take care of that yourself what also might be interesting to show is the internet Tab so here you can configure all the one PODS of your UniFi Network as I said the UniFi Express only has one one pod so when you click on that you can actually configure how the device connects to the internet and here you can just set it to automatic so it will figure fig out on its own how it connects to a device usually when you connect that to an existing Network that has a DHCP server it just uses DHCP client to give this a dynamic IP address and then connect it but you can also configure it manually set up VLAN IDs for for example some internet or ISP providers use that sometimes you can also enable some other advanced settings here damic DNS and so on and you can configure an ipv4 or IPv6 configuration for I pv4 you have three different options use a DHCP client set a static IP address to your UniFi Express on the wport or use PPP OE so you can also use it with a DSL connection and this is really great to fully replace my home router for example well so now let's come to the part that actually interests me the most the network security features and to be honest I was really surprised by how many security features this small device actually has because as you might know an network is just as secure as you configure it so it's really depending on how many security features do your network devices provide you and how well do you do the configuration because the best security devices mean nothing when you just leave everything open so let's have a close look at what you actually should enable to to give you the best protection for your network first let's talk about vpns because UniFi Express comes with a wide range of supported VPN protocols that you can use to securely connect to your network or connect your network securely to any remote network using other VPN gateways first of all it supports teleport which is UniFi proprietary zero configuration Remote Access VPN protocol that's a long name so it's really simple you just need to enable it set set up an invitation link and then download the Wi-Fi Man app on your device which is supported on Mac OS iOS or Android and then it just magically works you don't need to set up firewall rules or configure anything else it just securely connects your devices to your UniFi Network really simple but you can also use it to set up common VPN protocols like a wire guard server which is really great because you usually don't see that in most of the Professional Network Security Gateway so really nice but of course it also supports openvpn or l2tp for remote access from clients to your UniFi Express device but you can also configure the UniFi Express itself as a VPN client for example if you want to establish a secure connection to other VPN gateways such as wire guard servers or openvpn servers of course for secure side to side connections mostly using ipsc it also gives you tons of options here so it supports ik version 2 and you can configure all the common protocols and encryption standards so you actually have a good support on connecting with other ipsx security gateways from any other vendor or Brands you just need to configure it the right way to match the remote Gateway security settings so it really gives you all the industry standards that you actually need to configure side to side connections or set it up as a client or as a VPN server but of course UniFi Express also comes with other Advanced security features because as you might remember from the dashboard the UniFi Express is able to identify traffic based on the application patterns it sees on the network layer and what you need to configure this is you just need to go to settings security and enable traffic identification and then you can go into the traffic rules and block allow or set up speed limits for certain application or application groups for example if I'd like to block any application I could just go in here and select the app you can scroll through that uh menu here or just search for for example uh Microsoft teams if I would want to block Microsoft teams on my network click on Save and then select the device or network you can set up this for the entire network or maybe just for my MacBook if I want to block Microsoft teams on my MacBook for whatever reason and maybe I can also set up this on specific days or on specific times but you can also configure that in a different way for example if you go to app groups so here you can block certain groups of applications such as social networks online gaming instant messaging and many many other categories here and of course you can always configure that based on the device or on the network so that might be very useful in professional environments if you want to protect your clients from certain uh traffic sources or you want to control certain applications in your business Network or maybe in your home network I could also think about many use cases for example if I just want to block Tik Tok on my son's iPhone I could actually do that I know I'm a nasty dead but you can also do that in a much simpler way so for example if you go to the dashboard and you enable traffic identification it would show you the most used applications in the network or you can go on any client for example on my iPhone go to insights and then it will also show you all the applications in here and you can simply just click on block the app for example if you want to block uh Tik Tok on my phone I could just click on that and this will take you to the traffic rules menu where you can configure a permanent traffic rule that applies to your selected criterias now this is really nice and honestly I haven't expected to see such a feature in this small device it's really nice but of course you can also create those traffic rules based on domain names if you want to block certain websites or IP addresses regions so it gives you tons and tons of options to create secure policies and control the traffic on your network what I also haven't tested but I think this could be very useful is the ad blocking feature in here so note this filter can be bypassed by using encrypted DNS or client specific privacy features so if you want to use that you need to make sure that you disable the DNS over https feature on the client's browsers but it could be useful in some scenarios of course you can also add port for Bings if you want to create simple snet or dnet rules so for example if you have a local web server and you want to actually forward the incoming traffic on the wport to the local IP address you can create a simple dnet rule that forwards traffic from any Source on the port 80 and for for free to the local IP address of your web server for example or you can create firewall rules that allow drop or reject traffic if you want to create a new firewall rule that for example blocks internet access for a specific client you first need to select the type of the firewall rules so this criteria defines which direction on the network this firewall rule should apply to for example internet out in this case block web traffic and then you can select the port TCP and UDP for example you can select the entire network or maybe just one single IP address in here for example 52 and then block the port end port 4 for free to any destination or maybe just specific IP addresses and groups as you can see you can very granularly Define so what you want to allow and what you want to block such as you would expect it from a network security device so I hope you got a great overview of the UniFi Express I think this device is pretty cool I'm not sure whether it will replace my current networking setup because as you might know from my other videos it is already pretty well equipped however I think it's it could be really nice as an additional access point or maybe I'm replacing my dump home router with it anyway I'm really thrilled about experimenting more with UniFi devices in the future and seeing how they all working together please let me know in the comments so what do you think about UniFi Express or UniFi devices in general and whether you would like to see future videos for homelab people and Tech enthusiasts make sure to give this one a like And subscribe and as always thanks everybody for watching I will catch you in the next video take care bye-bye yeah

Info

Channel: Christian Lempa

Views: 43,675

Rating: undefined out of 5

Keywords:

Id: BXYDQfnAMiA

Channel Id: undefined

Length: 18min 29sec (1109 seconds)

Published: Wed Jan 24 2024