The UXG Lite and UXG Pro supports all the latest security features Ubiquiti has integrated into UniFi. These include:
Country Restrictions
Intrusion Prevention and Detection
Dark Web Blocker
Malicious Website Blocker
Internal Honeypot
NOTE: The older USG models have some major throughput restrictions when IDS or IPS is enabled. For example, the USG-3P has a maximum of 75mbps when threat management is enabled. If you want to use IDS or IPS, we would recommend getting the newer UXG Pro as it can handle it much better.
The UXG Pro has throughput performance similar, if not the same as the UDM Pro which has a maximum throughput of 3.5Gbps with IDS/IPS enabled.
How to enable Intrusion Prevention and Detection
First, log into UniFi and go to 'Settings'
Next, go to the 'Firewall & Security' section
Here, we have the option to enable IPS and IDS. Ubiquiti has changed the naming recently.
'Detect only' is IDS and will only show you and alert you what security threats there are, but it won't block them.
'Detect and block' is IPS and will detect and alert you what security threats there are and it'll stop them from entering your network. This does use more system resources however.
Once enabled, we have the option to enable the Dark Web Blocker and the Malicious Website Blocker (UniFi real-time database)
To edit the categories that the UXG Pro will work on detecting and blocking, click on 'Edit threat categories'
You'll then have a list of categories to choose from. This screenshot is from UniFi with a UXG Pro attached, it might look different using a USG, UDM or UDR for example.
Testing & Verification
To test a detection, use a command line interface while connected to your UniFi gateway’s network.
Input:
curl -A "BlackSun" www.example.com
Expected alert result:
Threat Management Alert 1: A Network Trojan was Detected. Signature ET USER_AGENTS Suspicious User Agent (BlackSun). From: 192.168.1.172:55693, to:172.217.4.196:80, protocol: TCP
If the above happens, then the IDS/IPS system is working as intended.
HostiFi
HostiFi provides hosting for both Ubiquiti and TP-Link software-defined-networking (SDN) applications, with servers for UniFi, UISP and Omada. We also offer professional networking consulting, with HostiFi Pro.
If you run into any issues, send an email to support@hostifi.com or contact us via live chat.