We are looking at upgrading our network equipment from old HP switches and Aruba access points, we have a Fortinet firewall that we are happy with, so we’ll probably keep using them there, but for the rest we are looking for new stuff.
And we are looking closely at Ubiquiti for switches and APs, but two things have appeared on our radar.
Ubiquiti does have a cloud admin UI, this means that Ubiquiti needs to have access to our network controller to access this feature.
But what if we don’t use that, will Ubiquiti still be able to access the network controller?
I guess that what I am asking is how does the access control work?
Also, updates, I see that they seem to be very frequent and also see some scattered reports that they have required admins to reset their configs and loosing camera footage, can you set updates to be delayed for X days?
most of their stuff are local, unless you have activated remote access on your unifi controller which will require an online account on unifi (ui.com)
i only have their aps and my unifi controller is hosted on a local machine, and so far i haven’t found any suspicious queries from them, i havent done any packet trace or port checks because they seem ok for me
where the unifi controller hosted on a deb machine
one of the ap
as for access control, if your unifi controller is hosted on a local machine then it will just use specific ports that ubiquiti utilizes that im not familiar with (or too lazy to do a port scan). you may also host your controller online via hostifi or other providers or a diy cloud server (if you’re onto that)
for updates, unifi controller will notify you if there are updates but its still up to the controller admin if they decided to do so.
as for janked device configs, i mostly experienced it on controller version 6.x.x and 7.x.x but not on most recent one (9.x.x) and yes it requires a unifi controller admin acct, you may also do scheduled backups of your configs so you can revert back just in case. and if you have no choice then you could locate device > poke reset > re provision on controller.
Thank you very much for a very thorough run down of the system, we are based in the EU and are trying to make sure that we have as few mandatory ties to US manufacturers as possible while running a modern IT system.
We have thought about MikroTik and Extreme but our CTO wants us to investigate Ubiquiti as it has a nice web UI for all devices on the network which would be a big advantage for our small network.
I will push for a small POC network or demo so we can get a better understanding of it.
I’m using Ubiquiti at home (a switch and an access point) and self host the controller too.
You can disable automatic updates in the controller and then upgrade the firmware when you please.
Regarding if Ubiquiti have access to our hardware a cloud account is optional so you can just use a local login to your controller instead.