Ubiquity EdgeRouter X - Configuring to Isolate Surveillance Networks

randye007

n3wb
Joined
Aug 17, 2021
Messages
2
Reaction score
0
Location
Canada
Thank-you for posting this @guykuo!

Will you be posting a follow-up how-to like you did for the Ubiquiti ER-X?

Cheers,
Randy

Ubiquity has discontinued shipping the EdgeRouter X. It was an amazing little machine for its time, especially at $60.
Getting one now costs much more. I no longer recommend this pathway to network isolation.

I have since transitioned to PFsense on a fanless firewall appliance. The initial setup cost is more, but setup is much easier than with the EdgeRouter X. VPN is simpler to implement. Supports 2.5 gb speed network speed. PFsense is actively improved and PFblocker ad blocking has been very effective. Very happy with making the upgrade. The speed, ease of configuration, and enhanced capabilities easily justify the cost differential. On the other hand, paying inflated prices for rare, discontinued EdgeRouterX's is not worth doing.

To implement PFSense, I got a bare bones Mini PC with 2.5 gb ports, 128 GB mSATA drive, and 16 GB RAM. That's actually FAR more RAM and storage than needed, but going smaller capacity wasn't going to save many dollars.

$266 MOGINSOK Firewall Appliance Mini PC, Intel Celeron J4125 Quad Core 4xIntel I225 2.5G Ethernet VPN Router PC AES-NI HDMI VGA Barebone NO RAM NO SSD (Be sure to get one with AES-NI)

$32 Transcend 128GB SATA III 6GB/S MSA230S mSATA SSD 230S Solid State Drive TS128GMSA230S

$47 G.Skill Ripjaws SO-DIMM Series 16GB (1 x 16GB ) 260-Pin (PC4-19200) DDR4 2400 CL16-16-16-39 1.20V SO-DIMM Memory Model F4-2400C16S-16GRS

My PFSense firewall box is at about 2-3% CPU, 5% RAM, and 1% storage on average. It's a huge jump up in speed and capacity. Also, PFSense has a larger user base for support. Tons of how-to videos are on line.
 

srvfan

Getting comfortable
Joined
Dec 12, 2020
Messages
575
Reaction score
2,240
Location
USA
Just stumbled across this thread and am curious as I currently utilize an EdgeRouterX in front of my home network. I've had this router for a couple of years, and love it as it was so versatile with setting up internal VPN, VLANs, etc. and works well with my switches. I notice Ubiquiti has placed a newer firmware on their download site (I think dated 18-July?), but I wonder how long this router will be supported? I guess when they do stop the support, it will be open season for security threats/attacks on this equipment.

From what I have seen, a lot of people give the pfsense a thumbs up; however, I wonder about the security of this option. I am a complete networking noob, but when I hear open-source, it automatically throws up questions of security.
 

observant1

Getting the hang of it
Joined
Dec 2, 2018
Messages
113
Reaction score
84
Location
alabama
Wow, I shouldn't have partied so much at the tech schools/classes I was fortunate enough to go to on the company dime back in the day.....things have also come a long way.
 

105437

BIT Beta Team
Joined
Jun 8, 2015
Messages
1,623
Reaction score
683
My network is entirely Ubiquiti Unifi. PoE switch, regular switch, APs and a USG-3P gateway (router). I'm looking to isolate my 16 IP cams and really don't know where to start.
 

tech_junkie

Pulling my weight
Joined
Sep 2, 2022
Messages
146
Reaction score
111
Location
South Dakota
All ports configured with address of no address - ?what does this mean?
That means you are not using the lan ports as managed ports (which is the mode that is commonly used).
Assigning them an ip address, only allows traffic requests from that port to the rest of the network has to come from the machine with the same ip address assigned to that port.

Since you wanted to know what that meant.
 
Top