Hands-On With the Ubiquiti USG-PRO-4: Year 1

In July of 2018, exactly a year ago, I was looking for just about any reason at all to pull the trigger on a firewall device for my home network and found myself split between the Meraki MX series, the Fortinet FortiGate line, or one of the two Ubiquiti USG options available at the time.

I do already own a Meraki switch and AP so it seemed like the Meraki was an obvious choice, but alas it was also out of my price range — at the time, they were running $600-700+ with only one or two real models to speak of. Now it looks like they have smaller branch office models in the $200-300 range, which is far more reasonable for a home network.

The Fortinet device seems like it has real potential and, truth be told, I still have it sitting on my Amazon wishlist. I would love to get my hands on one as a comparison eventually.

Ultimately, though, it was the lure of the Ubiquiti UniFi line that won me over. For what Cisco wanted for just one Meraki MX I could theoretically have a Ubiquiti firewall, switch, and AP, all of which I could manage through a single pane of glass. We all know what that means.

Day 1: Initial Setup

One hasty Amazon purchase of $280 and Prime two-day shipping later, I found myself in possession of the Ubiquiti USG-PRO-4, in all its silver glory. I may or may not have taken a moment to myself simply to marvel over its sleek, minimalist design with built-in mounting ears in its pleasantly solid cardboard box.

I followed the initial setup documentation provided by Ubiquiti without any more significant issues than trying to figure out how I was going to physically connect my laptop, which does not have a built in Ethernet port, to a device which requires either a separate Cloud Key device (sold separately and, in retrospect, probably should have purchased concurrently) or a hardwired connection to a computer running the UniFi controller software.

Since this would be for what would essentially be a whole new network topology, everything worked out of the box as it should and I was clicking around a snazzy web interface in no time, investigating DHCP scopes and firewall rules alike. I daydreamed about how useful the network speed indicator could be as I mentally complained about residential ISP service.

Day 1.5: Gremlins

Alas, my joy for my new toy was a little short-lived. I had set it up in an ad-hoc position on my living room media center which shares a common wall with my bedroom. This turned out to be a mistake.

The Ubiquiti USG-PRO-4 has a very specific and characteristic flaw to it; one which, after several Google searches the next day, I discovered was not unique to only my device.

It whines. Bad.

I’m not talking about the drone of server room case fans that we in IT are all too familiar with. I’m talking about the high pitched, barely audible whine of shoddy ball bearings and cheap plastic. The kind of whine that, if your neighbors have dogs, they will howl agonizingly because of. Mice will evacuate for a three mile radius, and loitering teenagers will be no more.

The stock case fans on the Ubiquiti USG-PRO-4 are so shoddy out of the box that I literally got out of bed in the middle of the night, went into the next room, and unplugged the power cord in a mildly violent fashion before stomping back off to bed. The next morning, I bypassed the USG with a patch cable so that my wife would be able to watch Netflix and browse Facebook with no idea what had happened the previous evening.

In fact, even after I got home I left the USG unplugged for several more days and contemplated returning it outright.

Eventually a calmer head (and more Googling) prevailed with an answer: the Noctua NF-A4x20 FLX case fan. A couple more days gone by for Prime shipping, two minutes with a screwdriver, and I finally had a dead silent network device that I could leave on 24/7/365.

Peace was restored – as was power and connectivity back to the home network.

Months 6 and 12

Ironically, almost exactly six months apart, I have run into the same exact issue twice: following a neighborhood power outage, the device booted back up but refused to issue DHCP leases.

I could set a static IP, log into the controller, and see everything configured properly with no obvious issues…but I still could not get an IP address. Wireshark captures showed that the USG was not responding at all to DHCP discover messages.

The first time this happened I was able to reboot the USG two or three times and eventually it came back up. The second time, though, no such luck. As of this moment I have unplugged it from my network for a second time in the space of a year and let it sit idle.

From what I can gather, I may need to try performing a factory reset, but I don’t want to do that until I purchase a Cloud Key and a battery backup. It also seems like I am not the only person to encounter this issue. I found multiple unresolved forum posts from other users attempting to troubleshoot issues with failure of basic network services like DHCP from Ubiquiti’s devices.

In Conclusion

The Ubiquiti USG-PRO-4 holds true to my expectations for the device with a few important caveats.

I truly believe that the stock case fans shipped out with this device should be banned by the Geneva Conventions. I should not have to purchase two aftermarket case fans at $15 each to make a $280 device tolerable to live with.  I also believe that so-called enterprise ready (even if it’s only small/medium business enterprises) network devices should operate with network services like DHCP in a reliable, trustworthy manner.

Part of me regrets buying the USG but I also desperately continue to want it to work – mostly because I do want to add on one of the new second generation Cloud Key devices with built-in NVR so that I can throw a couple of cameras up outside of my house, plus a couple of UniFi wireless APs so I can segment my IoT traffic.

I still can’t help wondering, though, how my experience would have gone with the FortiGate. The only comparison I can offer is to pfSense, which I installed as a VM while walking through Tony Robinson’s big black book, Building Virtual Machine Labs.

In every sense of the word, pfSense was satisfying, granular, and worked. If I could go back and make the decision again I very well might choose to stand up a homebrew pfSense device with dual NIC cards instead. The cost would probably be about the same, and ten bucks says I’d have a working device plugged into my network right now instead of acting as a paperweight.