Choose between Ubiquiti and pfSense based on your needs.
Choose between Ubiquiti and pfSense based on your needs.
Hello, I’d like to connect my ISP router with a custom one for better network management. I’m considering either an Ubiquiti device (no Wi-Fi needed) or a 4x2.5Gbps model from Ali using pfSense. The first option seems easier to set up, but I want to know which offers more control. I’d like to use Pi-hole for blocking sites and maybe enable traffic monitoring. Please advise on the best choice. Thanks!
I tried pfSense initially, but then moved to OPNsense because managing your own hardware gives you more freedom. I use Ubquiti access points. Some devices are simpler to set up than others, depending on their support. A firewall with at least two LAN ports works well. There’s no issue with pihole, but it might just be adding complexity that isn’t necessary. Many people handle ad blocking through the firewall—this can also be done with pfSense or OPNsense. I haven’t used pihole much since switching.
ISP has restricted my router access unless I pay for their Wi-Fi service. Because I don’t plan to do that, I can’t connect. The issue isn’t specifically Pihole—I’ve heard about it but not sure how it works. I want the ability to block certain websites or IP addresses, like hiding Samsung TV ads from my menu. If the router can also filter ads on its own, that would be ideal. To be clear, I’m using one U6+ AP and haven’t set up Ubiquiti yet. The controller runs locally on a Synology device.
Can they configure the router to operate in bridge or DMZ mode when you place your own device behind it? You’ll need this unless you’re okay with double NAT. I use PFSense as my edge firewall (avoid using it as a switch, even with a 4-port NIC—assign one port for WAN and another for LAN… switches should stay switches, PFSense is a firewall). I also run UniFi switches and APs, and the VLANs work seamlessly. I’m using pfblockerNG on the firewall instead of pihole to block unwanted traffic at the network edge. I think the newer UniFi firewalls are solid choices as well, though I’m not very familiar with them.
Confirmed, everything works without any special requirements. They can be configured from any source. I began with U6 Lites and later replaced them with U6 Enterprises, but both are connected via a network switch on my local machine. The controller doesn’t need to run continuously.
They confirmed they can handle the setup for me. They suggested starting with Docker and using Synology for hosting. Eventually, I stayed to check if devices were connected. It looks like Cloud Gateway Ultra could be a ready-to-use option, so I wouldn’t need to set it up myself. Since it seems difficult now, Unifi Express might be worth considering, though its Wi-Fi AP isn’t necessary. I’ll look into alternatives similar to Pihole for Unifi devices and do some research.
You probably won’t require a cloud gateway after all. A simple ER-X could suffice instead.
Having the dream machine or dm pro or dm SE is beneficial as it lets you manage all your Ubiquiti devices through a single interface. I own the DM special edition and appreciate the POE ports. It has performed reliably and set up effortlessly. Pfsense works well, and I used it before purchasing the dream machine SE. I’d suggest it if you need full control over every network option and are ready to invest time in learning it. For me, the key reason to make the change was gaining control over my access points and switches.