You’re incorrect….UniFi offers IDS/IPS among a host of other things. Might be best to research UniFi a bit more.
Agreed, features many of theses feature consumers wouldn’t use but these features are exactly why I went with UniFi in the first place. Some features may be why Sense doesn’t play nice with it in 100% of the cases
Look I’m going to be gentle here and just end this conversation. I’m not incorrect, we were talking about AP’s, now you’ve moved onto Dream Machine, which is not an AP (the non-pro version can include an AP in the same housing). Second, they use Suricata. Suricata is purely signature based, like an antivirus program from 3 decades ago. Only worse, most signatures are simplistic, prone to false positives, and the alerts they generate do not provide much context to decide whether they warrant further investigation or can be ignored. This is the achilles heal of “free”. And because I was talking about Meraki AP’s here’s a rundown on what IDS/IPS on an AP looks like.
I know what security of infrastructure is, that’s what I do, day in and out. Ubiquiti products are fine for some people, but they are problem prone. I know this from experience, time and time again. I’m not here to argue and I can only offer my advice based on years in the industry and speaking to millions of people in the SecOps world.
I’ll leave you with some reading material if you choose. The point of the below articles, which are fairly recent, is to shed some light on the general consensus in the IT/Security world. While I’m sure anyone can find bad reviews and opinions on Cisco, Juniper etc, the point should be that most of these people think of Ubiquiti as a hobbiest or lab product. That’s a consensus that you wont find with other products.
If you are okay with what you have then great! Again, my point that I’ve reiterated over and over is to try a different AP by using a hotspot etc to help with process of elimination. I’m not here to bash on you, or Ubiquiti, but I personally wouldn’t ever recommend them. We are all entitled to our opinions and that’s what makes this world great.
Rude, but fair… to be honest I stopped researching much about their products years ago because they are what they are. I always read up on their new lines, scan for improvements, but ultimately they haven’t changed for the better. I am not, never have been and (most likely) never will be a Ubiquity pro…
https://www.reddit.com/r/Ubiquiti/comments/p64ize/is_ubiquiti_really_enterprise_graded/
Todd, I am a complete amateur in networking in comparison to you. I am not trying to prove you wrong. I just was stating that IPS/IDS is a feature inside my Uniquiti UDM, which is what this thread is based on.
I felt it was important to state that as maybe you, and or others, are not fully aware of what’s inside this unit. It’s nothing more, nothing less. Sorry to have ruffled your feathers as it certainly was not my intent.
No feathers ruffled here! You are correct that the thread title is UDM and that did escape me because in all my comments I was talking about just AP’s. So, yes you are correct that UDM, which is a dream machine/AP combo does have a form of IDS/IPS provided by the Dream Machine portion.
Glad to sort that out.
Agreed, Unifi has a history of issues with unstable firmware. I do think, like you pointed out, consumers are drawn to their products. This in itself may also be the cause of hiccups and issues in general. Turning on things and tweaking can likely cause problems for the inexperienced person.
As they say, a little bit of knowledge can be dangerous. I fit into that slot in regards to networking which is why I said I’d keep the UDM and toss the Sense. I hate everything to do with networking in general. When my network goes down, superlatives typically fly, just ask my wife 
Yeah, well when you work in it, it’s the other way around. They fly at me and 99% of the time it’s user error. Today I had someone call me mad because they couldn’t get on facebook, while at work, on their personal phone, which wasn’t connected to the network. I’ll give you a hint … “So I have to enter a password to login” was the reply… Sometimes all the education and continued security training and network engineering certs make me wonder why I get these calls. Patience is definitely needed.
I meant it couldn’t connect to wifi at all after I picked the ssid and entered the wifi password. Not a good choice of words.
I did fix the issue, no fault of sense (or even ubiquity I think). Although sense’s error message could be clearer maybe.
I tried to submit a post a few days ago but the forum was read only; maybe it was down for maintenance.
In the advanced wifi settings for the flexHD, the following option was enabled.
BSS Transition
Allow BSS Transition with WNM
I disabled it and now everything is working fine.
I’m not sure why it was enabled. I did do a firmware update on the flexhd so maybe it was that but I can’t rule out the possibility that I inadvertently switched that on.
I heard Ubiquiti can be flakely. I thought I’d try it as a homeowner looking for a better solution than a consumer level access point. It replaced a 20$ job from TP-link so I guess I went from one extreme to another. I originally planed to get one of the cheaper access points from ubiquiti but they were all out of stock at the time.
Should mention it was affecting the tp-link smart plugs as well which solved when I disabled the option.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.