I would disconnect it from the Internet immediately. And to keep the pain of separation from getting too bad, I’d comfort him under my comforter every night.
You’re talking about the good old NS7, right?
Regards…
Uwe
Salut @transocean
Yes, NS-7.
He is not directly connected to the internet. he’s on the Local LAN and protected by the UCG Ultra as shown on the first post.
Michel-André
1 Like
Hi @michelandre
@Andy_Wismer has also just made it very tasty for me.
2 Likes
I am also just as afraid of using “untrustable” hardware!
It’s just not the same thing if a no name company sells you a contaminated board or if Apple, a 3 billion dollar company sells you a compromised iphone.
Any halfway capable lawyer would gleefully take Apple down - if only to be the first one!
1 Like
I can’t believe the misconceptions in this here thread.
(root@gatewayu01) Password:
Linux gatewayu01 5.4.213-ui-ipq5322 #5.4.213 SMP PREEMPT Thu Sep 12 13:21:09 CST 2024 aarch64
Firmware version: v4.0.20
___ ___ .__________.__
| | |____ |__\_ ____/__|
| | / \| || __) | | (c) 2010-2024
| | | | \ || \ | | Ubiquiti Inc.
|______|___| /__||__/ |__|
|_/ https://www.ui.com
Welcome to UniFi Cloud Gateway Ultra!
********************************* NOTICE **********************************
* By logging in to, accessing, or using any Ubiquiti product, you are *
* signifying that you have read our Terms of Service (ToS) and End User *
* License Agreement (EULA), understand their terms, and agree to be *
* fully bound to them. The use of CLI (Command Line Interface) can *
* potentially harm Ubiquiti devices and result in lost access to them and *
* their data. By proceeding, you acknowledge that the use of CLI to *
* modify device(s) outside of their normal operational scope, or in any *
* manner inconsistent with the ToS or EULA, will permanently and *
* irrevocably void any applicable warranty. *
***************************************************************************
Last login: Sat Sep 7 21:54:55 2024 from 192.168.23.41
root@gatewayu01:~# uname -a
Linux gatewayu01 5.4.213-ui-ipq5322 #5.4.213 SMP PREEMPT Thu Sep 12 13:21:09 CST 2024 aarch64 GNU/Linux
root@gatewayu01:~# lsb_release
No LSB modules are available.
root@gatewayu01:~# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 11 (bullseye)
Release: 11
Codename: bullseye
Seriously.
Updates aren’t behind a wall. There’s no requirement for cloud anything. Jeez Louise. You simply cannot beat the price, no matter how much time you spend on Alibaba.
1 Like
Welcome to the club!
I would prefer Open Source, but hardware & software, for this price?
And I’ve seen the quality, enough of it, I’m very satisfied with the quality I’ve seen and used so far!
My 2 cents
Andy
2 Likes
Thanks for all the feedback about UCG Ultra firewalls.
I’d like to create a Feature request for NethSecurity/NethServer 8.
I really like the possibility on UCG Ultra to be able to create VPNs between the sites via the controller and I think that could be a nice feature for NethSecurity.
Summary of mentioned features in this thread:
Please correct me if I overlooked something.
You got a point. I think it’s better now on NethSecurity and NS8 than it was on NS7 due to the new UI but “advanced” records like TXT or SRV are still not possible without going to CLI.
Sorry, I don’t get it. Could you please explain?
Already planned, there or not supported
Really nice but not directly supported on NethSec/NS8.
Planned: A NethSecurity 8 Installation Attempt - #31 by giacomo
Already there: MultiWAN — NethSecurity documentation
Feature summary for request
- DNS records (TXT, SRV, …)
- VPN management via controller
- Allow reverse proxy redirect without requiring local certificates
Question
Which other features of UCG Ultra would make sense on NethSecurity or NethServer 8?
3 Likes
Salut @mrmarkuz ,
With NethServer-7.9, when redirecting a domain to a local server, you need to create a new certificate, in NethServer, for the local domain and tell the redirection to use this new cert to establish the communication.
With UCG Ultra, no such needs. You redirect to the IP of the local server and it will be that locat server cert that will be used to establish the communication. Much easier.
That is why I wrote that it is 'transparent".
Michel-André
2 Likes
Thanks, now I understand and you got another point.
In NS7 the reverse proxy didn’t redirect the acme-challenge and even in NethSec there’s no reverse proxy for port 80.
DNS validation could help but may not be possible in all cases.
I’ll add it to the feature request list.
3 Likes
Hi @mrmarkuz
One of the best features of the Unifi UCG-Ultra (but also their other boxes) is the fact that it’s a good “standardized” hardware box, easily available almost all over and just “works” - and all for a very highly competitive price.
I do understand that this is not possible for Nethesis, as they’re not really a hardware company.
The same goes for UI’s WiFi integration, also not easily possible.
But it might be a good idea to choose and present some standardized hardware (eg from HP, Dell, Supermicro or others) suitable for native installs for both Nethesis products. These could / schould include recomendations according to organization size, eg SMEs with 10-20 users, such with 20-50 users and larger.
This could be enhanced by providing integration with the hardware or similiar (iDRAK, iiLO, IPMI…) and additional monitoring (different levels for paying clients and open source for the rest).
Maybe deals can be arranged with the producers…
My 2 cents
Andy
2 Likes
Thanks for your feedback, unfortunately I can’t use it in the feature request. 
I’m afraid that using hardware boxes of the big ones with included management like ILO would make it much more expensive even with producer deals but it may be interesting for bigger companies.
AFAIK there already is some (recommended/tested/standardized?) hardware for NethSec as I saw some models at the last partner meeting.
1 Like
on nethesis nethshop there are some hardware appliances…
1 Like