NEED SOME HELP?

Why do you think routers don’t have the ability to do a scheduled reboot.

Simple because it’s not required. On ADSL/VDSL circuits constantly rebooting the router is the last thing you should be doing. It less of an issue on FTTP but still not advisable. All you do is upset the ISP and it does zero for your own security.

I’ll leave the discussion there as clearly you have your own take on dealing with security some ok some very bad. 

I can't go into it on an open forum about the phones but I can assure you there are reasons why it would be taken and also be able to be used again, I'll have to leave that one there at that point.

If you use a PC etc as a personal diary then you are correct, if you use it as portal to the net in it's own isolation package the only thing at risk is the O/S itself, if you dedicate one hdd & O/S to being the front line with limited duties while using another hdd offline to do workloads it's never exposed.

My ability to counter things is based on my own maintenance schedules not whether there is a breach, most basic tip I can give others is auto re-boot the router regularly again something this Sagecom thing lacks as well.

Checking your mail addies is also a crucial thing to do, I found two of mine in the past on pwned guess what era they got compromised in? ISP D-Link.

Onta.

I'm sorry you feel that way but I also believe that you believe that by not having cloud service you are immune from having your data being made pubic. In many ways this is already out of your hands.

Check your email address online and see how many times it may have appeared in a data leak. Have you then changed your email address because of that. 

Your ability to counter any 'hole' discovered by a company isn't how fast you can do it but how fast the company informs you of the breach. Many breaches happen months previously so your reaction time is directly linked to the time after you have been informed of the data leak, not at the time of the breach itself. Then what do you do, change your email address of just your password or both.

I still don't get your analogy of the phone. Your secure yourself against potential theft by locking it. Absolutely doesn't stop a thief taking it, but locking it stop access, and believe it or not having cloud access to that phone would allow you to remote wipe that phone and even potentially find its location.

I've already done that for a neighbour who lost her phone and was able to track to where she lost it.

Hi Mr W,

I'm afraid it's the nature of the beast to have to focus on the negatives to be able to enjoy the positives, nothing is ever going to be foolproof tbh but it's how companies react when a hole is discovered and my ability to counter it fast. That D-link modem that was issued to me was probably the worst piece of IT equipment I've ever experienced & expected to last forever without any updates, when I asked for a new router because I could see the D-Link was past it's sell by date the answer was no which led me to return to using my own. That thing helped put me where I am today with things as although I didn't know what one was at the time it was constantly being attacked through denial of service attacks & a few other things I won't go into which led me to going back to my own router again. The Sagecom units I've been sent since are better maintained but lack even the most basic ways of preventing interference from both inside & outside of the home config wise.

The phone would still not be there when you got back even if you'd turned it off and in the old days removed the battery & simply by (not giving ppl ideas)  would dismiss any sort of chance of tracking it or getting it back.

On a positive I wouldn't have considered the Ubi equipment had you not mentioned it, you've piqued my interest in one now but I won't be getting one until I've done some more background on it but atm it looks the most feature rich unit out there at the price point & head & shoulders above the usual suspects, what is the wifi range like on them btw?

The reason I don't like cloud apps isn't because I feel the cloud isn't maintained properly it's simply because I don't want things like my family pictures, utility bills etc etc in any other hands other than my own even if they are allegedly encrypted, same applies with social media. You have to remember for every lock invented there had to be an inventor and that means physical or digital it's always going to have a way to pick it or reverse engineer it, the digital one is only practical because of the time it takes to pick it currently assuming the digits selected by the end user are also up to a good standard. Time will change this once the next gen computer chips that can crunch many times faster are on the market, Quantum?

All I'm looking for right now is the ability to not be locked into one router in particular, if Chris comes back with "it can't be done" then I'll have to weigh up the options and go from there and that doesn't mean toys out of the pram and leave but had I known I'd be getting a locked ONT I would've stayed on copper for now as I don't need fast BB to do what I use the net for, the pages take the same time to load and the only real upside I can see is updates are faster and the bandwidth for others in the home better for streaming tv channels, myself I didn't really need it as the contention on my copper line  wasn't high so I got the max speed it was able to deliver most of the day anyway.

Onta.

You like focusing on the negatives. As I’ve said cloud is entirely optional.

There was a lot of bad press about a data leak at UI but as you have mentioned this was a rogue employee holding the company to ransom. He got his comeuppance.  You would probably not have been aware of this story had I not mentioned Unifi.

Every single company is vulnerable to rogue employees, banks, shops, even your utilities company leaking personal data.

Your analogy of leaving a phone on a bar is only true if you choose not to secure your phone when you leave it and to be honest ridiculous. You don’t leave your house or car unlocked when you leave it do you.

Much of our life is now cloud based, as long as the correct security is in place the risks can be mitigated. If you start opening ports for port forwarding or managing a router remotely the risks are there.

Would businesses be using such devices if it was considered that the cloud options where any more vulnerable than any other cloud service. DrayTek, Cisco, Huawei all have had vulnerabilities in the past. Back in 2022 Cisco got hacked. These devices are used in multimillion pound corporations, do you see them throwing out the kit.

I’ve assisted where I can so will leave you to make a decision based on your findings. I hope you find a solution.

Hi Chris,

No dice I'm afraid nothing changed at all,

Tried non invasive measures first simply turning off the Vlan ID on the Sagefast, webpages stopped loading.

Tried to add to the 3rd party config & it still wouldn't connect.

Tried a factory restore on the 3rd party and used the wizard for set up, then tried the vlan settings's, iptv, ipv6, slack, stateless, QoS, DHCP etc etc etc still no joy, I did find an option in Routing to select either Lan/Wan or Wan but these are internal to the router not web facing options by the looks of things.

Look forward to your input/news on Monday when you're back behind the desk, enjoy the weekend.

Onta.

Cheers, configuration doesn't worry me it's anything cloud based as imo you might as well ask a stranger to mind your phone at the bar while you go somewhere else for a few minutes as proven by Ubi themselves when a staff member went rogue a couple of years ago, another convenience idea not thought out properly and no consideration to what can and does go wrong.

I'll tee up my options on it soon and decide which way to go unless Chris comes up with a worker next week, it might be for good reason that they want us to stick with their stuff but an explanation why would be nice.

Onta.

Cloud or remote access has been around since these devices were launched but it’s entirely optional and can be disabled. Either way you have full local access to configuration. From an admin point of view the cloud access is great because I don’t have to go to site to change settings. 

Note these are prosumer units and not plug and play so require a level of interaction to configure properly. That said most good routers should also provide options to customise all aspects of a network. 

Note the screenshot I post was from local access not cloud access.

I'm just going on what I'm finding as I go along tbh & the article that said about the cloud was an early report so maybe they've since adjusted things, I'll continue to read up on it & thanks for your help on it anyway.

Onta.

Sorry but you are wrong. The UDR and UDM series are fully configurable locally. The cloud is a valuable option allowing full Config remotely. You need to do much more research on these devices. If you don’t want to use the cloud option you can turn off remote access and fully configure locally. Believe I have 6 of these installed privately and for business clients. They are all local access and configuration. There are other devices called cloud keys etc but never used those and don’t intend too. 

Hi Mr W,

I posted it to give you a head start for potential future issues, I wasn't sure which of their products has been altered to strike off the Vlan 0 but thought you'd appreciate the news anyway.

I've done some more hard looking at it and I'm going to have to say it's not for me mainly due to the enforced cloud account to be able to fully configure it, it's a shame as the more I looked at it the more it became an option but with the potential that they may turn the 0 function off at a later date and the cloud thing it's just too much to spend on something that could be no more connectable than what I currently have but thank you for pointing it out to me anyway.

I'm guessing Chris is done for the weekend so it looks like Monday before this can progress.

Onta.

Was trying to upgrade from 7.4.92 to 7.5.156 and it no longer allows VLAN 0 in either the new or "legacy" interface. This breaks the ATT bypass which requires VLAN 0 to talk to the ATT gateway.

Well that’s interesting because 7.5.156 does not exist, but 7.4.156 does I’ve been running it and in fact now running 7.4.162 and it still has VLAN ID 0.

VLAN ID

The post refers to a USG which is a different device. 7.5 Will be another release in the future but nobody knows what it will contain or change and that can be said for every single firmware release for any device.

The UDR is their latest incarnation of the Dream Machine series but refer to it as the Dream Router instead. It is the same shape and size as the UDMBase unit (A Large Tictac).

If you are interested in these get on the community.ui.com forum and read about them and the support you get. These devices tend to be cheaper than the competition because support is generally through the community, support direct with Unifi is hit and miss. If you want 24/7 telephone support this costs businesses big money. 

Thx MrW.

That's a plus for Ubi that they continue to support the UDR series rather than have abandoned it like most other's do, it's a balance of buy expensive and it may do 6 years service with support or buy cheap and bin it 2 years later knowing support will be sporadic at best, as things move fast sometimes it's better to go the cheap route just to be able to not worry about chipset vulnerabilities which can't be fixed with a patch etc plus that shop that buys things gives something back out of the overall cost if you can't be bothered to sell it yourself from home.

I'll see what Chris has come up with today and update how it went later as I hate reading threads where there's a solution but the OP didn't bother to say what it was, oh yeah I got it working doesn't cut it for me, having read you in the past I think you're of the same opinion?

Onta.

Have a look at UK sellers such as 4gon.co.uk or NetXL.co.uk. They sell all Ubiquiti kit including the UDR and UDM. If cost is important then the UDR will fit the bill. It has POE, Wifi6 built in ethernet and storage for protect cameras. The UDR is no good for 1Gbps internet speeds, you don't say what speed you have. the UDR will max out at around 700mbps with not protection services enabled and around 550mbps with IDS/IPS enabled. The UDM series UDM, UDMPro and UDMSE and all more powerful and cost more. the UDM is the entry level device but does not include Wifi6 (Do you need it) and no POE or internal storage but good for 1gbps services. The UDMSE is big bucks and can handle much faster internet speeds.

Warning DO NOY BUY FROM AMAZON, they are not resellers and are not warrantied. Buy from a UK reseller or the UK UI site if in stock. The only caveat is the UK resellers only give a 1 year warranty where was buying from UI direct you get 2 years. Bear in mind this kit is prosumer, not plug and play.

Hi Mr W,

Yeah the problem I had was that most of the ones you can configure were either too expensive or not very secure or a combo of both, I had the AX82U in mind but Asus are constantly having to issue CVE patches plus it's always out of stock, the Vigor is just too much for what it is & after finding one of your old posts I had a look at the Ubiquiti but they're out of stock & Ubi seem to like to retain control of the unit more than other makers. Nothing is 100% but some of the names you'd assume would be on the ball really aren't. Asus I think suffers through popularity.

My journey into 3rd parties started when the D-Link that was supplied many years ago was like leaving a window open & I found out the hard way that simply plugging it in and relying on the isp to regularly update or configure was a bad idea. If anyone is interested in configuration etc search for RouterSecurity.org, it's an American fella who covers the lot Michael Horowitz on his own site, very focused & also his site & those he sends you off to to do tests are clean & clear of nasties & trackers. *edit if you have to admin*

I originally bought the AX when the install completed but took it back as it wouldn't connect, I then decided to buy it again for AP purposes plus it had dropped in price by 25% by then. I'm hoping simply turning off the Vlan fixes things as that means anything will work with it in future, if this becomes the case I'm off out to get a better unit & the one I have will be on Gummy soon.

Onta.

OK thanks 🙂