TP-Link and Ubiquiti gear (specific questions)

Liver

Supreme [H]ardness
Joined
Oct 24, 2005
Messages
5,622
I need a new multi WAN router. I am looking at the TP Link ER605 because it supports 4 WAN ports. As odd as it sounds, I need those WAN ports, just to have some resemblance of connectivity.

So the rest of my network is Ubiquiti and I have the Ubiquiti controller to manage all the Ubiquiti gear.

TP Link uses Omaha SDN Cloud management. I can not figure out if Omada is required to use the hardware. If I get the router, it will be the ONLY TP Link piece of hardware I’ll own.

Do I need to ever use Omada once I set it up? Is there a monthly fee? I do not want a monthly fee and I dont want to buy the TP Link version of their controller either.
 

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
6,013
Wait, does Ubiquiti not allow you to have more than one WAN port? I thought it had that capability?
 
  • Like
Reactions: Liver
like this

Liver

Supreme [H]ardness
Joined
Oct 24, 2005
Messages
5,622
Wait, does Ubiquiti not allow you to have more than one WAN port? I thought it had that capability?

They do allow multiple WAN ports.
I use a USG with dual WAN in failover mode, works seamlessly.

Does Ubiquiti have anything thatll allow me to have 3 or 4 WAN ports? If they do, I’d rather get that and have it all in the same ecosystem.

Needs load balancing. Currently using a PepLink 20.
 
Last edited:

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
6,013
They do allow multiple WAN ports.
I use a USG with dual WAN in failover mode, works seamlessly.
That's what I thought. The real question is now is if it can do more than 2 wans. If it can, then it's just configuration. :)

Also, almost any enterprise router can do this. Even our old eol watchguard M200 could do this out of the box and could handle enterprise things like bgp, so passing anything custom to the ubiquiti would be easy to set up if needed. I can't believe how cheap these have become--they were $2000+ new (we paid $400+ open box in the CDW outlet), and now are well under $100 shipped. :eek:
https://www.ebay.com/itm/174916092921?hash=item28b9cfc3f9:g:aigAAOSwJ7Zh-smZ
https://www.ebay.com/itm/255362671951?hash=item3b74cd254f:g:jA8AAOSwc-Jh-DEn
https://www.ebay.com/itm/334170233978?epid=841111898&hash=item4dce191c7a:g:V3oAAOSwOZlhWy38
https://www.ebay.com/itm/265465715029?epid=841111898&hash=item3dcefd5955:g:yU8AAOSwxs9hMp4b

Full gigabit performance and more in the specs. I run 2x wans on ours now and could just as easily drop in up to 7 since it has 8 ports. I don't think I've ever seen the cpu usage even hit 5%. And we've got 500/50 on one wan and 120/15 on the other. The load balancing/multi-wan features are also some of the best I've seen to address static routes, sticky connections, etc. A lot of the small business stuff I've seen lacked this back when we got this.

Looking even a bit more, seems like sometimes the top end M400 fully updated is even going for just $100 shipped: :eek:
https://www.ebay.com/itm/194788437333?epid=4013101939&hash=item2d5a4bad55:g:lOcAAOSwGRZh-UtG

This is an insane price for what that box can do and when new it used to cost as much as a used car. :eek:
 
  • Like
Reactions: Liver
like this

Liver

Supreme [H]ardness
Joined
Oct 24, 2005
Messages
5,622
That's what I thought. The real question is now is if it can do more than 2 wans. If it can, then it's just configuration. :)

Also, almost any enterprise router can do this. Even our old eol watchguard M200 could do this out of the box and could handle enterprise things like bgp, so passing anything custom to the ubiquiti would be easy to set up if needed. I can't believe how cheap these have become--they were $2000+ new (we paid $400+ open box in the CDW outlet), and now are well under $100 shipped. :eek:
https://www.ebay.com/itm/174916092921?hash=item28b9cfc3f9:g:aigAAOSwJ7Zh-smZ
https://www.ebay.com/itm/255362671951?hash=item3b74cd254f:g:jA8AAOSwc-Jh-DEn
https://www.ebay.com/itm/334170233978?epid=841111898&hash=item4dce191c7a:g:V3oAAOSwOZlhWy38
https://www.ebay.com/itm/265465715029?epid=841111898&hash=item3dcefd5955:g:yU8AAOSwxs9hMp4b

Full gigabit performance and more in the specs. I run 2x wans on ours now and could just as easily drop in up to 7 since it has 8 ports. I don't think I've ever seen the cpu usage even hit 5%. And we've got 500/50 on one wan and 120/15 on the other. The load balancing/multi-wan features are also some of the best I've seen to address static routes, sticky connections, etc. A lot of the small business stuff I've seen lacked this back when we got this.

Looking even a bit more, seems like sometimes the top end M400 fully updated is even going for just $100 shipped: :eek:
https://www.ebay.com/itm/194788437333?epid=4013101939&hash=item2d5a4bad55:g:lOcAAOSwGRZh-UtG

This is an insane price for what that box can do and when new it used to cost as much as a used car. :eek:


You are talking about stuff way beyond my capabilities. I would love to have a router with 6 WAN ports and 2 LAN ports. Load balancing, rack mount.

In the future, I’ll be down to 2 internet sources (and they will be two different providers). At that time I’ll only need 2 or 3 WAN ports.
 

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
6,013
You are talking about stuff way beyond my capabilities. I would love to have a router with 6 WAN ports and 2 LAN ports. Load balancing, rack mount.

In the future, I’ll be down to 2 internet sources (and they will be two different providers). At that time I’ll only need 2 or 3 WAN ports.
The M200/300/400 might be right up your alley then as any port can be assigned to either lan or wan and there's vlans and advanced features if you want them too. Check out the user interface and research them as they'll probably blow away the tp-link. (y)
 
  • Like
Reactions: Liver
like this

Liver

Supreme [H]ardness
Joined
Oct 24, 2005
Messages
5,622
The M200/300/400 might be right up your alley then as any port can be assigned to either lan or wan and there's vlans and advanced features if you want them too. Check out the user interface and research them as they'll probably blow away the tp-link. (y)

As far as you know. Is this something supported from the factory? Meaning it has documentation, if it requires a custom flash. Well, it’s beyond my skill level to maintain.

Do you happen to know if it load balances? Of course I’m off to research it.

I’m starting the research without any prior information.
 

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
6,013
As far as you know. Is this something supported from the factory? Meaning it has documentation, if it requires a custom flash. Well, it’s beyond my skill level to maintain.

Do you happen to know if it load balances? Of course I’m off to research it.

I’m starting the research without any prior information.
Absolutely--its baked into the stock firmware and has been around since the xtm22w that we initially started with. Here's a link to the documentation for the network interfaces and for multi-wan:
https://www.watchguard.com/help/doc.../Fireware/networksetup/net_setup_about_c.html
https://www.watchguard.com/help/doc...en-US/Fireware/multiwan/multiwan_about_c.html
https://www.watchguard.com/help/doc...US/Fireware/multiwan/multi_wan_options_c.html
https://www.watchguard.com/help/doc...US/Fireware/multiwan/multi_wan_adv_set_c.html
https://www.watchguard.com/help/doc...Fireware/link monitor/link_monitor_about.html

I can also hand hold you through multi-wan if you need it. I've been running multi-wan since 2004 starting with 3x wans, and then these units for the last few years now with 3x and now 2x wans. :)
 
  • Like
Reactions: Liver
like this

Liver

Supreme [H]ardness
Joined
Oct 24, 2005
Messages
5,622
I really really appreciate it.

How much more set up is required for a typical home user? So, I’m a guy that needs multi-wan at home, and I’m interested in my network, but at the end of the day I need it to work.

Right now I have my PepLink plugged in and set up, but it’s lacking in WAN.

Do I need to set up all the security features or are some of them pre set, so basically I can’t hang myself?

Edit. Also doesn’t have a monthly fee? I do NOT see one, just verifying.
 

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
6,013
I really really appreciate it.

How much more set up is required for a typical home user? So, I’m a guy that needs multi-wan at home, and I’m interested in my network, but at the end of the day I need it to work.

Right now I have my PepLink plugged in and set up, but it’s lacking in WAN.

Do I need to set up all the security features or are some of them pre set, so basically I can’t hang myself?

Edit. Also doesn’t have a monthly fee? I do NOT see one, just verifying.
You're welcome. :)

It's a bit more for sure, but not much more than say a top of the line asus with all the bells and whistles. Some things that are usually brain dead simple on consumer like port forwarding might require a lot more work in the firewall rules to implement the same thing. But you also have granular control like you wouldn't believe. I actually have rules to prevent certain systems from windows updates (thin clients) as well as blocking devices like printers from even reaching the Internet. You can even do crazy things like mac bind and block on the wired connections so no mac address that you don't explicitly specify can even connect to your network. And you can set up one lan port like this and then have another that's wide open for an access point. It's extremely powerful.

Now, if you've worked with a peplink, you've worked with the very best in multi-wan. They have been doing multi-wan since before it was even a thing. I could never afford a peplink because it was a grand back in the day so I settled on the Cisco rv016 which could handle up to 7 wans and had basically the same interface as the consumer linksys products so there wasn't such a learning curve. If you can afford a peplink that meets all your criteria, I would run towards that solution in a heartbeat because it is literally the best tool for the job that's in front of you.

Yep, it's locked down like a normal router should be out of the box. In fact, with most enterprise routers stuff is turned off more than on, so like on my Fortigate that I got to play with I had to actually turn on access to the Internet and between lan devices. For the watchguard, it's configured out of the box with one lan and one wan and then you can go from there once you get into the webui:
https://www.watchguard.com/help/doc...llation/firebox_cables_connect_about_wsm.html

Now the advanced security features are not enabled by default and typically require a subscription. Their warranty on the hardware and support works like that too, so that as long as a box has a subscription it's under hardware warranty and you have access to support. But the good thing is none of this is required so you can buy and older one and just run with it if you want without any subscriptions or warranty or support. That's how we started out with an xtm22w because we needed better uptimes than we were getting from our previous gear.
 
  • Like
Reactions: Liver
like this

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
6,013
Looks good--solid deal for sure! Still shocked at how cheap you got it for. :) I wish they would have shown a shot of the 3 lights because that's really what lets you know if it's booted or not. I would message them for the login info and they should reply that it's factory reset or give you the login info.

Once you get it, plug a power cord to it and it will with either turn on fans blazing or you will need to press the very small silver circle button on the front to turn it on. (I can't remember if the fans simmer down or not, but if you rack mount this somewhere, it's not going to be any louder than anything else 1u.)

Once it's powering up, watch the stacked 3 leds on the left side as well as the ethernet ports. Because there are no cables plugged into the ethernet ports, you shouldn't see any lights lit there. (Not necessarily a dealbreaker if you do, but it isn't normal ime.) The 3 stacked lights are the following top to bottom--power, status of the box, disk activity.

Immediately after power up, you'll have green, red, amber. At some point the middle one should also go green so that it's green, green, amber (if there's any disk activity). If the middle one DOES NOT go green, see if you can connect to the lan port per the instructions and get to the webui. If not, then you're going to have to attempt the reset procedure which will hopefully work. Otherwise you'll need to get in touch with the seller as it would be doa:
https://www.watchguard.com/help/doc...p_upgrade_recovery/recovery_procedures_c.html

Oh, and found this page about the security features and how all that works from their mouths vs mine: :D
https://www.watchguard.com/help/doc...are/basicadmin/subscription_expiration_c.html

Hope this helps!
 
  • Like
Reactions: Liver
like this

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
6,013
Really curious how this turned out. :) And kinda curious how that M200 worked out and how the seller was as it seems mine is acting wonky and will need to be replaced.
 
  • Like
Reactions: Liver
like this

Liver

Supreme [H]ardness
Joined
Oct 24, 2005
Messages
5,622
Really curious how this turned out. :) And kinda curious how that M200 worked out and how the seller was as it seems mine is acting wonky and will need to be replaced.

Thanks. Finally had a little time to check it out. The middle light never turned green, and I can’t seem to log into it using 10.0.1.1:8080

Reset procedure for the M200 did not work (the light never went green).

The left port is my computer and the right one is connected to my switch.

Thoughts?

71E89D46-C822-46E5-A9C5-CF8657866340.jpeg
 

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
6,013
Thanks. Finally had a little time to check it out. The middle light never turned green, and I can’t seem to log into it using 10.0.1.1:8080

Reset procedure for the M200 did not work (the light never went green).

The left port is my computer and the right one is connected to my switch.

Thoughts?

View attachment 451181
Bummer. :(

I would try booting it up with nothing but the power plugged in. It should go green after some time (just walk away from it for say 20-30 minutes just to rule out anything). If it doesn't, I'd contact the seller for a refund/exchange as it's pretty much going to need refurbing by someone who knows how to load the firmware on one of these.

Now if you want to mess with it, there is a serial port available to see the boot in terminal if you've got the cable--that's what the first rj45 port is for to the left of the usb ports. But honestly, this is the seller's issue as they should have checked that it was all green before selling it. Worse case, you can get a refund and then get another one from someone selling one that has pics of the top two lights green.

If the seller gives you a refund and lets you keep it, I might be interested in it since it seems its my hardware that's having issues and not the software. I don't know how locked down these things are or how swappable the storage is, but I might be able to use yours to frankenstein mine back to 100% life (right now I can reboot it a couple of times and it will come back to 100% life).
 
  • Like
Reactions: Liver
like this

Liver

Supreme [H]ardness
Joined
Oct 24, 2005
Messages
5,622
I’ll have to check the auction rules again, but I believe it was pretty much as is. I’ll look.

I do have that serial cable. I used it because I have a couple of POE switches that I needed to program (I have to sell those switches, come to think about it).

Do you have any link or article on how to reload the firmware? I’m willing to try, but not gonna invest a bunch of time.
 

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
6,013
I’ll have to check the auction rules again, but I believe it was pretty much as is. I’ll look.

I do have that serial cable. I used it because I have a couple of POE switches that I needed to program (I have to sell those switches, come to think about it).

Do you have any link or article on how to reload the firmware? I’m willing to try, but not gonna invest a bunch of time.
I checked the auction too just to make sure and they specifically said it was 100% working so I think you've got a good case for a refund/exchange. (y)

I haven't looked into it much with the serial cable, but since mine is getting on the fritz too, I'll try to do some research and share what I find out. It can't be super-hard as a lot of people will load pfsense onto these and use them that way.

So in some quick research it seems these use an sdcard for their boot media and also use an arm/non-x86 processor so pfsense is out (as of the posts I saw). I know something else like vyn-something does run on them as someone I knew had loaded it onto an m300 they were selling.

With these having an sdcard that potentially can have problems over time, I think that's where the issue might be with yours and maybe even mine. I'll work on mine this evening and see what I can figure out. Here's a link that seems to show the boot menu across the serial link as well as an image of the system board:
https://forum.netgate.com/topic/151155/watchguard-m200-m300

That 'safe mode' option seems like a good one to try and is where I would start. But keep in mind that the seller said this was 100% working so I'd talk to them first before doing anything. If they refund you and let you keep it, it's worth playing with to get running. But even better if they know exactly what's wrong and can simply send you an sdcard with instructions or an even swap, that would be even better for you as you could focus on actually using it. (y)
 
  • Like
Reactions: Liver
like this

Nicklebon

Gawd
Joined
May 22, 2006
Messages
878
I'll throw in that Minos stands behind their auctions. I've bought a lot of gear from them over the years and never had any problems with returns even when it was clear UPS caused the problems.
 

Liver

Supreme [H]ardness
Joined
Oct 24, 2005
Messages
5,622
So looks like its dead, and the seller told me to initiate a return. Thats what I’ll do.

I’ll keep running the PepLink until I can not, and then switch to Ubiquiti (if available) or the original TP-link.

Thanks again.
 

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
6,013
I'll throw in that Minos stands behind their auctions. I've bought a lot of gear from them over the years and never had any problems with returns even when it was clear UPS caused the problems.
Great to know. :) It was definitely a solid price for the unit.
 

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
6,013
So looks like its dead, and the seller told me to initiate a return. Thats what I’ll do.

I’ll keep running the PepLink until I can not, and then switch to Ubiquiti (if available) or the original TP-link.

Thanks again.
Hate that you've given up on the M200, but if you revisit it again, feel free to reach out. By that time I'll have gotten mine back to 100% if it's not something wrong with the hardware--which even if it is, is really cheap to just get a replacement.
 

xx0xx

Gawd
Joined
Oct 20, 2005
Messages
765
Would one of these be a good upgrade from an ER-X? I don't need multi-WAN but these are interesting boxes to me, especially at the used prices.

Currently use SB8200 modem -> ER-X router -> Unifi AP -> 2nd Unifi AP (meshed). My service is 300/25.

Looking for something with more power than the ER-X, curious about the QoS capabilities of the M200/300/400. Maybe I don't need it, but I feel like even with a constant 300/25 connection from ISP that is pretty rock solid, that sometimes a couple of devices (or even two connections from one device, like watching video + downloading/uploading something) fight over bandwidth and one causes the other to stutter/etc periodically. I'm honestly being just super nitpicky about something that might not be solveable, because 95% of the time I don't notice any issue..

Still wouldn't mind having a box with way more power than the ER-X, though. QoS causes ER-X to max out at 200mbps down, maybe less because QoS disables hardware-offloading and it gets CPU-bottlenecked.

Though ER-X is fanless, and I would be concerned about moving to a device with fans as I am pretty highly sensitive to fan noise... hrmmmmmm
 

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
6,013
Would one of these be a good upgrade from an ER-X? I don't need multi-WAN but these are interesting boxes to me, especially at the used prices.

Currently use SB8200 modem -> ER-X router -> Unifi AP -> 2nd Unifi AP (meshed). My service is 300/25.

Looking for something with more power than the ER-X, curious about the QoS capabilities of the M200/300/400. Maybe I don't need it, but I feel like even with a constant 300/25 connection from ISP that is pretty rock solid, that sometimes a couple of devices (or even two connections from one device, like watching video + downloading/uploading something) fight over bandwidth and one causes the other to stutter/etc periodically. I'm honestly being just super nitpicky about something that might not be solveable, because 95% of the time I don't notice any issue..

Still wouldn't mind having a box with way more power than the ER-X, though. QoS causes ER-X to max out at 200mbps down, maybe less because QoS disables hardware-offloading and it gets CPU-bottlenecked.

Though ER-X is fanless, and I would be concerned about moving to a device with fans as I am pretty highly sensitive to fan noise... hrmmmmmm
I actually looked at the ER-X back in the day because it was the most bang for buck in a router period that could also handle IPsec vpn tunnels. Ultimately their multi-wan was too buggy back then so we passed. If noise is an issue, I don't think the the M200+ would be a good fit as it does have a 1U fan that does have a high pitch and is initially server loud at startup. It does settle back down, but it's a constant noise that is there like a server at idle. But from a performance standpoint, I think the M200+ would blow away the ER-X--it's pretty fantastic for what it can do at the price.

Seems like the one that Liver got wasn't completely refurbished and didn't have the factory SD Card in it or even the rack ears when it shipped--hence why it was doa. If a listing shows 2 green lights, you should be golden. And worse case you should be able to sell it locally for the same price you paid because these have a lot of value at these prices.
 
  • Like
Reactions: xx0xx
like this

xx0xx

Gawd
Joined
Oct 20, 2005
Messages
765
Gotcha. For noise reasons if I upgrade, I may just splurge and go with one of those aliexpress/amazon NUC-likes with a powerful CPU and then throw OPNSense or PFSense on it. Some of those can be powerful and still fanless because of using the chassis as a heatsink.

Otherwise I suppose I could try to mod a Noctua replacement 1U fan or something into an M200+ but might not be worth the effort (or effective enough to properly cool it)
 

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
6,013
Gotcha. For noise reasons if I upgrade, I may just splurge and go with one of those aliexpress/amazon NUC-likes with a powerful CPU and then throw OPNSense or PFSense on it. Some of those can be powerful and still fanless because of using the chassis as a heatsink.

Otherwise I suppose I could try to mod a Noctua replacement 1U fan or something into an M200+ but might not be worth the effort (or effective enough to properly cool it)
I would never, ever in a million years get anything 'direct from china' to be used as a firewall [to keep them out]. It's bad enough that most stuff even sold by companies here in the US is made there, but at least the companies I know that are doing this also watch their chinese vendors like a hawk for all the funny business that's done in that part of the world.

I think you could easily just attach a usb fan or some other fan solution and cool it without any noise since it looks to use some standard motherboard headers and leads off the power supply (I think I even saw some spare molex in the pictures I've seen online). You can probably even disconnect it entirely because even though I have multiple ipsec tunnels and wan connections, ours never gets even above 0 on the cpu load graphs. Doesn't seem like our loads phase it a bit, so in a home environment it would probably do the same.
 

xx0xx

Gawd
Joined
Oct 20, 2005
Messages
765
If I go the NUC-style route I could always go Protectli, or even build my own, if I want to avoid lesser-vetted products
 

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
6,013
If I go the NUC-style route I could always go Protectli, or even build my own, if I want to avoid lesser-vetted products
There's a lot of good stuff out there for routing like that and Netgate. But then there's the price and where their products fall in the router space. The M200+ were $2000+ routers when they came out, so they were designed to be in a different league than the opensource or even small business routing solutions out there. It's one of the reasons we got ours since it was sitting for <$500 in the CDW outlet a few years back. And that same unit today for $50 shipped is just unreal. It's like getting a used Lambo for the price of a used Civic. :eek:
 
  • Like
Reactions: xx0xx
like this

xx0xx

Gawd
Joined
Oct 20, 2005
Messages
765
Hrm, just noticed the Watchguard Firebox T40 and other models. Apparently the T40 has no fan, and the T80 has one that basically never activates. Maybe their T series is worth a look. Can get a T40 on ebay for $100

I have to imagine these are far more powerful than the ER-X. Though because they are firewall appliances, I wonder if I'll be missing some "router" configuration stuff I'd normally be used to... have never used a firewall appliance AS a router before, so I'm not sure what to expect
 
Top