Enabling the built-in intrusion detection system (IDS) activates traffic monitoring for security threats, handling speeds up to 850 Mbps. Notifiations of attemtped intrusions can be seen in the dashboard:
The rules are configurable and cover:
Deep Packet Inspection
The gateway is also able to fingerprint each client device on the network. Here’s a phone:
And here’s the DPI analysis of the same phone’s traffic patterns:
Using VLANs, I was able to segment the network between our basement suite, IoT devices, and guest access. Very configurable as I can continue serving Plex downstairs to the suite, while isolating all other systems and ports from our tenants.
Secure remote access to the home network is another great feature. I’ve used this already to connect in while on vacation. The L2TP server is very easy to setup and connect to from any Windows (or similar) system.
The Unifi controller software also allows remote management via an account secured with two-factor authentication.
The security gateway can serve up a honey pot on LAN networks to record any local clients that are performing unusual network scans. Very helpful for monitoring whether any systems on the LAN have been compromised by malware and are trying to gain further internal access.
Overall, the security features of the Unifi Dream Machine are compelling, despite the silly product name. I fully expect to handle the next decade with this new Unifi equipment providing a secure and performant home network.