IT Security Blog

Eliminate ongoing network costs with Ubiquiti

Written by Linus Espach | Mar 19, 2026 6:00:14 PM


What if you could reduce your running costs for your network infrastructure to zero and at the same time halve your operating costs?

Sounds too good to be true? But it is. Find out how in the following article.


What it's all about

  • Cost reduction through license-free SD-WAN, switches and access points from Ubiquiti
  • Reducing complexity through simplified Apple-like network management

The background

Modern networks need the following above all:
  • Healthy segmentation between internal networks (management, security, clients, IoT, OT, servers and guests)
  • High-performance, direct internet connection and WiFi
  • SD-WAN for networking locations with each other and connecting them to a data center and, if necessary, clouds
  • Easy-to-manage components (switches, APs, gateways), ideally centrally from a cloud with local fallback

The ever-increasing use of SaaS (M365, Atlassian, Salesforce, SAP, etc.) and IaaS (Azure, GCP, AWS) means that network requirements continue to fall. Especially in conjunction with modern SSE solutions (Internet and remote access), microsegmentation and other security features can be implemented easily and independently of the network.

Those who use Cisco, Aruba or Fortinet for this purpose pay a high annual sum for licenses and support while at the same time incurring high complexity and internal costs.

Cost reduction

With Ubiquiti, these costs can be reduced to zero. Ubiquiti is completely license-free, includes free support (which can be upgraded for higher requirements if necessary) and best of all: the infrastructure runs absolutely stable in auto-update mode.
So instead of spending 10s and 100s of thousands a year on switches, access points and SD-WAN, you can completely eliminate the costs. You get an extremely easy to set up and easy to operate network that updates itself fully automatically.
SD-WAN can be set up fully automatically in various architectural models (full-meshed or hub-and-spoke) in just a few seconds, even by an IT manager without day-to-day operations.
ISPs no longer need static IPs and can be clustered as required or compensated with 5G. High availability from WAN switches and gateways to internal switches and access points can be set up fully redundantly.
From our point of view, one thing is clear: there is currently no better solution on the market.

And what about security?

Ubiquiti has a built-in zone-based firewall, similar to fortigate. Rules can be defined globally for zones or even individual networks and devices in fine granularity. Both WiFi networks and regular VLANs can be micro-segmented with a single click if desired. East-West traffic, both within a location and across locations (via SD-WAN), can therefore be mapped fully and very efficiently. NAC (802.1.X) is also possible via a connectable Radius server. Ubiquiti leaves nothing to be desired at this point.

However, if you want extended security for web access (with TLS inspection, CASB, DLP, advanced threat protection, etc.) and micro-segmented remote access, it is better not to use the Ubiquiti VPN agent (which we find very poor) or do this (even if partially possible) on the gateways, but to use a major SSE solution such as Zscaler or Cloudflare on top. These then enforce security for both servers and clients regardless of location. This only requires Internet access, which Ubiquiti provides perfectly.

As can be seen here, the concept works as an absolute standalone version, especially for classic security requirements with NAC and firewalling. If you have more and more modern security requirements, complement your Ubiquiti setup with an SSE solution. Experienced and proven to work very well.
View full post