A year ago I was still using my trustworthy Edgerouter X-SFP with my 1G/1G optical fibre connection. The price per quality was excellent with that one, but I wanted more advanced features and was intrigued by one UI interface to control the whole system.
In this post I’m quickly going though the status of Unifi system I’ve been using and issues I’ve been facing.
First thing: Ubiquiti Dream Machine PRO is a rack mountable piece of technology, so a proper place for it has to be found. At the same time I bough the UDM Pro I ordered 6U rack cabinet that I installed above my network panel to hold all the needed equipment.
UDM Hardware specifications are quite powerful:
- Quad ARM Cortex-A57 Core at 1.7 GHz
- 4 GB DDR4
- 16 GB eMMC Storage
- 2x 10G SFP+ WAN/LAN ports
- 8x 1G RJ45 LAN Ports
- 1x 1G RJ45 WAN Port
- 1x 2.5″ slot for HDD (not included)
As seen above the hardware is more than enough to handle all the features. IDS/IPS can be handled at 3.5 Gbps
throughput that should be fine with 99.9% of optical fibre connections (if owning a 10G fibre and enabling all IPS/IDP features, the hardware can cause some downgrades to speed.)
As a summary hardware is great, no doubt of that.. but how about software then?
Software of UDM Pro is divided into multiple separate subsystems that are running in the same console. Those subsystems are: Network, Protect, Access, Talk, Identity and connect.
Generally I like the idea that everything can be controlled from a single endpoint. However, there’s one compromise with that: if the hardware fails, everything will go down!
I will be quickly going through only network and protect parts, since those are the only ones I’ve been using in the last year.
Software – Networking
Networking application handles all things from routing, VPN, IDS/IPS, Firewall etc..
The network user interface is something that seems to be a big deal to Uibuquiti. However, even though they have lots of cool widgets and neat stats can be pulled out of it, the configuration has not been a success. Every main networking features have been put under some really weird subtopic and those can be really hard to find from the UI. And once you find them, you only see that the feature you have been looking for can’t be done or is can only be done partially.. I’ll give you few examples:
- Going to configuration -> internet -> enable advanced -> add new dynamic DNS -> select provider.. you can’t add custom dynamic dns web hook in here, so you have to stay just the predefined ones!
- Going to firewall -> create new rule -> …where are network groups ? Seems like you can only specify network address groups, but you can’t create a custom group that is having multiple network groups.
- How about pseudo ethernet? .. meaning that having few IP address provided your ISP and routing those to different VLANs in your network. Well you guessed it, can’t be done.
…and the list goes on. These advanced configurations could be done with my old 70€ edgerouter x-sfp, but can’t be done in the UDM Pro. UDM is no longer using Vyatta OS (that were with Edgerouter seriers and former Unifi routers) and with new Unifi OS command line configuring is no longer possible. Well, it is possible, but those will be reverted on each reboot.
Even though there are some clear bugs and requested features, Unifi networking team seems to ignore those. Many times I’ve googled and issue and ended up into Unifi forums just to see that there’s a bug that has been open for 5 years (e.g. site-to-site vpn status)
The good part though, the IDS/IPS works well and you can see nice little stats from your network. Also you can configure all your Unifi devices from single endpoint. No need to log in every piece of machine separately to do some tweaking in your network.
Software – Protect
If the networking is pretty bad, the protect part is in the another end. In my opinion the Unifi protect is pure diamond. It has been working very reliably, has tons of configuration so that you can customise basically everything suiting your needs.
One of the best thing (if having a G4 camera) is the object detection! You can set camera to send you an alarm, if object (person and car currently supported) is detected. No longer false alarms on shadows or trees on a wind.
Recording to the UDM Pro can be set up as 24/7, record on motion or never, and those can be set per camera.
I’ve been using 24/7 recording with FiFo (first in, first out) type. So when the HDD runs out of space it will start to override the oldest recordings. With four 1080p cameras and a 8T HDD I’m having about 18 days buffer for recordings.
I’m having a mixed feelings about the UDM Pro. In the one end it’s a fully working ecosystem with some great features bundled with affordable price tag, but all the bugs and missing critical features makes it a bit of a odd device.
If you don’t need the advanced features (like multi wan through single fibre) or can manage without those, then the UDM Pro is a great choice. Just ensure those features are supported before ordering one.
- Single endpoint configuration
- Unifi protect
- Rack mountable (can also be a bad thing, depending on your setup)
- Powerful hardware
- Bugs and missing features on networking (can be a deal breaker)
- Hardware failure will take everything down
Would I recommend this? Yes, with a consideration. If you can manage without some advanced features, it’s still great product! I have not yet found a better affordable networking ecosystem yet. If next generation Unifi gateways will have some other than Unifi OS or they will fix Unifi OS issues, I’m definitely going for it.