Unifi UDM Pro v PFsense

Site Notices

[ARCHIVED THREAD] - Unifi UDM Pro v PFsense

Posted: 2/11/2020 2:03:13 PM EDT

Any one snag one?

Majority of my network is UBNT but I use PFsense for my router/IDS and such. As much as I love PFsense thinking about picking one of these up and going full UBNT. I'm kinda liking the idea of having everything running under one GUI and simplifying my home network. Hardware running my PFsense is older but not really old. It's been 100% reliable. But it's old enough (6 or so years old) that I am starting to worry about it failing.

I don't run any crazy firewall rules. Mainly just different VLANS with restrictions on what can talk to my main LAN.

Thoughts?

Posted: 2/11/2020 2:24:36 PM EDT

[#1]

I've been through a handful of UBT APs from hardware defects. Killed the controller over corrupted mongoDB. Even with garbage supermicro hardware, my pfsense box has been more reliable. But I do utilize a bunch of the more less common features that I doubt I could get from a black box. Ymmv.

Posted: 2/11/2020 2:57:06 PM EDT

[#2]

UniFi Dream Machine Pro (UDM-Pro)

https://www.youtube.com/watch?v=AgJGuyDyP_M

Posted: 2/11/2020 3:02:07 PM EDT

[#3]

I'm very tempted to get on also to mount in my new rack.

Posted: 2/11/2020 6:03:17 PM EDT

[#4]

Quote History

Quoted:

https://www.youtube.com/watch?v=AgJGuyDyP_M

View Quote

I had watched Chris' video on it. That's what made me interested in it.

Posted: 2/11/2020 6:33:35 PM EDT

[#5]

I see it as more of a question of the interface. Can you easily get it to do what you want in Unifi?

Posted: 2/11/2020 9:01:29 PM EDT

[#6]

Quote History

Quoted:
I see it as more of a question of the interface. Can you easily get it to do what you want in Unifi?

View Quote

I've never played with one of their router/firewall appliances. With what I've seen using their APs and switches and the video linked above it would be. I really just need to do more research.

Posted: 2/11/2020 10:42:51 PM EDT

[#7]

Quote History

Quoted:

I've never played with one of their router/firewall appliances. With what I've seen using their APs and switches and the video linked above it would be. I really just need to do more research.

View Quote

If you go into ubiquiti's website, you can play around with Unifi in a test environment.

Posted: 2/12/2020 12:21:35 AM EDT

[#8]

If Suricata with the free ruleset is sufficient, it will be fine.

Posted: 2/12/2020 11:31:47 AM EDT

[#9]

I just setup my UDM Pro at home, to replace a EdgeRouter Lite and a Pi running the Unifi Controller. Getting used to the Unifi interface over the separate ERL one.

I'll tell you two limitations that some other nerds are going on about:
It doesn't (currently?) support IGMP Proxying, so if you want to control a Sonos it will need to be on the same vlan as what you control it with.
It doesn't (currently?) support the advanced json networking config that some other Ubiquiti hardware does.

Posted: 2/12/2020 3:05:33 PM EDT

[#10]

Attached File

Gotta ensure adequate ventilation for them. (Not my picture)

Posted: 2/12/2020 3:52:09 PM EDT

[#11]

Haha its gone critical!

Posted: 2/12/2020 3:52:45 PM EDT

[#12]

First Look: Ubiquiti Unifi Dream Machine Pro (UDM-Pro)

https://www.youtube.com/watch?v=xVK6tdu3_MU

Seems like it should still be in beta. I wouldn’t upgrade just yet. Plus the lack of redundancy for the hard drive aspec bugs me. Although most would run a dedicated nvr or a nas

Posted: 2/12/2020 6:08:04 PM EDT

[#13]

Quote History

Quoted:
https://www.AR15.Com/media/mediaFiles/77095/28a88df_jpg-1273526.JPG

Gotta ensure adequate ventilation for them. (Not my picture)

View Quote

Dang! UBNT working with NASA on the components so they don't melt?

Posted: 2/12/2020 8:05:21 PM EDT

[#14]

you already answered your own question when you said this

"It's been 100% reliable"

Posted: 2/13/2020 10:57:44 AM EDT

[#15]

Quote History

Quoted:
you already answered your own question when you said this

"It's been 100% reliable"

View Quote

Came to post this.

Posted: 2/13/2020 11:04:45 AM EDT

[#16]

Check out Untangle

Posted: 2/13/2020 12:16:41 PM EDT

[#17]

Quote History

Quoted:
I've been through a handful of UBT APs from hardware defects. Killed the controller over corrupted mongoDB. Even with garbage supermicro hardware, my pfsense box has been more reliable. But I do utilize a bunch of the more less common features that I doubt I could get from a black box. Ymmv.

View Quote

I've got quite a few Unfi networks I support at this point. Including one I built at home. The only thing I've had problems with is the Cloud Keys. They have been an ongoing issue w/ corruption of the SD cards and crashing. I love the hardware, but the controller is annoying. All of the Cloud Keys I deal w/ are Gen 1 and range from early to recent production.

Posted: 2/13/2020 12:38:00 PM EDT

[#18]

Firewall Feature Comparison 2020: pfsense, Untangle, USG, Dream Machine, UDM Pro, & EdgeRouter chart

https://www.youtube.com/watch?v=jL-CEM2f5Ec

Posted: 2/13/2020 1:43:05 PM EDT

[#19]

The killer for me on this is the fact it does not have POE on the 8 port switch. I wanted to consolidate another large switch and cannot due to this factor. However, I know this one kills my USG-4-Pro in terms of CPU utilization and capability with security features enabled and I do tend to use all available security measures. That means I will end up buying one anyway...sigh.

Posted: 2/13/2020 3:17:38 PM EDT

[#20]

op i wish you had posted this a few weeks ago. thats when i bought my pfsense/netgate sg-1100 - having something with a wireless controller and an extra port would have been really nice. oh well, this netgate works flawlessly. though understanding how to tell it to tag certain vlans on certain ports, etc is not at all intuitive (downright retarded actually, how the count some things starting at zero, others at 1, and yet others from high to low. WTF???) I was able to work through it to get it figured out.

plus, you can get a captive portal in pfsense as well, so i guess i got the right thing.

Posted: 2/13/2020 4:28:34 PM EDT

[#21]

I've had a USG Pro for about 3 years or so. Overall love it, the software has really evolved and for a Prosumer/SOHO user, its great. But I've never really paid a lot of attention to the IDS/IPS once I read about the impact on the firewall throughput. I have a 500 down/100 up fiber to the house ISP and don't want to impact the speed without a clear understanding of what I'm getting in return. Anyone using it and do you find it valuable?

Posted: 2/13/2020 5:46:59 PM EDT

[#22]

Quote History

Quoted:
I've had a USG Pro for about 3 years or so. Overall love it, the software has really evolved and for a Prosumer/SOHO user, its great. But I've never really paid a lot of attention to the IDS/IPS once I read about the impact on the firewall throughput. I have a 500 down/100 up fiber to the house ISP and don't want to impact the speed without a clear understanding of what I'm getting in return. Anyone using it and do you find it valuable?

View Quote

I use the IDS/IPS and until a week ago it was hardly running, never giving me feedback on threats so I have no idea if it was stopping anything. Now it has gone crazy without me applying any updates whatsoever and I see the threat by Geo location and the log is chock full of information. Thoughput isnt a problem at all and I am on a 1Gb/1Gb connection. Of course my DL/UP rate increases a bit when IPS is off, I hardly use enough of the bandwidth for it to matter even with Flightsim 2020 streaming content and everything else going on in my network domain.

Posted: 2/13/2020 7:16:58 PM EDT

[#23]

Quote History

Quoted:
I use the IDS/IPS and until a week ago it was hardly running, never giving me feedback on threats so I have no idea if it was stopping anything. Now it has gone crazy without me applying any updates whatsoever and I see the threat by Geo location and the log is chock full of information. Thoughput isnt a problem at all and I am on a 1Gb/1Gb connection. Of course my DL/UP rate increases a bit when IPS is off, I hardly use enough of the bandwidth for it to matter even with Flightsim 2020 streaming content and everything else going on in my network domain.

View Quote View All Quotes

View All Quotes

Quote History

Quoted:

Quoted:
I've had a USG Pro for about 3 years or so. Overall love it, the software has really evolved and for a Prosumer/SOHO user, its great. But I've never really paid a lot of attention to the IDS/IPS once I read about the impact on the firewall throughput. I have a 500 down/100 up fiber to the house ISP and don't want to impact the speed without a clear understanding of what I'm getting in return. Anyone using it and do you find it valuable?

I use the IDS/IPS and until a week ago it was hardly running, never giving me feedback on threats so I have no idea if it was stopping anything. Now it has gone crazy without me applying any updates whatsoever and I see the threat by Geo location and the log is chock full of information. Thoughput isnt a problem at all and I am on a 1Gb/1Gb connection. Of course my DL/UP rate increases a bit when IPS is off, I hardly use enough of the bandwidth for it to matter even with Flightsim 2020 streaming content and everything else going on in my network domain.

Thanks, I might turn it on and see what happens. Any tips and/or settings to try or not?

Posted: 2/13/2020 7:26:52 PM EDT

[#24]

I bit the bullet this week and installed a UDM Pro with the 8TB drive (three cameras). it was a pain in the ass but now everything is happy and working flawlessly with IDS turned on. CPU usage on the UDM Pro is around 10% peak.

this is way overkill for my needs, and sure would have been nice if they gave you a few POE ports on the built in switch, but I guess that's why it was only $379. Would be awesome if I had a provider to choose from with 10GB so I could use the SFP+ Wan port, but none around here at present.

Posted: 2/13/2020 8:03:37 PM EDT

[#25]

I would have liked at least a couple POE ports too but figured any more power draw and it would need far more fans or much more aggressive cooling. I don't notice it over the whirr from my PC's fans.

Posted: 2/13/2020 11:17:55 PM EDT

[#26]

Quote History

Quoted:
I would have liked at least a couple POE ports too but figured any more power draw and it would need far more fans or much more aggressive cooling. I don't notice it over the whirr from my PC's fans.

View Quote

did you have to factory reset yours out of the box too? Mine wouldn't boot and apparently I'm not alone.

ETA: I also had to manually enter DNS to get it to connect to the internet before it would upgrade

Posted: 2/14/2020 1:07:00 AM EDT

[#27]

Quote History

Quoted:
I would have liked at least a couple POE ports too but figured any more power draw and it would need far more fans or much more aggressive cooling. I don't notice it over the whirr from my PC's fans.

View Quote

That would be nice but I'm not worried about it.

I've been completely happy with pfsense. The idea of having my whole network under one management console really intrigues me. My PC running pfsense is prolly from 2012 or so. It runs without issue. I could just drop in a new hard drive and keep rocking. But part of me feels it's getting to time to replace hardware before a major failure and I have no interwebs. I guess this is just the IT guy in me.

I'm going to give it some time to see how people do with the UDM Pro in production type environments.

All my UBNT equipment has been solid! Love the stuff. I run a cloud key controller but I run it on a VM. Can't wait to get it installed in the house we just bought.

Posted: 2/14/2020 10:19:32 AM EDT

[#28]

Quote History

Quoted:

That would be nice but I'm not worried about it.

I've been completely happy with pfsense. The idea of having my whole network under one management console really intrigues me. My PC running pfsense is prolly from 2012 or so. It runs without issue. I could just drop in a new hard drive and keep rocking. But part of me feels it's getting to time to replace hardware before a major failure and I have no interwebs. I guess this is just the IT guy in me.

I'm going to give it some time to see how people do with the UDM Pro in production type environments.

All my UBNT equipment has been solid! Love the stuff. I run a cloud key controller but I run it on a VM. Can't wait to get it installed in the house we just bought.

View Quote

I had a couple of dozen pfsense boxes I supported for a long time. I really don't miss them. They've got more features than the Unifi stuff, but the Unifi interface works well and it's trivial to configure things. It's really nice to be able to setup a new network, assign it to a vlan, create a wireless network w/ SSID and push it out to everything in a couple of minutes. I don't have to configure all the boxes seperately.

Posted: 2/14/2020 10:55:34 AM EDT

[#29]

Quote History

Quoted:
That would be nice but I'm not worried about it.

I've been completely happy with pfsense. The idea of having my whole network under one management console really intrigues me. My PC running pfsense is prolly from 2012 or so. It runs without issue. I could just drop in a new hard drive and keep rocking. But part of me feels it's getting to time to replace hardware before a major failure and I have no interwebs. I guess this is just the IT guy in me.

I'm going to give it some time to see how people do with the UDM Pro in production type environments.

All my UBNT equipment has been solid! Love the stuff. I run a cloud key controller but I run it on a VM. Can't wait to get it installed in the house we just bought.

View Quote View All Quotes

View All Quotes

Quote History

Quoted:

Quoted:
I would have liked at least a couple POE ports too but figured any more power draw and it would need far more fans or much more aggressive cooling. I don't notice it over the whirr from my PC's fans.

That would be nice but I'm not worried about it.

I've been completely happy with pfsense. The idea of having my whole network under one management console really intrigues me. My PC running pfsense is prolly from 2012 or so. It runs without issue. I could just drop in a new hard drive and keep rocking. But part of me feels it's getting to time to replace hardware before a major failure and I have no interwebs. I guess this is just the IT guy in me.

I'm going to give it some time to see how people do with the UDM Pro in production type environments.

All my UBNT equipment has been solid! Love the stuff. I run a cloud key controller but I run it on a VM. Can't wait to get it installed in the house we just bought.

Yeah POE and 2nd hard drive slot some others have been asking for just would have run the cost up too, I probably wouldn't have bought it had it been more that $500.

With my work hat on I completely get not wanting to fix what isn't broken, but the tinkering side of me says NEW GADGETS AND TOYS.

Posted: 2/14/2020 10:57:53 AM EDT

[#30]

Quote History

Quoted:
did you have to factory reset yours out of the box too? Mine wouldn't boot and apparently I'm not alone.

ETA: I also had to manually enter DNS to get it to connect to the internet before it would upgrade

View Quote View All Quotes

View All Quotes

Quote History

Quoted:

Quoted:
I would have liked at least a couple POE ports too but figured any more power draw and it would need far more fans or much more aggressive cooling. I don't notice it over the whirr from my PC's fans.

did you have to factory reset yours out of the box too? Mine wouldn't boot and apparently I'm not alone.

ETA: I also had to manually enter DNS to get it to connect to the internet before it would upgrade

Mine booted but I didn't note what version it came with out of the box. The complications I had were forgetting I had DNSoverHTTPS turned on in my main browser, then the UDMPro wouldn't let me get out to my cable modem to check that it was connecting = no internet. Once I turned that off and did yet another cable modem reset and wait, it worked. About instantly did a version upgrade.

Posted: 2/15/2020 5:36:50 PM EDT

[#31]

Quote History

Quoted:

That would be nice but I'm not worried about it.

I've been completely happy with pfsense. The idea of having my whole network under one management console really intrigues me. My PC running pfsense is prolly from 2012 or so. It runs without issue. I could just drop in a new hard drive and keep rocking. But part of me feels it's getting to time to replace hardware before a major failure and I have no interwebs. I guess this is just the IT guy in me.

I'm going to give it some time to see how people do with the UDM Pro in production type environments.

All my UBNT equipment has been solid! Love the stuff. I run a cloud key controller but I run it on a VM. Can't wait to get it installed in the house we just bought.

View Quote

Look at the Mikrotik CCR1009-7G-1C-1S+PC...

Posted: 2/16/2020 11:04:36 AM EDT

[#32]

Quote History

Quoted:
Thanks, I might turn it on and see what happens. Any tips and/or settings to try or not?

View Quote

Well when enabled your GeoIP is disabled so there is that but I enabled all IPS policies to see how it runs and zero complaints. P2P has a policy that is noisy given how many legit peer to peer connections these days with gaming clients for example.

Posted: 2/16/2020 11:23:27 AM EDT

[#33]

Quote History

Quoted:
I've got quite a few Unfi networks I support at this point. Including one I built at home. The only thing I've had problems with is the Cloud Keys. They have been an ongoing issue w/ corruption of the SD cards and crashing. I love the hardware, but the controller is annoying. All of the Cloud Keys I deal w/ are Gen 1 and range from early to recent production.

View Quote View All Quotes

View All Quotes

Quote History

Quoted:

Quoted:
I've been through a handful of UBT APs from hardware defects. Killed the controller over corrupted mongoDB. Even with garbage supermicro hardware, my pfsense box has been more reliable. But I do utilize a bunch of the more less common features that I doubt I could get from a black box. Ymmv.

I've got quite a few Unfi networks I support at this point. Including one I built at home. The only thing I've had problems with is the Cloud Keys. They have been an ongoing issue w/ corruption of the SD cards and crashing. I love the hardware, but the controller is annoying. All of the Cloud Keys I deal w/ are Gen 1 and range from early to recent production.

The APs were the lites. Using an AC Pro now. So far so good. Their edge switch has been heads and shoulders above the Dlink it replaced. I guess coming from an Enterprise service provider day job I just don't have patience for such things. Even the fanboys I work with have had numerous hardware and software issues. I think there is a significant difference from the unifi and edge series. If the ap dies again I'll be looking for something else to replace it.

Posted: 2/16/2020 11:29:14 AM EDT

[#34]

Quote History

Quoted:

That would be nice but I'm not worried about it.

I've been completely happy with pfsense. The idea of having my whole network under one management console really intrigues me. My PC running pfsense is prolly from 2012 or so. It runs without issue. I could just drop in a new hard drive and keep rocking. But part of me feels it's getting to time to replace hardware before a major failure and I have no interwebs. I guess this is just the IT guy in me.

I'm going to give it some time to see how people do with the UDM Pro in production type environments.

All my UBNT equipment has been solid! Love the stuff. I run a cloud key controller but I run it on a VM. Can't wait to get it installed in the house we just bought.

View Quote

Yearly bonus is likely going to another 1U supermicro to run HA pfsense with floating vip. Just embrace the geek. I tried to do the backup HA pfsense as a VM on my desktop with dedicated NICs. Not sure if my network or brain hated that attempt more.

Posted: 2/16/2020 1:17:55 PM EDT

[#35]

Quote History

Quoted:

Yearly bonus is likely going to another 1U supermicro to run HA pfsense with floating vip. Just embrace the geek. I tried to do the backup HA pfsense as a VM on my desktop with dedicated NICs. Not sure if my network or brain hated that attempt more.

View Quote

I put together a SuperMicro 2U machine a few months ago...AMD EPYC 7272 with 128 GB of memory and 1TB nVMe...dual 10GbE NICs and it was actually surprisingly low in cost for that class of server. I need to see if I do a live physical to virtual conversion with it on a Linux machine. Done several Windows machines so far and it's been pretty interesting. Would be an interesting solution for pFsense I feel (I've got a copy of Mikrotik's CHR that is just for playing on it along with several PBXs, our NMS, Unimus and EVE-NG and haven't been able to load it up yet). I know after 2 months we've already been contemplating adding a second EPYC 7272 to it with an additional 128 GB of memory.

Anyway, I've been looking at some embedded stuff to run site routers in a new site topology I came up with for WISPs and I keep coming back to using ESXi with only one VM on it (though I don't know why).

Posted: 2/16/2020 5:15:34 PM EDT

[#36]

Quote History

Quoted:
Check out Untangle

View Quote

I'm a big fan of Untangle but I'd also take pfSense over any UniFi gateway as having used them I didn't care for them.

Posted: 2/16/2020 5:20:16 PM EDT

[#37]

On a side note I added up the cost of my router, core 10Gb switch, main POE switch, and secondary POE switch at home and it came out to over $5K with optics include at MAP

Happily I *only* have $3K in the hardware.

I need to stop as I have 3 networking cabinets between the house and the shop as well as a server rack with 200TB of storage.

Posted: 2/16/2020 5:22:48 PM EDT

[#38]

Quote History

Quoted:
On a side note I added up the cost of my router, core 10Gb switch, main POE switch, and secondary POE switch at home and it came out to over $5K with optics include at MAP

Happily I *only* have $3K in the hardware.

I need to stop as I have 3 networking cabinets between the house and the shop as well as a server rack with 200TB of storage.

View Quote

What's your power bill like?

Posted: 2/16/2020 5:46:03 PM EDT

[#39]

Quote History

Quoted:
What's your power bill like?

View Quote View All Quotes

View All Quotes

Quote History

Quoted:

Quoted:
On a side note I added up the cost of my router, core 10Gb switch, main POE switch, and secondary POE switch at home and it came out to over $5K with optics include at MAP

Happily I *only* have $3K in the hardware.

I need to stop as I have 3 networking cabinets between the house and the shop as well as a server rack with 200TB of storage.

What's your power bill like?

~$235mo average. We are all electric.

[ARCHIVED THREAD] - Unifi UDM Pro v PFsense

General » Urban Commandos

Warning

Confirm Action

About AR15.COM

Stay Connected

Newsletter

Contact Us