Recently I have upgraded my home network with the Unifi Dream Machine Pro (UDM Pro). A single device that is your security gateway, network controller, NVR, and even can run your VoIP system and security access system. All this combined with a really high throughput makes it a true dream machine. In this review, we are going to take a closer look at the UDM Pro, how to install and configure it, and see how it compares with the UDM, USG Pro, and Cloudkey Gen2.
My old home network existed of an EdgeRouter X with a Cloudkey Plus Gen2 running the Unifi Network and Protect controller. With the upgrade of my home network, I also took the time to build an Unifi styled mini rack. You can read more about the rack in this article.
Let’s first take a closer look at the Unifi Dream Machine Pro, what is it, what can it do, and what makes it such a great device?
UDM Pro Review
The Unifi Dream Machine Pro is the most versatile and powerful security gateway in the Unifi product line. It gets its processing power from its 1.7 GH quad-core processor making it capable of delivering a high throughput even with DPI (deep packet inspection) and SQM turned on.
Running on the new Unifi OS, it can host the all the current and future Unifi Controllers:
- Unifi Network
- Unifi Protect
- Unifi Access
- Unifi Talk
This means that you only need one device, and only have one interface to manage all the aspects of your network.
The high throughput that the Unifi Dream Machine Pro can deliver is important if you want to use all the (security) features that Unifi has to offer on a fast internet connection. Threat Management, for example, is a security feature that scans your network packages and proactively blocks network traffic from a known security threat.
And with SQM you can prevent bufferbloat, a problem where your router is pushing more data on the internet connection than it can handle.
Features like these require a lot of processing power, something most routers/firewalls lack. If we take a look at the old USG for example, as soon as you enable SQM or Threat Management on it, the connection speed will drop to max 60mbps or so.
When we take a look at the technical specifications of the Unifi Dream Machine Pro then we can see where the processing power comes from.
|CPU||1.7 GHz quad-core processor|
|Memory||4 GB DDR4|
|On-Board Flash Storage||16 GB eMMC|
|Display||1.3″ Color Touch Panel|
|IDS/IPS Throughput||3.5 Gbps|
|Max SQM Throughput||800 Mbps|
|WAN Ports||1x Gigabit RJ45 and 1x 10G SFP+|
|LAN Ports||8x Gigabit RJ45 and 1x 10G SFP+|
|Harddisk||3.5″ HDD Bay (also supports 2.5″ HDD)|
|Max Power Consumption||33 Watt|
|Dimensions||442.4 x 43.7 x 285.6 mm|
What you don’t see on the specification are PoE ports. The UDM Pro doesn’t have any PoE ports which is really a shame. If you want to use the UDM Pro in a small network with a couple of cameras or an access point, you will need to either use the PoE Adapters or buy a US-8-60w switch.
The 10G SFP+ ports are a great addition for use cases in a large network where you want to have a high throughput between your switches. You can also use one SFP+ port as an extra port for your LAN connection with the use of an RJ45 1G module.
With the extra 10G SFP+ WAN port, you can create an auto fail-over WAN connection. Load balancing between two WAN connections isn’t supported (yet?) on the Unifi Dream Machine Pro.
Hard drive for NVR
To use Unifi Protect on the Dream Machine Pro you will need to install a hard drive. The UDM Pro doesn’t come with a hard drive included, unlike the Cloudkey Gen2 Plus for example.
When you choose a hard drive for the UDM Pro, then make sure you pick a drive that is designed for use in a NAS or surveillance system (NVR), for example:
The amount of storage you need really depends on the number of cameras you have, when you record, at what quality, and how long you want to keep it. To give you an idea, for the Unifi Doorbell and camera I have is a 2TB hard disk more than enough to keep the recordings for 30 days.
If you want to know more about Unifi Protect, then make sure your read my review about it.
Unifi Dream Machine Pro Touch Screen
Just like all the Gen2 19″ routers and switches from Unifi comes the UDM Pro with a 1.3″ color touch screen. The touch screen allows you to pull up different stats about the UDM Pro and the controllers that it’s running:
You can also shut down or restart the UDM Pro from the touch screen and change the brightness and color of the screen.
A really nice detail is when you have multiple Unifi devices in your rack with a touch screen, that they will sync. So you can pull up the throughput on one device, and all the devices in the rack will also show their throughput as well.
Redundant Power Supply
Just like on the other Gen2 devices from Unifi can you provide redundant power to your UDM Pro. It has a proprietary power port which you can connect to an Unifi SmartPower RPS.
It will automatically switch over to when the internal power supply of the Unifi Dream Machine fails, preventing any interruption.
Internet Threat Management
The Unifi Dream Machine Pro is not only your network controller, but also your securtity gateway. It comes with a built-in firewall and advanced threat management system, just like the Unifi Security Gateways.
The Internet Threat Management is built upon different security features that you each can enable and configure to your liking. You can start with just logging the events, which I really recommend doing the first couple of weeks before you start with automatically blocking the traffic. This way you can check if the threats are really malicious traffic or not.
The security features that you can enable are:
- IDS/IPS scanning on:
- Virus and Malware (Botnets, Malware, Trojans and Worms)
- P2P and TOR
- Internet Traffic (based on known active x, web apps, user agent, web client vulnerabilities)
- IPs with bad Reputation
- Attacks against Network Protocols
- Internal Threat Scanner (scans connected clients for known threats)
- Internal Honeypot (helps to detect malware, worms, and other malicious traffic in your network)
- Restrict access to known malicious IP Addresses
You can also choose between 5 preset configurations that range from maximum performance to maximum security.
How does the Unifi Dream Machine Pro compare?
As you can read in this review is the Unifi Dream Machine Pro a great all-in-one security gateway for your network. But how does the UDP Pro compare to the other security gateways and controllers that Unifi has to offer?
Unifi Dream Machine Pro vs Cloud Key Gen 2
Comparing the Cloud Key Gen2 with the UDM Pro isn’t a fair comparison to be honest, because the Cloud Key Gen2 is only a controller for your Unifi Network and Unifi Protect. To get the same features as the Unifi Dream Machine Pro you will need to add a USG as well.
If we only look at the Unifi Protect side, then the biggest difference is in the number of cameras supported and the maximum storage size.
|UDM Pro||Cloud key Gen 2+|
|HD (1080p) Cameras supported||50||20|
|4K Cameras supported||15||6|
|HDD included||No||Yes – 1TB|
|Max HDD Size||16TB||5TB (2.5″ only)|
The problem with the Cloud key Gen2+ is that a large disk physically doesn’t fit because of the limited height of 15mm. Also, only disks that use 5v are supported.
If you have a Cloud key Gen2 and you want to same features as the UDM Pro, then you will also need to add a USG.
Unifi Dream Machine vs USG
So let’s add the USG as well to the comparison. The USG is one of the most affordable security gateways from Unifi. But it’s also the slowest security gateway, without DPI or SQM is it capable of reaching a 1Gbps throughput.
But the throughput will drop when you turn on any of the security features. The slow CPU is really a bottleneck for the USG.
|CPU||1.7 GHz quad-core||Dual-Core 500 MHz|
|Memory||4 GB DDR4||500 MB DDR2|
|On-Board Flash Storage||16 GB eMMC||2 GB|
|LAN||(8) 1G RJ45 Port, (1) 10G SFP+ Port||(2) 1G RJ45 Port|
|WAN||(1) 1G RJ45 Port, (1) 10G SFP+ Port||(1) 1G RJ45 Port|
|IDS/IPS throughput||3.5 Gbps||85 Mbps|
|Max SQM throughput||800 Mbps||60 Mbps|
|UniFi Controllers||Network, Protect, Access, Talk||None|
|UniFi Smart Power||Yes||No|
The total price of a Cloud key Gen2+ and a USG is $338. For that price, you can almost buy a UDM Pro which is a lot faster and comes with more features. Only keep in mind that you will need to buy an HDD as well. A Western Digital Purple of 1TB (same size as the Cloud key) costs around $50.
UDM vs UDM Pro
Ubiquiti made with the UDM the first all-in-one device for home users. The Unifi Dream Machine (UDM) is designed to be placed insight, and comes with a built-in access point. While they share pretty much the same name, they are actually quite different.
|CPU||1.7 GHz quad-core||1.7 GHz quad-core|
|Memory||4 GB DDR4||2 GB DDR2|
|On-Board Flash Storage||16 GB eMMC||16 GB eMMC|
|LAN||(8) 1G RJ45 Port, (1) 10G SFP+ Port||(4) 1G RJ45 Port|
|WAN||(1) 1G RJ45 Port, (1) 10G SFP+ Port||(1) 1G RJ45 Port|
|IDS/IPS throughput||3.5 Gbps||850 Mbps|
|Max SQM throughput||800 Mbps||600 Mbps|
|UniFi Controllers||Network, Protect, Access, Talk||Network|
|UniFi Smart Power||Yes||No|
|Built-in Access point||No||802.11ac 4×4 MU-MIMO for 5 GHz |
802.11n for 2.4 GHz
|Dimensions||442 x 43 x 285 mm||ø 110 x184 mm|
The UDM is really your all-in-one network-only device. If you don’t need Unifi Protect, don’t have a lot of wired devices, and don’t mind placing your router insight, then the UDM is the perfect device for you.
And even if you don’t want to place the UDM in your living room, then it’s still a great device. You can expand your network on it with the Unifi (PoE) switch, hook up a couple of Unifi Access Points and you will have a fantastic home network. And the throughput of the UDM is high enough for most home internet connections.
The UDM Pro needs a lot of room, or a mini server rack to be placed in. And when you install a hard disk for Unifi Protect, then it will also make some noise due to the fans that need to cool down the disk.
A question that I get a lot is when to buy the UDM or the UDM Pro. If you are not using Protect and don’t have a Gbit fiber internet connection, then the UDM is the right device for you. Otherwise, I would go for the Pro.
Unifi Dream Machine Pro Setup
Installing the Unifi Dream Machine Pro is really simple. You can install the UDM Pro either through your browser or with your mobile phone using Bluetooth. I have done the initial setup through the app and the configuration itself (creating the wireless networks etc) in the browser.
You will need to have a Ubiquiti account. You can create one during the setup or use or existing account if you already have one.
To get started with the setup we first need to connect the Unifi Dream Machine Pro. Connect atleast your modem to the WAN port and connect the power cable to start the UDM Pro.
Open the Unifi Portal app on your mobile phone. The app will either discover the Dream Machine Pro or you will need to click Add Controller. Click on Set Up when the UDM Pro is found.
The setup on the mobile app is really simple, just follow the wizard. I have turned-off the Auto-Optimization because it gives more problems than that it solved in my experience.
When you have completed all the steps, you will get an overview of the settings after which the UDM Pro will set up the network and update its firmware.
The latter can take a couple of minutes, a good time to connect your laptop with an ethernet cable to the Dream Machine.
Migrating the Unifi Network Controller
If you already have an Unifi Network then the easiest option is the migrate your network. You can use the backup file from your controller to do this. I have chosen to start from scratch with my Unifi Network because my topology map was broken for quite some time now. Even migrating from the Pi to the Cloudkey didn’t fix the map.
I will first describe how you can migrate your network using the backup file and then we will take a look at how you can start from scratch.
Migrate with backup and restore
Make sure that all your devices are running on the latest firmware before you create the backup. This will help to ease the import to the UDM Pro.
- On your old controller open the System Settings > Backup / Restore
- Download the Backup file, select the last 30 days if you want the historical data as well.
- Shutdown your old controller
- On the UDM Pro, open the Network controller
- Goto Settings > System Settings
- Click on choose file to restore from backup
Migrating with a backup file doesn’t always work. There are a lot of cases on the Unifi community forums where migrating just won’t succeed. If that is the case then your only option is to start from scratch as described below.
Manually migrate your Unifi Network
To manually migrate our Unifi network we first need to remove all the devices from the old controller. You don’t need to factory reset them, we can just “forget” the device in the old controller.
Keep in mind that all the settings and historical data of the device will be lost. So if you have made any changes to the switch ports (like VLANs or Port profiles) those will be lost. A good idea is to make notes of your configuration before you remove the devices.
- Open your old network controller
- Select a device
- Open the device tab
- Click forget device under Manage
- Do steps 2 to 4 for each device you have.
It can take a couple of minutes after you have “forget” a device before it reappears on the UDM Pro. The device needs to reboot, so give it some time.
Open the network controller on the Unifi Dream Machine Pro. You will see all the devices that you have removed from the old controller ready to be adopted. Adopt the devices and make sure you re-apply any changes that you have made to the switch ports.
Migrate Unifi Protect
When it comes to migrating Unifi Protect we can only migrate the cameras with their settings, like the motion zones. What won’t be migrated are the following items:
- Old recordings
- User accounts
- Alert settings
- Time-based purge settings
Just like with Unifi Protect we are going to use the backup file to migrate the cameras:
- Open the old Unifi Protect controller
- Click on Settings
- Select General
- Download the backup file.
- Shutdown your old Unifi Protect controller.
On the Unifi Dream Machine Pro we do pretty much the same steps, only this time you click on Restore instead of backup.
Make sure you create the necessary user accounts and set up the alert settings that you want. If you want to know more about Unifi Protect, then make sure you read this article where I go more into detail about setting up Unifi Protect.
Configuring Unifi Network on the Unifi Dream Machine Pro
We have now done the initial setup of our Dream Machine Pro, but we may still need to configure the Unifi Thread Management, WAN connection, and maybe even fine-tune the LAN network.
If you have migrated your network, then you can probably skip some steps depending on where you are coming from. If you come from a Cloudkey then you will need to take a look at the SQM settings and Internet Security.
We are going to start with configuring the LAN and Wireless network. You can skip this step if you have migrated your network.
Configuring LAN and WiFi Network
We are going to keep the configuration basic, so no VLANs or guest networks. I will cover that in another article.
- Open Settings and select Networks
- Edit the LAN network and expand advanced
- Change the DHCP range to 192.168.1.10 to 192.168.1.200. This way we have some room to make IP reservation for devices that needs it (like a Raspberry Pi, or Smart Home device)
- Select WiFi
- Add your wireless network, and make sure that both WiFi Bands are selected. Use the same wireless network name and password that you had, this way all your clients will automatically reconnect to your new network.
Configure Internet Settings
For the Internet settings we only really need to change one setting, Smart Queues (SQM). SQM will prioritize your internet traffic, making sure that VoIP and streaming traffic goes before downloading, for example.
It will also help you to prevent buffer bloat problems, where the router/modem becomes overloaded with traffic, resulting in a higher latency.
Before you enable SQM you will need to know what internet speed you really can achieve at the moment. Make sure nobody is using the network and run a couple of speed tests at DSLReport.com.
Enable SQM and set the upload speed a couple mbit lower then the speed you can achieve.
Make sure you enter the Up and Down rate in kbits, a factor 1000x of mbit
I also recommend changing the DNS servers to one of the fastest DNS servers, like 22.214.171.124 or OpenDNS. The latter also helps to protect your network by blocking traffic to known malicious IP Addresses.
Setting up Internet Threat Management
The last step that we need to configure is the security settings. Internet Threat Management can really help to protect your network, and with the processing power of the UDM Pro, you can enable most of the features without noticing any performance loss.
I recommend starting with detecting intrusions only and keep an eye on the events for the first couple of weeks. After you are satisfied with the results you can change it to automatically block the network traffic.
I have set the sensitivity to balanced. This will protect you against viruses, malware, known threats and blocks peer-to-peer traffic. Depending on your situation you can enable or disable the features.
If you have a webserver running for example, then it’s a good idea to also scan for suspicious SQL traffic and web threats to the webserver.
You can also scan for attacks against different protocols, but if you have blocked those protocols in the firewall (and they are blocked by default) then there is really no need to scan for this in a home network.
Under the Network Scanners, you can enable the Threat Scanner and Internal Honeypot. The first one will scan your clients report any potential security threats, like open ports.
The honeypot will help you to detect virusses on your network. Enable them both and create a honeypot. Give it an IP Address outside the DHCP scope that we created earlier.
Firewall rules are created automatically so we don’t need to change anything there by default.
The last security option that we can enable is to restrict access to malicious IP Addresses and restrict access to Tor traffic. I recommend turning them both on.
Threat Event Log
Any suspacious traffic will show up in the Threat Management. In the Overview tab you can see a map with all threats and where they comes from. I didn’t had any attacks (yet), but the map also allows you to block traffic from a complete country. Simply click on the country and select Block.
In the traffic log you will find an overview of the events. If you click on the event you can either block the traffic, or whitelist it. The traffic log is something that you want to keep an eye on in the beginning, to make sure that only malicious traffic is blocked.
Frequently Asked Questions
50 HD Cameras or 15 4K cameras.
No, the Unifi Dream Machine Pro doesn’t have any PoE ports.
No, the Pro doesn’t have a built-in access point unlike the normal Dream Machine.
You can use the touch screen to initiate a reboot of the UDM Pro. You will find it under settings.
You can use the app Unifi Portal to get started. You mobile will automatically connect over Bluetooth with the UDM Pro to initiate the setup wizard.
I really like the Unifi Dream Machine Pro, it looks nice, has an amazing throughput and it’s really nice to have everything in one appliance that you can centrally manage. Setting up the UDM Pro is really easy, for a basic home network implementation you really don’t need to have any networking skills.
What I miss on the UDM Pro are the PoE ports and maybe a second hard drive bay. There is room enough inside the UDMP Pro for an additional hard disk which would be a great addition from a redundancy/backup perspective.
Also, the 1Gbit backplane of the 8 switch ports is a shortcoming. If you have a NAS or other file server and transfer a lot of data on your internal network then you really need to use a separate switch.
I hope you found my review of the Unifi Dream Machine Pro useful, if you have any questions, just drop a comment below.