Recently I have upgraded my home network with the Unifi Dream Machine Pro (UDM Pro). A single device that is your security gateway, network controller, NVR, and even can run your VoIP system and security access system. All this combined with a really high throughput makes it a true dream machine. In this review, we are going to take a closer look at the UDM Pro, how to install and configure it and see how it compares with the UDM, USG Pro, and Cloudkey Gen2.
My old home network existed of an EdgeRouter X with a Cloudkey Plus Gen2 running the Unifi Network and Protect controller. With the upgrade of my home network, I also took the time to build an Unifi-styled mini rack. You can read more about the rack in this article.
Let’s first take a closer look at the Unifi Dream Machine Pro, what is it, what can it do, and what makes it such a great device?
UDM Pro Review
The Unifi Dream Machine Pro is the most versatile and powerful security gateway in the Unifi product line. It gets its processing power from its 1.7 GH quad-core processor making it capable of delivering a high throughput even with DPI (deep packet inspection) and SQM turned on.
Running on the new Unifi OS, it can host the all the current and future Unifi Controllers:
- Unifi Network
- Unifi Protect
- Unifi Access
- Unifi Talk
This means that you only need one device, and only have one interface to manage all the aspects of your network.
The high throughput that the Unifi Dream Machine Pro can deliver is important if you want to use all the (security) features that Unifi has to offer on a fast internet connection. Threat Management, for example, is a security feature that scans your network packages and proactively blocks network traffic from a known security threat.
And with SQM you can prevent bufferbloat, a problem where your router is pushing more data on the internet connection than it can handle.
Features like these require a lot of processing power, something most routers/firewalls lack. If we take a look at the old USG for example, as soon as you enable SQM or Threat Management on it, the connection speed will drop to a max of 60mbps or so.
When we take a look at the technical specifications of the Unifi Dream Machine Pro then we can see where the processing power comes from.
|CPU||1.7 GHz quad-core processor|
|Memory||4 GB DDR4|
|On-Board Flash Storage||16 GB eMMC|
|Display||1.3″ Color Touch Panel|
|IDS/IPS Throughput||3.5 Gbps|
|Max SQM Throughput||800 Mbps|
|WAN Ports||1x Gigabit RJ45 and 1x 10G SFP+|
|LAN Ports||8x Gigabit RJ45 and 1x 10G SFP+|
|Harddisk||3.5″ HDD Bay (also supports 2.5″ HDD)|
|Max Power Consumption||33 Watt|
|Dimensions||442.4 x 43.7 x 285.6 mm|
What you don’t see on the specification are PoE ports. The UDM Pro doesn’t have any PoE ports which is really a shame. If you want to use the UDM Pro in a small network with a couple of cameras or an access point, you will need to either use the PoE Adapters or buy a US-8-60w switch.
The 10G SFP+ ports are a great addition for use cases in a large network where you want to have a high throughput between your switches. You can also use one SFP+ port as an extra port for your LAN connection with the use of an RJ45 1G module.
With the extra 10G SFP+ WAN port, you can create an auto fail-over WAN connection. Load balancing between two WAN connections isn’t supported (yet?) on the Unifi Dream Machine Pro.
Hard drive for NVR
To use Unifi Protect on the Dream Machine Pro you will need to install a hard drive. The UDM Pro doesn’t come with a hard drive included, unlike the Cloudkey Gen2 Plus for example.
When you choose a hard drive for the UDM Pro, then make sure you pick a drive that is designed for use in a NAS or surveillance system (NVR), for example:
The amount of storage you need really depends on the number of cameras you have, when you record, at what quality, and how long you want to keep it. To give you an idea, for the Unifi Doorbell and camera I have is a 2TB hard disk more than enough to keep the recordings for 30 days.
If you want to know more about Unifi Protect, then make sure you read my review about it.
Unifi Dream Machine Pro Touch Screen
Just like all the Gen2 19″ routers and switches from Unifi comes the UDM Pro with a 1.3″ color touch screen. The touch screen allows you to pull up different stats about the UDM Pro and the controllers that it’s running:
You can also shut down or restart the UDM Pro from the touch screen and change the brightness and color of the screen.
A really nice detail is when you have multiple Unifi devices in your rack with a touch screen, that they will sync. So you can pull up the throughput on one device, and all the devices in the rack will also show their throughput as well.
Redundant Power Supply
Just like on the other Gen2 devices from Unifi can you provide redundant power to your UDM Pro. It has a proprietary power port that you can connect to an Unifi SmartPower RPS.
It will automatically switch over when the internal power supply of the Unifi Dream Machine fails, preventing any interruption.
Internet Threat Management
The Unifi Dream Machine Pro is not only your network controller but also your security gateway. It comes with a built-in firewall and advanced threat management system, just like the Unifi Security Gateways.
The Internet Threat Management is built upon different security features that you each can enable and configure to your liking. You can start with just logging the events, which I really recommend doing the first couple of weeks before you start with automatically blocking the traffic. This way you can check if the threats are really malicious traffic or not.
The security features that you can enable are:
- IDS/IPS scanning on:
- Virus and Malware (Botnets, Malware, Trojans, and Worms)
- P2P and TOR
- Internet Traffic (based on known active x, web apps, user agent, web client vulnerabilities)
- IPs with a bad Reputation
- Attacks against Network Protocols
- Internal Threat Scanner (scans connected clients for known threats)
- Internal Honeypot (helps to detect malware, worms, and other malicious traffic in your network)
- Restrict access to known malicious IP Addresses
You can also choose between 5 preset configurations that range from maximum performance to maximum security.
How does the Unifi Dream Machine Pro compare?
As you can read in this review is the Unifi Dream Machine Pro a great all-in-one security gateway for your network. But how does the UDP Pro compare to the other security gateways and controllers that Unifi has to offer?
Unifi Dream Machine Pro vs Cloud Key Gen 2
Comparing the Cloud Key Gen2 with the UDM Pro isn’t a fair comparison to be honest, because the Cloud Key Gen2 is only a controller for your Unifi Network and Unifi Protect. To get the same features as the Unifi Dream Machine Pro you will need to add a USG as well.
If we only look at the Unifi Protect side, then the biggest difference is in the number of cameras supported and the maximum storage size.
|UDM Pro||Cloud key Gen 2+|
|HD (1080p) Cameras supported||50||20|
|4K Cameras supported||15||6|
|HDD included||No||Yes – 1TB|
|Max HDD Size||16TB||5TB (2.5″ only)|
The problem with the Cloud key Gen2+ is that a large disk physically doesn’t fit because of the limited height of 15mm. Also, only disks that use 5v are supported.
If you have a Cloud key Gen2 and you want to same features as the UDM Pro, then you will also need to add a USG.
Unifi Dream Machine vs USG
So let’s add the USG as well to the comparison. The USG is one of the most affordable security gateways from Unifi. But it’s also the slowest security gateway, without DPI or SQM is it capable of reaching a 1Gbps throughput.
But the throughput will drop when you turn on any of the security features. The slow CPU is really a bottleneck for the USG.
|CPU||1.7 GHz quad-core||Dual-Core 500 MHz|
|Memory||4 GB DDR4||500 MB DDR2|
|On-Board Flash Storage||16 GB eMMC||2 GB|
|LAN||(8) 1G RJ45 Port, (1) 10G SFP+ Port||(2) 1G RJ45 Port|
|WAN||(1) 1G RJ45 Port, (1) 10G SFP+ Port||(1) 1G RJ45 Port|
|IDS/IPS throughput||3.5 Gbps||85 Mbps|
|Max SQM throughput||800 Mbps||60 Mbps|
|UniFi Controllers||Network, Protect, Access, Talk||None|
|UniFi Smart Power||Yes||No|
The total price of a Cloud key Gen2+ and a USG is $338. For that price, you can almost buy a UDM Pro which is a lot faster and comes with more features. Only keep in mind that you will need to buy an HDD as well. A Western Digital Purple of 1TB (same size as the Cloud key) costs around $50.
UDM vs UDM Pro
Ubiquiti made with the UDM the first all-in-one device for home users. The Unifi Dream Machine (UDM) is designed to be placed in insight and comes with a built-in access point. While they share pretty much the same name, they are actually quite different.
I have also added the Dream Machine Special Edition (UDM SE) to the comparison. The UDM SE comes with PoE ports and an integrated 128 GB SSD for the NVR (Unifi Protect).
|UDM SE||UDM Pro||UDM|
|CPU||1.7 GHz quad-core||1.7 GHz quad-core||1.7 GHz quad-core|
|Memory||4 GB DDR4||4 GB DDR4||2 GB DDR2|
|On-Board Flash Storage||16 GB eMMC +|
128 GB SSD
|16 GB eMMC||16 GB eMMC|
|LAN||(8) 1G RJ45 Port|
(1) 10G SFP+ Port
|(8) 1G RJ45 Port|
(1) 10G SFP+ Port
|(4) 1G RJ45 Port|
|WAN||(1) 2.5G RJ45 Port|
(1) 10G SFP+ Port
|(1) 1G RJ45 Port, |
(1) 10G SFP+ Port
|(1) 1G RJ45 Port|
|PoE||(2) PoE+ 802.3at|
(6) PoE 802.3af
|IDS/IPS throughput||3.5 Gbps||3.5 Gbps||850 Mbps|
|Max SQM throughput||800 Mbps||800 Mbps||600 Mbps|
|UniFi Controllers||Network, Protect, Access, Talk, UID||Network, Protect, Access, Talk, UID||Network|
|UniFi Smart Power||Yes||Yes||No|
|Built-in Access point||No||No||802.11ac 4×4 MU-MIMO for 5 GHz |
802.11n for 2.4 GHz
|Dimensions||442 x 43 x 285 mm||442 x 43 x 285 mm||ø 110 x184 mm|
The UDM is really your all-in-one network-only device. If you don’t need Unifi Protect, don’t have a lot of wired devices, and don’t mind placing your router insight, then the UDM is the perfect device for you.
And even if you don’t want to place the UDM in your living room, then it’s still a great device. You can expand your network on it with the Unifi (PoE) switch, hook up a couple of Unifi Access Points and you will have a fantastic home network. And the throughput of the UDM is high enough for most home internet connections.
The UDM Pro needs a lot of room, or a mini server rack to be placed. And when you install a hard disk for Unifi Protect, then it will also make some noise due to the fans that need to cool down the disk.
A question that I get a lot is when to buy the UDM or the UDM Pro. If you are not using Protect and don’t have a Gbit fiber internet connection, then the UDM is the right device for you. Otherwise, I would go for the Pro.
Unifi Dream Machine Pro Setup
Installing the Unifi Dream Machine Pro is really simple. You can install the UDM Pro either through your browser or with your mobile phone using Bluetooth. I have done the initial setup through the app and the configuration itself (creating the wireless networks etc) in the browser.
You will need to have a Ubiquiti account. You can create one during the setup or use or existing account if you already have one.
To get started with the setup we first need to connect the Unifi Dream Machine Pro. Connect atleast your modem to the WAN port and connect the power cable to start the UDM Pro.
Open the Unifi Portal app on your mobile phone. The app will either discover the Dream Machine Pro or you will need to click Add Controller. Click on Set Up when the UDM Pro is found.
The setup on the mobile app is really simple, just follow the wizard. I have turned off the Auto-Optimization because it gives more problems than it solved in my experience.
When you have completed all the steps, you will get an overview of the settings after which the UDM Pro will set up the network and update its firmware.
The latter can take a couple of minutes, a good time to connect your laptop with an ethernet cable to the Dream Machine.
Migrating the Unifi Network Controller
If you already have an Unifi Network then the easiest option is the migrate your network. You can use the backup file from your controller to do this. I have chosen to start from scratch with my Unifi Network because my topology map was broken for quite some time now. Even migrating from the Pi to the Cloudkey didn’t fix the map.
I will first describe how you can migrate your network using the backup file and then we will take a look at how you can start from scratch.
Migrate with backup and restore
Make sure that all your devices are running on the latest firmware before you create the backup. This will help to ease the import to the UDM Pro.
- On your old controller open the System Settings > Backup / Restore
- Download the Backup file, select the last 30 days if you want the historical data as well.
- Shutdown your old controller
- On the UDM Pro, open the Network controller
- Goto Settings > System Settings
- Click on choose file to restore from backup
Migrating with a backup file doesn’t always work. There are a lot of cases on the Unifi community forums where migrating just won’t succeed. If that is the case then your only option is to start from scratch as described below.
Manually migrate your Unifi Network
To manually migrate our Unifi network we first need to remove all the devices from the old controller. You don’t need to factory reset them, we can just “forget” the device in the old controller.
Keep in mind that all the settings and historical data of the device will be lost. So if you have made any changes to the switch ports (like VLANs or Port profiles) those will be lost. A good idea is to make notes of your configuration before you remove the devices.
- Open your old network controller
- Select a device
- Open the device tab
- Click forget device under Manage
- Do steps 2 to 4 for each device you have.
It can take a couple of minutes after you have “forget” a device before it reappears on the UDM Pro. The device needs to reboot, so give it some time.
Open the network controller on the Unifi Dream Machine Pro. You will see all the devices that you have removed from the old controller ready to be adopted. Adopt the devices and make sure you re-apply any changes that you have made to the switch ports.
Migrate Unifi Protect
When it comes to migrating Unifi Protect we can only migrate the cameras with their settings, like the motion zones. What won’t be migrated are the following items:
- Old recordings
- User accounts
- Alert settings
- Time-based purge settings
Just like with Unifi Protect we are going to use the backup file to migrate the cameras:
- Open the old Unifi Protect controller
- Click on Settings
- Select General
- Download the backup file.
- Shutdown your old Unifi Protect controller.
On the Unifi Dream Machine Pro, we do pretty much the same steps, only this time you click on Restore instead of backup.
Make sure you create the necessary user accounts and set up the alert settings that you want. If you want to know more about Unifi Protect, then make sure you read this article where I go more into detail about setting up Unifi Protect.
Configuring Unifi Network on the Unifi Dream Machine Pro
We have now done the initial setup of our Dream Machine Pro, but we may still need to configure the Unifi Thread Management, WAN connection, and maybe even fine-tune the LAN network.
If you have migrated your network, then you can probably skip some steps depending on where you are coming from. If you come from a Cloudkey then you will need to take a look at the SQM settings and Internet Security.
We are going to start with configuring the LAN and Wireless network. You can skip this step if you have migrated your network.
Configuring LAN and WiFi Network
We are going to keep the configuration basic, so no VLANs or guest networks. I will cover that in another article.
- Open Settings and select Networks
- Edit the LAN network and expand advanced
- Change the DHCP range to 192.168.1.10 to 192.168.1.200. This way we have some room to make IP reservation for devices that needs it (like a Raspberry Pi, or Smart Home device)
- Select WiFi
- Add your wireless network, and make sure that both WiFi Bands are selected. Use the same wireless network name and password that you had, this way all your clients will automatically reconnect to your new network.
Configure Internet Settings
For the Internet settings we only really need to change one setting, Smart Queues (SQM). SQM will prioritize your internet traffic, making sure that VoIP and streaming traffic goes before downloading, for example.
It will also help you to prevent buffer bloat problems, where the router/modem becomes overloaded with traffic, resulting in higher latency.
Before you enable SQM you will need to know what internet speed you really can achieve at the moment. Make sure nobody is using the network and run a couple of speed tests at DSLReport.com.
Enable SQM and set the upload speed a couple Mbit lower than the speed you can achieve.
Make sure you enter the Up and Down rate in kbits, a factor 1000x of mbit
I also recommend changing the DNS servers to one of the fastest DNS servers, like 126.96.36.199 or OpenDNS. The latter also helps to protect your network by blocking traffic to known malicious IP Addresses.
Setting up Internet Threat Management
The last step that we need to configure is the security settings. Internet Threat Management can really help to protect your network, and with the processing power of the UDM Pro, you can enable most of the features without noticing any performance loss.
I recommend starting with detecting intrusions only and keeping an eye on the events for the first couple of weeks. After you are satisfied with the results you can change it to automatically block the network traffic.
I have set the sensitivity to balanced. This will protect you against viruses, malware, and known threats and block peer-to-peer traffic. Depending on your situation you can enable or disable the features.
If you have a webserver running for example, then it’s a good idea to also scan for suspicious SQL traffic and web threats to the webserver.
You can also scan for attacks against different protocols, but if you have blocked those protocols in the firewall (and they are blocked by default) then there is really no need to scan for this in a home network.
Under the Network Scanners, you can enable the Threat Scanner and Internal Honeypot. The first one will scan your clients and report any potential security threats, like open ports.
The honeypot will help you to detect viruses on your network. Enable them both and create a honeypot. Give it an IP Address outside the DHCP scope that we created earlier.
Firewall rules are created automatically so we don’t need to change anything there by default.
The last security option that we can enable is to restrict access to malicious IP Addresses and restrict access to Tor traffic. I recommend turning them both on.
Threat Event Log
Any suspicious traffic will show up in the Threat Management. In the Overview tab, you can see a map with all threats and where they come from. I didn’t have any attacks (yet), but the map also allows you to block traffic from a complete country. Simply click on the country and select Block.
In the traffic log you will find an overview of the events. If you click on the event you can either block the traffic, or whitelist it. The traffic log is something that you want to keep an eye on in the beginning, to make sure that only malicious traffic is blocked.
Frequently Asked Questions
50 HD Cameras or 15 4K cameras.
No, the Unifi Dream Machine Pro doesn’t have any PoE ports.
No, the Pro doesn’t have a built-in access point unlike the normal Dream Machine.
You can use the touch screen to initiate a reboot of the UDM Pro. You will find it under settings.
You can use the app Unifi Portal to get started. You mobile will automatically connect over Bluetooth with the UDM Pro to initiate the setup wizard.
I really like the Unifi Dream Machine Pro, it looks nice, has an amazing throughput and it’s really nice to have everything in one appliance that you can centrally manage. Setting up the UDM Pro is really easy, for a basic home network implementation you really don’t need to have any networking skills.
What I miss on the UDM Pro are the PoE ports and maybe a second hard drive bay. There is room enough inside the UDMP Pro for an additional hard disk which would be a great addition from a redundancy/backup perspective.
Also, the 1Gbit backplane of the 8 switch ports is a shortcoming. If you have a NAS or other file server and transfer a lot of data on your internal network then you really need to use a separate switch.
I hope you found my review of the Unifi Dream Machine Pro useful, if you have any questions, just drop a comment below.
70 thoughts on “Unifi Dream Machine Pro Review”
Thanks Rudy and Jan for your comments.
So I’m going to give it a try. I ordered the SE version. Fortunately, the SE version is available in Canada.
I was wondering though how the SE version was more powerful since from my observations, both versions have the same amount of memory and the same kind of processor!
Thank you again.
They have indeed the same specification. The difference seems to be in how the software is running. SE was always running a newer, more streamlined version of UniFi OS, compared to the normal UDM Pro. But the UDM Pro is now also running on 2.x firmware, so in theory, they should perform the same.
The difficulty here is that UniFi keeps saying that the SE is faster and can handle a large load. So maybe there is still something in the software architecture that is causing the difference or in the hardware revision. Unfortunately, I am unable to compare both devices thoroughly so sort this out.
From what I recall, the UDM Pro utilize 2,5gbit instead of 1gbit uplink from the 8 port switch to the router.
However, if you use a DAC cable or SFP+ modules, that wouldn’t matter.
I settled with the “standard” given that I didn’t need the increased uplink speed, nor POE on the UDM, thus saving some money.
One of my clients, a private school, uses a controller in the cloud. It seems that latency is an issue.
I was thinking of repatriating the entire config to a local controller by acquiring a UDM-Pro. Is it reasonable to think that it could also be used as a firewall (I have about 300 students and a 50 staff)!
Thanks for your advice.
It is possible but go for the UDM-Pro Se at least. This one is a bit more powerful than the normal UDM Pro. You can play with the resource calculator on UI.com, it assumes 10 clients per access point, so calculate with at least 30 ap’s to get a good benchmark. If you also enable threat management then the UDM pro won’t be sufficient.
I beg to differ.
The “standard” UDM Pro is quite powerfull.
I only serve around 50 clients, but with DPI and threat management active I still get full bandwidth on the clients (1 gbit ISP)
The normal UDM Pro is indeed quite powerful, completely agree with that. But in the case of Sebastiaan, we are talking about a school, with 350 clients. Probably a lot of traffic rules for the majority of the clients. So in these case, better spend a little bit extra now than regret it later.
I’m in the UK and trying to set up a UDM Pro as the router for a wires-only fibre leased line.
The ISP specifies a FBT-SFP-10, Connector: dual LC, Single mode, 1310nm, blue pulltab/latch, 1000BaseLX. I’ve installed a 10Gtek HP Compatible 1G SFP LC LX Singlemode Transceiver JD119A/ JD119B/ JD494A/ JC875A – 1000Base-LX Mini-Gbic Module, Dual LC Connector, 1310nm, 10km – and the SFP port and OpenReach Adva ports both show green lights. I’ve sent photos to the ISP, who tell me the physical setup is correct.
However, when I input the fixed IP data into the setup wizard the UDM Pro can’t connect. Eventually its screen comes to life with the gateway IP blank. I’ve checked a million times and the device IP, gateway IP and subnet mask are correct.
Despite the lights – which blink occasionally – I’m not convinced that the UDM Pro is actually looking at the SFP connection. Is there any way to test or force this, or bypass the wizard, please? Thanks a lot.
Have you set the default WAN port to the SFP port?
I Manage a ton of client’s and their UNIFI networks through a central UNIFI Network App on a Linux server in my network. This gives me one stop shop for accessing or modifying any of my clients wifi networks. With the limited availability of the USG pro 4 I am wondering if I can start using the Dream Machine Pro. The question is, Can I adopt it into my network application and not have two places to go to manage?
In other words, logon to the UDM Pro and set the inform string to my controller. Then Manage it from there?
The UDM Pro is a controller, so I don’t think you can manage the UDM Pro from another controller. But you can manage them all remotely using unifi.ui.com, it that not an option?
Hey dude, I’m back. 🙂 Still loving your blog and the useful content you put out.
Silly question, one to which my Google-fu hasn’t managed to find an answer yet: can you actually disable or lock the touch-screen on that UDM Pro? I intend to use one in colocated hosting and it’d of course be completely dangerous to have an unlocked admin panel in a shared cabinet. :/
As far as I know, that is not possible. You can turn the brightness all the way down, that might “help”. But they can do much with the touchscreen, only showing info and rebooting/resetting the device. Latter can be an issue, but that would only harm them self.
(I agree it would be nice if we can lock/pin protect the screen)
I’ll be putting it in a colo rack and it’s for my own services. What I will do, is probably block it off with a piece of board and some tamper evident sticker. That way people can accidentally reboot without pulling the power.
Great review, easy to read. Thank you
I am currently running the Cloud Key Gen 2+ and need to make a decision if it’s worth to update to UDM Pro just to get the IDS/IPS and a bit of speed.
Question that I also have is how is the noise level?
I have a 9U rack in the cupboard and it is well ventilated. Can anyone share experience?
I also run Unify protect with 6 cameras so it would have an SSD inside
You will hear the fans when connecting a hard disk, but the noise level is pretty low. Mine hangs in the staircase closet, you don’t hear it outside
It’s not that noisy. Mine hangs quite warm, and vertical, and the fans are barely running.
Save yourself the money and buy a harddisk on the side, it’s super easy to install! Takes less than 5 minutes.
I have to disagree with your review above. The review itself is comprehensive and excellent, you did a very good job comparing and reviewing products.
However, I have to disagree that the UDMPro is a good device. I find that it is incredibly flawed, and it does not integrate at all into a professional network. I received my UDMPro yesterday, and I am about 80% to the point where it’s going into the box for a refund.
The biggest issue with the device is that isn’t not a Pro device by any means. It’s more of a consumer device, and even then, it lacks basic networking features that every consumer router comes with.
Let me explain:
You cannot turn off NAT at all. There are ways to do it via the CLI, but none of it is stick, and it reverts back to turning the NAT on after an update or reboot. Why is this important? I usually use dedicated appliances as routers and NAT at that point. I would normally put the UDMPro behind that router and the LAN behind that. I cannot do that because of the dual-NAT that is created by the UDMPro.
Every other consumer or prosumer router/firewall I have ever worked with offers some form of DNS services. The UDMPro cannot respond to DNS queries. It says it has a DNS Server, but it won’t reply to DNS queries. Makes it kind of a useless implementation.
There are many features that have no configurability or force an incompatible implementation (see NAT). The UI seems like an early beta more than anything; and the device is lacks basic features found on consumer-grade devices from Linksys, Netgear, pfSense, and many others. This doesn’t hold a candle to business or enterprise devices, and I had considered rolling out UDMPro to customers, now it’s more than likely going back into the box for a full refund for shipping a poorly configurable appliance that feels like nothing better than a beta.
Very, very disappointed in this product for the cost and the features they touted.
Custom DNS entries are indeed not possible with UniFi network. If that is a requirement you could use an EdgeRouter for example. About the double NAT, as long as you can put the router or modem in Bridge mode or create a DMZ then you won’t have the NAT issue.
If you are looking for advanced networking features, then the UDM Pro might not be a good fit for you indeed. But I still think that the UDM Pro is a perfect fit for most small/medium businesses and advanced home networks. Most of my clients with less than 100 devices don’t need custom DNS entries at all.
I prefer to run internal DNS because it’s easier to make networking changes (move things around the network or add new ones) and then update the IP address in DNS versus manually going from machine to machine and making manual IP changes.
I also need it for internal mail services. I often build small mail servers on the LAN and use those to relay messages within the network and beyond. It’s more cost effective to stand one up on the LAN and set up all of your service accounts and relay accounts on that box versus setting it up in the cloud or with a provider who will charge you for the mail server or on an account-by-account basis.
I have to ask, why even purchase a UDM Pro if you’re not going to use it as a router? It is essentially a USG with an 8 port switch built it.
If you only wanted to use switching/DHCP there are way better solutions for this than a “all in one”
However, I agree with you on several points, I find it very retarded that I can’t configure LAG on the switch. That’s not “PRO”
Yes, I agree. The device has potential, but the features are very anemic. I think UI focused more on hosting all of their apps versus focusing on core functionality and building out features from there. Additionally, I have no idea what UI’s product or feature roadmap is, so I have no way to tell if this appliance will become more feature-rich or not. I only use the network and WiFi components and wanted to get the additional network security/monitoring/threat alert features, but these features lack kind of real configurability.
I was told outright that the appliance will probably never support turning off NAT. For that one reason alone I walked away from the product. I emailed them for a refund authorization yesterday.
Hej . Har satt upp en vanlig standard installation av en UDM-Pro och Poe Switch och ett antal acesspunkter.
Allt funkar jättebra och det var det jag var anlitad till att göra . Nu har kunden / bekant tagit dit övrig utrustning för sitt företag med server och kassasystem osv allt med fasta ip nummer i en helt annan ip nummer serie . Standarden jag använt är ju 192.168.1.1 men servern de tagit dit och kassa system har 172………….. fasta ip . Hur får jag dessa två nät att kommunicera med varandra då kassa osv behöver internet access osv . Räcker det att bara Lägga till ett 172….. nät också eller hur gör jag lämpligast. ??
Du kan sagtens oprette et netværk i UDM Pro i 188.8.131.52/8 segmentet og det vil mere eller mindre virke ud af boksen.
Mht fast IP vil jeg nok lade UDM styre det, og reservere en IP til klienten, i stedet for at køre statisk på klienten.
Hi, thanks for the review. So… you need a Unifi cloud login for the initial setup. But once it’s installed… Can it run with management entirely local (like the cloud key does)? Or is remote cloud management always enabled? I don’t like the idea of remote admin!
You can also create a local admin account
Like Rudy said, if you log into the portal LOCALLY (192.168.1.1 or whatever your IP is) you can disable remote mgmt from settings on the UDM Pro
Thanks guys 🙂
I recently moved and updated from a Dream Machine to a UDM Pro (UDMP).
I have to say that setting up the (new) network with the UDMP is giving me quite the headache, i.e. ‘No internet connection detected’. Stumbled upon this web site when looking for clues. (Side note: great website, will definitely follow! Kudos.) So, the machine looks great and powerful and can’t wait to deploy the network, but setting it up is most def not as intuitive as it was with the ‘regular’ Dream Machine.
Nice piece of kit, but the navigation structure of the management interface is shockingly bad – it’s nearly impossible to work out where to look for any given setting. And I’ve spent two weeks trying to get incoming VPN working, with no luck whatsoever, and unhelpfully cryptic ‘support’ messages from Ubiquiti themselves.
It took me five minutes to get VPN working, and helped a friend get his running.
If I can help in any way let me know!
What have you tried so far?
Great write-up, thanks for sharing your experiences. It’s a shame the UDM Pro doesn’t have more 2.5G or 10G SFP+ ports. I’m using a USG Pro with a few US-8-60W switches for my home network and really want to upgrade to 2.5Gb (because its fun) and swapping out those switches for the newer USW-Enterprise-8-PoE’s at 400 EURs each is nuts.
Is this still safe to use after they were compromised?
Yes, just make sure you enable MFA for your Unifi account.
Hi, thank you for all the clear information in this review.
If in a small office they have two internet providers but both are provided over Gigabit Ethernet, can I use the SPF+ 10G port with a 1GBE Copper SPF+ adapter?
How can I add camera to the existing account
Just plug the camera into your network and adapt it in Unifi Protect.
Hej . hyr en stuga och min hyresvärd har telia fiber och router in i sin fastighet och sen så sitter det en ubiquiti länk mellan husen . Vilket innebär att han ser mina enheter och jag hans . Kan jag på nått enkelt sätt koppla in en udm pro utan att störa ut hans router ?
Så att jag får mitt egna lilla privata nätverk . Har en vanlig switch idag men skaffar nog en poe switch för accesspunkter och ev kameror.
Ja, det skulle vara möjligt. Du kan helt enkelt ansluta upplänken från din hyresvärd till WAN -porten på UDM Pro. Se till att du använder ett annat IP -område än din hyresvärd.
It is BUGGY. V 6.2.66
Don’t buy this until these obvious and seemingly common flaws are dealt with.
The Guest portal password works once then never again.
It states wpa/psk etc but in actuality, it leaves an OPEN unpassworded Wlan.
The only way to get a password going is to go back to the OLD interface and then switch back to the new.
Even then, I have had 1 (one) in TEN successful attempts at Uploading the Background Picture in the Guest Portal setup.
One day it will work, the next i get the ‘OOOPs!” message
A LOT work attempting the debugging of this bitch.
I’ve spent hours trying to bet around these bugs.
I cannot reccommend the udmpro as it is.
i wonder how many AP can be managed by this UDM pro
There are no official numbers for that. I know the Cloudkey Gen2 could handle 40 access points. So I guess the UDM Pro should be able to handle the double amount.
Thank you for the very detailed and well written review and set-up guide. Reading it help me make the decision to get the Dream Machine Pro and upgrade from an Apple Time Capsule; I already had Ubiquiti AP’s.
I got the network and wifi back up and running in a few hours. I will have to do more reading/learning before enabling the more advance features of the UDM pro.
Good evening from Canada. I currently have the Edgerouter X-SFP and considering the UDM Pro. If i make the move will i be able to configure the ports of the UDM pro as i did with the Edgerouter so for instance port 2 would be assign to 192.168.1.7 and port 3 to 192.168.1.5 and so on??
Well, you can’t assign an IP Address to a specific port, but normally you would assign a fixed IP Address to a device. And that is of course possible with Unifi Network.
Silly question. Default gateway ip of UDM is 192.168.1.1. My router has also this ip. In this case do i change the router ip as a better solution or the UDM? Sometimes i need to access the router.
It depends a bit on how you have configured your network. If the UDM Pro is also going to be your router (Unifi Network), then I would give the router 172.16.0.1 and the UDP Pro on the WAN side an IP Address in the same range (or it will get it from the DHCP from the router).
Then your internal network can be 192.168.1.x. With this setup, you can still access the router if you need to.
I just got the UDMPRO and got it set up using your review, thanks. I have now switched internet service providers and it requires configuring the router to static IP address for which I am having difficulty. What is my best course of action.
Go to Settings > Internet > WAN and change the IPv4 from DHCP to a Static IP adres as provided by your ISP or in the same range as your modem.
What do you mean with the 1 gigabit backplane being a problem?
I *just* ordered one, and now I’m worried.
Don’t worry 😉 The 1Gbps backplane means that the 8 port built-in switch can’t process more than 1Gbps of network traffic at the same time. In theory, if devices A and B transfer data at a rate of 1gbps and devices C and D want to do the same, then they are both limited to 500mbps.
Thanks for your reply.
But according to data sheet of the chip, it should be capable of 1 gigabit full duplex switching at each port, making it 16 gigabit in total?
Isn’t it just til switch – WAN that is limited to 1 gigabit, or am I completely wrong?
The reason I’m worried is that I have a gigabit WAN line, and I hate to use €500 on equipment that is already a bottleneck ☺️
You are right, each port can handle 1-gigabit full-duplex between each other (my prev example was wrong). Only when you need to transfer more than 1Gbps to the WAN port or one of the SPF’s ports then you are limited to the 1 Gbps connection to the CPU. In revision 3.1 (Early Access Models) it was 2.5Gbps.
I was wondering. Would it be possible to setup the UDM to use the HDD as a NAS?
Not that I am aware of. But keep in mind it’s only a single disk. For a NAS it’s better to use two-disk for redundancy
Just a question.from me. I am connected to the internet with a link as at my home there is no landline coming so a link with a neighbour house has been established with 2 ubnt m2 antennas. I have a UniFi switch that powers the station link and the question is how do I connect my udm to the internet. Shall i just install a Poe adaptor and that’s all or is there another solution
PoE Adapter is the easiest solution in this case. I assume you have a modem on the other side of the link. So the UDM Pro will function as a router and security gateway. Then you will need to connect the m2 to the WAN port of the UDM Pro, which isn’t a PoE port.
Another option is to keep the switch between the M2 and UDM Pro, but then you will need to separate the 2 ports from the rest of the network, making your networking configuration more complex.
Thank you very much for the nice reviews. Always very interesting to read and very in-depth.
I want to replace my speedport3 router with a udm pro in my private network. Although it should be possible to connect the udm pro directly to fibre (ftth) I will use the ont (Glasfasermodem Telekom).
I like to connect the udm pro and my 24 poe switch pro with sfp+. I’m not sure which cable. Is one copper and the other fibre? The headline is a bit irritating: https://store.ui.com/collections/accessories/dac?utm_source=acpage&utm_medium=newsletter&utm_campaign=accessories
Keep up the good work!
That is a good question, as it seems one has copper wires and the other fibre : Datasheet
Thanks for the headsup. I went for the copper one. More than enough for me. I just want to keep the rj45 ports available.
I took your post to finally jump the fence and buy a udm pro! Thx!
Nice review thanks a lot!
What about performance of the integrated 8 Port 1Gbps switch? I have heard they do not perform that well? Did you test those by chance?
I have not tested it, but the integrate switch only has a 1GB backplane. So yes that is an problem with the UDM Pro. But you can still use it for devices that don’t require a lot of bandwidth, like smarthome hubs for example.
Great review…I look forward to reading more of your insights.
hartelijk dank, ik ben n.a.v. je bericht gaan studeren. Ik volg je advies op en ga het zeker met VLAN doen. Intussen nog even bij jou checken:
Ik was van plan een twee router opzet te maken met Dreammachine Pro en Edge X.
Jouw advies is alleen de DreamPro dus?
Je ziet helemaal geen toepassing voor de Edge X meer? Of kan ik hem nog als managed switch inzetten?
Ik heb een Ubiquity Switch 8 PoE. Die kan ik ook inzetten voor VLAN zie ik. Ik heb het geprobeerd via Network Controller, maar kan het nog niet vinden. Heb jij een tip?
Een (architectuur) tekening van zo’n set-up met VLAN en gastnetwerk zou mij behoorlijk helpen. Waar zou ik dat kunnen vinden.
Nice review thanks Rudd, especially for advise around whether to migrate or start from scratch. With so many bugs and folks complaining online about incomplete features or buggy behavior, are you concerned that the security layer UDMPro is also buggy and easily cracked? I have Unifi APs that do not yet play well with Apple iOS devices on latest firmware, and running older gen firmware as a result. Because of this, I have held off on buying the UDMP (or any other Unifi product) until they smooth things out.
In my opinion is a USG, or UDM Pro in this case, secure enough for a home network or small business. But if you are dealing with sensitive information or a larger enterprise then I won’t use and UDM Pro for a firewall.
Hallo, heel interessant! Ik heb momenteel glasvezel en de Edge X in gebruik. Ik denk erover om de USG daarachter te plaatsen en zo een DMZ te maken. WiFi AP vòòr de firewall en UTP netwerk erachter. Ik vraag me na lezing van je artikel af of ik Dream Machine Pro zal doen in plaats van USG? En dan wel of niet in combinatie met Edge X ?
Of heb je nog een beter advies?
UDM Pro is een stuk sneller dan de USG, dus met glasvezel veel intressanter. Snap alleen niet helemaal waarom je de access point voor je firewall wilt plaatsen. Beter is om bijv gast netwerk en smart home devices via een VLAN gescheiden te houden.