Last updated on April 24th, 2024 at 09:12 pm
I was initially skeptical about working with or owning a Ubiquiti (Unifi) device. However, circumstances led me to try it, and I’m here to share my surprising experience.
My wife and I work from home full-time and rely on two Internet services for redundancy. Additionally, our house is well-connected with various IoT devices. I’ve used a Palo Alto Network firewall (PA-220) to ensure security and support redundancy. While it’s a good unit, it’s slow to commit changes, and its throughput is limited when Threat Prevention is enabled, averaging around 300 Mbps.
With two Internet circuits, one at 1 Gbs and the other at 2 Gbs (both symmetrical), an Internet edge device that averages ~300 Mbps (PAN 220), we are not getting what we expect or paying for. Without Threat Prevention, the PA-220 can average ~500 Mbps, so it is still not worth using at this point. Also, the interfaces of the PA-220 are 1 Gb, and the one ISP handoff interface is 10 Gb (the one with a 2 Gb service).
So, a new Internet edge device is needed. Let the search begin.
The Search
Undeterred by the challenge, I searched for devices that could accommodate two Internet circuits and at least one with more than a 1 Gb interface. The journey was not easy, but I discovered that more options are available today than just a few years ago. Another criterion was ISP failover; traffic distribution/ load balance was a plus.
The requirements made the search difficult, and many viable options were priced at around $500 US dollars.
I have a friend who has Ubiquiti hardware in his home, which includes the Ubiquiti: UDM Pro Gateway, switch, and at least four wireless access points. A while ago, when I visited, he showed me how it works and how all the devices integrated and worked together, which was impressive. All devices are viewed and managed in one dashboard, available on the web or phone app.
Now, I placed the UDMP Pro under the microscope!
I Made a Choice
Though I researched multiple products, I looked deeper and more seriously into the Ubiquiti UDM Pro, aka the Dream Machine Pro, Cloud Gateway (https://store.ui.com/us/en/collections/unifi-dream-machine/products/udm-pro). The specifications show that it fits the requirements and supports load balancing. I purchased one (a month ago at the time of this article), and I’m thrilled with it.
To accommodate the one ISP with 2 Gb service and 10 Gb interface, I purchased this SFP from Amazon for the 10 Gb connection (RJ45) from the one ISP: https://amzn.to/3vO3O0p.
A Network Engineer and Ubiquiti (UDM Pro)
I have been a network engineer and manager for over 27 years. I’ve worked with multiple vendors throughout those years, including Cisco, SonicWall, Palo Alto Networks, Arista, and Aruba, to name a few.
I was hesitant but interested and excited to work with something new like the UDM Pro. The Ubiquiti line of products that work together is known as UniFi, like SD-WAN or SD-LAN. I’ve used tools from well-known companies to manage or monitor their diverse product line, and now, working with UniFi, I like the UniFi interface.
The Dream Machine
I won’t go into details about the unboxing and what comes with the UDM Pro (UDM going forward), as there are many videos and blogs on the subject.
The setup was easy as I connected the first ISP to port 9 on the UDM, and it connected to the Internet immediately. I downloaded the UniFi app on my phone, which connected to the UDM. In about 10 minutes, one of my home networks was online.
I have to note that neither of the two ISPs is doing NAT, and I don’t have a router from either ISP. My configuration is “bring your own router,” so my router, in this case, the UDM, receives a public IP address from both ISPs. I’m unsure how well this works if a NAT router is used between the UDM and the Internet. I know some applications or services don’t work well with double NAT.
Once I confirmed the Internet traffic was working with one network in my home, it was time to add the second ISP. I plugged the 10 Gb SFP into port 10, then connected the ISP, and like the first ISP, it connected to the Internet—the interface connected at 10 Gb speed.
By default, the UDM does failover with multiple ISPs. I tested the failover, and it worked as expected.
Multiple Networks
As mentioned, I have multiple networks in my home, and the UDM handled those without issue. The UDM is the default gateway and DHCP server for these networks. Though the UDM automates many of the settings, I had to set some settings manually out of curiosity, and I have devices on the networks with static IP addresses configured.
On the UDM, a default network uses VLAN 1 and cannot be changed, though IP address info can be. Most of the time, in corporate and other networks, we don’t use VLAN 1 (for the most part).
The unit supports trunk and access interfaces. However, understanding how to configure trunk interfaces took some thinking, especially coming from a Cisco/Arista background.
Many configurations on the UDM are very flexible and support the many configurations/features/options you expect for any network device.
For more on interface configurations, see mysecond articleon the UDM.
Failover & Loadbalancing
The UDM supports ISP failover and by default. With a recent software update, the UDM also supports load balancing. Policy-based routing is supported and is useful with two ISPs. With my home UDM, I route my work-from-home network (Work) out one ISP and the other network (Home) out another.
Failover also works with Policy Based Routing (PBR). To learn more about Failover, Load Balancing, and PBR, check out myarticle on this subject.
Graphical Interface
The UniFi phone app allows much management and monitoring of the UDM and UniFi network, though I find using the web interface on my laptop easier. I understand that some configurations may only be available on the web interface.
When using the web interface, I find it to be as good, maybe better, than the more well-known networking companies. Here is a screenshot of the UDM (UniFi) Dashboard. A lot is happening here, but there is a lot of good information, and it is manageable.
The UDM also has a small touchscreen on the front, which allows you to quickly see information, including network/internet stats, wireless and camera status, and settings, to name a few. What’s cool is during the inactivity of the touchscreen, it displays a star show.
Overall, for managing the UniFi network and the UDM, the GUI interface on the phone app and website (especially the website) is very good and intuitive.
UniFi Design
If you need network design incorporating Ubiquiti (UniFi), you can use their free Design Center: https://design.ui.com/wizard.
I designed this network for a friend with the UniFi wireless access points and UDM Pro.
Conclusion & Opinion
The UDM Pro is viable for the home, home office, and small business. At the time of this article, I’ve only had it for a month. Is a SonicWall with all services still the best bang for the buck? Yes. Is the UDM Pro an option instead of a Palo Alto Networks (PAN) firewall with all PAN services? No.
I can discuss or debate all-day prices and features compared with many vendors. It comes down to requirements, budget, or compliance.
Do I need more experience with UniFi or the UDM Pro? Yes. When I need to replace my home’s access points and switches, I will certainly replace them with UniFi units.
If you have the same criteria as I do, then the Ubiquiti UDM Pro is a solution to consider seriously.
Want to know when I add new or updated content? Sign up for email updates.
Copyright © Packet Passers 2024