Ubiquiti’s UniFi Dream Machine Pro (UDM Pro) is an incredibly versatile all-in-one security gateway and network appliance that I recently upgraded to from the entry-level UniFi Dream Machine (UDM). In this review, I’ll share with you why I decided to upgrade and how I migrated the controller configuration from the UDM to the UDM Pro.
Additionally, the new UDM Pro also replaced my UniFi Cloud Key Gen 2 that I used in combination with UniFi Protect, the company’s video surveillance system. So I’ll talk about that change as well.
If you’re contemplating purchasing the UDM, the UDM Pro or the new UniFi Security Gateway Pro 4 (USG Pro 4), but aren’t entirely certain which option is best, scroll down to my comparison of these entirely different devices.
UniFi Dream Machine Pro
Pros
- Combines multiple appliances into one
- Easy to set up and configure
- Great value
- Incredibly powerful hardware
Cons
- No Power over Ethernet (PoE) ports
UDM Pro Review
What’s so cool about the UDM Pro is that it combines many features into a unified appliance, thus allowing you to consolidate your networking infrastructure.
Here are some of the highlights of the UDM Pro:
- Ethernet router and advanced firewall (including IDS, IPS and DPI).
- Eight-port gigabit switch.
- Dual WAN ports for redundancy.
- Two 10 Gbit SFP+ ports.
- UniFi Controller, Protect, Access and Talk.
The only thing it doesn’t have is a built-in Wi-Fi radio, because that wouldn’t make any sense considering that the UDM Pro is meant to be mounted in a rack and the metal cage would interfere with the radio signal.
So, who is the UDM Pro for?
I think the UDM Pro is the perfect all-in-one appliance for small or medium businesses and “prosumers” who want more control and flexibility over their networking infrastructure. As I mentioned in the beginning of this article, I chose the UDM Pro because I wanted to consolidate my infrastructure.
Also, I didn’t need (or want) a wireless access point (aka the UDM) inside of my network rack. But even if I was just getting started with UniFi, I’d probably buy the UDM Pro and make it my network’s command center.
Technical Specifications
The UDM Pro is a fairly powerful appliance that should be able to handle all of your networking needs and then some. Below is a table with the most important specifications.
| Specifications | |
| CPU | Quad-core ARM Cortex-A57 at 1.7 GHz |
| RAM | 4 GB DDR4 |
| WAN ports | (1) 10/100/1000 RJ45 WAN port(1) 1/10G SFP+ WAN port |
| LAN ports | (8) 10/100/1000 RJ45 LAN ports(1) 1/10G SFP+ LAN port |
| IDS/IPS throughput | 3.5 Gbps |
| NVR storage | 3.5″ HDD Bay (2.5″ HDD also supported) |
| Power supply | Redundant (support for PSU failover) |
One of the things I didn’t like about the old UniFi Security Gateway (USG) was its comparatively weak CPU, which didn’t allow the intrusion detection system (IDS) and intrusion prevention system (IPS) to operate without significantly reducing network throughput.
For example, with IDS/IDP enabled on the USG, I got speeds of less than 100 Mbits — just a tenth of what my ISP supports.
The UDM Pro, on the other hand, supports up to 3.5 Gbps — more than enough for my requirements.
I also appreciate the redundant WAN ports and power supply, even if I’m not leveraging those at the moment.
Last but not least, I like that I can simply stick a 4 TB hard disk into the appliance to store all of the video footage my cameras record.
Security Features
I have over 50 devices connected to my network, most of which exchange data with services on the internet. Most of these devices are a black box to me; I have no clue how they’re doing what they’re doing.
I don’t even know if they use SSL or other security protocols for their data and my network.
That’s why I appreciate the fact that the UDM Pro has some great security features built into the appliance, including:
- DNS content filtering
- Endpoint scanning
- GeoIP filtering
- Honeypot
- Threat management
I currently use threat management to alert me to any potential security issues. You can also have those threats automatically blocked, but I decided to get alerts only.
I also use the endpoint or network scanner to automatically monitor all connected endpoints for potential security issues.
The honey pot acts as an attractive target for malware, worms and other malicious traffic by simulating vulnerabilities.
I have also played with DNS content filtering, but noticed that it blocked some of the affiliate portals I was using. While allowing individual domains by adding them to a whitelist can be done quickly, I decided to disable that feature until I got a chance to do just that.
GeoIP filtering is also an interesting feature, but I couldn’t get it to work in Chrome or Safari on macOS.
Price
Despite all of the features that UniFi managed to pack into the UDM Pro, the appliance is surprisingly affordable.
As of this writing, the UDM Pro sells for $379.00 when you buy it directly from UniFi. You can also get it on Amazon, but often at a higher price.
UniFi Dream Machine Pro vs. UniFi Dream Machine
Ubiquiti has created the UDM product line to help new customers get access to advanced networking capabilities without requiring a ton of technical expertise or dozens of appliances.
While those principles apply to both the UDM and UDM Pro, the two appliances are less similar than you might think. Below is a comparison table that illustrates the major differences in features and specifications.
| UDM | UDM Pro | |
| Form factor | Standalone | Rack appliance |
| Built-in switch | 4-port (gigabit) | 8-port (gigabit) |
| 10 Gbps ports | 0 | 2 |
| WAN ports | 1 Gbps | (1) 1 Gbps, (1) 10 Gbps with redundancy |
| Power over Ethernet ports | 0 | 0 |
| Wi-Fi | Dual-band 802.11ac 4×4 wave 2 | N/A |
| CPU | Quad-core ARM Cortex-A57 at 1.7 GHz | Quad-core ARM Cortex-A57 at 1.7 GHz |
| System memory | 2 GB | 4 GB |
| IDS/IPS throughput | 850 Mbps | 3.5 Gbps |
| UniFi Controller | Built-in | Built-in |
| Application support | N/A | Protect, Access, Talk |
| Power supply | Standard | Redundant (support for PSU failover) |
| MSRP | $299.00 | $379.00 |
As you can see, the UDM Pro is better than the UDM in almost every aspect. But that doesn’t mean you should get it.
The primary decision points you have to think about are:
- Do you need an access point/router combo?
- Where do you want to use the appliance?
If you don’t have a server rack and have no plans to buy one, the UDM is the much better choice because you can place it almost anywhere. In fact, it looks pretty slick, and your wife is unlikely to complain if you place it in your family room.
However, if you already have a rack full of UniFi appliances and are planning on replacing an older USG, then the UDM Pro is definitely the right choice.
To learn more about how the UDM Pro compares to the new USG Pro 4, scroll down to my comparison at the end of this article.
Why I Chose to Upgrade From the UDM to the UDM Pro
I was introduced to Ubiquiti’s UniFi appliances during the deployment of a mesh networking system from AmpliFi, UniFi’s sister brand. You can read more about AmpliFi and the reasons why I decided to migrate to UniFi in this post.
In a nutshell, UniFi offers a ton of flexibility, versatility and upgradability. That has allowed me to replace individual components and to consolidate my networking infrastructure, thus making it easier to manage.
For example, I initially had a UniFi Security Gateway (USG) to handle all my routing, paired with a first-generation UniFi Cloud Key (UCK) and a UniFi Network Video Recorder (UVC-NVR).
When I upgraded from UniFi Video 3 to UniFi Protect, I was able to ditch the old Cloud Key because UniFi integrated the NVR with the second-generation Cloud Key. As a result, I had one less device to manage.
Next, UniFi released the UniFi Dream Machine — an all-in-one appliance that would serve as a combination of a router, ethernet switch, access point and controller.
So I ripped out my USG and replaced it with the UDM. Then I realized that I didn’t need the Wi-Fi antennas built into the UDM because I had it sitting inside of my server rack. Plus, I still had a separate UCK 2 to power my video surveillance infrastructure.
That’s when I decided that replacing the UDM with the UDM Pro would be the logical next step. By doing so, I could get rid of the access point inside of my rack and I could also decommission the UCK 2.
UDM Pro Setup and Configuration
The UniFi brand is geared towards small and medium businesses. So you would expect it to require at least some degree of technical expertise to set up the equipment. While that assumption is true in some cases, a “greenfield” implementation (or fresh installation) of UniFi is dead simple.
If the UDM Pro is the first UniFi controller in your network, you can literally just follow the screens in the UniFi mobile app to get it up and running in a matter of minutes.
Below are the steps I took to set up the UDM Pro as part of a test run (so I could document them):
- Install the UDM Pro in my rack and plug in the power cord.
- Power down my cable modem.
- Connect the RJ45 uplink port of the UDM Pro with my cable modem using an ethernet cable.
- Power up the cable modem.
- Open the UniFi mobile app and tap on the automatically discovered UDM Pro.
- Complete the setup wizard.
Steps two and four are required with some ISPs (i.e., Comcast) to release the public IP address from the previously connected router. When I unplugged the UDM and connected the UDM Pro, I wouldn’t get an IP address assigned from Comcast via DHCP.
Rebooting the modem fixed that.
Once I had that figured out, the rest of the setup took less than five minutes to complete.
Migration from UDM to UDM Pro
Since I already had a UniFi controller as part of the existing UDM, I wanted to migrate my configuration and swap out the UDM with the UDM Pro.
The issue I ran into was that both my existing UDM and the UDM Pro (by default) use 192.168.1.1 as their IP address on the LAN side. That led to an IP address conflict that confused both the UniFi mobile app and my MacBook.
So if your existing LAN uses the 192.168.1.0/24 network range, I recommend connecting your computer directly via ethernet to the UDM Pro and avoiding any physical connection between the UDM Pro and your existing network.
In my case, that meant disabling Wi-Fi on my MacBook Pro and unplugging the ethernet cable I had used to connect the UDM Pro with my other UniFi switch.
If you prefer using the mobile app, I recommend disconnecting from your existing Wi-Fi and relying on Bluetooth instead to finish the UDM Pro setup.
I found it to be more convenient using Safari on my MacBook Pro to complete the configuration wizard.
Once the UDM Pro was configured and had rebooted, I logged back into the UniFi management portal (via https://192.168.1.1).
Your browser will likely show you a dialog warning you about the self-signed SSL certificate on the UDM Pro. You can safely ignore that warning and later replace that certificate, if you like.
Once I had logged into the UniFi portal, I restored the UDM Pro’s configuration using a backup I previously exported from the UDM.
How to Download a Backup of the Configuration
If you have never done it before, you can easily download a backup of your existing UniFi Controller configuration by following these steps:
- Log in to the UniFi portal.
- Click on the settings wheel on the lower left of the menu.
- Scroll down to “Controller Settings” and click on “Backup.”
- Select “Settings only” in the dropdown menu and click on the download link.
How to Restore a Backup File
Restoring a previously downloaded backup or settings file is just as easy as downloading it. Right above the download section you used before, you’ll find a “Restore From Backup” area with a “Choose File” link.
Just click on it and select the backup file you downloaded.
When you do that, the UDM Pro is supposed to load the backup and then reboot, restoring its configuration.
That’s exactly what I did, because I wanted to make the new UDM Pro an exact copy (settings-wise) of my existing UDM.
Unfortunately, while the upload of the backup file went through without a hitch, the UDM Pro got stuck upon reboot and, after several minutes, ended up in “diagnostic mode.”
I reset the UDM Pro to factory settings several times and tried to restore a backup, but it always failed, leaving the UDM Pro in an undefined state and non-operational.
At first, I thought the UDM Pro couldn’t restore a backup from a UDM because the hardware is much different. But based on the information I found in the UniFi community forums, it appeared as if others had been successful with such a migration.
I didn’t want to waste a ton of time and ultimately decided to set the UDM Pro up from scratch and manually transfer the configuration data.
How I Manually Migrated the UDM to the UDM Pro
Fortunately, I only own four UniFi access points, four UniFi switches, and a dedicated Cloud Key for UniFi Protect. So re-adopting all of those devices on the UDM Pro wasn’t a major effort.
If I had dozens or hundreds of devices, I would have spent more time figuring out why the backup didn’t restore.
On a high level, here’s what I did:
- Take screenshots of the most important configuration settings of the UDM.
- Write down what switch ports had “special” profiles assigned.
- Remove all access points and switches from the UDM by using the “forget” option.
- Unplug the UDM and connect the UDM Pro to one of the UniFi switches.
- Manually configure the UDM Pro by leveraging the screenshots.
- Adopt access points and switches on the UDM Pro.
- Manually update switch port settings to match what they previously were.
All of the above steps took around 30 minutes to complete, so that wasn’t a big deal. I have a fairly simple configuration consisting of:
- Three Wi-Fi networks (main, IoT and guest).
- VPN server.
- Threat detection and deep packet inspection.
- Dedicated VLAN for guests and IoT devices.
- Bandwidth limitation for devices in the IoT group.
- Some switch ports are tagged with the IoT VLAN via configuration profiles.
After swapping out the UDM for the UDM Pro, it took a few minutes for all my devices to re-appear in the UniFi management portal so I could adopt them. So don’t get nervous if you don’t immediately see all of your devices.
Once I completed the configuration and was satisfied that everything was working properly, I cut the power to all light switches and other IoT devices so they could reconnect to the access point with the strongest signal.
I’ve noticed that most IoT devices, and particularly HomeKit-enabled light switches, stay connected to an access point with a weaker signal even when one with a stronger signal becomes available. Power-cycling those light switches is often the quickest way to fix that — especially if they become unresponsive.
Migration of UniFi Protect
In addition to my network configuration, I also wanted to migrate UniFi Protect from the UniFi CloudKey Gen 2 to the UDM Pro.
To use Protect on the UDM Pro, you need a hard disk drive to store your video footage. So before I installed the UDM Pro in my server rack, I inserted a 4TB NAS drive into the drive bay of the UDM Pro.
On the UDM Pro, UniFi Protect is an app you can install via the UDM Pro landing page (https://192.168.1.1).
On the bottom of that page you can see a settings icon. Click on it and it redirects you to a device-specific page that has an “Applications” section.
Using the app section, you can install additional apps, such as Protect, Access and Talk (Beta). I don’t use Access or Talk, but I installed the Protect app.
Given my experience with restoring backup files, and considering that I have only four UniFi surveillance cameras, I decided to go the manual route again.
So I logged into my UniFi Protect portal and removed all four cameras from the Cloud Key. Once done, I reset the Cloud Key to its factory settings and adopted the cameras via the Protect app running on the UDM Pro.
UniFi Dream Machine Pro vs. UniFi Security Gateway Pro (USG Pro)
UniFi recently also launched the UniFi Security Gateway Pro, a rack-mountable and more powerful successor to the USG I used to have.
I don’t have any hands-on experience with the USG Pro 4 yet, so the information below is simply based on the spec sheet of the enterprise gateway router.
| USG Pro 4 | UDM Pro | |
| Form factor | Rack appliance | Rack appliance |
| LAN ports | 2 gigabit | 8 gigabit (switched) |
| 10 Gbps ports | 0 | 2 |
| WAN ports | (2) 1 Gbps [ethernet/fiber combo) | (1) 1 Gbps, (1) 10 Gbps with redundancy |
| Power over Ethernet ports | 0 | 0 |
| Wi-Fi | N/A | N/A |
| CPU | Dual-core 1 GHz, MIPS64 with hardware acceleration for packet processing | Quad ARM Cortex-A57 core at 1.7 GHz |
| System memory | 2 GB | 4 GB |
| IDS/IPS throughput | 250 Mbps | 3.5 Gbps |
| UniFi Controller | N/A | Built-in |
| Application support | N/A | Protect, Access, Talk |
| Power supply | Standard | Redundant (support for PSU failover) |
| MSRP | $344.00 | $379.00 |
Based on my personal requirements, the two most striking differences between the USG Pro and the UDM Pro are the IDS/IDP throughput and the built-in UniFi Controller software.
In other words, if you have an internet connection with more than 250 Mbps bandwidth and you want to take full advantage of the network security features UniFiOS offers, you need the UDM Pro or the UniFi XG Server.
If you choose the USG Pro, you also need a separate Cloud Key or controller software because Ubiquiti didn’t build that into the appliance.
Frequently Asked Questions
There could be dozens of reasons for slow internet speed. In my case, I made an error enabling smart queues. Instead of 30,000 kbit/s, I set it to 3,000 kbit/s, which limited my upstream to 3 Mbit/s instead of 30 Mbit/s.
A reader recently asked me if he could use two UDMs — one connected to the ISP modem and one in his home office (where he needed additional switch ports). He couldn’t use ethernet between those two locations, and figured he could use two UDMs to solve that problem “wirelessly.”
Unfortunately, you can’t install two UniFi controllers in the same managed network — at least not as far as I know. The reader ended up buying the AmpliFi Alien Mesh Kit to address his use case.
When I got the UDM Pro, I thought about ways to reuse the no-longer-needed UDM, and I hoped I could use it in my office as an additional access point. Unfortunately, that doesn’t work as UniFi doesn’t allow you to adopt the extra network controller.
No! That’s the only thing I don’t like about the UDM Pro — it doesn’t have any Power over Ethernet (PoE) ports. I’m hoping that a future version will get that upgrade.
That’s easy. The UDM Pro has a Bluetooth chip built-in, so you can use your mobile phone (in combination with the UniFi mobile app) to set it up.
Alternatively, you can use a computer and web browser to walk through the configuration wizard.
The UDM Pro doesn’t come with a hard drive. However, you can add pretty much any 2.5-inch or 3.5-inch HDD. I used one of my 3.5-inch 4 TB NAS drives that I had laying around.
In case you’re wondering, you could also use an SSD as long as it has a SATA interface — but it would be overkill to do so because you won’t need the fast read/write speeds solid state disks offer.
At least 16, but the exact upper limit is unclear because Ubiquiti couldn’t complete their internal testing due to COVID-19. The UDM Pro can also support at least 24 UniFi Protect devices. I’ll update this section when I get new test results from Ubiquiti.
Ubiquiti UniFi Dream Machine Pro – Wrap-Up
I’m incredibly happy with my UDM Pro because I love its simplicity. Plus, the UDM Pro helped me consolidate my networking infrastructure while making it more capable and powerful at the same time.
The only thing the UDM Pro is missing is PoE ports. I still own two older eight-port UniFi switches that support PoE, and I use one of them in my server rack to power UniFi access points and security cameras. So the lack of PoE ports in the UDM Pro is not a big deal for me.
However, if I just started out with UniFi, I would appreciate not having to buy a separate (PoE-enabled) switch to power my UniFi cams.
What do you think about the UDM Pro? Let me know by leaving a comment below!
I’m a healthy living and technology enthusiast.
On this blog, I share in-depth product reviews, actionable information and solutions to complex problems in plain and easy-to-understand language.
Pardon the thread necromancy, but I think it is good to point out that the “8 ports on the UDM pro are shared with a 1GB backplane” asserted by Chris Bouscal is incorrect. Rather, the various discussions on the UDM Pro (and now SE) that talk about the “1 Gbps backplane” are actually talking about the link between the switch and the router/CPU. The switch backplane itself supports 1 Gbps full duplex simultaneously between its ports, so I believe we might call it an 8 Gbps backplane.
@Roberto asking about a smaller formfactor router – YES, there is, although it would not be controllable via the UniFi portal. Ubiquiti makes a line of products intended for WISP use – it used to be called “edgemax”. Their routers (“edgerouters”) are essentially the same hardware with a completely different interface; It can be accessed directly or there is a corresponding UISP controller that can be installed. There is an ER12 with 8GB throughput, for example. These are full-featured routers, although I’m not aware if they offer all the same security features as the UniFi line (I would be surprised if they didn’t, though). Look into these, they are very reliable. Cheers.
Hey Mike- Great review on the UDM Pro. This may sound like a stupid question, but I cannot for the life of me get my UDM to open up a port for me. In this case attempting to open up port 44158 (Helium Miner) Consumer grade Orbi for example is not a problem. Any tips? I followed a Youtube video online to the T and am not able to open the port. (I’m hoping with the Pro that there are not additional Firewall steps or manual programming to do so?
Hey Tom!
Opening the port should be a simple firewall rule (just make sure it’s above the BLOCK ALL rule). But are you also trying to forward the port to a device on your LAN? If so, that requires an additional forwarding rule.
PS: Apologies for the late reply. Your comment got accidentally deleted by my anti-spam plugin and I just found out about it.
I purchased a UDM Pro based on this and other reviews. However, one missing feature that to me is critical (and hinted on by other posts), but not talked about in any review, is local DNS.
Yes, the UDM Pro assigns a DNS entry to DHCP hostnames, however there is no “DNS Server” as such.
It is impossible to set up DNS entries for IP addresses, A records or any other record.
So if you have an Apache2 server in your enterprise, and it runs three websites, i.e. wiki.mysite.lan, email.mysite.lan and files.mysite.com, and they are ALL on the same server (which I thought was likely a very common scenario), it is impossible without using an external LAN based DNS server.
If the DHCP hostname for the server is “wiki” then of course wiki will work, but Apache2 directs web traffic based on URL so you will not be able to have email or files in addition for this ONE server.
So I used Synology NAS as a DNS server.
On a side note… and I think its relevant here…
Synology NAS is a NAS.. Its for file serving… yet it does DNS, DHCP, Routing, Firewall, Web hosting, the list is endless..
How can a NAS software out perform a router at the routers game?
This criticism is genuine I think. A router should do routing well, an enterprise router should so enterprise well, including DNS!
Michael,
Thanks for the detailed and very thoughtful review.
I’ve got a USG, which I need to upgrade after having just increased the connection to my ISP to 1Gbs. I have two questions for you. 1) Does the upgrade process from USG to UDM Pro work reasonably smoothly and 2) Does the built-in management tool support the old (classic) UI? The reason I ask this is that I’m currently running the management tool on a spare Linux server. When a periodic upgrade introduced the new UI, it seemed that there were a number of relatively normal things that became either difficult or impossible to do. The good news was that (at least on the Linux version) it was possible to switch back to the older UI.
Thanks in advance for your answer,
Mark Hartigan
Hi Mark!
Migrating your configuration should work relatively flawlessly — even though I decided to start from scratch back then. As far as the UI is concerned, there is still a switch to go back to the old UI in the latest controller release.
Cheers,
Michael
On the dual WAN part – i am not sure I am seeing information on how it works with scenario where both ISPs are providing ethernet interfaces (not SFP+). for example in scenario where ISP1 is a cable company and ISP2 is a telco, can UDM Pro still be used and one of the ports be designated as WAN2?
or asked another way -will it support dual ISP scenario whether neither ISP uses SFP+ connectivity ?
I am currently using Mikrotik Hex for router (basic device that is 1/6 of the price of UDM) that it does not care if you want to have 1,2,3 WAN ports , just label them and write the rules. Have Unifi APs and looking and whether Unifi could be consolidated to single platform..
Thank you
You’d need a transceiver module that to plug in an Ethernet cable. See https://www.fs.com/products/89572.html as an example.
Hello and thanks for interesting review.
But still, I’m not sure which one to take a UDM with 1 additional AP or UDMP with 2 APs.
From what I know both solutions will work well. But I’m interested into more details about the differences:
– For LTE Backup Device is a UDMP required, with a UDM it will not work. True?
– As the UDM(P) will be placed in the living room, I’m wondering about the difference in noise. I expect the UDMP could have some fans, which make more noise when the temperature gets higher? Can you tell something about that topic?
– Is there some difference in the possible configuration depth of features in terms of configuration.
– Regarding Security features it seems both are having firewall policy / IDS / IPS / Threat Management / – but do those security features differ in some way or are they the same?
– UDMP Security offers in addition Deep Packet Inspection (DPI) / Endpoint Scanning / Honeypot / DNS Content & GeoIP Filtering, which are not available on the UDM. True?
– UDMP also offer WI-FI AI, whats that and is this also available on the UDM?
– UDM offers “Integrated Cloud Key”, the UDMP not. Is this somehow useful, considering my small environment 2 or 3 devices?
– UDM seems also to have the features “RF Environment” (Detect and troubleshoot nearby interference, analyze radio frequencies, and choose optimal AP placement. The auto-optimize feature configures the UDM with best practice settings, and the
included radio AI capability optimizes channel selection using a genetic algorithm.) & “Advanced RF Performance” (RF performance and configuration features include spectral analysis, airtime fairness, band steering, and cell-size tuning).
I expect those are not only available to the UDM and will be available also on the UDMP, if there is an AP attached. True?
Would be great if you know about some answers. In fact, if both devices would offer the same functionalities, I would decide for the UDM. But I know, if I buy it and then i figure out, that the UDMP offers some additional features to play with (regardless how useful they are for me), I will regret my decision for sure.
Thanks a lot…
By the way: Regarding the miss of PoE capabilities of the UDMP – in the Early Access Program can be found the upcoming UDMP SE. Which will come with that future. The SE would be one more point to decide for the UDMP. But I expect this will still take some while until it gets available.
Cheers, Stefan
Hi Stefan,
let me try to address most of your questions. I haven’t used the regular UDM in a while and don’t know what software updates it might have received since I last had it.
– LTE Backup is available for both models
– I have my UDMP in a rack in the basement and so noise has never been an issue but I checked a few times and never heard it get loud. Of course, it might not have any load at that time and, hence, the fans never sped up.
– The UDMP has a HDD slot for UniFi Protect. The UDM doesn’t have that. Beyond that, I don’t think there are any upgrade options in either device.
– The UDMP has an even higher IPS/IDP throughput but feature-wise they both have the same (afaik).
– I believe WIFI AI is available on both models. It used to be called RADIO AI. It’s basically a feature that allows the controller to change WiFI radio settings to improve performance. It’s been buggy for a while and I’m not using it :)
– The CloudKey is great if you want to centrally manage your devices. If you only have 2 (UDM + AP) you might not need that, unless you are planning on expanding in the future.
– RF Tuning: Yes, you’ll have those settings on the AP too if you connect it to the UDMP
I’d recommend the UDMP because upgrading the AP when newer tech comes along is much easier and, maybe cheaper, then replacing the entire UDM.
Cheers,
Michael
Hi Michael,
Great post! I actually have 6 Unifi ac pro connected to a Netgear Router with a static ip wan. My goal is to unify an all Ubiquity network and change the Netgear. A very important thing is that i want to log all activity and history from connected devices because we are in a school and students you know try to go for some torrent site – etc.
Does the DreamPro have these options?
Thanks!
The UDM Pro and DM Pro have powerful content inspection and filtering capabilities. But you’d have to test them to ensure they meet your requirements.
PS: Apologies for the late reply. Your comment got accidentally deleted by my anti-spam plugin and I just found out about it.
Hello Michael,
I have to say I’m okay with the UDM-Pro, my system is working great..I decide to try the unifi talk am using (unifi touch max phone) question: I adopted the phone here’s my problem I can receive calls but I can not call out meaning in-bound call work – – out-bound calls don’t.. any ideas ?? My ISP provider is version fios
Hi David,
Unfortunately, I don’t have any hands-on experience yet with UniFi’s phone solution. But what’s the error message you are getting?
Cheers,
Michael
Hi Michael,
I am a newbie who is thinking of purchasing a UDM Pro, I recently bought an AP6 LR but I am not to sure in my small house (less than 1500SqFt) why I have such low throughput on my WiFi 6 devices (Dell XPS with WiFi 6 Card). I am currently hosting the Unifi Controller on a windows 10 machine and that is the only Unfi items I have for now, can you possibly recommend some things I can try for my WiFi devices? Also I read that with ATT 1G fiber services you have issues with speeds from the UDM Pro is that something that you have heard of anyone complaining about, Thanks for the well written review, take care.
Fareed
Hi Fareed,
the size of your home isn’t necessarily the primary factor — it’s the obstructions (walls, appliances…) that determine the reach and throughput.
What I’d recommend is using a Wi-Fi scanning tool to see what signal quality you’re dealing with. You could even use UniFi’s WiFiMan app on your mobile phone to get some insights.
Additionally, you can use the Scan Channels feature of your AP to find a better channel.
If none of that helps, check out: https://help.ui.com/hc/en-us/articles/360012947634-UniFi-Troubleshooting-Slow-Wi-Fi-Speeds-
Cheers,
Michael
Michael,
Cheers and thank you for the well organized and thorough breakdown on the DMP et al.
I manage the IT for a K-8 running some inherited Meraki gear (MX8- at the endge, Netgear switches and 16 MR33 APs) running their basic license – which provides not much at all. And the recurring costs make me sick to my stomach.
So we’re upgrading to gig fiber, installing a new rack, and moving the core stack into that building. My fantasy here is to run a DMP at the edge and over time replace the Meraki APs and Netgear switches. We’re a mac campus and we run a main, student, and guest wifi network with some traffic shaping and a VPN for faculty to hit our db from outside.
Do you have any thoughts on this sort of transition other than prayers?
Obviously I meant MX 80 at the edge:-)
I never transitioned from Meraki to UniFi but I’d probably do it SID by SID. So maybe do the guest network first and then your MAIN and STUDENT SIDS. As long as you keep the same WiFi settings (including passwords), it shouldn’t be a big deal.
Hello!
Searching for details since days for this UDM Pro and finally found one. Great job, amazingly detailed! Cheers!
Still, I have a question. Because on a lot of reviews i.e. on Amazon, people complains about the lack of most of functions, and it makes me worry that it’s not a router better than the Synology RT2600 AC, which seems strange.
I’m used to UniFi WiFi and switchs, plus CloudKey G2, but at work, and I’m still doubtful with the router options.
So, to be clear on my needs, I think Port Forwarding is there despite some reviews, but one thing I never found a comment is the ability to connect to a VPN.
On my Synology, I can connect the router to another VPN, and I can even route the traffic of only some devices on my network through this VPN (and I can also disconnect it easily).
It’s basically in the Smart Wan options, and the Policy Route.
This is very useful for devices like Apple TV that can’t connect themselves to a VPN.
It’s clear that no consumer router like Netgear Wifi 6 will allow this, but Synology RT2600 support this, and I would not qualify this router as en entreprise grade.
So it’s something I would expect of the UDM Pro.
Thank you!
Best
Hi Sébastien,
The UDM Pro has site-to-site VPN but it doesn’t support X.509-based authentication. So there are limitations and whether or not the UDM Pro works in your scenario depends on how your VPN endoint is configured.
PS: Apologies for the late reply. Your comment got accidentally deleted by my anti-spam plugin and I just found out about it.
Don’t you find it odd that the UDM and UDM Pro have the exact same processor (Quad-core ARM Cortex-A57 at 1.7 GHz) but the UDM Pro has over 4 times the IPS traffic throughput?
It seems to me that Ubiquiti has purposely throttled the less expensive device to below the 1Gbps to force people to purchase much more in order to match the upper end of what home internet users see for possible bandwidth. Instead of a $299 UDM (with decent AP included), a user would have to purchase a $379 router AND another AP for around $300 just to bump from 850Mbps to 1Gbps.
As a long time owner of a USG Pro4 (and several Unifi APs), and after seeing all the antics, unkept promises, and unfinished firmware from Ubiquiti, I’m not sure I could recommend their products to anyone else in good conscience. From your review, it sounds like they are following the same path of empty promises for the “UDM” firmware.
Hi Gary,
the lower core speed in the UDM could also be related to thermal issues. I remember how Apple spent a lot of resources on figuring out how to cool their trash can Mac Pro. So I wouldn’t necessarily assume that this lower clock speed is due to marketing/sales reasons.
I’m still genuinely happy with my UniFi infrastructure and have very few complaints.
Cheers,
Michael
Hi Gary, I somewhat agree with you. I have used NanoHD APs for a number of years and a small UNIFI 8 port switch with 4 PoE to power them and the controller on a Windows PC. The system has worked well for quite some time. But I recently deployed a UDM Pro and 24 port PoE with 7 AP-Lite, and 4 Beacons, and although the basic set up is easy, if you have any hope of setting up VLANs and Guest Wifi, you best have a good knowledge of networking and what you are doing. The Pro is totally overkill for a home network, despite its low price point and great performance specs. In a small business application it would do, but the device leaves a lot of key functions and manual settings hidden. One example, I need to change my ISP connection, I am dreading the process and fearful it will require a reset or something. Also, the deployment required migrating from a mobile controller installation to the UDMPro, restoring from a backup was the only option, luckily I got some cooperation from the installer to get a backup file. I am familiar enough with these products to suggest users look elsewhere unless you want a challenge deploying this device any where other than the most basic network deployments. Note, does not support multiple public facing IPs, so in a small to mid size business if you have a need for multiple public IPs on your router, definitely look at another device.
This is untrue , it absolutely supports multiple public ip’s and the land can be bound to which ever external up you want .
you say overkill for a home network but it does have some great features – primarily that you have Unifi Protect, and can therefore avoid “cloud services” for security cameras/doorbells/etc. It’s also a router/security gateway in one, with an interface in the Controller that I’ve found much easier/better to use than many consumer-oriented routers.
full disclosure – I bought a UDM early on and had nothing but problems with it. Thankfully ubiquiti took it as a return and gave me a full refund. I didn’t give up on them – I’m now using an AP, an 8 port POE switch with a bunch of Flex Minis, and with the need for security cameras and a better firewall solution (USG + CK2+), I’m considering the UDM-Pro. The USG is $169 and the CK2+ is $239, so I’m only $70 away from the $469 UDM-pro (all prices CAD). So for anyone who wants the ecosystem, doesn’t it make a lot of sense? I haven’t found a comparable consumer-oriented ecosystem that is as all-encompassing, user-friendly or powerful, but I’m interested to know if there is one!
Michael,
I have a few questions that I don’t see listed.
1) What is the nominal power usage? I saw a spec that showed 50W maximum but I am more concerned with nominal usage. Obviously this will scale with throughput.
2) How hot does the rack get? If 50W is continuous, then the rack will get a bit toasty.
Reason I ask – I would like to replace an old router (Edgerouter) which just sits on a cabinet. I can probably make the space work but I don’t want to burn the finished wood cabinet. My old Edgerouter typically runs around 15W during normal operations.
3) Have you used any of the VPN access features from remote. In my case, I’d like to access my IOT devices from offsite. It would also be real handy to access my local network remotely using my laptop. I have tried for 3 weekends to get OpenVPN to work on the Edgerouter and came to the conclusion that the performance is unacceptable. Time for a change.
4) Does the UDM-Pro support multiple LAN’s on the back side? I’d like to keep my networks isolated physically. (On my old device they are LAN0, LAN1, LAN2, LAN3 with independent firewall controls for each port).
Hi Trevor,
I’m not sure what the nominal power usage is but my UDM Pro runs at about 30 degrees Celsius on overage and it feels warm but not hot to the touch. I use the VPN feature with my UDM Pro and it works with the native VPN clients in iOS and macOS. Also, the UDM Pro has eight switch ports that you can assign to different VLANs. So they act like regular switch ports rather than ports you can route between.
Cheers,
Michael
Hi Michael,
thank you for your review and experience with this,
I want ask how is UDM pro load balancing? did you can use full load balancing mean use both connection in same time without Weighted LB. I now use USG or edgerouter x
USG cant use both wan in same time just use Weighted LB another site Edgerouter use full both wan in same time. ( in speedtest look like use both wan in full speed)
thank you Michal
Hi Michal,
I haven’t used the UDM Pro’s load balancing feature because I only have a single ISP uplink.
Cheers,
Michael
Hi Michael,
My UI gear is on its way; UDM Pro, UniFi Switch PRO 24 , UniFi Switch Lite 16 PoE , UniFi 6 Lite Access Point.
In what order should I install the UDM-Pro and UniFi Switch Pro 24? I want the switch to be the router / switch, and the UDM-Pro the firewall, if that makes sense?
Thanks for the support
Hi Jeff,
set up the UDM Pro first because it has the controller software. The order of the other devices doesn’t matter.
Cheers,
Michael
Thank you for the detailed and thoughtful review. It was of interest because I am running just a Cloud Key Gen2 (minus NVR) with a UNVR-Pro (Beta) and a UDM-Pro. The UDM-Pro was purchased to replace my USG-Pro4. I had upgraded all my Unifi switches for various reasons and the USG-Pro4 was the last major noise maker. Since I am planning on about 25-30 cams (4K, 4MP, & 1MP) I needed the storage of the UNVR-PRO. However, as I am approaching 16 cams, the system is slowing down. My thought was to use the UDM-Pro for a subset of cams, about 7-10. I just started doing this and it is possible but you have run Unifi Protect on both devices in two windows (preferably on two screens). However, if I ever decide to move a cam from one system to the other, I will incur the pain-in-the-ass of having to take the cam down to reset it manually.
As for the Network controller, I am torn. The Cloud Key (UCKG2) is managing all the switches and APs and I need remote access. I can’t adopt the same devices on both the UCKG2 and UDM-Pro; similarly for the UNVR-Pro and the UDM-Pro’s Protect app. The other rationale for the UDM-Pro is “Talk”. Ubiquiti is now saying that you have to use their UDM-Pro to make their phones work. This is annoying since I would prefer to run Talk on a NUC.
I am not sure I will keep the UDM-Pro. I don’t like seeing the apps I don’t need, “Network” and “Access”. I also found that when I use the 10GB/S UDC-1 SFP cable between the UDM-Pro and my first 48 port switch, a speed test of the WAN upload and download speeds are 1/10th of what I should be getting and do get with a plain old CAT6 cable instead. This kind of quirk makes me doubt the entire device. Since it is supposed to be much faster than the USG-Pro4, it’s really disappointing. The new UXG-Pro would be the next alternative and the UDM-Pro would go to my wife’s small business where Network, Talk, and Protect would all be used.
I hope my experience with the UCKG2, the UNVR-Pro, and the UDM-Pro all working together will be useful to your readers.
Awesome review! I’m considering upgrading from the Cloud Key/USG to the UDM Pro. The cloud key has an SD card for storing backups/etc. Does the UDM Pro have that capability as well? Or only if you install a hard drive?
Hi Eric,
the UDM Pro stores backup on its internal storage but I know that UniFi is also working on a cloud backup option.
Cheers,
Michael
Hi Michael,
great post – thanks for that.
I want to replace my current router, because of shaky WLAN performance and stumbled across this post by searching ‘DMPro’ vs. ‘DM’. DM (non-pro) really attracts me, because it seems it’s a simple device with lots of power. However my situation is this (approx):
I have a small (home-) office, with lots of devices (~60) – feeded by a 1Gbit internet line. I use an AVM-Fritzbox 6591 atm, which has a decent, but unreliable WLAN.
We’re just 2 in the office, but we tend to transfer quite some data using 3-4 current Macs on the internal network (we try to stick with wireless).
Internet performance is less a deal for us, because our 1Gbit is fast enough and we don’t up/download loads of stuff from there. Also transferring large files (videos, disk-images) from one computer to the other is not a problem for us.
But how are we affected when transferring lots of small files from one machine to the other? (or when working via remote-access on another computer)? Is the 850Mbit upper throughput a blocker/restriction here? What if multiple machines do that at the same time?
And how much will security-features eat?
I couldn’t find real-life answers for these questions, so it would be great to get any information on that.
What I truly like at the DM is the small form-factor and the built-in AP, which lets me place the device in a central location. At the moment we don’t use a rack. We use 2 Netgear 16port managed switches in the shelf to route wired devices (approx 15). The rest is on WLAN. So the form-factor of the DM would be nice and the built-in AP’s range should be able to handle our office easily…
So, if money is not the (real) blocker, is WLAN-performance and security-measures a reason to buy the DMPro (plus an additional AP)? Or does the convenience of the DM (non-pro) win?
Any input/opinion appreciated… (I know, there’s lots of personal preferences possible here, but every (other) opinion counts :)
Sorry for the lengthy post and thanks to everyone who cares to reply.
andy
Hi Andy,
If you transfer a lot of data over Wi-Fi, I’d probably look into the UniFi AP XG or UniFi LR AP that offers more bandwidth than the UDM’s built-in AP. Alternatively, you could also look at the AmpliFi Alien if you like a single device that’s powerful enough to meet your needs.
To answer your other questions, the UDM can do up to 850Mbits with all security features enabled. Without security, the UDM can handle your GB connection.
I think your case boils down to how much WiFi performance you need. If you need the best possible Wi-Fi performance, I’d get the UDM Pro and a dedicated (high-performance) AP.
Hi Michael,
thanks for your thoughts. The UniFi AP XG has a cool (or hot) price point, to say the least :)
Aside from Internet-access (which is not too important for me to handle the – possible – Gbit connection):
850Mb is the cumulative throughput of the UDM (so 2 computers = 425Mb etc…)? And the DMPro can handle 4 times that traffic?
It’s not only the computers which make me think about the overall throughput, but also the amount of other devices on Wifi at the same time (TV, IoT, Security Cams, etc…)… But maybe I’m overexaggerating, since 850Mbit is a decent speed anyway.
Thanks for the info on AmpliFi Alien… Is this ‘better’ than the UniFi network? I have no experience with this at all… It is the same company, no?
Hi Andy,
the throughput of 850Mb is only applicable to the WAN interface with all security features turned on. It doesn’t mean the internal traffic is limited to that bandwidth.
Realistically, I don’t think you’ll run into any WAN-facing speed issues because most servers on the Internet won’t give you that bandwidth anyway.
AmpliFi is the consumer brand of Ubiquiti (UniFi the business brand). AmpliFi is a consumer device with limited upgrade- and expandability. But it likely performs better than a standalone UDM.
Cheers,
Michael
Hi Michael,
thanks for the clarification!! I’m pretty sure there are others (like me) who appreciate these notes.
I don’t know, if this is desired on your blog, but there was some updates since yesterday. I am posting these here… if that’s something you don’t like, please feel free to just delete this comment. But otherwise, here it is:
After a couple of discussions with my ISP (Vodafone Germany), they updated my Fritzbox 6591 to the current firmware 7.2.1 and – guess what – it now delivers!!
It seems I can’t attach screenshots, but I did some speedtests during the day and now I have a decent performance on WiFi!
After the fw-update, I now have 620Mb/down from the internet on WiFi, although I sit 1 floor below the modem/router (and the router is just placed *somewhere* in my office (floor)… This doubles to the situation a couple of days ago, so I’m going to wait/investigate a bit further.
I didn’t check LAN performance, but got 880Mbit down when sitting close to the router….
LAN-speeds are also decent (>3Gbps), but I just did a very quick test…
So anyway – what does that mean (for me)?
I don’t know… ? BUT:
– I’ll keep an eye on that, but for the moment I’ll stick with the AVM Fritzbox 6591(mostly out of convenience).
– I still feel pretty much uncomfortable to be dependent on firmware modifications, but on the other hand they (at least) care and update…
– Otoh, if the device breaks, I just can import my current configuration to a new device and -> DONE…
Any other comments/considerations/experiences?
andy
Hi Michael,
Thank you for your great review.
Regarding the cctv features it seems that the software of the UDM Pro is too simple. I dont see much on datasheet. For example are we able to configure a recording only when there is movement in front of camera? If not you, there will be hours of unuseful video to check.
Also I will have some problems to fit the UDM Pro unit. Can I fix it vertically on the wall? Do you forsee any problem regarding the heat dissipation? Or other?
Looking forward to your reply.
Best regards
Artur
Hi Artur,
yes, you can control when the cameras record (on motion, always, when people are detected) but even if you record all the time, the video viewer makes it easy to identify scenes where there was movement.
As far as mounting the unit is concerned, I see no reasons why you couldn’t mount it on a wall.
Can you expand more on the backplane issue for the 8 port switch? With 2 SFP ports for 10Gb and eight Gb ports, how can a 1 Gb backplane be even remotely sufficient? Are you doing all your switching on a different switch and only connecting single WAN and LAN cables to the UDMP?
Hi Wiley,
I don’t use the UDM Pro as a switch — all my switching is handled by dedicated UniFi switches that have more backplane bandwidth.
Cheers,
Michael
Got it. So you are setup with a two cable WAN/LAN on the FW and everything else switches on a proper switch. That gives me something to think about. Thanks
Correct!
Hello Michael!
I use my current Sophos FW to directly authenticate to my ISP (no CenturyLink router) so that I get best speed. That process is PPPoe and requires tagging the interface traffic with a VLAN. Does the UDM Pro support this? Thanks!
Yes, that should work – see https://www.icloud.com/iclouddrive/0heTy1M2itpOfi678Kc05zpdA#Screen_Shot_2021-01-28_at_3.03.53_PM
Michael,
I’m looking at both the USG-Pro-4 and the Dream Machine Pro for my work. My main office is using a Fortigate 100D and the sister sites are Fortigate 50E variants. My concerns for the main office (about 60 users) is that the Dream Machine Pro is not “enterprise” ready and won’t be able to handle the internet usage. I had posted in the Ubiquit reddit forum and a lot of people were pretty negative about the Dream Machine Pro. Any thoughts since you use this live already?
Hi Matt,
I’ve not had any performance issues with the UDM Pro but we only have half a dozen users here and about 60 devices in total. The only issues I’ve seen with the UDM Pro were related to features and config settings it doesn’t support but should. So if your main concern is performance, I think either the UDM Pro or the USG-Pro-4 (without IDP/IDS enabled) should be fine.
Cheers,
Michael
Thank you for the response. I have one more quick question for you. The UDM Pro becomes the UniFi controller for the site, right? How do you connnect to the UDM Pro? Can this be done from the UniFi Cloud? Meaning I can log into my cloud account and see 5 UDM PROs and handle them individually? I’m looking for a single pane of glass and the ability to make changes across the board for web filtering, SSIDs, etc.
Hi Matt,
correct, the UDM Pro would be your UniFi Controller and you can connect to it via the UniFi mobile app or a web interface. If you have more than one site and controller, you’d see all of them.
Cheers,
Michael
Planning my setup; UDMPro, with a 18-port PoE switch.
My question is about APs, I realize there would be some benefits to having Unifi APs (like being able to see details about connectivity, and ability to setup multiple SSIDs with different VLAN tags.
But would if I wanted to defer that cost (until say my b-day) what features would I miss by using my own APs (currently using TP-Link AX3000)?
Or should I just do a bake sale and call it a day?
Hi Scott,
you would basically lose the central management, configuration, security and reporting features. Not a huge deal temporarily but depending on how many APs you need, I’d probably get 2-3 nanoHDs and call it a day. If you can offset the cost by doing a bake sale, even better :)
Cheers,
Michael
It looked like you still had your cloud key gen 2 set up with your udmp? I would think the udmp would take over as a controller, is there a reason to use the ckg2 also?
I kept it temporarily until I could move my UniFi Protect settings over to the UDM Pro. I no longer use the CKG2.
Hi Michael
First thank you for this review and other nice posts and reviews on your webpage. Well done. I’m currently hesitating between buying Amplifi Alien and UDM Pro. My house is about 160 square meters, 2 floors and it has all walls made of bricks and concrete ceiling (yes this European way of building homes ? ) I’m afraid if 1 alien would deal with such environment and probably I would need alien + mesh version which is quite expensive. Hence Im considering UDM Pro with 2 access points. Which will cost similar but giving me more options to grow my network plus add cams. Can you advise me any solution? Alien has wifi 6 which sounds tempting but I could also find Unifi AP with wifi 6, but can I configure those APs in mesh mode? If I put 1 AP on ground floor and 2nd AP at the upper floor how they will “hand off” devices when going upstairs? Is this automatic or reqires some config in UDM Pro set up? Thank you in advance for your help. Thomas
Hi Thomas,
I’d probably go with the UDM Pro. If you use UniFi APs, all the mesh features will work and even better than with AmpliFi. I’d just make sure the APs are connected via Ethernet with UDM Pro. Also, if you don’t use a switch that has Power-over-Ethernet, you’ll need to supply them with power through other means. So you might need a PoE switch for greater convenience.
Cheers,
Michael
Thank you Michael for your reply. Any recommendations on choosing the right AP. I’m hesitating between standard light version AP and NanoHD. I could see also on Ubiquity store that they have recently released Wifi6 APs. Light and HD versions. Have you had chance to test them already?
Overall, I think the nanoHD offers the best value of all UniFi APs but I’m also happy with my U6-Lite. If I were you, I’d probably go with the nano.
My buddy who supports 16 different customers running Unifi equipment absolutely raves about how much he likes the NanoHD. I’ve not used it, but trust his judgement. He has installed several cisco controllers, etc… so by him saying the NanoHD is great, I would learn towards purchasing that.
Too bad the 8 ports on the UDM pro are shared with a 1GB backplane.. I still love mine regardless and just used the 10GB DAC to a 24 port PoE Pro switch. I’m using the 8 ports for non bandwidth intensive things like IoT, the Hue bridge and SmartThings Hub.
Hello,
We are thinking of buying one for a site in the US but after reading about horror stories from others who bought one, we are actually reconsidering. Though I see that those are from 4 months ago and up so I am not sure if the kinks were ironed out.
For existing sites, we have the older USG+Cloud Key which works well.
What will be your advice, considering that it will be a simple network setup with probably tenants and external with
Hi Reinier,
what exact issues are you referring to? I’ve had only a few minor problems with the software of the UDM Pro, including an unreliable DHCP server when used in combination with VLAN. Everything else has been working very well for me but my use cases might be different from yours.
Cheers,
Michael
Hi Michael,
First of all, great article. Thanks for sharing your knowledge and experience.
We currently have USG Pro 4 as our gateway, 2 unifi switches, and 3 unifi cameras, and uses CK2. We are using a mixture of 29 Ruckus APs and allied telesis switches on different buildings. We have 9 VLANs. And we have around 400 devices that connects. I am thinking of upgrading to UDM Pro because recently we experience 100% CPU usage in our USG Pro 4 (fw ver. 4.4.52.5363507). Which causes other devices to lose connection and other clients cannot connect anymore.
If anyone has experienced USG Pro maxing out CPU usage, please share what you have done to resolve the issue.
I am unsure if UDM Pro will be more powerful than USG Pro and will solve my problem.
Any thoughts would be greatly appreciated.
Hi Tino,
I haven’t experienced excessive CPU usage on my UDM Pro but I don’t have as many devices on my network as you do. Overall, I’d say the UDM Pro is more powerful, just judging by its IDP/IPS performance compared to the USG Pro 4.
Cheers,
Michael
Hi Tino, Just wanted to tell you that I operate a fleet of USG’s and some of them have the high CPU Usage you are talking about and exact same symptoms as a result of the high cpu usage. some of these networks have 33 AP’s and upto 800 wireless users, about 100 wired users. I am in the process of evaluating UDM Pros for the sole purpose of resolving the weak cpu issue on the USG as there is no resolution the USG’s under-powered CPU outside of disabling as much of the services as possible (threat management and IPS/IDS) and minimizing your config.
Great article! They should be giving you a commission! One thing I noticed is my setup is exactly the same and I was wondering if the CM1000 modem is the reason we are only getting 800 of our 1Gb connection? I would love to replace my cable modem with a new 2.5G version of the same device but how can we connect it to the 10Gb ports? If we use a copper 10GBASE-T SFP+ Copper RJ-45 adaptor will it negotiate 2.5gb or is it only 10gb?
Hi Stack,
As far as I know, the SFP ports can only do 10 or 1 Gbits but not 2.5. So you’d need a modem that has a 10Gbits port, even if your upstream is slower.
Cheers,
Michael
I found this page searching for “migrate udm to udm pro”….
I also started with a UDM before the UDMP became available, and just bought a UDMP to replace it, mostly because I wanted to also add Unifi cameras and Protect. I’ll try the backup/restore migration, but do it manually if it doesn’t work.
As a side note, I began testing with the UDMP while still running the UDM. Just plugged the WAN port of my UDMP into a switch connected to the operational UDM. Low and behold, it configured right up with the IOS app. My UDM network was set to 192.168.1.1/24 and somehow the controller or setup software was smart enough to set the UDMP to 192.168.10.1/24 and co-exist with the UDM. Two discrete class C networks, even routing external traffic through (though double-translated). Both networks even show up on the external Unifi controller portal and are both accessible for administration through the external portal…
Now it is just a temporary setup, but I just wanted to start testing some Unifi cameras before the full migration. But it DOES seem possible to have multiple UDM/UDMPs on the same ‘network’ (though other than for testing, not sure if there is any good reason to do so).
(minor correction… The UDMP LAN was auto-configured under the UMP as 192.168.0.1/24, not 192.168.10.1/24)
You can have multiple UniFi routers (and controllers) on your network, but your other UniFi devices (switches, APs…) can only be managed from one controller. So at some point, you’ll have to pick and there isn’t really a benefit in running two in parallel.
ahh, that makes sense. Didn’t try and put any switches or access points on the UDMP pre-migration, just a few cameras, but the UDMP has the only instance of Protect running.
Hi Michael,
Thank you for this great article again, also for the replies to our posts.
I have a question looking at the Ethernet porta on the UDM Pro:
Are they only available for connecting just few devices and there is no need for a (core) switch to connect multiple devices?
I was told thr best practice to use a switch-on-a-stick topology, where all devices are plugged into one switch.
So since the UDM Pro is meant to be used in a rack, where usually there are quite a few devices being presented, I assume those ports won’t (shouldn’t) be used.
Is it somehow right?
Hi Steve,
I see no reason why you couldn’t use the built-in ports. Just know that the UDM Pro’s built-in switch is less capable than a dedicated switch. For example, you can’t do port overrides and there is no PoE.
Beyond those limitations, those ports are perfectly usable!
Hey Michael,
As there is a Cyber Monday Deal for 269 Euros right now, I just ordered one. :) And more Switches… Thanks for your awesome review and and all the answers you gave here.
Have a great christmas time,
Oliver
You’re most welcome Oliver! Enjoy your gadgets!
I have a USG, AC Pro, CKGen2+ and US 8 switches
Is it worth upgrading to the UDM Pro given it has no PoE or HDD ?
I know the UDM was attractive as it was an all in one, but why not just have the old kit in the cabinet rather than upgrade?
Hi Rob,
If you’re happy with your gear, I wouldn’t upgrade! I did it because I wanted to write about it on my blog, I love to try new gadgets and it helped my consolidate everything. Plus, I now get better IDS/IDP performance from the UDM Pro at full wire speed.
Cheers,
Michael
I ordered mine a few days before Cybermonday, forgot the add the 8TB WD disk, mailed EU Store, asked them what to do. They told me to cancel the order, wait for the payback, and put in another order. The payback came 2 days after Cybermonday. Totally missed it, paid 481€.
BUT, I love the UDM Pro, it fits my purpose way better than the Gateway Pro-4 did!
Hi Michael,
I am considering swapping my network gear (currently pfSense and Mikrotik devices) for UDM and ubiquiti switches – while looking up information on the UDM your article is one of the best resources I stumbled upon – thanks!
Although I have some additional questions for which I have been unable to get straight answer for, even from ubiquiti support. As it seems you have hands-on experience, perhaps you happen to know the answers to my questions holding me from ordering the UDM device. :)
I would really like to have all network services running on the network gear itself, to allow reboots etc for other hosts without interruptions and for ease of configuration – so:
Does UDM (non-pro) automatically register DHCP leases (including static leases) to DNS service? Allowing me to access my devices by hostname without any further manual configuration.
I occasionally like to try and test security solutions I would like to be able to use port-mirroring – does UDM include such feature?
Thanks
Holger
Hi Holger!
I’m using the UDM Pro right now and not the UDM anymore but I can tell you that the UDM Pro cannot do port mirroring, only the UniFi switches can do that. Regarding the DHCP to DNS question, I don’t know from the top of my head and I’m not using the built-in DHCP (I have delegated that responsibility to my Synology NAS).
Cheers,
Michael
Hi Michael,
Thank you for the reply! Are you using VLANs too – i mean, is it possible reasonably to use external DHCP for VLANs created in UDM?
Regards,
Holger
Yes, I’m using different VLANs for IoT devices, etc and each has their own DHCP server.
Hey Michael,
can you explain, why the IDS/IPS performance of the UDM pro is so much higher when compared to the normal UDM? UDM Pro is 4x faster… why? They both use the same CPU…
Not 100% sure but maybe the CPU in the UDM is throttled because of thermal reasons.
Hi,
I am considering buying the Dream Machine Pro, but an important requirement is that it should capable of connecting 2 modems of different providers on the WAN ports.
The traffic should be routable in a controlled way either to WAN1 or WAN2.
No automatic load balancing needed, neither pure failover.
So, with a UF-RJ45-1G module in the 2nd SFP WAN port, could I connect a second cable modem to the DMP in order to split the internet traffic in a flexible and a controlled way?
Cheers,
Filip
Yes, I don’t see why that shouldn’t be possible.
this is a fantastic article, thank you.
I dont know if the IDS/IPS is much to really rave about given it uses Suricata, and I have noticed alot fo the things it reports are blocked by the firewall anyway?
Make a change to your wifi config – the entire AP gets re-provisioned and your wifi is gone whilst it sends a change to the AP.
Deep Packet Inspection (DPI) used is simply incorrect and wrong.
Real time view of traffic rates for each client? Forget it with Ubiquiti. Wont do it, and this has been the top request for many years now.
The thing works, but alot of the features a bug ridden, in my opinion.
Hi Steve,
Thanks for your reply!
I’ve found both IPS/IDP and DPI quite useful.
Sure, it sometimes blocks (IPS) stuff it shouldn’t but I haven’t had this happen very often.
The fact that the AP re-provisions isn’t great but I don’t make changes so often that it becomes a real issue.
Regarding missing features, I agree that some take forever or still haven’t materialized for reasons I don’t know. But based on my needs and requirements, the pros outweigh the cons by far.
Great Reviews, thanks!!!
I thought about buying a Dream Machine, but the Pro Version seems much better: more CPU for DPI, 10GigE already available (as my ISP speed is less than 1G, can I use both SFP+ Ports for LAN Traffic?)…
I will put the box into the cellar, so noise and missing WLAN is not a problem.
Hi Oliver,
I think one of the SFP+ ports is a dedicated WAN port but you can use the other for LAN traffic.
sigh, OK… I hoped to save money on the 10G-Switch, 2 SFP+ ports would be enough right now. Anyway, thanks for your help.
Hi Michael,
great review, many thanks for the detailed explanations. I am about to switch tu Ubiquity as our Meraki licenses are up for renewal and frankly, it’s a bit on the expensive side for a small office like ours. A question I haven’t quite foudn an answer to yet, are there any yearly licensing costs for software updates within the Ubiquity “world”, and if yes, how much are they approx. for a small set up like yours? Cheers!
Hi Jonas!
Thanks for the feedback! UniFi doesn’t have any licensing or maintenance fees. Your only cost is the hardware.
Cheers,
Michael
UDM Pro – Can it handle multiple IP addresses?
I have the option to get multiple static IP addresses from my provider. Can the UDM Pro handle this (route multiple port 80s to different end-points, for example)? The USG series cannot (as far as I have been able to find).
Hi Paul,
I never tried that myself based on everything I’ve heard from other users, that’s not (yet) possible.
Hi Paul,
Yes. Even the basic USG can handle multiple IPv4 IPs on a single WAN connection, so the UDM Pro should be able to as well.
Hoever, this requires you to manually edit json config files, put them on the controller, and hope you did not make any config/syntax errors. Also it requires a bit of understanding of IPv4 and NAT routing, setting up hairpins, so you can see devices on your other IPv4 WAN IPs from within your NAT routed network.
No, There is still no option to configure multiple IPv4 IPs on a single connection, via the Unifi GUI.
Yes – the lack of this basic routing feature in the GUI is strange (if not ridiculous, considering it’s supposed to be enterprise level hardware/software), and has been asked for (and promised by Unifi) many times on the Unifi forums.
Thank you so much Michael for a thorough, insightful review and easy to understand explanations. Does UDM Pro work with the upcoming wifi 6 access points that are in EA now? I wanted to make sure that the controller is upgradable to whatever is needed by the access points and there is not any incompatibility with UDM Pro and future wifi 6 access point hardware. I have a need for an elongated coverage area to cover my longish home and a carriage house in the back. House is roughly 60ft long and the carriage house another 30ft or so. Initially I was thinking of two amplifi aliens separated by 40ft wired connection but I like security features of the unifi line and the scalability of adding more access point(s) if needed. Thanks.
Hi Janak,
I have one of the new Wi-Fi 6 APs and it works without issues in combination with the UDM Pro.
I have an orbi wifi 6 system right now. Would I be able to use the UDM pro between the cable modem and the orbis, and get the protection from the UDM pro, use it for routing, and set the orbis up as access points? I currently have one set to be a router and the other wired to it and in use as an access point. I have a 1 Gbps internet connection, but love the information and security provided by ubiquiti and I want my connection to remain fast.
Hey Ryan,
yeah, that should be possible as long as you can set the Orbi to bridge mode.
Cheers,
Michael
Hi Michael,
Just for Info:
because I liked to have a Raid-Mirror for storing the Videos of the Protect-App I tried the ICY DOCK “EZConvert Pro MB982SPR-2S R1″.
This SATA SSD/HDD RAID Converter for two 2,5 ” Drives fits into the 3,5″ Slot and works without flaws in our UDM-Pro by combining two SSD’s to a RAID.
Cool, thanks for sharing!
My UDM Pro is in the mail and in about to do the exact same upgrade. My only question is, could I just take the hdd out of my cloud key gen 2+ and put it in the UDM Pro and have all my old footage?
Good question…I didn’t try that but it’s surely worth a try. Of course, there is a risk that the UDM Pro will reformat the drive and wipe out all of your footage :)
Thanks for the comparison. I just got into this UniFi gear and am considering replacing my gateway/fw with a unifi device. I was looking at both the USGpro4 and UDM pro and could really see many differences other than being able to use the video features of UDM pro. With the facts presented in your review/comparison I can see that the UDM pro clearly has much higher IDS/IPS throughput. I’d say it’s almost a different in a different class if you’re using that feature. Thank you for the info!
Hi Michael, thanks for the great article. I purchased a UDM Pro and was wondering if you are using your AT&T modem in bridge mode (between the UDM Pro and ISP).
The UDM Pro is going to replace a Cisco router that is connected directly to my FiOS ONT. The configuration is fairly simple – I configured the outbound port on the router to get an address from the FiOS DHCP server and set up NAT translation. Can I do this with the UDM Pro or will I need to use a FiOS router in bridge mode?
V/r
Tim
Hey Tim!
Since writing my UniFi reviews, we moved and I had to switch back to Comcast and I’m operating the cable modem in bridge mode. The AT&T router doesn’t support true bridge mode.
In your case, I see no reason why you couldn’t use the UDM Pro without the FiOS router.
I don’t have a UDM Pro (yet), but I use a USG-Pro on FiOS without the FiOS router. You need the router for initial connection or if you want to connect to your DVR remotely (have never got that to work without the FiOS router and just make do without it or VPN in). Keep it around for troubleshooting (since Verizon won’t support if it is not connected), but otherwise it does not need to be there as a bridge. I have Fiber to ONT, ONT Ethernet to USG-Pro and SFP fiber from USG-Pro to PoE switch on separate UPS’s for additional electrical isolation; SFP was inexpensive enough.
Hi Michael –
It seems like you’re pretty happy with the UDM Pro. I have been considering getting one to replace my USG, mostly for the improved IDS/IPS throughput so I can enable more IPS features without impacting the speed of my (gigabit) Internet connection.
Based on a review and a thread I read, it seemed like it was very buggy and effectively still in beta (as-of earlier this year). Have you experienced any of the trouble documented in the below posts? Perhaps for those of us with less advanced requirements it’s fairly stable?
Thanks!
Tchad
Hey Tchad!
I’m currently on firmware 1.7.2.2620 and haven’t experienced any major issues or limitations. But my use cases might be less advanced than some of those of other users. The only thing I’m missing is a more flexible VPN client config, but that’s about it.
So I guess whether or not the UDM Pro is a good fit for you depends on your specific requirements.
Hope that helps
Cheers,
Michael
A great article. The Unifi Security Gateway Pro is not a new device, I have had one for two years, its the big brother to the USG, another thing to bear in mind is that initially when IDS/IPS appeared the bandwidth was around 250Mbps, however with updates, I now get around 360Mbps with IPS and DPI on, (I’m on a cable modem 360/36 Mbps service, so it might actually have more bandwidth).
One last thing, you can upgrade the RAM on the USG Pro, I have 4GB in there as I had a redundant stick available.
Hi Mick,
the UDM Pro was in private beta (Early Access) for a while but wasn’t released to the public until 2020 as far as I know.
Just to clarify. This is a review of the UDM Pro, not the USG Pro.
Hey Michael,
How is the content filtering? I am planning to use this device with approx 8 Unifi AP’s for a Christian school, and just wondering how well the content filtering works, as they will want to block porn sites and possibly social media, etc. I know Unifi has not been great at CF in the past, so wondering if they have improved at all.
Rob
Hey Rob,
content filtering is still in Alpha stage and relatively rudimentary. Right now, you can block security issues, make the network family safe and block adult content – see https://www.dropbox.com/s/omhhxavhn7ihdpm/Screen%20Shot%202020-08-12%20at%2008.01.53.jpg?dl=0
You can also add your maintain a custom blacklist. So for what you’re trying to accomplish, it might be sufficient.
You could consider purchasing a Firewalla Gold for better CF, powerfull and very user friendly. Keep in mind that Firewalla is a very different product.
Regards…
Personally, I use sophos XG ( inline Bridge mode) on X86 Hardware for content filtering. Free for home use and maybe charity use. It is corporate class content filtering / antivirus for everything behind it. I personally don’t like the beta stuff from ubiquiti myself IMO. It also ensures that the unify gear is just used for what it is actually good at.
Great review and I am sold on the UDM Pro!
Hey Kevin,
So I currently have an XG 106 as well. How is your experience using the XG in bridge mode? I had tried this a while back with a USG 3p and could not get it to work so my usg has been gathering dust for the past year. I am thinking of changing over to the UDM pro to manage the network and then wanted to use my XG for lower level security – sandstorm, https decryption, detailed logging of urls, email scanning etc. the only reason I actually went with the 106 instead of free was for sandstorm.
Thanks,
Gary
Hi Mic,
How many AP can the UniFi Dream Machine Pro support .
I don’t know from the top of my head but I’ll find out and let you know!
Hey Godfred,
here is what I got from Ubiquiti:
Unfortunately, due to Covid 19 constraints – we had to push back our proper tests for upper limits of just UniFi networking devices.
However, can confirm UDM-Pro can handle 24 Protect Devices and 16 UniFi devices simultaneously. We plan on conducting more thorough tests as some restrictions lift.
I’ll update the blog post when I get updated results.
Do you know if Ubiquiti is considering Time Machine support for the internal hard disk? I’d love to decommission the Time Capsule I use today and currently have unused support for it in the Asus router I’m decommissioning (but not using). It seemed to be table stakes in other routers, did not know if it was here, as well.
Hi Timothy,
not that I’m aware of…
Cheers,
Michael
Hi Michael, Thanks for the review. I am now replacing my netgear router, for a Unifi network. I have like 30-40 wired devices, between computers, network streamers and IOT devices (using multiple 8 port switches). And I might have at any given time between 10-20 wireless devices. I just got 1Gig fiber connection from AT&T.
My only concern is on the USG, as it really seems under powered. The UDM-pro is too big for my and it wont fit in my network cabinet. Even though the UDM could be a solution my cabinet is metal and the built-in WIFI in the UDM would be completely lost. Is there anything better than the small USG, that has more horsepower, but a smaller footprint than the UDM-Pro??
Hi Roberto,
The UDM should easily be able to handle the number of devices you have. Even with the IDS/IDP throughput limited to 850Mbps, I doubt that would become a bottleneck.
But to answer your question, no I don’t think there is a more powerful appliance than the UDM that has a similar form factor.
Cheers,
Michael
I had to just say thank you very much for this breakdown.
I am looking at the Unifi line to introduce to customers (vs. the much more expensive Sonicwall routing solutions) and from what you’ve presented the only router they will need in most circumstances is the UDM Pro, and then I will build the switches and AP’s from there.
A huge help, thank you for taking the time!
Thanks for the feedback Joe, I appreciate it!
Hi Michael
Thank you for the great review
In my house in Norway I curently use a Amplifi HD mesh setup (5 units). I consider buying a dream machine pro for added security. What limitations in UDM Pro functionality can I expect using Amplifi access points in bridgemodus vs. replacing Amplifi HD with regular Ubiquiti access points? Thanks for any advice on this matter.
Hey Bjorn,
If you combine the AmpliFi nodes with the UDM Pro, you won’t be able to manage them via the UniFi controller or do anything that’s related to Wi-Fi. Everything else, including IDS/IDP/Firewall should work – but I haven’t tested it myself to confirm.
Cheers,
Michael
Are you using the UDM Pro with AT&T Fiber? If so were you able to set up the AT&T modem in bridge mode?
Hey Pete!
No, we moved in January and I don’t have AT&T fiber at the new location. I’m back with Comcast… :(
Hey Pete,
I have AT&T fiber and I am using UDM Pro behind the AT&T gateway. What you have to do is set the AT&T Internal network to a different IP address range in my case, I changed to 192.168.2.254 and the UDM Pro came up without any issues.
thanks,
Ken
Hola Michael,
I have to say I’m okay with the UDM-Pro. Ubiqiti needs to address a lot of issues when it comes to SPF+ connections. I use the WAN port 2 for access and they have yet to introduce or support iPV6. SPF+ port 11 is currently being used as an uplink to my switch and the experience has been less than good. So if anyone needs to use any of these SPF+ ports. Please do yourself a favor and research the firmwares and read the threads on the community board. This way you can set the right expectation. Hopefully the product can and will be polished up sooner rather than later. As I like the product and like their products.
Hey Carlos,
Thanks for the valuable feedback! I had some issues with SPF+ ports in the past (not on the UDM Pro) and never could make them work in tandem. Maybe those issues were related to what are describing. I have to dig into that again when I get a chance.
Do you have any specific links I should check out?
Cheers,
Michael
Hey Michael!
I’ve bought a UDM after reading your review and it’s a great machine.
I’m hitting a weird issue tho: my wi-fi printers don’t work well with it. Every time I have to print, I need to disconnect the printers from wi-fi, reconnect them and reinstall them on my Mac.
This is very weird and it never happened before with the previous router I had.
Do you happen to have any suggestion about this?
Hi Lorenzo,
Do you have multiple SSIDs or are all devices on a single Wi-Fi network?
I’ve had issues with my Wi-Fi printer and some light switches and solved it by enabled Multicast DNS (mDNS)
Let me know if that doesn’t work and I’ll dig through my config so see what else I changed.
Cheers,
Michael
Too bad Canadians are not allowed to enter the giveaway… :-(
Hey Gary,
if you were to win and pay for shipping, I’ll send it to ya :)
Cheers,
Michael