Unifi Dream Machine Pro
What Is the Unifi Dream Machine Pro?
Put simply the Unifi Dream Machine Pro (UDM-Pro) is a gateway/router that connects your home network to the greater Internet.
UDM-Pro comes in a 1RU form factor case so it can be rack mounted. This device is a router and more. It is indeed a feature rich dream machine.
The purpose of the gateway is to route network across different networks. In other words, the gateway is responsible for handling communications with devices inside your home (Local Area Network, or LAN) to and from the greater internet (Wide Area Network, or WAN).
The Internet is the wild west and is full of threats (virus, trojans, and so on), dangerous agents that will try their best to get inside your LAN. This is where the security part comes in. A security gateway will scan the network traffic for malicious activity and either alert you (Intrusion Detection System, or IDS), or block it (Intrusion Prevention System, or IPS). IDS/IPS is done by a software called Suricata. This is also the same security system used in pfSense and Untangle.
Other security features include a VPN client/server (this allows you create a private network between your LAN and a different LAN across the Internet - say your friend’s home network, or even your work network). You can also use this VPN to connect back to your LAN from the Internet.
The final feature of a security gateway is called Deep Packet Inspection (DPI). The security gateway will peek into all the traffic that passes through it, and can decide what to do with it. DPI is a useful tool for application security. For example you can block access to sites like PornHub or even YouTube.
You can also block traffic by countries. This is called Geo-blocking. For example you can set a rule that blocks all Internet traffic to and from China. Alternatively you can set it such that a server in a hostile country can communicate with your LAN devices, if and only if your local LAN device initiates contact first.
All these security processing will require a fair amount of CPU processing. The UDM-Pro has a 10Gbps WAN connection, apparently with every security feature turned on, it can still forward traffic at a blistering 3.5 Gbps. Now that is impressive indeed! Alas this is not something I can verify with my fraudband FTTN connection.
The UDM-Pro comes with 8 LAN Gigabit Ethernet ports, 1 SFP+ LAN port, 1 WAN Gigabit Ethernet port and 1 SFP+ WAN port. This gives you a lot of options in terms of connectivity.
For example on the gateway side - you can setup two WAN connections, for example you can setup a wired on WAN1, and 5G wireless on WAN2. This is all nice in theory but the controller software is severely limiting the things you can do (more on this later.
The 8 LAN port is a nice touch, and this gives me 3 additional ports when compared to my old DIY Untangle/pfSense router. Note the picture above saying this is a Layer 2 (L2) switch. Meaning if you setup a different subnet in this ports, they have to go through the gateway first (so the maximum 3.5 Gbps throughput will apply). Consider this bottleneck when you are connecting the SFP+ LAN port and want to route traffic between that and these 8 ports.
[Update 08 July 2020] Data transfer between the 8 wire ports is capped at 1 Gbps! See the conclusion for more information.
Unifi Protect apparently is a new software for their security camera products. I do not have any Unifi cameras yet to test this feature yet so stay tuned for a future article on this.
Two rails of power is important in the enterprise market. The Unifi is offering a somewhat out of the box solution here. You can buy an additional power unit to offer redundancy power. I’m not sure I like this solution to be honest. I prefer the standard solution of a choice between 1 or 2 hot-plug PSUs.
Refer to the UI product page for UDM-Pro for more details on this product (including hardware spefcifications).
This video sums up the flaws of UDM-Pro. It’s really only good for very small businesses, or the home.