Everything Wrong with the UDM-Pro (2024)
Vložit
- čas přidán 11. 07. 2024
- In this video, I "review" the UDM-Pro from the perspective of an advanced networking need. Brace yourself, because it sounds like I'm not too fond of this device and I slam a lot of its most useful features. In reality, I still use it as my primary gateway and it works very well. It just isn't the same cost-to-feature ratio as other Ubiquiti offerings.
Timestamps:
Intro: 00:00
Confusing Firewall Rules: 02:33
NAT Configuration: 06:05
VPN Woes: 08:08
Wireguard Client Woes: 19:30
SNMP: 27:06
OSPF: 29:30
Security Services & Logging: 35:53
Multi-Site Management: 41:35
AD Block & Threat Reporting: 43:07
GEO-IP Filtering Logs: 47:21
Shadow Mode: 54:40
General "Unifi" Miscommunications: 57:40
SSH Access: 58:45
Subjective Frequent Outages....:1:00:13
Outro: 1:01:23
as a UDM owner, I pray Ubiquiti watches this
Quite the vid, thank you. I loved my abandoned ER4, even when they borked the kernel update so bad.
I'm so done with Unifi stuff, their software quality is on par with Microsoft, meaning we are all the alpha/beta testers for broken software stacks.
I just run a Fortigate at home now, it actually works, as long as you don't do any client VPNs with it, as they too can't seem to do that properly.
Enshitification is REAL out there.
This is excellent feedback for Ubiquiti. I agree the advanced firewall rules are somewhat ambiguous in how one might interpret them.
If you use IPv6 then you don't need to worry about NAT between overlapping subnets :)
Excellent review Toasty I hope Unifi listens to your comments! I use the UDM Pro in a business environment with about 100 connected devices because it's almost plug and play, decent GUI, no annual license, reasonably good IPS and IDS, Wireguard VPN for cell phones and automatic Internet failover and the price point makes is affordable for SMEs.
Why did you create all the firewall rules to prevent your VLAN's from talking to each other instead of using the "Isolate Network" checkbox under each network? Is there an advantage to creating your own rules vs. using the checkbox to enable the unifi predefined rules?
@Toasty, I'm currently running dual Edgerouter4's in a VRRP configuration.
I am considering moving to something else that is similar in functionality and technicality, not necessarily retaining a VRRP config, but I don't want to go to any of the UDM lines like the Pro, SE, Pro Max, etc for the reasons you've pointed out in this video, but also because I feel that these devices, especially the Pro, are still too buggy in their reliability for my liking.
What would you recommend?
Personally, (as I mentioned in the video) I just retained my existing ER4 to take care of everything the UDM doesn't support. However, if I were to consolidate and move to something different, I would probably gravitate towards Pfsense/Opnsense. I've worked with these in the past, and they appear to support most of the features I would want.
Another option I considered is an Edgerouter that supports 10Gb with a separate box running Pfsense in line mode (or whatever it's called... where it's just a pass-thru for threat detection). However, the cost of both is probably about the same as a higher-end standalone Pfsense box.
If price wasn't a consideration... I'd probably consider a beefy SonicWall, but that's mostly because I'm familiar with the platform. It is cost-prohibitive in a home environment, though.
I’m only a little bit into this video that came out 13days ago but i just recently had a big UniFi OS 4.0.6 update so curious if you’d had a chance to look through that
I saw “Added SNMP support” at least in their list
Anyways maybe you can make a followup vid if you check it out and see some improvements
I have to agree with this video. Currently I prefer to use Palo Alto which gives you all the granular configuration options and I understand Palo Alto cost way more but they should consider a higher end enterprise solution. Also, Im confused how the UDM process firewall rules. if I deny a particular traffic lets say all DNS traffic and then allow DNS to and from a specific DNS server and pace that rule at the top of the deny all DNS it doesn't work. Thenn some of those apps and app groups don't work correctly ll the time.
And, although you only uploaded this 2 hours ago, the tabs and interface is different 🙂
Yeah... I'm going to have to do an update. I recorded this a couple months ago right before the new update came out. You're right, they did fix one of my main complaints in the security tab along with some updates to other things.
The network mapping on Unifi sucks. It just doesn't update entries as far as I can tell. Adding a switch and moving devices doesn't seem to actually change the map. Even on a simple Network it will occasionally confuse wired and wireless devices.
Maybe you should have updated to 8.2.93 before uploading this video as there is a lot of improvement in the security tab
Yes, you are not using the latest available version, missing quite a few new features....please redo this vidoe after that update, it would be interesting to see your input after that.
If you have so many complaints, why do you use it? for many people this is a great system for normal home use
It's still a great system and the price/performance makes sense. I'm just a nerd with unrealistic expectations...
My first firewall vendor is Fortinet. Guess I got luck out😂
I use both Fortinet and Unifi since 10 years and they are different but its all about the usecase.