CHF380.–
Ubiquiti UniFi Dream Machine Pro
Product ratings
Pros
Cons
140 reviews
Top device, installation but buggy
Since two days in operation. Has replaced a USG Pro 4 and a Cloudkey version 1 with me. Replacement, because the Cloudkey has dived me several times with SD card damage, and because the Dream Machine Pro with max 30w in operation needs much less power than the USG Pro 4 + Cloudkey.
Installation was tricky - my UPC modem on the RJ45 WAN port was not recognized or internet connection could not be established. After a few hours of googling and trial & error, the whole thing was due to the wrong system time. SSH in, time updated and after two more reboots it worked :-) (should a layman come on it...)
Since then, most things work fine with software version 1.7 (the latest, at the time of this review). The only bug I've found so far is that individual countries can't be blocked via the graphical interface - that's currently only possible via the old settings.
I have a gigabit connection with UPC. I usually get around 900 mbit/s out of it. Even with IPS enabled, there is no drop in performance - I'm more than happy. We don't have a big house, but thanks to reinforced concrete it is difficult to cover - despite 4 APs, various managed switches, two Protect cameras, there is no noticeable drop in performance. Ubiquiti has really done a great job!Pro
- low power consumption
- fast performance
- comprehensive security features
Contra
- price in Switzerland
- installation
Do not buy. This has major weaknesses that mean it is not ready for real-world use.
This is, without doubt, the worst piece of networking equipment that Ubiquiti has ever produced.
Let's count the problems.
1. There is no physical power button, so if (rather, when) there is an issue, there is no way to reliably shut the device down without either yanking the power cable out the back, or performing a factory reset.
2. The WAN routing mechanism ALWAYS uses NAT, and it can't be changed. So forget using this with a second router unless you want the joy of double NAT (not good for certain devices, and generally not ideal for performance).
3. The device forces open REMOTE access management from the web. Yes, you read that correctly, the UDM Pro is so poorly coded that it has an open back door for hackers to come in and manage the device remotely. Sure, they might need to have obtained your UI.COM account details, but think on this... the Ubiquiti system is now a perfect honeypot for hackers because they know that if they can hack that, then they can gain access to any network which has a UDM on it. THIS IS POSSIBLY THE MOST STUPID THING THAT I HAVE COME ACROSS IN 30 YEARS OF WORKING WITH NETWORKS.
Not only that, the UnifiOS is very flaky and the implementation on the UDM Pro is, well, not good.
This is clearly (in June 2020) an alpha release, and perhaps in a year or so's time, when they Ubiquiti team have worked through all the bugs - especially in their thinking - then the product might be great.
But right now, it is a very expensive paperweight that you simply cannot risk adding to your network.
Do NOT buy.Contra
- Force the use of NAT, so can't be used as a second router.
- Remote management via UI Cloud is mandatory.
Well
The Dream Machine (hereafter: UDM-Pro) replaces an EdgeRouter for me. Unfortunately, it supports only a fraction of the functions of the much cheaper EdgeRouter:
* For init7 IPTV it needs the IGMP proxy for multicast. With the EdgeRouter, this was configured with a few lines. On the UDM-Pro I can't even run the IGMP proxy manually because the Linux kernel was compiled without multicast support.
* init7 assigns me a /48-IPv6 subnet. With the EdgeRouter I could partition this as I wished (into 65536 /64 subnets). The UDM-Pro, on the other hand, uses the :0: subnet (i.e. /48 subnet + :0: = /64 subnet) for all VLANs on which I turn on IPv6.
* Speaking of IPv6: UDM-Pro enables DHCPv6 by default even though I don't need it at all, SLAAC + Router Advertisements with prefix would suffice.
* With the EdgeRouter you could easily set up an OpenVPN server. The UDM-Pro only supports L2TP.
I contacted Ubiquiti about these shortcomings and was advised to open a feature request. However, surfing through the Feature Requests opened so far, one cannot get rid of the feeling of an abandoned tomb.
I think I should have taken this: https://www.digitec.ch/de/product/mikrotik-ccr1009-7g-1c-1spc-router-6079505Pro
- Nice GUI
- Setup problem-free
Contra
- Many of the features (e.g. Threat Management) are Beta
- No IGMP proxy
- IPv6 support poor
- VPN server supports only one protocol
- Firewall rules relatively confusing to configure
Hardware ok, software could be improved
The switch from Cloud Key to Dream Machine Pro went smoothly for me.
I made a backup in the Cloud Key, connected the Dream Machine to the internet, made a firmware update, logged in to Ubiquiti and installed Backuf. All devices and conf. were transferred to me.
IPS with 1Gbit/s works for me without any problems. Even then, the fan remains nice and quiet.
However, the controller software for the Dream Machine is not so good.
- There is no link aggregation function for the 8 Giga LAN ports.
- WAN and WAN2 with fail over function cannot be selected. (WAN is 1Gbit/s copper and WAN2 is 10Gibi/s fibre) So Fail Over works when 1Gibi/s WAN fails on the 10Gibi/s WAN2 port which makes no sense. I have not found a function in the settings to change this.
I hope that improvements will be made here.Pro
- Power
- Noise
Contra
- Software/Configuration
Great router with many setting options that is constantly being improved
It took me a long time to set it up because there were supposedly still problems with the WAN SFP+ port during the initial setup (this was fixed with the new firmware). I use a static IP address 192.168.2.2 (the default gateway of the UDM Pro is 192.168.1.1). My UDM Pro is behind an Internetbox 3 from Swisscom (192.168.2.1). DMZ was set up on the Internetbox 3 for the UDM-Pro.
Info: If you want to use the SFP+ WAN port as the primary WAN port, you must configure WAN2 in the settings.
For setup, you also have the option of downloading the UniFi App and connecting to the UDM-Pro via Bluetooth. This works without any problems. Overall, I'm satisfied because I know that Ubiquiti/UniFi are working on the current problems and further settings.
My goal was to run the 2.5 Gbit/s Ethernet port of the Internetbox 3 with the SFP+ WAN port and the UF-RJ45-10G module (Ethernet). Unfortunately, UniFi Support wrote me that this was not possible:
'The UF-RJ45-10G module is backwards compatible (10G/1G), but it is the limitation of the UDM Pro WAN SFP+ port. This is hard coded with 10G. This means that if you don't have a 10 Gbit/s Ethernet connection, you have to use the 1G module UF-RJ45-1G. I don't know if this will ever be changed.
I have now solved the problem by setting up a Netgear MS510TX switch between the two routers. This has multi-gigabit ports, i.e. there is a 2.5 Gbit/s connection between the Internetbox 3 and the switch and a 10 Gbit/s connection between the UDM-Pro and the switch. To keep the Netgear MS510TX switch quiet, I replaced the standard fan with a Noctua NF-A4x20 PWM fan.Pro
- Many setting options
- UniFi App for Bluetooth Setup
- is constantly being expanded with functions and setting options
- In contrast to the USG-Pro4, much quieter when the fans are running at full speed.
- UniFi Support usually writes back quickly
Contra
- Swisscom Internetbox3 2.5 Gbit/s Ethernet connection with UF-RJ45-10G module does not work
- UF-RJ45-10G module not backward compatible as the WAN2 SFP+ 10G is encoded
Solofi instead of Unifi
Ubiquiti brought a successful concept to the market with Unifi, which they are now backing out of: The UDMP can NOT be integrated into a multisite, nor can it act as a controller for other gateways! UBNT confirms this in their community. The UDMP is designed as a gateway for an isolated site. All the benefits like multi-site administration, site-to-site VPN, etc. are moot. No wonder, since UNMS has been rolled out and the edge line has been renewed, there needs to be greater market differentiation between the lines of business. And so Unifi is becoming more and more consumer grade.
Other features speak to this observation, like the 1Gb backplane on the switch (all but the first HW recision) or the elimination of many per-level settings in the configuration. Or the compulsion to use Ubiquiti hardware for cameras and VOIP (GitHub has first hub scripts that allow 3rd party integration!).
In the (very) small office with one location, or for the home user with a little more sophistication and a desire to hang a few overpriced cameras, the UDMP is suitable. All larger ventures should seriously look at alternatives.Contra
- Single site only!
- Cannot be used as a controller for other gateways
- Only 1GB/s backplane on the switch!
- No LAG on the switch (now possible!)
- Walled-Garden, only UBNT products with Protect/VoIP usable
- New user interface has very limited configuration possibilities
6 out of 140 reviews
How do ratings
work?