Is Unifi actually any good??? - UDM Pro Upgrade

Поділитися
Вставка
  • Опубліковано 24 гру 2024

КОМЕНТАРІ • 333

  • @parl-88
    @parl-88 Рік тому +292

    Hey Unifi, LISTEN TO THIS MAN, he is actually making sense and taking the time to help you IMPROVE your product! Raid Owl, thanks for your effort. Cheers!

    • @kristopherleslie8343
      @kristopherleslie8343 Рік тому +1

      It’s plenty of folks doing that. Remember ubnt is Apple 🍎 like

    • @NatesRandomVideo
      @NatesRandomVideo 10 місяців тому

      They don’t care.

    • @MH-kc5jr
      @MH-kc5jr 6 місяців тому +1

      You could say, he is acually making PfSense

  • @LAWRENCESYSTEMS
    @LAWRENCESYSTEMS Рік тому +132

    UNIFI PLZ! They are finally getting the VPN features more like other firewall but how they did those firewall rules is just a mess!

    • @RaidOwl
      @RaidOwl  Рік тому +41

      You hear that Unifi? THE Tom Lawrence agrees with me...so fix it!

    • @mr_______x
      @mr_______x Рік тому

      Also, please add multiple PPPoE as you have on EdgeRouter.

    • @steelfalconx2000
      @steelfalconx2000 Рік тому +3

      I just want to be in this conversation. So yeah UNIFI FIX IT!!

    • @kristopherleslie8343
      @kristopherleslie8343 Рік тому +2

      I’d like to add to the tally 😅

    • @sekritskworl-sekrit_studios
      @sekritskworl-sekrit_studios Рік тому

      I'm a nobody who is way late to this conversation... BUT I AM circling back to considering your products after getting TOTALLY HOSED after buying your initial black tough router, camera, and WAP.... (of which, ONLY the WAP was worthwhile.... for a while).
      Soooooo, if Tom's saying fix it.... "FIX IT!!!"
      ...That stated, Raid Owl made AWESOME points, so they need to be resolved as well.

  • @kc9nyy
    @kc9nyy Рік тому +41

    Glad to see someone finally call out the dhcp & dns limitations.

  • @MactelecomNetworks
    @MactelecomNetworks Рік тому +58

    Great overview. The port thing is a little annoying in the firewall rule. I always just add it to the description

    • @RaidOwl
      @RaidOwl  Рік тому +36

      There he is, our Unifi Jesus ❤️

    • @MactelecomNetworks
      @MactelecomNetworks Рік тому +13

      @@RaidOwl 😂

    • @JimtheITguy
      @JimtheITguy Рік тому +2

      He is the Messiah@@RaidOwl

    • @JMTosses
      @JMTosses Рік тому +1

      Yup - put it into the name or description. Ain't pretty but at least it's readable. Takes some discipline to change the description whenever a port is added or removed. Also doesn't work when following the paradigm to have important settings only changed in one place. But until UniFi fixes the interface ... it's probably the best workaround.

  • @bentownsend1872
    @bentownsend1872 Рік тому +56

    2:00 Instead of moving the devices one by one, there is an option to do a site migration to move them all over at once seamlessly.

  • @Kiwi0Six
    @Kiwi0Six Рік тому +12

    UniFi PLEASE
    Thanks for the review. I’ve been on UDM for a almost 2 years now. Love the ecosystem! I have been slowly migrating to Protect from a hodgepodge of cameras and love being able to see everything in one place. I have been frustrated by some of the things you mentioned but my network is not yet as complex as yours - so I have a heads up on things to come. There have been massive improvements during my time on the system so I have hope that many of the gripes will be addressed.
    On Protect, it is nice but pricey and is missing some features of my previous setup.
    Keep on milking the vids for us 😂

  • @MrJmannik
    @MrJmannik Рік тому +5

    I love this video because you didn't love or hate Unifi.
    For me I love my UDM Pro because it does what I need, how I would like for it to be done.
    I don't have a lot of firewall rules, vlans etc. I have a few vlans, I have multiple external IP addresses (which weren't supported when I first got my UDM Pro), and have a few basic port forwarding rules.
    I moved from a PFSense box to the UDM Pro because I didn't want to work on firewalls after spending all day working on firewalls.
    I wanted something that was nice and easy to manage that did what I needed it to do, the UDM Pro ticked those boxes for me.
    Having said the above, I don't recommend the UDM Pro/SE to everyone, its about the needs/wants vs the capabilities of each router option.

  • @JordanKarim
    @JordanKarim 4 місяці тому

    4:50 what a clean little visual transition!
    Big fan of the channel (new discovery for me!) and information presentation skills

  • @unpass
    @unpass Рік тому +14

    100% agree with the awful firewalling UX. I had to make a DMZ with a UDM Pro and absolutely struggled.

  • @itsmrpaddy
    @itsmrpaddy Рік тому +26

    Installed a UDM-SE last year, and I agree with you on the firewall rules part (I forgot what I did with DNS). I managed a lot of different brands of firewalls in my job, so I'm used to configuring firewall rules ... But seeing this GUI, confused me. They should up their game in certain aspects, and it'd be even nicer to use.

  • @captainhitz
    @captainhitz Рік тому +2

    100 percent. I work for a very large tech company that may have wanted to do a hardware partnership perhaps but dang the firewall section coupled with the QoS settings and how there devices do NOT allow you to properly configure Dante/NDI traffic....
    Unifi has sooooo much potential and could literally softball so easy wins into there platform but who knows.
    Anyway great video sir. You gained a new follower.

  • @Mikeee503
    @Mikeee503 Рік тому +12

    I was running a full TP-Link Omada setup, which is basically a Unifi clone at half the price and in some cases I found more stable. The firewall was great to have in a single interface VS using OPNsense and then everything else controlled in Omada. But, they have the same weird static IP, DNS, firewall rules, and VPN issues. Used it for 4 months and then I donated the firewall to local small business and went back to OPNsense. Only thing I changed this time around was to virtualize OPNsense VS bare metal like my original setup since part of the reason I tried to switch was also saving electricity by eliminating a few hundred watt space heater in my collection.

  • @majedallogman
    @majedallogman Місяць тому

    I purchased a Unifi gateway, and this is the fourth time I'm giving it a try. I love pfSense, but my latest firewall is Sophos, which is also very good. With Unifi, I often feel like I'm not smart enough to operate their firewall. But you're video explain alot of explanation. Thank you ❤

  • @LuisAndySerrano
    @LuisAndySerrano Рік тому +3

    Please Unifi listen. The firewall is the exact reason why I didn't pull the trigger when I put it in my shopping cart. I ended up only getting AP's. Don't have a large network but I do have a home lab.

  • @FTLN
    @FTLN Рік тому +7

    UNIFI does not support IPv6 through its eco system, for example a UDM PRO and down stream we have UNIFI L3 switch, you can only do Layer 3 routing between the UDM PRO and UNIFI switch using IPv4. We are in 2023 and any product family which cannot route IPv6 is a big NO NO NO. When Unifi arrives in the 21st century, maybe I will give their products a try.

  • @PowerUsr1
    @PowerUsr1 Рік тому +6

    You did a really good job breaking down the pros and cons. Outside my job as a network engineer I like to keep my home simple-ish. I run pfsense with UniFi APs and switching. I did consider a USG recently but holy shit you broke it down as to why I don’t want to do it. I got firewall rules, 6 vlans, IPsec to my OCI instances all running bgp. Did I say simple? Moving to a USG would eliminate my routing, my VPN option. Too much work making that transition. Juice not worth the squeeze. Great video.
    But cmon…you could’ve self hosted that controller without a cloud key 😂

    • @RaidOwl
      @RaidOwl  Рік тому +3

      Haha yeah def but I’m a sucker for dedicated controller hardware 🙃

    • @stultuses
      @stultuses Рік тому +4

      @@RaidOwl
      Absolutely, being in total control of your own hardware is important
      Too many examples out there of companies doing rug-pulls on it's users, either through product retirement or government pressure (yes, tin-hat conspiracy material)

  • @ZRubidium
    @ZRubidium Рік тому +4

    I do agree that it's definitely a great product for those that do want the simple solution. I use it for my family and my networks while I'm moving around a lot (in the Navy) so it's easy to use. When I eventually retire and have a more permanent home I might buy something more "technical"' ; but for now it's very user friendly when at the end of the day I want it to just work.

  • @J0ermungand
    @J0ermungand Рік тому +2

    Upvoting this video, because unifying Unifi haters and fans alike should award you with the nobel peace price.

  • @jonathan.sullivan
    @jonathan.sullivan Рік тому +9

    "Holy Shit the Firewall Rules..." Had me 😂💀😂💀

  • @Jamesmtz0920
    @Jamesmtz0920 Рік тому +4

    I had the same WAN setup, ATT fiber as primary and Xfinity as my backup. Fiber is more reliable than cable so I ditched Xfinity and went with T-Mobile Home internet. I figured a 5G backup made more sense, since cable would be more likely to go out than fiber. Just my thinking. My TMHI isn't bad. I get roughly 180 down 20 up. Enough for a backup internet plan and it's $30/month.

  • @michaelrichardson8467
    @michaelrichardson8467 Рік тому +2

    You could've done a backup of the "site" from the cloud key and restored it during the setup of the UDM PRO

  • @NightHawkATL
    @NightHawkATL Рік тому +6

    Welcome to the world of SDN! The hardware is fully capable of doing all you want but the software is limiting it. I just shut down the last of my SDN (Meraki) even though I still had 2 years licensing left. SDN is great for those that want something easy and don't want pfSense or OPNSense. I don't mind the quirks of pfSense and a managed non-cloud switch. It lets me know i own my data and traffic info and don't have to do stupid stuff to block prying eyes. Doing the setup for firewalls and port forwarding and DHCP reservations is just part for the course because they 2ant you to use the easy way of just not doing it.

  • @drkavnger99
    @drkavnger99 Рік тому +2

    I just migrated cloud key to udm pro se last week. It's possible and easy once you find where to upload the backup.

    • @RaidOwl
      @RaidOwl  Рік тому +1

      Glad that’s actually an option!

    • @drkavnger99
      @drkavnger99 Рік тому +1

      @RaidOwl issue is it's a convoluted mess to figure out for the non-initiated. I also had the benefit of upgrading from a usg so I moved firewall rules as well. Overall good video and a good presentation on the good bad and ugly.

  • @R00F_K0REAN
    @R00F_K0REAN 4 місяці тому +1

    The ship rolling across the screen at 06:28 absolutely killed me

  • @npoitevin
    @npoitevin Рік тому +4

    Good content as usual, keep up the efforts

  • @driver288
    @driver288 Рік тому +2

    We actually deploy UniFi gateways for customers that predominantly use cloud services and infrastructure and as such don’t publish internal resources or only a few of them since they are so set and forget. And should you change or update something we can manage them remotely. It’s also convenient to manage everything in one place including security cameras. When customers need more complex setups in their gateways we use other more granular products.

  • @guy_autordie
    @guy_autordie Рік тому +1

    Before 2:30, the migration:
    The newer controler should have an option to "auto" (with or without authentification) transfert the network configuration and control of the infrastructure. (Home use, without; business, with). The user should have to go to any of the infrastructure devices.
    Maybe we should get some "Bonjour" protocol, the one apple use (used?) to connect and control the network devices.
    As Todd howard said "it just works", and yes it just works.

  • @chrismallia29
    @chrismallia29 Рік тому +2

    Agree with you on the DNS really need it.

  • @ValexNihilist
    @ValexNihilist 10 місяців тому

    I just got a UDM SE and I absolutely LOVE it. But yea the UX for setting up the few basic firewall rules I wanted for house was a nightmare. Thank god once it's set up you don't really have to mess with it again.

  • @krisclem8290
    @krisclem8290 Рік тому +1

    The firewall system would bother me too. I might just say screw it and put the UDM behind a dedicated appliance if it was supported.

  • @wodn184fn8
    @wodn184fn8 Рік тому +2

    im planning to buy a udm for my home lab and i really dont play a lot with firewall rules, only blocking some vlans from not accessing my main network so ideally i think udm is a good choice for me. also the 7.5 update i think it changes a lot in firewall rules but i dont have a udm yet so i cant say more.

    • @RaidOwl
      @RaidOwl  Рік тому +3

      Yeah my final thoughts were just that, if you’re not running a huge network or need the firewall rules at all…it’s awesome.

  • @Samwarren1982
    @Samwarren1982 11 місяців тому

    agree. I’ve deployed 6 different Unifi systems and supported 2 large scale systems. While neither admittedly had any firewall rules, the only thing I really love about unifi vs. other systems is the price and availability. The other pieces you listed as positives I agree with completely. My biggest issue lately is the software updates that break the communication between ubiquiti devices that have been steady for months and months.

  • @dubas1974
    @dubas1974 Рік тому

    lol. I just did the exact opposite. I've been on UDM pro and Unify ecosystem for years and just switched to Pfsense for my firewall. I still use unifi switches, access points and for cameras but no longer use the UDM Pro for firewall and so glad I switched.

  • @hendogg02
    @hendogg02 Рік тому

    Completely agree about the firewall. I too fun pfSense at home and Unifi for my church. Yes, Unifi please make it better.

  • @krzychaczu
    @krzychaczu 11 місяців тому +1

    Thank you for sharing your experience with it! 👍

  • @PigMan9080
    @PigMan9080 5 місяців тому

    CK to migration UDM only requires you to set the UDM with the CK restore, set the UDM to the same IP as the CK. Unplug the CK and all the device will provision to the UDMP. I’ve done this myself and works

  • @JackSprattt
    @JackSprattt Рік тому

    You can move them from the cloud key gen 2 pro to the udm pro, I had to do this at work from a cloud hosted unifi appliance to a cloud key gen 2 pro, the option is kinda hidden, but it's there and it works as long as both unifi network appliances are online and on the same unifi account. Took about 5 minutes to transfer everything then reboot and adopt the devices.

  • @rickorwig986
    @rickorwig986 11 місяців тому

    Interesting video. I’m a retired IT guy and I’ve been expanding my home network equipment to include Pfsense, Unifi access points and recently moved to using their 2nd generation cloud key where I was using a raspberry pi with unifi’s management software installed. I also have several vlans configured to separate my IOT devices, guest devices, etc. When my Pfsense device dies or needs upgrading I’ll be deciding on whether it makes sense to move to a UDM Pro instead or not. I’m enough of a geek to not mind tinkering in Pfsense but it would be nice to live in just one ecosystem. Ah, decisions. 😂 Thanks for the video and giving me food for thought.

  • @HardcoreNacho
    @HardcoreNacho 10 місяців тому

    I agree it could be easier. I was asked to help my church with their network which has Unifi. I figured out everything from the app or web gui myself just by clicking on the options. Very easy to use. I’ll be moving to Unifi for the ids/idp as nothing else out there has such easy implementation of the feature.
    Just wish this had the ability to run adguard on it.

  • @jonathanmayor3942
    @jonathanmayor3942 Рік тому +5

    YOU FUCKING NAILED IT ! Unifi is good for the ecosystem, wifi protect, access, etc but thoses firewall rule + VPN stuff is BAD, so now I'll maybe switch the dream machine for dual PFsense firewall with 10g and beefy CPU that could handle the 10G protection as I'm getting 10g at home

  • @scoty_does
    @scoty_does 7 місяців тому

    Lapsed unifi user here thinking about coming back for VLAN deployment. Watching your video's reminded me of why i left. Thanks for saving me some money!

  • @scottjarriel6761
    @scottjarriel6761 Рік тому

    I would love to see a way to direct a specific VLAN out through a specific WAN port. Haven't seen a way to do that yet.

    • @kht-admin
      @kht-admin Рік тому

      Under the Network config. Internet Source IP lets select the WAN interface and IP the VLAN uses.

  • @Crobisaur
    @Crobisaur Рік тому

    This is exactly why I didn't go with the UDM, not only that the port forwarding is trash, but you can't even set up an external firewall with the UDM, you either use the UDM and all its goodies or you don't. I ended up going with an edgerouter 4 as my router/firewall and it's worked pretty well but that was only because my pfsense box was a dell optiplex from 2008 and consumed too much power for my liking.

  • @AM-nm1oe
    @AM-nm1oe 11 місяців тому

    you can plugin a unifi poe adapter directly to an AP then hit the reset button on the poe adapter

  • @robc0704
    @robc0704 Рік тому +2

    Good synopsis. 2 years ago I would have said no to their Gateway products. Now though after having using many firewalls (PFSense and OPNSense included) I would say they can finally compete at that level. Though yes more interface work is needed. I also like the way they have separated out OPENVPN and Wireguard VPN's. Traditional Site to Site is a totally separate animal for creating links to traditional firewalls. The DNS request would be a nice feature add.

  • @Drkayb
    @Drkayb Рік тому +4

    Good video, mate. If "forgetting" devices isn't enough, you could SSH into them and run "set-default Factory Reset". Should pop up for adoption after a while.

  • @ASM1981
    @ASM1981 Рік тому +1

    Great job on pointing out the pros and cons of using Unifi vs pfSense but I have to add some more to the list, first, I used both systems, but ended up going to pfSense every time although I still have the UDM SE and I love it but, first thing to add to what Unifi lacks is the ability to add a FQDN as FW alias making it very hard to keep track of a website address if the IP addresses will change such as a notification service for a surveillance camera system whereas in pfSense, it is as simple as just adding the FQDN of the notification server and never worry about it again.
    The other thing is the ability to work on FW rules as a bulk copying multiple ones especially from interface to another just like on pfSense for instance, unable to set a DNS server for an individual client different from other clients on the network, bandwidth proper and detailed QoS as in pfSense, but I still like Unifi even with all those cons and thanks again for the video!

  • @wilsmith7173
    @wilsmith7173 Рік тому +1

    finally you have come on over to the dark side. but seriously I love my Unifi setup, it just keeps growing and I have no complaints. started with basic networking and then added a access point and later a nano. just grew from that.

    • @RaidOwl
      @RaidOwl  Рік тому +1

      Yeah I like mine too, but nothing is safe from criticism ;)

  • @informationtechnologysymph461
    @informationtechnologysymph461 Рік тому +1

    This is what really stops me from replacing PFsense with Unifi, I think I'm gonna stick with the PFsense for what matters, and Unifi for switching and wireless stuff.

  • @TheDmankl
    @TheDmankl 11 місяців тому

    I completely agree with the points you make here and would love them to completely redesign their DHCP/DNS and firewall/traffic sections. It would also be nice for consistency across the board.... Its like if apple and microsoft designed something .. looks great but you have to have several different implementations to get what others have out of the box ... But I do love unifi ... just would like for them to figure themselves out.

  • @evelbsstudio
    @evelbsstudio Рік тому

    I like the port grouping, I have alot of servers and labelled all the ports that reference a server is easy.
    I like that.

  • @jejsun
    @jejsun Рік тому

    Interesting topic, you did exactly the thing I´m thinking about, thank you for the opinions and information!

  • @Mokaphyyr
    @Mokaphyyr Рік тому

    Find this fun to watch as the TP-Link videos are why I switched my goals to go the TP-Link route. I have one Unifi NanoHD AP, but when I get enough money, I want to swap it out. TP-Link appears to me to be better budget-friendly for my family.

  • @rickendude
    @rickendude 10 місяців тому

    I migrated to UDMP from a regular controller by backing up and restoring during the wizard phase. But even starting fresh doesn't mean you have to physically reset all units... When you "forget" a unit from the old controller you reset it and it's waiting to be adopted. Looking at the rest of the video now but this was a very weird thing to do tbh...

  • @TheZonga
    @TheZonga Рік тому

    OMG I THOUGHT I WAS GOING INSANE thank you for making this video

  • @Moonwired
    @Moonwired 10 місяців тому

    I had auto update turned on for a network i was managing for a small client, it kept randomly breaking access points. I had to manually reset them and re-adopt them a lot. It was slowly driving me nuts. Completely disabled auto update. I now update manually when i’m on site so if something breaks I can be there to fix it. I like unify for home stuff and small businesses, but my god is it a nightmare sometimes when you have to upscale it.

  • @driver288
    @driver288 11 місяців тому

    Hi! I’m in the Pro UniFi camp for the most part. I do get that some implementations in UniFi are a bit backwards. I love the ecosystem. UniFi is like the Apple of networking now when Apple isn’t making that kind of stuff anymore. Also traffic management is pretty straight forward to use if you use the apps feature. You don’t even need to know a thing of ports of tcp/duo to block since that’s all taken care of for a pretty decent selection of apps and services. Also built in network protections like dark net protection and honey pots paired with deep active packet inspection with great throughput is really good.
    We deploy UniFi to customers of different sizes but mostly small to medium sized with just a few of no public services hosted on the inside. Most of our customers leverage the cloud and have fewer and fewer reasons for using VPNs now, or hosting services on-prem. Protect is great and also hosting multiple network customers in one controller.

  • @Overlanding
    @Overlanding 6 місяців тому

    Last time I upgraded my router I decided against the UDM and built an opnsense box because back then Unify was a privacy nightmare with devices constantly phoning home and sending logs. The pro max seems like a great device, especially the 5Gbit IPS is great for the price.
    I was wondering if Ubiquiti has finally seized to spy on its customers or at least given them a proper mechanism to opt out, or if they still collect everything you do *anoymized*?

  • @MalachiMarvin
    @MalachiMarvin 10 місяців тому

    10:52 isn't 'Limited' what you want there?
    (regarding limiting port-forwarding to specific source IP-addresses)

  • @The113End
    @The113End Рік тому

    I've been searching everywhere and youve finally answered the port forwarding and reverse proxy questions I've had.
    Its preventing me from switching over. I have the UDM just sitting there.
    Unifi plz

  • @caseypries7559
    @caseypries7559 10 місяців тому

    I agree about the firewall. I've been using unifi for a while and the firewall is just a pain in the ass. Why it's not more like the windows firewall, which to me is intuitive, is beyond me.

  • @valin0r
    @valin0r Рік тому

    For the portforwarding part (and that you have to open it to the world). It's possible to secure it. Place an internet allow rule (for the IP-addresses you want to allow) and place internet in drop rule after it. I know, it's not great but it works if you place the allow and the drop above the grey out port forwarding rule.
    For the most part, I gree, the UI from the firewall rules sux pretty bad.

  • @awdtw
    @awdtw Рік тому

    The Unifi upgrade drama's were big enough for our business to stop deploying the brands products to any of our clients and we just completed the last switchout to cisco again. Stuff costs us a fortune for original outlay but it just works, and works and work...

  • @izbit8736
    @izbit8736 Рік тому +1

    11:25 This rule doesn't do what you think it does. It will only do anything for traffic entering pfSense on the LAN3 interface, and that means it likely does nothing except for requests from LAN3 net to route to LAN3 net, essentially to it's own network (which if network local direct traffic isn't blocked everywhere, would instead just be point to point without going through the firewall). For example a device connecting to LAN2 will essentially only check rules on LAN2 when entering pfSense (exception to this are floating rules), and traffic will not check again any rules on the interface where it is exiting (i.e. it bypasses any rules on LAN3).

  • @peterwan816
    @peterwan816 5 місяців тому

    im planning on the exact same upgrade. looking forward to the contents. I really wanted to know the differences between opnsense (fork of pf sense) and UDM which looks really promising.

  • @philsowers
    @philsowers Рік тому +2

    Unifi just released v.3.1.16 this week which improves port forwarding! To get it change UniFi OS "Release Channel" from Official to Release Candidate. You might find other improvements for your case as well. At the very least you could get some more content about it for the channel. ;)

    • @JMTosses
      @JMTosses Рік тому +1

      Eagerly waiting for that to be released proper. Watched a few reviews and it appears to fix quite a few pain points. Cheers! JM

  • @RockTheCage55
    @RockTheCage55 11 місяців тому

    I'm looking on getting off untangle/arista & this was enough that i won't be going with unifi.WIll be looking into either sophos or opensense/zenarmor

  • @josehernandez-ql2lr
    @josehernandez-ql2lr Рік тому +3

    You could have gone into your cloud key and selected each device and pressed forgot and they would factor reset for you

  • @maxd7228
    @maxd7228 6 місяців тому

    On a serious note, I'd be happy to take that pfsense 4100 appliance of your hands if you're looking to part with it.

  • @pauljohnfox
    @pauljohnfox 10 місяців тому

    I LOVE your analogies and my displeasure and dissatisfaction with this company at this point, and their ridiculous prices (they used to be cheap - really) has definitely compelled me to subscribe and like. Thank you for being comprehensive.

  • @byehl
    @byehl 11 місяців тому

    On the Port Forward + Firewall Rule thing, UniFi does what most users expected: When creating a port forward, traffic to that port is automatically allowed (by one of those grayed-out "Predefined" rules that can't be modified). To restrict it, create your own Accept / Drop rule(s) "Before Predefined." Before CloudFlare Tunnels came along, I ran for years only allowing http(s) traffic from CloudFlare's origin IPs (plus CloudFlare's Authenticated Origin Pulls feature).
    I don't think it was always the case that UniFi automatically created the Allow rule. When they added the feature to the EdgeRouter is was _optional_ and it's a bit silly that they didn't do the same on UniFi but c'est la vie.

  • @fordsrmaster
    @fordsrmaster 9 місяців тому

    I noted that you said that you had to have physical access to the devices to un-adopt them. My question is, why wouldn't the "Remove" button at the bottom of the settings page for each device do the same thing?

  • @rolf2943
    @rolf2943 8 місяців тому

    @Raid Owl why not adopt your unifi devices to the new controller over ssh? Goes superfast and you don't need to reset your AP's and switches.
    When i moved to a new Unifi network instance, it took me 5 minutes of work like that.

  • @daan6106
    @daan6106 Рік тому +1

    @Raid Owl pls do a long term review of this and see if they fix those firewall rules

  • @scottjarriel6761
    @scottjarriel6761 Рік тому +3

    If you want to migrate your network devices over from the Cloud Key Gen 2+, it is a matter of backing up the network config and the restoring it to the UDM Pro. If you want to do it a bit harder way, but without having to go to each device to reset it, then just go into your network management console on the CK Gen 2+, before removing it from your network, and go to each network device. The go to the device's management tab, go to the bottom, and 'Forget' the device. That resets it to factory defaults.

  • @olekristianbendiksen1246
    @olekristianbendiksen1246 Рік тому

    Thank you. I have a unify access point. I am not going any further. I got a headache just listening to you

  • @venopsis
    @venopsis Рік тому

    Unifi is great for access point and switch. Didn't tested the access and camera thing.
    But for firewalling, I'm glad this guy has the same feedback than myself. I found it terribly bad. Some features are good but most of them are badly designed or inconsistent.
    Migrated to fiber connection for my ISP (1 Gbps download and 500 Mbps upload). Noticed that after installing the Unifi Security Gateway, even with latest update available on the market, the hardware capped the bandwidth to 500 Mbps! Was immediately put to sleep and replaced with OPNsense custom made firewall.

  • @PabloTBrave
    @PabloTBrave 9 місяців тому

    It now shows you what's in the port group by hovering over the fw rule... So slowly improving

  • @MsKendorf
    @MsKendorf 2 місяці тому +1

    Have the parts you don't like been fixed yet? I'm on the verge of taking UDM.

    • @RaidOwl
      @RaidOwl  2 місяці тому +1

      Pretty much yeah

  • @EViL3666
    @EViL3666 Рік тому

    I would not hold your breathe - Even the most simplest of firewall and router features, such as managing NAT, which people have been asking for at 4-5 years!
    I did the same as you about 4 years ago, spank a load of money on switches, AP, USG etc.. I used the USG for about 4 weeks, then threw it in the "useless gadgets" drawer, where is sat until about 12 months ago, and I flogged it in eBay!
    I recently brought a UDR for our holiday home, so I could have something set and forget, but I'm already regretting it... and should have brought a GL.Inet router instead!

  • @mattsaxey529
    @mattsaxey529 Рік тому

    Objectivity!!! Very helpful, thank you!!

  • @realjoecast
    @realjoecast 4 місяці тому

    I looking at converting from a 20 year old half cisco equipment to unifi in a medium to large business. When I say 20 years, i'm serious. One device hasn't been cycled in 7 years and has a copyright date of 2004. I love cisco with a passion but the goal is to make it so less knowledgeable techs can do some basic stuff easier. Will also allow me to get rid of some other devices older than 2010. I am worried about IPSec though.
    Going with a Dreammachine pro with a handful of promax 48port switches. The RGB will actually be useful for us so vendors and a few others know what things are with a glance. Also a handful of the APs and an outdoor AP. may get a phone, camera and keycontrol to test too.
    The drawback with Unifi is that most of its cool features are unifi only but still basic functions still will work.
    Edit: thanks did touch on a couple things I didn't think to much about.

  • @manslayerdbzgt
    @manslayerdbzgt Рік тому

    You can also get the big cloud version of unified that can manage thousands of unified devices in the lands and all that stuff but you got to pay monthly in the cloud is machine itself to run at your business is pretty freaking expensive but not that expensive if you're a business but for a home user hell yeah

  • @driver288
    @driver288 Рік тому

    You should have been able to migranter the Network config via backup and restore from the cloud even. Or from a dowloaded config backup file. But you would have to change VLANs in your firewall replacement step since VLANs are handled differently in UniFi and you probably had them set up as VLANs only VLANs on the cloud key.

  • @GrishTech
    @GrishTech Рік тому +2

    From my perspective, the unifi firewall, dhcp, and dns is complete garbage from the feature and management perspective. This is why I still use the pfsense + unifi AP/Switches combo.

    • @blondeguy08
      @blondeguy08 10 місяців тому

      How does the pfesne manage the ubiquiti devices?

    • @GrishTech
      @GrishTech 10 місяців тому

      @@blondeguy08 it doesn’t. It a completely separate device, managed separately.

  • @m4nc1n1
    @m4nc1n1 Рік тому +3

    It really shines for what you all get for free. They could have you buy a key for every application and they do not. Networking, security, phone, entry, NVR, etc. is built in. It is solid and the best deal out there. That said, I would not use them for business. Their biggest downfall is support. When you are down and losing business forums and chat just don't cut it. But for home? Absolutely! I went from UDM to UDM Pro to UDM Pro SE. LOVE the GUI and hanving dual WAN AND a 10G LAN port to tie in my 10G switches is awesome.

  • @bentheguru4986
    @bentheguru4986 Рік тому

    Take backup on of UniFi network only and suck that in. UCK2 to UDM is a headache.
    Stop using the front 8 ports for LAN uplink/downlink. Use port 8 for secondary WAN2 if copper needed (as you have done). Use the SFP+ ports for LAN's. You can create PF rules for each IP to same ports. Go to settings, Advanced and select legacy interface. Now you can rename the "Default" LAN name to what does make sense.

  • @Bixmy
    @Bixmy Рік тому

    2:00 There's a site migration you can do just move the whole site from key to udm pro.

  • @pchomelab
    @pchomelab Рік тому

    Is anyone having issues with managing UDM Pro remotely from time to time? It seems that the UDM pro's network module is stuck in the starting - stopping loop often. Updates had been performed on this thing

  • @itwithmike
    @itwithmike Рік тому +1

    You’re probably going back to PFsense eventually.. Nothing beats the PFsense.. unify looks very slick.. and it’s easy to configure.. that’s one of my reasons I am not moving because PFsense is a different world together

  • @maxherman11
    @maxherman11 Рік тому +1

    Agree, firewall rules SUCK SO BADLY, I wish we also had an option to default deny, rather than default accept, I like to explicitly allow rather than explicitly deny myself. Also, wish we had access to NAT rules and actual interface level control like pfsense, hopefully with time they will improve it.

  • @gedavids84
    @gedavids84 Рік тому

    I have a similar opinion of Unifi, their switches and APs are good, but their firewall offering is mediocre at best. I'm going to keep rocking my Unifi networking equipment + pfSense firewall setup. Thanks for taking the bullet and try the Unifi firewall.

  • @Scraws
    @Scraws Рік тому +1

    The security gateway stuff is garbage. I prefer everything Ubiquiti using cloud key 2 plus, then using either pfsense or an edgerouter as the router/firewall.

  • @evelbsstudio
    @evelbsstudio Рік тому

    Security insights- i would love a way to export the logs to send to people that own the IP addresses to report abuse to.
    Or a button to send them automatically

  • @kevinwhiten2804
    @kevinwhiten2804 Рік тому

    I would love to see a comparison between Unifi and Omada

  • @capitainclaw
    @capitainclaw Рік тому

    You can make a "cloudflare rule" by creating a new Drop rule for the NAT rule, and the create a new rule
    Under Source, create a "Port/IP group" and destination as you prefer, port 80 and 443 or what you prefer here.
    Just remember that, the rules you create is "internet in" type rules
    And last, remenber to put them in the right order first the cloudflare rule, end the the Drop rule...

  • @GrishTech
    @GrishTech Рік тому +1

    12:50 Not just as pfsense, it should be updated to match industry standard naming, as EVERY other firewall... They also need to just specify it as source/destinstaion instead of target. So confusing and ass backwards.

  • @JessieMHadaller
    @JessieMHadaller Рік тому

    How about just set a static IP on the device? There are networks where I completely disabled DHCP, or just don’t use it.

    • @RaidOwl
      @RaidOwl  Рік тому

      I like my reservations on the router side

  • @NixTeam1
    @NixTeam1 Рік тому

    Did you try to use backups!? Unifi move everything with no issue. Backup cloud key, restore on udm.

  • @elocontol
    @elocontol 4 місяці тому

    are you going to make an update to this after a year of use? i'm planning to get a unifi gateway.