No video
How to Use The UniFi Dream Machine Pro With pfsense
Рет қаралды 87,655
Күн бұрынpfsense toturials
lawrence.techn...
UniFi Tutorials
• Unifi Ubiquiti Product...
DIagrams.net tool review
• These New Features Mak...
Connecting With Us
---------------------------------------------------
+ Hire Us For A Project: lawrencesystem...
+ Tom Twitter 🐦 / tomlawrencetech
+ Our Web Site www.lawrencesy...
+ Our Forums forums.lawrenc...
+ Instagram / lawrencesystems
+ Facebook / lawrencesystems
+ GitHub github.com/law...
+ Discord / discord
Lawrence Systems Shirts and Swag
---------------------------------------------------
►👕 lawrence.video...
AFFILIATES & REFERRAL LINKS
---------------------------------------------------
Amazon Affiliate Store
🛒 www.amazon.com...
UniFi Affiliate Link
🛒 store.ui.com?a_aid=LTS
All Of Our Affiliates that help us out and can get you discounts!
🛒 lawrencesystem...
Gear we use on Kit
🛒 kit.co/lawrenc...
Use OfferCode LTSERVICES to get 5% off your order at
🛒 lawrence.video...
Digital Ocean Offer Code
🛒 m.do.co/c/85de...
HostiFi UniFi Cloud Hosting Service
🛒 hostifi.net/?v...
Protect you privacy with a VPN from Private Internet Access
🛒 www.privateint...
Patreon
💰 / lawrencesystems
#UniFi #pfsense #Networking
@LAWRENCESYSTEMS 2 жыл бұрын
pfsense toturials lawrence.technology/pfsense/ UniFi Tutorials kzbin.info/aero/PLjGQNuuUzvmvxayWV93dbBleXzt6RCvXP DIagrams.net tool review kzbin.info/www/bejne/o6GpYpxvqMt4gJI
@henger1980 Жыл бұрын
Congrats on this great video! How this setup would change if we were using the dchp relay function instead of no dhcp?
@Ghost-pt5eu 2 жыл бұрын
I used pfSense, thanks to Tom, before I was bitten by the Unifi Bug. I always liked pfSense and wanted to use it with my UDM. I connected my system a little differently. I used pfSense as the DHCP Server. Made the UDM one IP address above the LAN DHCP. Connected Port 1 (LAN) to LAN. Connected Port 5 (WAN) to LAN2. Everything worked perfectly. No need to Forget and Adopt Unifi Devices.
@zubair5244 2 ай бұрын
can you please share a little detail or a video on it, actually in my environment i need to connect more than 2000 users at a time but unifi DM pro capacity is only 400, furthermore can it be possible that users utilize whole memory and cpu of pfsense instead of unifi controller whatif I disable dhcp of unifi controller and turned on dhcp from pfsense or something like that in order to remove the load from unifi controller
@migoosan 2 жыл бұрын
I bought a Netgate after your videos and only a couple months after a Dream Machine. I set it up just like you suggested. Works great so far. Thanks for the guide and thanks for getting me exposed to pfsense.
@rturtzer 2 жыл бұрын
You have are the inspiration for my current lab projects. Thank you so much.
@wjjohns04able Жыл бұрын
Great video! Would love to see a more in-depth setup of this scenario.
@wiebowesterhof 2 жыл бұрын
Thanks for putting this together. I've got an ERPro8 and those are getting a bit long in the tooth. I can't avoid double-NAT as it stands, as my ISP's router won't disable NAT due to IP4/6. I have to DMZ/port forward from that router to mine. I hope to finally replace the ERPro8 with a pfSense box later this year, so this will be very handy.
@TheCrazyCanuck420 Жыл бұрын
I'm thinking of adding pfsense to my all Ubiquiti network. I'm glad I remembered I watched this a while back because I was going to implement this without the UDMP WAN connection which would have hosed it's ability to phone home. I would sell the UDMP SE but I don't want to hoist those problems onto others so I'll just treat it as a fancy 8 port switch that's driving a bunch of slow POE devices and configuring my switches and APs. At least my high throughput traffic will circumvent the UDMP. The problem I'm trying to solve here is that the UDMP SE seems to lockup when I download games on steam over a 1Gbps google fiber connection. I think the UDMP SE is just getting overwhelmed although my usage isn't too out of the ordinary. Using this topology the UDMP SE won't be moving anywhere near the traffic I am now plus this will help decouple me from Ubiquiti in the future if the need should arise. I like Ubiquiti's 10Gbps + 2x25Gbps enterprise switch and have a boatload of their access points scattered around the house so my experience aside from the UDMP SE have been fairly good.
@daninmanchester 2 жыл бұрын
I started out with a USG and moved to pfSense mainly due to your videos. For a while I kept the USG as the graphics were "nice", but had it configured the other way round. If there had been a bridge mode I might have kept it, but as you say it was a pain managing pass-through ports, etc. In the end I sold it and never looked back.
@evancatlin1839 2 жыл бұрын
Would you consider making a setup video for a standalone UDM/UDMP? This would be aimed at someone who has purchased a UDM/UDMP and doesn’t have the funds to purchase another firewall device. I understand that you don’t recommend this but this would be a best case scenario. Making the UDM/UDMP as secure as possible.
@jonathan.sullivan 2 жыл бұрын
Check out CrossTalk Solutions, he has a whole series on it. Done quite well.
@evancatlin1839 2 жыл бұрын
Oh I have! I watched several different channels videos. I was interested in LTS doing one so we could get his perspective on how to properly/securely set it up.
@johnvanwinkle4351 4 ай бұрын
Thank you for this info Tom! I am thinking about doing this in my new home build.......grin
@imfitzy9937 9 күн бұрын
How may NIC's are you running out of the PFSense box as I'm running only dual 10GB NIC's in a PC. I'm curious as to how you had PFSense on 10.2 and UDM on 10.3 as I can not get my UDM Pro to take the x.3 - it says it over laps the Primary Range.
@sfernley Жыл бұрын
Hi Tom, after using untangle on a dedicated device for a couple of years (was happy with it), along with Unifi AP's using the software controller in a VM - I had a stroke of luck where I acquired a Unify UDM Pro and additional 8 Unifi 8 Port POE switch for free (it came from a site my company took over and they don't use Unifi so I was the beneficiary). I've since removed the untangle box and now use the UDM Pro as the main router for my house. Have to say I love the simplicity of creating VLANS and I have Wiregaurd, OpenVPN and VPN clients using Express VPN. It all works perfectly and I'm very happy with it. But I've seen that you're not particularly impressed with the UDM as the main firewall. Assuming the firewall is configured correctly, is there any reason I shouldn't continue with the UDM Pro as the main firewall? Are there any security reasons for not using it? Not sure if your opinions are from before the UDM Pro had support for things like Wireguard etc, but it seems to have everything now. Thanks for all the great content you provide, all my home network projects pretty much come from your channel.
@LAWRENCESYSTEMS Жыл бұрын
They've made a lot of changes in the last 6 months that make it a much better product than it was before so if it works for you keep using it.
@zgabeartaiftode6387 2 жыл бұрын
In the configuration you showed, can you connect a unifi switch directly to pfsense and use the dream machine pro just to control the switch?
@jasonjacobson1801 Жыл бұрын
Great video!! Thanks so much! This worked like a dream! You saved me a ton of time!! Subscribed!
@jmugoose30 2 жыл бұрын
Perfect timing. I have a udm pro and just bought a pfsense box because I want the dual wan. Thank you.
@fabioteixeiBR 2 жыл бұрын
What about using routing instead of two networks. I mean the pfsense still connects to the internet and handle the NAT but it will act like an edge router. You keep the UDM and configure to do routing instead of NAT and route all trafic to the pfsense. It's possible?
@Zeric1 2 жыл бұрын
Unifi routers in general expect to be at the edge and NATing. In some cases there are contortions to turn off NAT (I did it on a USG), but it's not straight forward or supported by Unifi. It's likely not even be possible turn off NAT at all on a UDM as it's more locked down than the USG.
@timpmcfadden 2 жыл бұрын
What's the problem with UDM Pro? I had a pfsense for years and it was OK but the weird firmware updates and OS versions turned me off. I did like open vpn but I can setup an open vpn server and forward traffic. If I really want it.
@JeremyMarkel 2 жыл бұрын
I've had good results for a couple of years now using Pfsense as a transparent bridge behind the UDM Pro. I get the benefits of Pfsense's filtering for the lan and just use port forwarding from the UDM Pro for the VPN aspects.
@jonathan.sullivan 2 жыл бұрын
This will be my approach as well.
@StefanWeichinger 8 ай бұрын
could you point me to a "how to use pfSense as a transparent bridge" maybe? I consider this as a solution for a setup. thanks.
@bro2917 Жыл бұрын
I really really wish the UDR had a better way to handle firewall logs, I am pretty content with everything else included in the UDR for home use but the fact that I cant (easily) monitor FW logs is really annoying. At the moment I am considering getting a pfsense box infront of my UDR so I can monitor FW logs in Graylog. I would like to see better logs overall in Ubiquiti products and I think they would benefit greatly if they improved them and gave the users more freedom
@MrMackster01 2 жыл бұрын
Thank you this, Tom! Very helpful. My question is how does the UDMP re-adopt protect cams and APs if we turn off DHCP and it’s not handing out IP addresses? Is that something that the PF sense FW will do going forward?
@LAWRENCESYSTEMS 2 жыл бұрын
Yes, pfsense hands out DHCP
@WAGISDev 2 жыл бұрын
Whoa....it's like this was a coordinated release. This is the second how-to for UDM Pro & PFSense for today. :) Love seeing the community coming together to support folks wanting to do this.
@LAWRENCESYSTEMS 2 жыл бұрын
It's actually just a coincidence that we did these the same day.. lol
@WAGISDev 2 жыл бұрын
@@LAWRENCESYSTEMS I think it worked out well. Your videos help fill in some gaps and clarify the why's and why nots. I really appreciate that you do these videos. They are supremely insightful.
@andyaskew1543 10 ай бұрын
I Used the 3rd party gateway setting in Unifi with a VLan created on a SonicWALL and that seems to be working out great.
7 ай бұрын
Where is the 3rd party gateway setting?
@andyaskew1543 7 ай бұрын
Under "networks", Create a new virtual network, under "router" chose 3rd party...
@davidbeard4985 7 ай бұрын
Did you create the VLAN from the X0 interface (i.e. X0:V123) on the SonicWall or create a new one (i.e. X2)?
@sardissozo3399 Жыл бұрын
Why not static route from PFSense and plug in on the DM WAN port a let the DM do DHCP? Sorry if this is a stupid question.
@mcury85 26 күн бұрын
Disable nat in the UI and create static routes in pfsense would be a step for me.
@mikescott4008 2 жыл бұрын
What about DHCP option 43 for automating the adoption of the unifi devices, would that work re an IP change?
@iamweave 10 ай бұрын
In this scenario, will Wifi Man app still give the extended features when managing Unifi APs? That's what I'm really looking for.
@jsjworville 3 ай бұрын
@LAWRENCESYSTEMS - just wanted to check, is this scenario still valid today? A couple of questions off the back of it: 1. Would devices attached to an access point or switches be told to use 10.2 as their default gateway (via DHCP) or 10.1? If it's 10.2, are we assuming that Unifi is using the 'WAN' network as it's default gateway to reach other networks? 2. Can this be done by jusing using the 'third party router' network option - I assume in that scenario we'd still need a network for the cameras, APs etc so they're still manageable. Thanks again for the video - very helpful.
@LAWRENCESYSTEMS 3 ай бұрын
The devices go on LAN 192.168.10.0/24
@oscars1025 Жыл бұрын
I’ve giving this a try and it seems like my UDM pro can access the internet for the dashboard. Should both the LAN port and WAN port provide internet to the UDM PRO? Or should the LAN port just provide VLAN & DHCP? thanks in advance
@mihonalmighty Жыл бұрын
How can a implement this by using a DMZ? ISP -> Firewall -> web servers - Firewall -> LAN. A little hint or direction would be lovely:) Thanks for your videos, they have helped me so much in networking!
@LAWRENCESYSTEMS Жыл бұрын
Just create a separate network in pfsense with rules to restrict access, don't use the UnFi Dream machine.
@mihonalmighty Жыл бұрын
@@LAWRENCESYSTEMS So just do as you did in this video, and connect a switch to the pfsense with a seperete network to connect the webservers to?
@alienJIZ1990 3 ай бұрын
Rather than managing DHCP that far upstream and having DHCP Clients travel to Narnia and back just for a lease, wouldn't it make more sense to just manage DHCP further downstream on the Unifi L3 switch?
@TheTF01 2 жыл бұрын
Works the same way for setting up vlans for unifi switches and ap without a usg or udm/p
@MrMackster01 Жыл бұрын
Hey Tom, great details as always! I understand not having the statistics from but are you also saying one would need to host the controller software somewhere else to be able to manage/view 'UProtect' Cameras, storage space, etc.?
@LAWRENCESYSTEMS Жыл бұрын
Not, that is all still done on the UniFi UDM
@ezmethod 2 жыл бұрын
Yes.. Been holding off on doing this for some time. Thanks for posting this!!!
@alexiekola 2 жыл бұрын
thats the same way I did it.
@leonardocernaianu9455 2 жыл бұрын
Can you plug the Unifi switches directly to pfSense if you use the configuration you shown in the video? I am thinking to the case when you want to use UDM as a controller but, as you know, UDM has no 10G LAN ports and maybe you want a 10G LAN (switches that support 10G connections). You can connect the main Unifi XG switch to pfSense (let's say pfSense has 10G ports), but, in this case, can you use UDM to manage the Unifi devices? What if you connect the Unifi XG switch to pfSense, a UDM LAN port in this switch and UDM WAN port to pfSense? This way, you don't need 4 ports on pfSense (1 port for WAN, 2 LAN ports for UDM and 1 LAN port for Unifi XG switch) but just 3 ports. If you decide to manually update the UDM, do you still need the WAN port to be connected to pfSense?
@bentheguru4986 2 жыл бұрын
You are essentailly putting the UDM into useless mode and throwing off to the side. May as well get rid of it and replace with a UCK2 and a UNVR....
@itsdouetthierry 2 жыл бұрын
GREAT video and information as usual. I have a scenario where for some unknown reason, my UDM-PRO looses connectivity to the UNIFI cloud dashboard. It does connect after a reboot of the UDM, but after 2 hours, sometimes multiple days, the dashboard shows that UDM-PRO as offline. On the client side, people are still able to access the internet through the UDM-PRO UAPs and wifi networks created and configured on it. But I loose connectivity via the UNIFI cloud dashboard to manage the UDM-PRO. I also find that without a LAN port connect to your source router (or your modem), there is NO routes to be able to connect directly to the URL of the UDM-PRO. Unless I am missing something....
@Zeric1 2 жыл бұрын
Without a diagram and more information on your specific configuration it's hard to know what is happening. Consider posting your question on reddit or a similar discussion board for unifi and include all the background information. You are much more likely to get help than by commenting on a youtube video.
@Jabber_Wock 11 ай бұрын
Hi Tom, your videos are great, very professional advice. I have a question: if I wanted to run pfsense and the unifi controller for a small home network, where I have wifi and 5-6 vlans and maybe 2-3 vpns max, can I install and run the controller on the same device (eg a small fanless server) as the pfsense ? I am already running pfsense and it runs linux. PS: and a follow on question: if I want to extend my wifi so I have multiple wifis each on their own vlan, which Ubiquity WAP would I use, to avoid having to rewire my house?
@LAWRENCESYSTEMS 11 ай бұрын
Assuming you have pfsense virtualized and your virtualization host has capacity to run another server then yes. I run the U6 LR
@Jabber_Wock 11 ай бұрын
@@LAWRENCESYSTEMS thanks! Actually my pfsense is a standalone small fanless server I bought off of Aliexpress. Working great but I need more wifi channels. I will look into U6. I may virtualize with proxmox as a future project :-)
@RafaelPrata 9 ай бұрын
Well, if I follow this path, WHAT IF I disable DHCP on pfsense and keep DHCP on UDMP? UDMP is already working this way (it's default). My pfsense box have 4 ports where 2 are WAN1 and WAN2. Ports 3 and 4 will be LAN and LAN2. There will be no other devices directly connected on pfsense and everything else is already on UDMP. I think this makes more sense. I tried to configure UDMP WAN coming from pfsense LAN which already have it's WAN coming from a MODEM-ROUTER. And it's TRUE: double NAT is pain in the ass. I want to backup everything and test this way.
@grim.reaper 2 жыл бұрын
I got protectli after watching your videos and now I got flexHd and udm pro. Thanks for the video. i was having the same config in mind
@Wolfgang_Weber 2 жыл бұрын
I know this is highly unlikely and hard, but would it be possible to flash a udm-pro with something else?
@LAWRENCESYSTEMS 2 жыл бұрын
Not that I'm aware of
@LampJustin 2 жыл бұрын
Can't you just avoid double NATing by adding a static route from the router at the edge to the router behind and then disable NAT on the other one? If it's a /16 route you'll be fine for a while
@looseycanon 2 жыл бұрын
Oh this is not double NATing. Onle WAN is used here as service port, essentially.
@Zeric1 2 жыл бұрын
@@looseycanon I don't think Modzilla was saying this is double NATing, he is saying one doesn't need two LAN connections to the UDM from pfsense. If you disable NAT on pfsense and put in a static route in pfsense to point to the UDM, that should work. It would also allow the UDM to still provide the statistics and pretty graphs. As many others have said, unless one really needs a UDM for it's other functions like supporting unifi cameras, one is better off with just pfsense for routing. Cheaper and more configurable. I had a hybrid USG/pfsense setup for a while and eventually sold the USG as it didn't bring any value other then not terribly helpful graphs. pfsense has better tools for analyzing traffic, they are just not as pretty.
@jonathan.sullivan 2 жыл бұрын
While you aren't wrong, this would also render 80% of what pfsense would be used for in the first place. Essentially it's like turning your ISP modem into bridge mode to let the device behind it handle routing.
@LampJustin 2 жыл бұрын
@@Zeric1 yeah I meant in general, since you sometimes just can't bridge the ISP router and need two routers.
@Zeric1 2 жыл бұрын
@@jonathan.sullivan For the most part this is true, some may need the features of both, but it's an edge case. For example, if someone needs the UDM for it's support of Unifi Cameras, but they also need pfsense because they want it's more flexible VPN capabilities. At one point I had a USG+pfsense and got rid of the USG as it didn't add much of anything.
@dadude2k213 2 жыл бұрын
So in this config your basically turning it to a managed switch?
@Super2012Nova 2 жыл бұрын
Would this work the same with a UDR? And keep the AP that's part of the UDR?
@marcingrudzien437 Жыл бұрын
Yes. I am using UDR behind pfsense router, and everything works fine except for the loss of analytics. I decided to buy UDR because it is cheaper than AP, switch and console, bought as separate Unify devices.
@tobiass.1954 2 жыл бұрын
Do you need a crossover cable to connect the WAN port to the LAN port of the pfsense appliance, or will a regular patch cable do?
@davidbeard4985 7 ай бұрын
No crossover cable is needed for this configuration.
@ScanEarth 2 жыл бұрын
What if you configured dhcp proxy on the udm pro? Would you get the client management in the UniFi gui then?
@LeeSteventon 2 жыл бұрын
Hi @Tom, I have a US-16-XG aggregation switch which aggregates all my other unifi switches. Can I just connect this directly to my Netgate 7100 pfSense device on one of its built in 10 Gbps Intel x553 SFP+ ports or does it first have to connect to my UDM Pro which in turn connects to the 7100 (in other words, must the UDM Pro always be part of the route to internet or can it just be a network device that is managing the other Unifi devices on the network)?
@LAWRENCESYSTEMS 2 жыл бұрын
I does not need to connect to the UDM directly but it does still need to talk the the UNiFi controller software.
@matthewcollier4277 2 жыл бұрын
Hi I’m needing a VPN for my UDM SE as I’m moving countries and need to combat geo locks. Will adding a PFSense router, running a VPN, between the modem and UDM work?
@LAWRENCESYSTEMS 2 жыл бұрын
You can put a pfsense upstream of the UDM to get VPN working.
@richarddefrese4484 Жыл бұрын
Can I use Wan4 10G on the Netgate to the WAN 10G on the dream machine... do I have to change the Netgate to a LAN4 10G?
@LAWRENCESYSTEMS Жыл бұрын
The ports in pfsense can be reassigned
@jeffm2787 2 жыл бұрын
So why not use PFSense as a router without NAT and use the UDMP for DHCP, NAT, etc. You should still be able to use PFSense for the VPN as well as Suricata, PFBlocker, ntopng, etc. Soo many possible combinations that could be done without double natting. Edit: I'll have to eat crow on this one as I didn't think it through completely. You would need to use bridge mode or 1:1 NAT to get what I said to work. If you had multiple public IP's then what I said would work, but then that's too easy. You would then have one of the public IP's on the UDMP and route it through PFSense. 1:1 NAT is still not a terrible idea.
@HuMaNiTaRiAn1 2 жыл бұрын
your udm lan and wan can't be on the same subnet. so you'll need to nat.
@jeffm2787 2 жыл бұрын
@@HuMaNiTaRiAn1 Yes, as I stated.
@leoingle 2 жыл бұрын
@@jeffm2787 Apparently you're not getting it.
@markalmada9662 2 жыл бұрын
You mean like bridge mode the internet facing router (pfsense).
@jeffm2787 2 жыл бұрын
@@markalmada9662 No, NAT rules Outbound has the ability to turn off or selectively NAT traffic. PFSense can act as a router without NAT. You can even do a hybrid approach and have PFSense handle NAT on some subnets and just route outers. OpenWRT works well for this as well.
@chrispaulgoodrich 2 жыл бұрын
What other options would you recommend instead of the dream machine?
@LAWRENCESYSTEMS 2 жыл бұрын
pfsense or Untangle
@S30Build 2 жыл бұрын
can you stil use the threat management of the udm in this config?
@LAWRENCESYSTEMS 2 жыл бұрын
Nope
@vasquezmi Жыл бұрын
What about setting DHCP Relay as the option for UDM Pro and have pfSense be the DHCP Server?
@henger1980 Жыл бұрын
@LAWRENCESYSTEMS What is you opinion on this. I have exactly the same config, but now I'm double nating.
@palles1972 2 жыл бұрын
Where is the video you talk about what I buy a Dream Machine Pro
@DodgeHooker641 2 жыл бұрын
If the PFsense is connected to the UDM via LAN2 that goes to the UDM on its WAN port, why would there be a need to also attach the LAN from the pfSense to a LAN port on the UDM, as the LAN2 connection would be the default truck and carry all the networks and VLAN's... Please explain
@Zeric1 2 жыл бұрын
The point is to avoid double NAT and use pfsense for routing, LAN2 should only be for traffic internally generated by the UDM - not general client traffic from switches and APs. It will work, but is kludge due to UDM limitations. Some have suggested turning off NAT on pfsense and use a static route to UDM, in that scenario, the UDM would do all on-site routing and one would retain the Unifi graphs, but would lose any internal traffic analysis from pfsense, essentially pfsense becomes a firewall only.
@DodgeHooker641 2 жыл бұрын
But with the lan2 connection from the pfSense to the WAN port of the UDM/USG, why can't traffic be router out that WAN connection (lan2) and retain the unifi traffic graphs? I'm still not grasping why the UDM/USG can't pass the traffic out it's WAN and up to the pfSense.. the UDM/USG should still be able to handle traffic and devices connected to it and allow to see that traffic flowing through the UDM/USG and those traffic graphs if the WAN on the UDM/USG is then looking to pfSense as it's upstream gateway?
@huntmining Жыл бұрын
It simply looks like hes essentially Mirroring the outbound port from PFSense so that the USG can "graph data" While pfsense is still handling DHCP and routing.
@zubair5244 2 ай бұрын
Hello sir, Here is a setup of 1 unifi dream machine pro controller with 20 access points connected with it, In lab if more than 400 users connect this, it got crashed all connected users faced disconnectivity. 1200 users is actual limit as advised by unifi support team. actually we need to connect more than 2000 users at a time and 5 controllers is not a solution Is this possible to make pfsense setup with it and unifi APs utilize cpu and ram of pfsense software (instead of controller) or something like that Please suggest how to overcome this issue , I am new to unifi so please share a little detailed instructions Your kind response will be highly appreciated
@LAWRENCESYSTEMS 2 ай бұрын
We frequently use pfsense as the firewall and UniFi for the switching and wireless all tied to a self hosted controller and it works well for large user installs.
@zubair5244 2 ай бұрын
@@LAWRENCESYSTEMS can you please make a video and upload to this channel Actually i am new to it so that's why I need your assistance
@LAWRENCESYSTEMS 2 ай бұрын
@@zubair5244 kzbin.info/www/bejne/jX7cq2qJi9GlncUsi=vsznypCOqnmIzQTS
@stephenmaryland7939 7 ай бұрын
Can I use a transparent bridge instead?
@LAWRENCESYSTEMS 7 ай бұрын
I don't think that would work.
@muchada1 2 жыл бұрын
A easier solution is to sell the UDM pro 😂
@nate806 2 жыл бұрын
Is it better to have pfsense handle DHCP compared to the UDMP?
@LAWRENCESYSTEMS 2 жыл бұрын
Yes
@LawrenceSingha 2 жыл бұрын
Done this method a year ago so I know it works well 👍🏼
@GermanPrado 2 жыл бұрын
Hi Tom, i´m using UID for VPN and WIFI in our company, we are putting a pfSense in front of our UDMP, but I can't get the UID cloud capabilities working :( , do you have any idea how to? Greetings from Barcelona!
@LAWRENCESYSTEMS 2 жыл бұрын
I have not done much testing yet with UID, but I am also skeptical of having Ubiquity handling identity management.
@juanzambrano7208 5 ай бұрын
I have a Unifi controller as a Linux virtual machine, but I would like to have all Unifi OS experience about the Inner space to create a map for all devices. My question is: I don't need the routing and firewall services and I have more than 40 APs, Could I use the UDM pro for that? because it supports up to 75 APs and I would like to keep locally my Controller. Thanks all.
@LAWRENCESYSTEMS 5 ай бұрын
You can't have the UDM and a separate Linux controller.
@juanzambrano7208 5 ай бұрын
Oh, I'm sorry for not explain better, I would like to migrate from Linux controller to UDM pro and keep the routing and firewall futures on my Fortinet gateway. Thanks 🙂.
@LAWRENCESYSTEMS 5 ай бұрын
@@juanzambrano7208 If you are not going to do the routing, I would recommend a cloudkey instead
@juanzambrano7208 5 ай бұрын
Thanks for your quick answer, ut I have 67 APs and 4 sites, and the Cloud-key support up to 40 APs @@LAWRENCESYSTEMS , this is the reason that I thought to use the UDM pro, but I don't know if I could deactivate the routing and firewall features. 🙂
@jonathan.sullivan 2 жыл бұрын
Seeing UDM-PRO and Ubiquiti don't have a native HA proxy or plugin support but pfsense does, I had to do something similar to this video. It's a common request and sad is still missing from the prosumer UDM-PRO.
@KawulaNet 2 жыл бұрын
How about Pfsense and Mikrotik?
@LAWRENCESYSTEMS 2 жыл бұрын
kzbin.info/www/bejne/mIbQeq2jqryne9U
@ZacharyFleck 2 жыл бұрын
Just ditched my UDMP for a Netgate because... Well that's self explanatory. My only regret is that I tried to make the UDMP fit my needs for the last 4 months since I bought it.
@roberthernandez7564 2 жыл бұрын
Not an ideal solution. Losing the analytics, despite their shortcomings, is a big detractor. At that point, you might as well swap out the UDMP for a PFsense box and an NVR and call it a day.
@stephenreaves3205 2 жыл бұрын
Wouldn't it be better to let the udm pro do everything as normal then just set up pfsense as a transparent firewall/proxy in front of it? That would give you the analytics on the udm dashboard and eliminate the weird middle subnet between the udm and pfsense.
@TrevorReimer 2 жыл бұрын
I was going to do this a couple weeks ago but I couldn't figure out how to get the udmpro to play nicely with the pfSense firewall. I think it's easier the way he showed.
@stephenreaves3205 2 жыл бұрын
@@TrevorReimer if it's transparent then they shouldn't be aware of each other. Just bridge the wan and lan on the pfsense and call it a day
@ScanEarth 2 жыл бұрын
@@stephenreaves3205 that would be counterproductive.
@stephenreaves3205 2 жыл бұрын
@@ScanEarth how?
@techguruofmaine2176 2 жыл бұрын
@@stephenreaves3205 how would you go about this? I've followed a few articles but each time I try everything fails and I lose connection to the pfsense box and need to reset/try again.
@mikesamyn7054 2 жыл бұрын
Confused me even more.
@hiddeninthewires2308 2 жыл бұрын
arnt you are effectively straddling the firewall DMZ. isnt the UniFi Dream Machine Pro bridging the DMZ network being connected to two networks (internal lan and DMZ). sounds like a big security risk. ideally have an inside DMZ firewall arm (before devices inside DMZ can reach internal network) and an outside DMZ arm (before devices can reach public networks such as the internet) these dmz networks ideally should be physically separate networks and firewall devices (but if a security assessment and client accepts risks could be logically separated on the same firewall device through vlan trunking etc). devices in the DMZ should not be physically connected to the internal LAN without a firewall sitting in between the traffic
@samiam9059 2 жыл бұрын
Overpriced and not that solid(imho).
@drmikeyg 2 жыл бұрын
Oh my gosh.....FIRST!!!!
@kc0eks 2 жыл бұрын
So you bought a crappy unifi dream machine... Here's how you can pretend it's useful! I just don't get ubiquiti, they make some great gear. Then they make some awful gear, all of the routing equipment is just sub par.
@TechySpeaking 2 жыл бұрын
First
@arubial1229 2 жыл бұрын
But why? Just use pfSense and be done with it.
@jadamsnz 2 жыл бұрын
As Tom says in the video, you may already have a Dream Machine and want it to run the UniFi Controller and/or UniFi Protect
@arubial1229 2 жыл бұрын
@@jadamsnz I mean I get that but it just seems like a waste
@Zeric1 2 жыл бұрын
For about a year I was using a USG successfully with pfsense and did get it configured so I had the unifi graphs (no double NAT), but it didn't make much sense to bother with. I sold the USG last year (for more than I paid for it), and now just use pfsense. More straight forward configuration and one less device in the chain.
Shannon Morse
Рет қаралды 85 М.