I have been very happy with Unifi software updates within the past 6 months. I can say I have moved off pfsense to a UDM SE into production. I never would have thought I would do this a year ago.

I would love them to keep expanding here. I would love to be able to upload custom block and allow lists to their DNS ad blocking. I would love if their DNS system could basically absorb the feature set found in pi hole. Without being able to add custom lists and possible more importantly custom allow lists it is still necessary to have a separate pi hole.

There is literally 2 features that keep me using pfsense as a side cart to my UniFi setup at home. UDP relay for an mdns repeater to allow SDDP and Roku streaming across different networks.

Completely agree about the greatly improved quality of UniFi updates. A few years ago I would hesitate to update very often and used to expect problems. Now I don’t worry much about it. Though I still don’t allow my devices to auto-update, and I never will. That’s just asking for trouble…

DNS forwarding was the biggest improvement i was waiting for since i migrated from PFsense for a more integrated approach. I still dislike the FW side of Unifi but there are so many good things with Unifi when you manage 2 remote sites.

Ad blocking and DNS overrides where the only reason why i had to host my own DNS server. Or rather two, because i needed a secondary zone as a failover. Now that failover is no longer necessary, because I don't need DNS if my entire routing is down. This feature greatly reduces my upkeep and maintenance work.

I am a certified Cisco/Meraki engineer but I do not like where they are going. I recently changed my home lab from Meraki to UniFi and I love it. Mostly due to your videos and straight forward explanations. While I understand all the concepts, each vendor has unique ways of presenting them. Thank you for the easy and technical descriptions. I can’t wait to totally ditch Meraki (licenensing) for something better.

I was a UniFi user from when the USG was first released (for home) but eventually got so frustrated I switched to Firewalla Gold when that was released. The Firewalla is brilliant, but seeing the improvements UniFi has been making and also quite impressed with Protect, I’m very tempted to get a UCG Ultra to try out.

I’ve been with UniFi since the end of the 5.x days. The platform had promise but the software had a long way to go and bugs often crept into releases or in some unfortunate cases, bricked hardware (it happened to me once). These days the software model and QA is far better and there is clear momentum with the team to close feature gaps that have been out there for years. Every 30-60 days we get new features and by and large it’s pretty stable.

I've been happy with Unifi over the last 5 years.... i have a couple hundred devices spread out over a couple of offices and clients. will be setting up my first UDMSEPRO this month down the road from you in Ann Arbor in. an office / warehouse we picked up for operation at U of M construction we'll be doing for the next 4 years... Picked up an Enterprise switch and other gear wtih it... We'll be seeing how well we pipe into our Corp headquarters in Toledo... should be interesting... it's been getting easier to use every year that's gone by

Biggest bummer is that there are no good firewall logs / SIEM integration

It is sooooooooo stupid to not let import dns records from csv…. people have a lot of them

I"m getting close to changing over from Meraki to Unifi. Not a huge organization, maybe 100-120 endpoints. Our meraki bills are ridiculous and their switch pricing is completely unacceptable.

Very excited for actual BGP support, I've been running it on my UDM pro for a while now, but I've always been a bit worried about it breaking. Will be really nice to have it actually supported finally

Is the DHCP still missing important options for UEFI Network boot? It has a Legacy PXE option but lacks a UEFI option so far. very annoying.

Could you please do a malicious domain test on NextDNS vs ControlD?

Great video, thanks for all the work you're putting out there for us all I've dove into the deep end of the UniFi pool and there's one place that's a little frustrating and seems to be a hole in their product line. At home i've got 1400mbps dl speeds from my ISP but it seems that the only way to fully realize my full dl speeds would be to go to a Dream Machine Pro, which is WAY overkill for my home. It sure would have been great if the Ultra line had 2.5 LAN ports

ACLs are still bidirectional?

Love the content as well as your presentation. Thank for all the goodness!

if they just invest a little more effort into modern, dynamic security features and routing features.... they could take over and dominate the SMB market.

New to the SMB/home lab firewall space. Are Unifi and Firewalla the *ONLY* non-subscription options?

I have deployed about a dozen unifi APs and not once did I have issues with them. Only time I ran into a problem was with a gen1 cloud key. Overall great product and will always recommend.

On my "UCK_Gen2-Plus" (in UniFi OS version 3.2.12), when I changed the "Network" application from version 3.x to 4.x, ALL my cameras (on a VLAN which is not the same as where the "UCK_Gen2-Plus" is) disappeared. They are only visible (fortunately) in "Protect". Opened an incident at Ubiquiti -> they can't find .... so I'm only moderately happy with this system.

For me the most needed feature (besides what already came out) is to have FW rules better implemented. I think they are doing it cuz "simple" mode is something what could be in the feature. Where you would have simple gui where you can chose src dest with protocols and protections. Like Fortior sophos or else has. I hope that Ubi is gonna do the job done ;)

hello, great video, thinking of going with a UDR + 1 or 2 UAP. My setup is to fit this purpose: 1) needs to connect up to 20 devices(but currently 8) including future NAS 2) has to have channel separation for streaming and gaming, work and IOT 3) main router(from ISP, can LAN connect it to UDR, or UDR will replace it) is at ground level, not wired up to upper level, so mostly will need a type of mesh or access point, 4) might use a raspberry pi for ad blocking infront of UDR 5) might use psense if UDR firewall is not much. advanced Any suggestion whether UDR will be good for this setup?

Yeah, brought back old issues, blocked internet on "Guests" network option ticked. Also broken SFP ports and needs the the ports to be reset and reconfigured. PITA if you have LAG. Now forced to use Legacy GUI to re-adopt devices that hang which is now very common when the device is marked "Resolve" becasue the controller application is stuggling with all the network management noise. A bit tip for anyone using UniFi, put your network management on its own IP subnet and put all your other networks on other VLAN's. It's more improtant than ever with stuff like sprectrum and other stuff that floods the controller. UDM-Pro users, you are stuck with that rack-mounted home product as you can't VLAN the cameras away from the management network and Protect won't work on anything but it if you are using cameras on the UDM-Pro's.

Quick question: Last time I switched router and came across the UDM Pro four years ago I went for and OPNsense box because of the UDM phoning home with no way of disabling it. Is Ubiquiti still not giving customers the ability to opt out of *all* their data collection or are the devices still phoning home? I like the UDM Pro Max because of it’s 5Gbit IPS and consider buying one but a router phoning home is a big No from me.

Thanks for the video. However, my DNS-test did not work for whatever reason. Set up an A-record for test.test to an internal IPV4 address. dig command shows correct name resolution but if i enter test.test in safari I end up with a google search on this. Have no idea what is going wrong here.

What is the significance of interference. Is this something to worry about? Should I try to eliminate it completely?

I'm trying to set up custom DNS entries for my local network, but it seems that it's not possible with USG-3..? There is no DNS tab in my Routing section even with latest Controller version and unfortunately I didn't find any relevant information in official documentation. I know I can configure host records via `controller.json` file, but I hoped that this UI update would be available for legacy devices too... :/

When connected via the Wireguard VPN is it possible to access local resources by hostname (DNS) rather than IP address? OP Would you consider making a video on this topic?

U7-Pro-Max: a dedicated antenna for scanning the environment? ... it does not sound totally new to me. I'm still waiting for WISP feature in my UAP-AC-SHD. It will be nice if the scanning feature (without disconnecting all other devices) will be reintroduced in UAP-AC-SHD, like it was time ago. 😕

Hey Hive Mind! With the new availability of proper Shadow Mode on the UDM Pro range, if I wanted to add LTE backup using their offering, would I need two for failover, or is there another way of doing it? Normally using a teltonika unit I'd just put a small switch in line to split the feed.

The BGP should be helpful for on-premise kubernetes clusters using MetalLB. I'm keeping my fingers crossed for this, at least

Does it support PTR records?

I was burned by upgrading from release 7 to 8 of the software. I have clients using site to site VPN with USG and the site to site functionality stopped working after the upgrade.

do you have issues with their switches showing as needing to be adopted a ton after updates? or reboots?

Is it necessary to safely stop netwok dependent applications like VMs with nfs drives before unifi network app update?

Can we get a guide on how to set up acl's on unifi switches now its available?

Is it available in a self-hosted docker controller? I can't seem to find it? Or is the USG3 a problem here?

Thanks!

Nice one Tom, thanks very much!

the dns feature should not have been rolled out without cname support. that's literally the most important thing on a local network if you wanna keep maintenance low and reliability (regarding web applications for example) high.

Does it possible to use Unifi Express only as a local controller to host Unifi Network? I would like to use unifi express behind my pfsense firewall.

Love Unifi!

I still hate that the U7 Pro Max is a thing, naming wise.

Unifi should partner with adguard

Hopefully the DS-lite for Japan ISP is included … I want to dump my ISP default router still between my UDM SE and the wall. Double- or triple-NATting

I still have issues with the latest firmware on my Unifi AP AC Lites and AC Pro. I'm currently holding with 6.2.49 because if I update to the latest FW, my IoT devices will drop off the network. I want to love UniFi, but this is definitely holding me back from buying any more of their AP devices.

But you can't disable NAT eh? Still? Lol

Oh, they finally reintroduced the interference scan, like we used to have with the UAP-AC-SHD, would you look at that 😅 Now wouldn't it be normal, if the feature that was previously removed with the old AP would just be reimplemented on the new UI...? Nah, this is Ubiquiti after all 😂

mlag or stacking would go a long way to help us deploy unifi outside of SMB in core LAN. their firewalls are SMB and prosumer for sure, not enterprise grade and that is fine. We have a lot of environments with unfi for switching and wifi but not routing and firewalling.

Unifi really seems to be the center point of a lot of my issues. This has me in the awkward situation where I have to constantly step back and try not to blame unifi as a first port of call.

Hopefully they finish updating Hotspot soon- it’s kind of a half done mess since they started changing it after 7.3.83.

When are they going to support DoH or DoT? I wish they would just stuff unbound in their controller.

love Unifi, but it's next to impossible to get hardware here in Canada

I still don't like the firewall rules as a whole. The old way of doing rules was cumbersome and not as straightforward as something like pfSense. The new rules are great but strange how they work. You can't even adjust their priority. I think they just need to ditch the old way of doing rules entirely and make the new way more robust. It reminds me of the old vs new interface they had when you had to switch back and forth for different settings and features.

Are they going to fix the U7? all the talk is that it's flakey. I'm having enough problems with my old AC pro wimping out. My old Wifi N AP was better and more reliable.

Why DNS is under Routing is beyond me

Too bad UniFi firewall and routing options have a loooong way to go even now to catch up to OpenSense and pfSense! What UniFi line has is very high quality hardware with poorly executed software/firmware.

first

3rd person

Why Speak so Fast we are not all Native English