portrait picture

TIMO ZIMMERMANN

balancing software engineering & infosec

UniFi Dream Machine Pro – not the experience you would expect

posted on Saturday 20th of June 2020 in ,

I like UniFi products: They make my life easy. They simply work. They provide all the features I need. They do not ask me to pay an annual license fee. Sometimes they are a bit pricy, but the overall comfort and quality make it easy for me to justify spending the money. As the Security Gateway Pro 4 was a bit limited in regards to performance and as we are planning to add one or two security cameras to our home the Dream Machine Pro showed up exactly at the right time. Let me tell you, this one was a rollercoaster of simultaneously being pleased by the device and nearly setting my rack on fire to get rid of all the UniFi gear.

To give you a general idea what our network looks like:

Here is what I expected to happen: setup the UDMP, load the site configuration, swap the USG and CloudKey for the UDMP, adopt devices, have a coffee.

Here is what happened: configuration cannot be loaded, all adoptions fail, an 8 port switch might or might not be broken. Two days of work and the urge to sell all my gear and just put a shitty WiFi router somewhere ensued, telling myself minimalism in network design is – for some unknown reason – trendy and a good idea.

But let us start from the beginning. Importing an existing site does not work right now. (It might at some point, but not when I set up my UDMP.) The controller is now embedded, which I really like. If if you have to administrate multiple sites you still want to stick with an external one, as the integrated controller only supports one. Having to reconfigure everything is a bit inconvenient too. We are talking about a Site2Site VPN, one VPN for mobile access to our servers, some DHCP and DNS settings and a few firewall rules and routes. Nothing too problematic for one site, but it added an hour or so to a five minute task.

Once configured I wanted to adopt my existing devices. Literally all of them failed to adopt and needed a reset to allow adoption. Some ended up in a disconnected state, some in a failure. It was not really consistent from what I have seen.

The access points where a special oddity. The adopted, but immediately changed to „disconnected“ without showing the provisioning step. And obviously they did not work. Searching the forums for a bit there were some solutions which required SSHing into the APs and triggering a command at the right time to force provisioning. Luckily the solution was a lot easier – turning off uplink monitoring. Once I flipped the toggle both access points immediately provisioned and worked.

While the two big switches worked fine, one of my 8 port switches seems to be broken now. It simply does not accept PoE in anymore. No idea why. I tried resetting, re-provisioning and a few other troubleshooting steps I could find. It works fine with an external power supply and the port itself – which is part of a LAG – works as usual.

At least the partially broken switch sounds like something you would like to get Ubiquities support opinion on, right? Good luck with that. They were fast to respond to some of my tweets, someone even reached out – and then dropped the ball. It has been nearly two weeks and I did not hear anything from them, not even an acknowledgement that they received my complaint. Their support website does not seem to work in Safari – I cannot submit a ticket or start a live chat. I guess I have to install another browser hoping all the errors in the JS console magically go away.

The Dream Machine Pro is still a young product and it shows. Ignoring the site import for a moment some features you would expect to be present – as they are on all the other devices – like link aggregation are still missing. But other features like IDS / IPS work a lot better and without the performance impact you know from the USG. It really is a mixed bag. Most of the features you are used to are there, but I honestly hope updates will add a few more – like Wireguard.

If you do not absolutely need the throughput of the UDMP I would recommend waiting till a few more updates shipped. If you really need a router and cannot wait, I would consider a Security Gateway and CloudKey with IDS / IPS turned off. For slightly advanced home and small office networking I am still recommending UniFi products – I’m assuming my weekend of network troubles is an outlier and usually they work pretty well. (Considering the support experience they better should.) This was actually the first time I had any serious trouble with their products; and while there are a few alternatives in the same feature / performance / price segment after all I still believe UniFi provides the most polished experience.