UniFi Network Update: Is the Dream Machine Pro Worth It?

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

today on the hookup we're going to take a look at the unifi dream machine pro we're going to check out some of the advanced features in the new unifi controller and figure out if this is a product only for new unifi installs or if it's worth it to upgrade from an existing unifi security gateway if you've ever heard the old adage if it ain't broke don't fix it this video is a prime example of that my unifi network has been basically flawless for over a year now wide coverage zero downtime and great security but people have been asking me whether the new unifi dream machine pro is worth it for the money over the previously recommended setup so i got one and i took down my perfectly functioning network to upgrade to the unified dream machine pro this video was sponsored by holidaycoro.com holiday coro is one of the world's largest suppliers in holiday light shows props and controllers whether you want to build a simple home display or a full-scale drive-through park holiday coro has you covered with lights a modular and expandable range of advanced lighting controllers for both rgb and ac based lights and a huge variety of mounting options and props for both beginners and seasoned veterans check out holiday coro's massive selection from the link down in the description if you're thinking about taking the plunge into a high-end prosumer grade network for your smart home i'd highly recommend that you watch my three-part series from last year but if you're short on time here's a quick rundown of my network as of a few weeks ago i have roughly 100 devices spread out over three segmented virtual lands a cloud-based iot device vlan that only allows outbound traffic and prevents those devices from accessing the local network a vlan for my local iot devices which prevents those devices from contacting things outside of my network and one for computers and phones and tablets that has basically unlimited access my network is based completely on the unifi ecosystem with a unified security gateway as the router and firewall and three unify access points providing different wi-fi networks for each device type as i mentioned before my network has been running freaking flawlessly like perfect so i've been dreading messing with it to upgrade to the udm pro and unfortunately my fears turned out to be pretty well founded so why would i put myself through all this torture the usg is a very capable router and firewall but as unifi continues to introduce new features the usg relatively underpowered specifications cause it to limit your network speed as you enable them not only does the unified dream machine pro solve that problem with sizable upgrades in both cpu and ram but the udm also combines multiple devices into one if you were starting from scratch and planning on buying a usg cloud key gen 2 plus and 8 port switch you'd be crazy to not just get the dream machine pro instead but if you already have that equipment or you don't need a switch or a cloud key it might not be worth it for you i did hours of research before even taking my udm pro out of the box so i knew there may be some pitfalls lots of bloggers and youtubers reported that the udm had trouble finding an internet connection despite being plugged into a cable modem other youtube videos showed the udm pro failing to boot requiring booting into recovery mode and then an upload of firmware luckily i got to experience all those problems and a few more all said and done my initial configuration of my udm pro took just under two hours and it required my phone my desktop computer and 500 megabytes of mobile data to download a recovery firmware onto my laptop but in the grand scheme of things two hours really isn't that big of a deal what really mattered was the fact that i was able to pretty easily migrate my entire network configuration from my cloud key and usg to the udm pro using the backup and restore functionality which thankfully went off without a hitch here's how you do it first you'll need to make sure that your cloud key is updated to the latest firmware then head over to your unifi settings and select backup you can choose to include historical data if you have a need for keeping your statistics but the more data you choose to back up the larger the file will be and the longer it will take to restore i chose to just keep it simple and only download my settings without any historical data next you'll need to shut your controller down which is more than just unplugging it according to ubiquity shutting down the controller properly prevents a double controller situation where the rest of your equipment would not migrate automatically onto your new controller i didn't have the menu that the ubiquity documentation referred to but i found the shutdown command in my cloud key management portal under settings hardware and then shutdown okay prep work done it's time to get this thing set up i disconnected my cable modem from my old usg plugged it into the one gig lan port on the dream machine and switched over the lan cable that connected my 16 port unified switch into the dream machine i powered on the dream machine pro and then power cycled my cable modem the preferred setup method for the dream machine pro is via bluetooth and the unifi phone app the process seemed extremely smooth at first and my udm was almost immediately detected after fetching initial data for a little over a minute i reached my first hurdle detecting an internet connection and just like the videos i'd seen detection failed i did notice something strange though that hadn't been mentioned in any of the other reviews at one point i unplugged my udm trying to get it to detect the internet and the unifi app just didn't notice it kept giving me the no internet detected message despite the fact that the app couldn't be connected to the powered off dream machine after that revolution i decided to just cancel the setup and start from scratch and lo and behold the internet was immediately detected so i'm starting to wonder if the issue has more to do with bluetooth connectivity than internet connectivity either way i was on to the next step i signed in with my unify online login and chosen update schedule the udm then did an internet speed test to get its initial settings no problem next a firmware update message came through but something went wrong retry retry retry retry it says my unifi app might need to be updated nope retry retry okay no more error messages but nothing appeared to be happening at that point i decided to cancel the setup and try it again this time the setup finished without any issue and it was going to update my dream machine pros firmware to the latest and greatest from unifi five minutes later setup was complete except my udm pro wasn't reachable so i did a little investigation only to be greeted with this message on the front panel oled the recovery instructions on the unifi website seemed pretty reasonable at first glance just connect your computer directly to port 1 hold down the reset button and then power on the dream machine to boot into recovery mode then you just need to manually set up your internet connection on your desktop and access the dream machine pro's web interface then i ran into a little bit of an issue i needed to upload a firmware file to the udm from my desktop computer that didn't have internet access so how exactly was i supposed to download the firmware without any internet access well i ended up using my cell phone as a hotspot to download the 500 megabyte firmware file on a spare laptop and then i transferred that file on a thumb drive to my desktop i uploaded the file to the dream machine it restarted and we were in business time to do the initial setup for a third time and a final time this time for my desktop interface this time everything appeared to work i clicked on the network configuration button but nothing happened i clicked some other buttons nothing then i remembered that i had manually set up the static ip in order to use recovery mode so after reverting back to dhcp and refreshing the page i finally got to see my unifi dashboard based on my previous one and a half hours and my prior research i was not very hopeful that the backup and restore method was going to work for me i uploaded the backup file from my previous controller and after a couple of minutes i navigated to the 192.168.86 subnet that my old network used and all of my devices settings and clients were already there amazingly after two hours of error messages the most difficult part of the process went off without a hitch there were some mild growing pains with some devices that i thought i had assigned a reserved ip but those were just user error and no fault of ubiquity and after working out the kinks everything seemed to be back to normal and it was time to check out unifi's new features it's important to note that with the exception of dns filtering all the options you're about to see are also available on the usg but as i mentioned earlier the more options that you enable the harder the processor has to work and the lower your total network throughput becomes to get access to the latest and greatest features you'll need to enable them by going to settings user interface and then toggling the new settings switch starting at the top your wi-fi settings are the new place to add and remove wi-fi networks but now you have easier access to advanced features like scheduling for turning specific wi-fi ssids on and off and something called wi-fi ai that attempts to continually scan your network for interference and tweak your settings so that your access points can provide the best overall wi-fi experience from a smart home perspective i found that my iot and not devices did not like having this setting on and it says to enable scans at a time where few wi-fi clients are around but the thing about iot devices is that they're always there under the internet heading you have the option to run scheduled speed tests to make sure that your isp is giving you what you're paying for which is kind of cool but make sure you turn this option off if you have a limited amount of upload or download data per month because this is an easy way to burn through it without even realizing wan networks is where you can configure your wan failover if you had multiple internet providers or a cellular backup but that's probably only applicable to a very small number of home users lan networks is where you'll see all of your vlans which for me is my main untagged vlan my iot network and my not network for some reason the dream machine pro came with a separate vlan configured on the wan 2 sfp port and i decided to just leave it there since there was nothing connected to it anyways internet security is where you're going to find the real fancy new stuff and the settings that will put the most stress on your dream machine or usgs processor under threat management you can turn on ids the intrusion detection system or ips the intrusion prevention system ips actively stops threats while ids just makes you aware of them in the threat management dashboard you have a ton of different options for what threats to look for and protect against i was fairly liberal with my selections and i haven't noticed any problems with friendly traffic being blocked under the threat management tab ips has protected me from a bunch of different things that i really don't quite understand for instance take this shell code category that has a high severity and is labeled as executable code that seems like a pretty big deal but if you look at the destination they're directed at a completely inaccessible port on my server so to me that means they weren't really a threat in the first place since they had no chance of getting through the firewall in the first place in fact every single identified threat was one that would already be blocked by my firewall rules which to me makes them a bit dubious if you know better than me please let me know down in the comments if i'm somehow misunderstanding these threats the next option is for geoip filtering which lets you just block out a complete segment of the world if you think that nothing useful could come out of them and again i'm not too sure about this concept but i guess it's nice to have the option content filtering is kind of neat and allows you to filter out malicious websites or do more broad filtering like adult websites unfortunately applying these rules is limited to your entire network only so if you're going to use them for parental controls you'd need to create a vlan for your kids devices and then apply content filters to that vlan only i'd like to see an option to apply content filtering to ip groups in the future but for now it's for vlans only deep packet inspection or dpi is a useful tool that allows you to examine what your devices are doing and which websites and services they're communicating with you can also do some content type filtering with dpi but the categories aren't being maintained like they used to be and the top adult sites group is missing so you can't filter out adult websites in this method i get the feeling that dpi-based filtering is on its way out and content filtering will be handled by the new interface from now on the network scanners tab allows you to look for malicious and vulnerable devices on your network the endpoint scanner will tell you what services are being run on each device and which ports are exposed and may be vulnerable while the internal honeypot looks for traffic that is attempting to find those vulnerabilities like malware and worms under the advanced menu you've got some broad filtering for blacklisted ip addresses and then the ability to whitelist any device on your network to completely go around the intrusion prevention system and dpi firewall is the last option in this group but it has been and will always be the most important this is where you're going to set up all of your firewall rules to control the flow of traffic on your network and define the rules that govern your devices you'll be creating most of your rules in the lan area instead of specifically the lan in area like in the previous menus if you ever want to go back to the previous ui to create your firewall rules so you can follow along exactly with my previous videos you can just turn off the new settings switch and see the old ui again then you create your rules and then you can go ahead and switch back to the new ui vpn gateway configuration profiles and preferences have the same options as they always have there's nothing new to see there and the alerts menu lets you configure which events populate into your alerts panel give you a pop-up message or send push notifications to your phone a word of caution under the updates tab i would highly recommend against turning on automatic updates for your devices i've had pretty mixed success in the fast about upgrading my access points to the latest and greatest firmware from ubiquity and specifically in this video i was about to give the dream machine pro zero stars since my network was a complete wreck for almost 24 hours after installing it thankfully i traced the problem not to the udm pro but to the fact that i decided to press the upgrade button on all of my hardware after installing the udn pro and it happened to be that the newest firmware 4.3.20 causes my tasmania devices to completely lose connection posing a significant problem for my smart home the point is you should probably be consciously upgrading your firmware and then monitoring the outcome rather than just relying on automatic updates so bottom line should you buy a dream machine pro well if you're starting your network today and you're planning on buying a usg and a cloud key the dream machine is a great substitute and you definitely shouldn't waste your time with a usg however if you already have a usg and you're thinking about upgrading to a dream machine i think you should probably hold off unless you saw an option today that you absolutely want to implement on your network the dream machine pro still feels like a little bit of a beta product firewall rules remain the best way to ensure safety on your network and lots of the newer features say alpha or beta next to them i personally have my network equipment mounted in a rack so the 1u form factor was preferable over the non-rack mountable usg and cloud key gen 2 plus but my rack is also mounted underneath my desk and while the usg cloud key gen 2 plus and unify switch 8 are all fanless the dreary machine pro has on-demand fans that are definitely not silent despite not being able to give a blanket recommendation for the udm pro i would 100 recommend ubiquity and unify as a whole and i can't emphasize enough how amazing my network has been over the last year if you're new to all this but serious about safe secure and reliable networks in your home i would highly recommend you watch my original three-part series it is well worth your time if you have questions about the dream machine pro or anything else in the unifi family of products feel free to ask a question down in the comments thank you so much to all of my awesome patrons over at patreon for your continued support on my channel if you're interested in supporting my channel please check out the links down in the description if you enjoyed this video please hit that thumbs up button and consider subscribing and as always thanks for watching the hookup you

Info

Channel: The Hook Up

Views: 192,407

Rating: undefined out of 5

Keywords: home assistant, hassio, home automation, hass.io, smart home, diy, electronics, arduino, esp8266, nodemcu, wemos d1, automation, unifi, ubiquiti, network, switch, firewall, security, advanced, dpi, intrusion, detection, prevention, ips, ids, processor

Id: UA9ZIeRhKXU

Channel Id: undefined

Length: 15min 58sec (958 seconds)

Published: Wed Jul 29 2020