No PoE ports since an enterprise deployment would have dedicated PoE switches Then they add 2 HDD bays...would an enterprise deployment not use a dedicated NVR?
I think it missed the ball and should have had 4x SFP+ ports to allow for true redundancy and resiliency. 2 internet links for wan failover. 2 core switch links for an individual link to a pair of aggregation switches. (Each aggregation switch has a link to both UDM Pro Max) Most redundant and resilient setups have 2 of everything. If a core switch dies, the secondary link to the secondary switch takes over. It still has a single point of failure with 1 link cable to 1 switch and if a aggregation switch dies, it still needs manual input to physically move the SFP uplinks from dead switch to active switch
@@darrenorange2982 that’s nice, 2.5 Gb/s port when it can route 5 Gb/s….. makes sense. 2x 10G SFP+ for WAN and 2x 10G SFP+ for LAN with 4x 1G RJ45 for shadow mode, DMZ, console etc would make much more sense.
Great video as usual Chris, but I REALLY wish Unifi would allow the Protect videos to be natively backed up to another device (either on site and/or off site) incase of theft or other issues.
You can record to the UniFi NVR as usual, but enable RTSP and use ffmpeg on any other machine to save recordings. My NAS records from all cameras in 15 minute segments, too. And then shared over Samba, so can view them over a network drive.
I think its important to mention that the 200 UniFi devices and 2000 client devices are numbers just for wifi/network devices. These new UDM's are still Protect limited to about 24 cameras. Any more than that, and you risk running out of processing power to run both at once, let alone Access.
Why? Can't their switches do routing? No need to have the WAN port be anything faster than 10 gig SFP+. I do, however, wonder why Ubiquiti is so afraid of the QSFP form factor. Their switches are totally pointless and I will not buy them. Way imbalanced between their uplink ports vs. primary ports. No options, like every other vendor has, for something like an all-SFP switch with 24 or 48 ports. Do they think none of their customers run fiber to cameras or access points?
@nrees87 on the SE you can do that. I use 1 SFP+ port to go to an Aggregation and the other SFP+ going to a 48 pro poe switch. Using the 2.5Gbe to go to the UCI and port 8 on the built in Gbe switch going to a t-mobile 5G modem
can you 2x aggregation switches. each connected to an SFP+ port on a UDMP? in the example around 10:18 the agg switch is a major single point of failure. not even secondary power from RPS.
What good is shadow mode with a setup like the one presented at 9:13? There are still single points of failure, like the USW Aggregation switch to start with. You would need at least two of them. Then, the distribution switches could still fail.
Excellent video as always. Can't say that I understand why Ubiquiti didn't put 2x 3.5" into the SE when they were going to do it here anyways. Unless they maybe thought it would cannibalize the sales of this device? As for large scale installs, wouldn't they use a dedicated NVR instead? I would actually more understand having PoE than the two HDD. A dedicated NVR you could put almost anywhere on a network. However, laying down RJ45 cables can sometimes be limited. Having access PoE in lots of places is always a nice bonus.
I have the UDM SE and my WAN ethernet (Port 9) is 2.5GbE. I don't think this is new to the Pro Max. Appreciate all the content, was definitely valuable in getting my own Unifi network up and running!
Not to mention having redundant links between switches as well, where in his diagram you would have 2 x Agg switches, with both UMDP/SE/Maxs connected to both Agg switches, with an interconnection between the Agg switches. There would then been connections from both Agg switches to every subsequent device switch in the structure, so regardless where you had a failure, you still had full communication between the UDMPs and every switch on the network (except the failed device). Admittedlyit would be a headache to setup and get working to that level of redundancy, but once its setup your only fail point is an actual DC outage... which if it was really critical to you, you would then have a secondary (backup) DC site setup the same as well where you do regular config backup restores to whilst running in either a hot or cold DR setup..
Would be interesting, how much performance you could measure with iperf3 single thread just routing between two vlans on the LAN SFP+ port. Performance was way to slow in my setup with UDM PRO. Hope they have fixed that.
We didn't use the UDM in the last install. With just 10 cameras, it struggled to keep the HD streams stored. The NVR is the best for low cost, but the NVR-Pro smashes it. We've just pushed 37 cameras to it and it's perfect. We do ANPR and gate control too. Two on the site for redundancy... For a large deployment, where the Pro-Max would be used - the UDMs strength is running Internet connections - not recording video....
I got this for my home network because I’m unsure where my latency problem came from. I have the original home Dream Machine and it says it handles 120 clients. Well I maxed that out with home automation gear and my network went to shit. Latency above 500ms So I’m wondering if my 15 cameras caused the problem so I didn’t want to run the dream machine special edition and end up getting over 70% of its capabilities. So I will get my Poe separately and with the pro max I know I won’t outgrow it. Now I have to decide if my 2 WiFi access points are enough or do I need to keep the old UDM just as an access point.
my guess is there is a dumb switch between the ISP and the UDM-Pros. But then you re-introduce single point of failure. you are almost better off creating a private vlan for the ISP; assigning that to a few ports of the switches and handling it that way. I think he does that in is "Lakehouse building to building bridge"video
So no poe on the switch but you get redundant hdd bays so that you can dump an enterprise worth of cameras onto it? That doesn’t add up. You’d have a separate nvr for that with enough room to store everything for 3-6 months. I don’t get it
Hi, thank you for the great review! Does shadow mode scenario have session pickup functionality? So is the standby unit aware of ongoing sessions on an active unit?
During shadow mode configuration, does a OS update reboot both UDM's at the same time? Or does each udm reboot 1 at a time to ensure uptime during the update process?
I assume the built in switch is still limited by a gig connection to the WAN? “This is for LARGE deployments!” Then why even have it? Make them all SFP+ with a single RJ45 for shadowing.
This feels like an odd device. If this is meant for big deployments, why keep the protect support while dropping PoE? Wouldn't those customers just have NVR/NVR Pros for even more redundancy & storage? Similarly 8 GbE ports seems like a waste if you're just going to plug it into a larger switch anyway. Seems like they could drop a lot of the fluff and just make a pure router/controller with dual WAN in, 1 or 2 GbE ports for Shadow mode, 2 SFP+ ports for core switch redundancy and probably have a better device for it. Would love to see a Dream Machine Pro SE 2 with the dual HDD support and some 2.5GbE PoE++ ports for their WiFi 7 gear. Would make a kick-ass future-proofed homelab/small office controller without requiring the NVR and a big pro switch for basic NVR redundancy and faster WiFi support.
Wouldn’t it make more sense to have two USW-Aggregation switches? As you have just moved the single point of failure to a device that doesn’t support redundant power.
Yes - you'd want redundancy at every level - it's just an example...don't take it as the rule of law. Or rather, I should say you should be building in as much redundancy as the customer's tolerance allows for - that's going to be different for every customer. Network consulting 101.
Right its a balancing act, if you have 5 of them sure you are covered but if you never use them you have wasted money, redundancy in my experience seems to be an afterthought. At least in customers minds. You also need to have things that are mission critical, and then things are luxury. The example you made the UDM is mission critical as none of the other components work without it, having a backup is mission critical. The other switches could be farmed to an old switch laying around if it failed or mission critical areas could be plugged directly into the UDM. It all comes down to cost vs benefit.
I'm revamping a network at the moment and I'll be having 2 firewalls (Probably Fortigate 600's as i need 10Gb throughput) and those will be connected to 2 of the USW Pro-aggregation switches. Any HA set up can't be having a single point of failure in it as you say.
I also think the Aggregate switches should have failover/HA - if the Aggregate dies then you basically end up in the same position as loosing the UDM. Also, if you are an enterprise customer more than likely you will be using an NVR or NVR-Pro. It would be good if Ubiquiti started adding these features to other suitable devices.
I second that! I changed everything at my house, everything at my dads house everything at my in-laws house and my brother in laws house and i manage it all, not everything came from this channel but its defiantly be an invaluable tool
What is the main goal for those 2 HDD slots? just a simple NAS system?. Is this device able to boot up some OS off those HDDs? Will these be counted for diskstation software, let's say to access them remotely?
Can you use a unifi switch vlan to split the internet connection? We do this at my office with some Cisco 9300s because of stacking and power stacking one switch can power the other switch if it looses power or fails.
Thoughts on getting a UDM-Pro/Max vs UISP Router - Pro. I have a large UISP network with about 30 UniFi WAP’s and a few UniFi and Edgemax switches. Looking to replace Edgerouter Pro. I can’t find much on the UISP-R Pro.
Yes I agree 2 SFP+ with link aggregation on each switch I would upgrade. Was disappointed my UDM does not support link aggregation Also I know when using Cisco 6500 equipment we can spread link aggregation between two switches ( working as a team) Wish that feature would exist on UNIFI
Hi Chris, regarding the Flex 10 GbE switch that you are using to split your WAN ISP conmnection, did you have to do any configuration to make this work on the switch itself with VLANS? If so, could you potentially post a guide or perhaps additional instructions on howm to accomplish this? It looks like the Flex 10GbE has a white LED which means its unadopted/unmanaged so I would assume youre using it as a dumb switch as opposed to a managed one? I just got two pro maxes and want to use HA but only have one downstream ISP connection from ATT Fiber for the 5GB internet. Thanks in advance!
I wonder if the 8 Gigabit Ports have full Gigabit-Speed each this time, or just share 1GB Bandwitch on the Backplane for all Ports like the UDM Pro/SE...
@CrosstalkSolutions I would love it if you could make a video on setting up port forwarding/firewall rules to forward traffic to internal servers on a network. I have a multi-IP/single WAN connection but cannot get the rules to work reliably.
Hi Chris, since you get Unifi equipment early, do you know if there's a follow-up to the UDM-SE where the ports have PoE (unlike the Pro Max), increased backplane bandwidth, and more CPU power? I used the UDM SE with 60+ users and found the throttling and packet shaping hurt speed and even required reboots and rework of the network configuration. I eventually gave up on throttling and had a very limited set of rules in order to not overburden the CPU.
Hi Chris, Am I right in saying that if you have a 10Gbps WAN connection, you'd need to have it going into an Aggregation/Pro switch to be able to pass out the SFP+ connections to the 2 UDMs?
With so many service providers offering over 1 GB connection speeds, it's odd that Ubiquiti isn’t keeping pace and giving ports a minimum of 2.5 connections on most of their prosumer equipment. It sucks to consider buying this $6-700 piece of equipment to get the faster throughput.
@@jbunselmeyerbut this is where this is a miss. They’re marketing this as large scale deployments, yet the speed and features are closes to a home user. This is really udm pro 2.0 not a higher level device. I expect unifi to run out their udm pro and then discontinue them when they see the low sales of the max.
How does the IP HA work, does it rely on VRRP or are the interfaces in a shutdown state when the UDM is in passive mode? Jus interested on the IP side of things.
Your large deployment diagram doesn't show the RPS connected to the two Switches. It also probably should have included a switch to split the WAN connection which will likely be needed. It's a bummer that the 8 port aggregation switch doesn't support RPS, for a single switch that's critical like aggregation that would be huge. In a large deployment it would be worth the cost bump to the 28 port Agg switch just to have RPS.
Hello. how are you? I have a question regarding this device versus a USG Pro 4. In the USG Pro 4, LAN ports 1 and 2 are independent ports, and I can configure an independent segment for each of them (each one on VLAN 1). Is this possible with this new line of devices? I purchased a UCG Ultra, and it cannot do this. The UniFiOS only allows creating VLANs, meaning it only has one network on VLAN 1 for the whole device. Which device would allow me to do everything I need? Thanks. Best regards.
can i connect this to lc fiber box direct to replace isp modem so i only have this.? If this is to much power for home, what is next in line ubiquti to connect direct to lc fiber optic box ? Also is it compatible with reolink cameras?
Hi. Do you know if this device will be able to handle 3 WAN connections?. 2 Wans load balancing mode and a third one as failover i.e starlink. Could you advise please?
Interested to see if shadow mode is working how I’m thinking with the switch being in place before the wan connections. Right now I have my modem connected through the network as you did in your starlink setup but will that also apply to shadow mode now where I can set both udms to do that. Also doing the same with failover lte modem so now I’m thinking of trying both routed through the network to have a super seamless experience.
Any word on if this improves PPPoE throughput? Unfortunately some of us are stuck on services that, while Multigigabit, are hampered by the throttled throughput of PPPoE on the /SE.
I have the original UDM Pro, including VMs, it manages ~2k machines currently just fine, and the only way I'm upgrading to another Ubiquiti device is if they finally add support for IPv6-only VLANs. (There's also an issue with bonded interfaces reporting as two devices with the same IP, but I've been working with their support team for a couple weeks now to hopefully resolve this).
Hey chris, another great video. Got a question regarding WAN LINKS. If i have /30 subnet from my provider, do you need to configure both UDM pro max of the sync will just copy and config to the secondary?
I'm currently running 2 UDM Pros in Shadow mode with 2 ISPs in a fail-over config, would I need a switch inbetween each ISP's modem and each UDM Pro to achieve HA Shadow mode? From what I've gathered, most ISPs in the US handout a single IP so I'm not sure if this would work in a failover config without 2 extra switches and double-NAT which doesn't seem ideal. Does that sound right or am I missing something?
Hello Pros, does the UDM-Pro-Max have still the issue that all traffic going out of the WAN port is affected by by natting, so that I can not use it with VLANS on the WAN interface behind a third party SD-WAN or even other firewall solution. This would be a real benefit using the device in enterprise environments where networks/devices must be reached from other locations without port forwarding which is useless in enterprise scenarios. Would be nice if you find some time to to at this.
So... You'll always need a switch before the two dream machines to get one internet source to both? 🤔 Which Unifi switches should you even be using for this?
Ugh, in your test for shadow mode you just moved your single point of failure to the small switch between the gateways and the internet. I'm struggling with this with Meraki firewalls. At one site I have Comcast dedicated ethernet yet their device only allows one port to be active, meaning you have to put in a switch between multiple firewalls and the Comcast equipment. Which is ridiculous because their CABLE business internet routers have FOUR local ports so you can easily put one port to each firewall. I have the same issue with Verizon FIOS coming out of an ONT. Just one local connection so you have to use a switch between the ISP router to the firewall devices.
Interesting. We've never adopted Protect as the cost to replace all our cameras with Ubiquiti cameras would be ridiculous. But if we did..... I would want to be able to split the camera recording between the two drives for faster I/O speeds, rather than have raid functionality .
I just got my first unifi AP. Using self hosted controller. I love the unifi UI and unifi network selfhosted. Wish it was more affordable but I know you pay for what you get. My next item to get is a unifi switch. I do not have a rack so my options are limited.
I realize it's not for "home users" but AT&T already offers 5Gbps internet where we live. Why get a crippled Pro that can't handle the full internet speed? My wife does medical editing from home, so I don't have the option of disabling IDS/IPS because of HIPPA guidelines.
the shadow mode sure is fun.. but out of 200's install not 1 udm as failed yet for us. so this would be for really big place that usually use high end router or something. its as good idea for ubiquiti try and get that market
the 2.5g port on my UDM-SE died recently, managed to get it RMA'd but even on a replacement it's very unreliable when there's high bandwidth utilisation, it'll literally just drop out at times. I've had to opt for an SFP RJ45 Transceiver just to mitigate this issue. If I recall correctly the ethernet controller used is a Realtek 8125 which is notorious for being unreliable. Hope it's different in this model.
I hope they will add the HA failover mode to the other UDMs, as this is the only thing that I would want from this one. With a 1gbit connection outside and an NVR, I really don't need the features of this. Except that I do want the HA.
Also, it's not clear how to handle the switch that the UDMs connect to. In your setup example, you still have the single point of failure in the AGGR switch. But will it work to have the two UDMs go to separate 10gbit switches? To me it feels very silly that they kept the 8 port switches and not added an extra WAN 10gbit fiber port. OTOH this thing is only rated for 5gbit performance with all security features on, so maybe that's okay. It does annoy me that I have to choose between direct fiber input (I do that now in the office on our UDM Pro) or two LAN 10 gbit lines. I assume these choices were done to keep development cost down, but that just makes this thing look a bit like a frankenswitch (TM).
One feature I would love to see with Ubiquiti's switch lineup is the ability to stack switches to make one logical switch. I would highly consider Ubiquiti in a medium sized network if they had that!
For the wan fail over, does it share the single public IP or do both units require different public IPs? Sonicwall can share, but other cloud solutions require separate IPs to keep each device cloud connected. Great video, and blast you, I just looked and fios now offers 5Gb internet... The upgrade battle never ends.. :)
Shadow mode protects against a UDM failing but, at least in the example you showed, you still have single points of failure in the downstream switches. Is a UDM failure more likely than a switch failure?
At the enterprise level, which this equipment is designed for, anything core you would have redundant everything, not just the gateway, and that really shouldn't have to be pointed out at every level.
@@jbunselmeyerProblem is that the UDM-Pro-Max has only a single 2,5 GBit/s WAN Port and two SFP+ Ports. This limits you quite a bit. You could use the 2,5 Gbit/s Port as WAN and then use the two SFP+ Ports to link to your redundant core switches. This hoewer means you're stuck with 2,5 Gbit/s WAN. If you want to use one of the SFP+ Ports as WAN to get more bandwith you only have a single SFP+ Port left to link to your core switch (which isn't enough for a redundant setup). And all this means you'r only getting a single WAN Port and won't be doing redundant internet links from two diffrent providers (or two links to the same provider ...). So the UDM-Pro-MAX appears to only be a little redundancy but not really an enterprise solution with high uptime requirements.
"Noone has this much unifi equipment at home."
Sounds like a challenge to me
LOL...Yeah...hold my beer~
This was absolutely my first thought. 🤣
😂😂
Does Christ even know his audience?! lol
came here to say this exactly! hah!
No PoE ports since an enterprise deployment would have dedicated PoE switches
Then they add 2 HDD bays...would an enterprise deployment not use a dedicated NVR?
Just realized it doesn't have PoE. I was about to replace my UDM Pro SE but guess not! I like having that.
I think it missed the ball and should have had 4x SFP+ ports to allow for true redundancy and resiliency.
2 internet links for wan failover.
2 core switch links for an individual link to a pair of aggregation switches. (Each aggregation switch has a link to both UDM Pro Max)
Most redundant and resilient setups have 2 of everything. If a core switch dies, the secondary link to the secondary switch takes over. It still has a single point of failure with 1 link cable to 1 switch and if a aggregation switch dies, it still needs manual input to physically move the SFP uplinks from dead switch to active switch
That's a fair point.
Yeah would make more sense to have just had six or eight SFP+ ports. Plus maybe a 5gb WAN port with PoE given Ubiquiti make a PoE powered ONT.
Needs a DMZ port really to be a "good" firewall
SE has 2.5Gbe wan port.
@@darrenorange2982 that’s nice, 2.5 Gb/s port when it can route 5 Gb/s….. makes sense.
2x 10G SFP+ for WAN and 2x 10G SFP+ for LAN with 4x 1G RJ45 for shadow mode, DMZ, console etc would make much more sense.
Great video as usual Chris, but I REALLY wish Unifi would allow the Protect videos to be natively backed up to another device (either on site and/or off site) incase of theft or other issues.
You can record to the UniFi NVR as usual, but enable RTSP and use ffmpeg on any other machine to save recordings. My NAS records from all cameras in 15 minute segments, too. And then shared over Samba, so can view them over a network drive.
Oh and you can technically backup/export the original recordings on the UDM over SSH as well. Though you need a tool to decrypt/convert them.
I use a docker container to backup all my footage to my server. It works great.
@@terrellclarkdetails please
@@terrellclark can you provide a link to the container you use?
I think its important to mention that the 200 UniFi devices and 2000 client devices are numbers just for wifi/network devices. These new UDM's are still Protect limited to about 24 cameras. Any more than that, and you risk running out of processing power to run both at once, let alone Access.
I think UI dropped the ball on this one. A device meant for that many devices and users should have 2x 25Gb ports and 8x 10Gb SFP+ ports.
Hell, I'd settle for dual 10gbe LAN ports so I can LAG them to the USW-AGGREGATION switches.
Why? Can't their switches do routing? No need to have the WAN port be anything faster than 10 gig SFP+. I do, however, wonder why Ubiquiti is so afraid of the QSFP form factor. Their switches are totally pointless and I will not buy them. Way imbalanced between their uplink ports vs. primary ports. No options, like every other vendor has, for something like an all-SFP switch with 24 or 48 ports. Do they think none of their customers run fiber to cameras or access points?
They keep droppign the ball...for the last 10 years. Looking at you mFi.
Has the firewall and IDS system come up to speed with something like PFSENSE or is it still lagging behind.
@nrees87 on the SE you can do that. I use 1 SFP+ port to go to an Aggregation and the other SFP+ going to a 48 pro poe switch. Using the 2.5Gbe to go to the UCI and port 8 on the built in Gbe switch going to a t-mobile 5G modem
can you 2x aggregation switches. each connected to an SFP+ port on a UDMP? in the example around 10:18 the agg switch is a major single point of failure. not even secondary power from RPS.
What good is shadow mode with a setup like the one presented at 9:13? There are still single points of failure, like the USW Aggregation switch to start with. You would need at least two of them. Then, the distribution switches could still fail.
Excellent video as always.
Can't say that I understand why Ubiquiti didn't put 2x 3.5" into the SE when they were going to do it here anyways. Unless they maybe thought it would cannibalize the sales of this device?
As for large scale installs, wouldn't they use a dedicated NVR instead? I would actually more understand having PoE than the two HDD. A dedicated NVR you could put almost anywhere on a network. However, laying down RJ45 cables can sometimes be limited. Having access PoE in lots of places is always a nice bonus.
I have the UDM SE and my WAN ethernet (Port 9) is 2.5GbE. I don't think this is new to the Pro Max. Appreciate all the content, was definitely valuable in getting my own Unifi network up and running!
So should we be waiting for a UDM enterprise so I can get 25gig sfp
It should have 4 SFP++ for full redundancy with dual connection to switches
Not to mention having redundant links between switches as well, where in his diagram you would have 2 x Agg switches, with both UMDP/SE/Maxs connected to both Agg switches, with an interconnection between the Agg switches. There would then been connections from both Agg switches to every subsequent device switch in the structure, so regardless where you had a failure, you still had full communication between the UDMPs and every switch on the network (except the failed device). Admittedlyit would be a headache to setup and get working to that level of redundancy, but once its setup your only fail point is an actual DC outage... which if it was really critical to you, you would then have a secondary (backup) DC site setup the same as well where you do regular config backup restores to whilst running in either a hot or cold DR setup..
Would be interesting, how much performance you could measure with iperf3 single thread just routing between two vlans on the LAN SFP+ port. Performance was way to slow in my setup with UDM PRO. Hope they have fixed that.
We didn't use the UDM in the last install. With just 10 cameras, it struggled to keep the HD streams stored. The NVR is the best for low cost, but the NVR-Pro smashes it. We've just pushed 37 cameras to it and it's perfect. We do ANPR and gate control too. Two on the site for redundancy... For a large deployment, where the Pro-Max would be used - the UDMs strength is running Internet connections - not recording video....
you are blaming the udm for a hard drive problem lmfao. They run the cameras fine if your drive isn’t bottlenecking
2:24 I mean the UDM Pro isn't really "the previous model"... the SE is, and the SE also has 2.5G WAN.
Would be nice if you could use the pair of drive bays (optionally) for a basic network share instead of for Protect.
"No one has this much Unifi gear at home." - Challenge accepted
Love it...
Huh. His large network sample is smaller than my home unifi setup
Jus what I was about to say, I guess I'm a no one then 🙂
I got this for my home network because I’m unsure where my latency problem came from. I have the original home Dream Machine and it says it handles 120 clients. Well I maxed that out with home automation gear and my network went to shit. Latency above 500ms
So I’m wondering if my 15 cameras caused the problem so I didn’t want to run the dream machine special edition and end up getting over 70% of its capabilities.
So I will get my Poe separately and with the pro max I know I won’t outgrow it. Now I have to decide if my 2 WiFi access points are enough or do I need to keep the old UDM just as an access point.
How did you split your one single WAN Internet connection with the switch to make two of them?
You plug them both into the switch. Since only the primary or failover needs to connect to your WAN connection at a time you are fine.
my guess is there is a dumb switch between the ISP and the UDM-Pros. But then you re-introduce single point of failure. you are almost better off creating a private vlan for the ISP; assigning that to a few ports of the switches and handling it that way. I think he does that in is "Lakehouse building to building bridge"video
So no poe on the switch but you get redundant hdd bays so that you can dump an enterprise worth of cameras onto it? That doesn’t add up. You’d have a separate nvr for that with enough room to store everything for 3-6 months. I don’t get it
Will the next one be the Pro Max Ultra Plus Premium? These names are insane.
I just commented on it, its really dumb actually, kinda childish I think to be honest
Pro max Platinum+
Thank you as always Chris with great information. I may just stay with my old UDM-Pro for now but that dual hard drives would be nice upgrade. :)
All you need is an NVR.
@@JacksonCampbellyup. On offer now too
Love, can you do a network diagram showing two aggregation switches
Wouldn't you do a fiber loop between all switches and both UDM?
Hi, thank you for the great review! Does shadow mode scenario have session pickup functionality? So is the standby unit aware of ongoing sessions on an active unit?
Doesn't appear to have the session table synchronized no.
How does the failover work for failures on the LAN? Will it track the port status and automatically fail over?
During shadow mode configuration, does a OS update reboot both UDM's at the same time? Or does each udm reboot 1 at a time to ensure uptime during the update process?
I assume the built in switch is still limited by a gig connection to the WAN? “This is for LARGE deployments!” Then why even have it? Make them all SFP+ with a single RJ45 for shadowing.
This feels like an odd device. If this is meant for big deployments, why keep the protect support while dropping PoE? Wouldn't those customers just have NVR/NVR Pros for even more redundancy & storage? Similarly 8 GbE ports seems like a waste if you're just going to plug it into a larger switch anyway. Seems like they could drop a lot of the fluff and just make a pure router/controller with dual WAN in, 1 or 2 GbE ports for Shadow mode, 2 SFP+ ports for core switch redundancy and probably have a better device for it.
Would love to see a Dream Machine Pro SE 2 with the dual HDD support and some 2.5GbE PoE++ ports for their WiFi 7 gear. Would make a kick-ass future-proofed homelab/small office controller without requiring the NVR and a big pro switch for basic NVR redundancy and faster WiFi support.
Wouldn’t it make more sense to have two USW-Aggregation switches? As you have just moved the single point of failure to a device that doesn’t support redundant power.
Yes - you'd want redundancy at every level - it's just an example...don't take it as the rule of law.
Or rather, I should say you should be building in as much redundancy as the customer's tolerance allows for - that's going to be different for every customer. Network consulting 101.
Right its a balancing act, if you have 5 of them sure you are covered but if you never use them you have wasted money, redundancy in my experience seems to be an afterthought. At least in customers minds. You also need to have things that are mission critical, and then things are luxury. The example you made the UDM is mission critical as none of the other components work without it, having a backup is mission critical. The other switches could be farmed to an old switch laying around if it failed or mission critical areas could be plugged directly into the UDM. It all comes down to cost vs benefit.
@CrosstalkSolutions but ubiquiti doesn't support multi chassis lagg. You can't do 2x agg switches each with a downlink to every switch.
@@ciaranfarley it can still to fall over. The second one would only be used if the first one failed, but you still have fall over.
I'm revamping a network at the moment and I'll be having 2 firewalls (Probably Fortigate 600's as i need 10Gb throughput) and those will be connected to 2 of the USW Pro-aggregation switches. Any HA set up can't be having a single point of failure in it as you say.
I also think the Aggregate switches should have failover/HA - if the Aggregate dies then you basically end up in the same position as loosing the UDM. Also, if you are an enterprise customer more than likely you will be using an NVR or NVR-Pro. It would be good if Ubiquiti started adding these features to other suitable devices.
Whatever UniFi is paying you, it isn't enough.
The amount of UniFi products I've bought because of this channel.... 😅😅😅😅😅😅
I agree.
I second that! I changed everything at my house, everything at my dads house everything at my in-laws house and my brother in laws house and i manage it all, not everything came from this channel but its defiantly be an invaluable tool
Love your username. It made me lol
@@larrypost6217 the 5gb/s limit with IDS/IPS it the problem. 10gb/s is the normal thing for most isp, one even offers 25gb/s for just 65$.
What is the main goal for those 2 HDD slots? just a simple NAS system?. Is this device able to boot up some OS off
those HDDs? Will these be counted for diskstation software, let's say to access them remotely?
Does shadow mode also support load balancing?
Particularly if each UDM-pro-max is connected to a different ISP.
Can you use a unifi switch vlan to split the internet connection? We do this at my office with some Cisco 9300s because of stacking and power stacking one switch can power the other switch if it looses power or fails.
Thoughts on getting a UDM-Pro/Max vs UISP Router - Pro. I have a large UISP network with about 30 UniFi WAP’s and a few UniFi and Edgemax switches. Looking to replace Edgerouter Pro. I can’t find much on the UISP-R Pro.
Was there any noticeable Fan noise? my UDM:SE is pretty silent, and I was hoping the new Pro Max would remain the same.
Yes I agree 2 SFP+ with link aggregation on each switch I would upgrade. Was disappointed my UDM does not support link aggregation
Also I know when using Cisco 6500 equipment we can spread link aggregation between two switches ( working as a team) Wish that feature would exist on UNIFI
Hi Chris, regarding the Flex 10 GbE switch that you are using to split your WAN ISP conmnection, did you have to do any configuration to make this work on the switch itself with VLANS? If so, could you potentially post a guide or perhaps additional instructions on howm to accomplish this? It looks like the Flex 10GbE has a white LED which means its unadopted/unmanaged so I would assume youre using it as a dumb switch as opposed to a managed one? I just got two pro maxes and want to use HA but only have one downstream ISP connection from ATT Fiber for the 5GB internet. Thanks in advance!
I wonder if the 8 Gigabit Ports have full Gigabit-Speed each this time, or just share 1GB Bandwitch on the Backplane for all Ports like the UDM Pro/SE...
@CrosstalkSolutions I would love it if you could make a video on setting up port forwarding/firewall rules to forward traffic to internal servers on a network. I have a multi-IP/single WAN connection but cannot get the rules to work reliably.
In shadow mode, does the secondary UDM notify you if it has a failure or is not running correctly?
When is UniFi Os 4.0 supposed to be released?
Not even in EA yet. Will take some time.
Can you access the footage recorded on the shadow device when it was primary for a little while and then changes back to shadow mode?
Hi Chris, since you get Unifi equipment early, do you know if there's a follow-up to the UDM-SE where the ports have PoE (unlike the Pro Max), increased backplane bandwidth, and more CPU power? I used the UDM SE with 60+ users and found the throttling and packet shaping hurt speed and even required reboots and rework of the network configuration. I eventually gave up on throttling and had a very limited set of rules in order to not overburden the CPU.
Hi Chris,
Am I right in saying that if you have a 10Gbps WAN connection, you'd need to have it going into an Aggregation/Pro switch to be able to pass out the SFP+ connections to the 2 UDMs?
With so many service providers offering over 1 GB connection speeds, it's odd that Ubiquiti isn’t keeping pace and giving ports a minimum of 2.5 connections on most of their prosumer equipment. It sucks to consider buying this $6-700 piece of equipment to get the faster throughput.
How many home users actually would use/need more than 1 gigabit Internet? Seems like a sweet spot to me.
@@jbunselmeyerthis is not a product for a average home user so it should absolutely not have just 1 gb ports
@@jbunselmeyerbut this is where this is a miss. They’re marketing this as large scale deployments, yet the speed and features are closes to a home user. This is really udm pro 2.0 not a higher level device. I expect unifi to run out their udm pro and then discontinue them when they see the low sales of the max.
@@jada1173 The original comment was about service providers, so I was referring to internet speeds, are you talking LAN speeds?
@@HaydonRyan The original comment was about service providers, so I was referring to internet speeds, are you talking LAN speeds?
How does the IP HA work, does it rely on VRRP or are the interfaces in a shutdown state when the UDM is in passive mode? Jus interested on the IP side of things.
How are your two routers sharing a single ISP connection? Are they each pulling a unique public IP? Are they static or DHCP?
Your large deployment diagram doesn't show the RPS connected to the two Switches. It also probably should have included a switch to split the WAN connection which will likely be needed. It's a bummer that the 8 port aggregation switch doesn't support RPS, for a single switch that's critical like aggregation that would be huge. In a large deployment it would be worth the cost bump to the 28 port Agg switch just to have RPS.
Hello. how are you? I have a question regarding this device versus a USG Pro 4. In the USG Pro 4, LAN ports 1 and 2 are independent ports, and I can configure an independent segment for each of them (each one on VLAN 1). Is this possible with this new line of devices? I purchased a UCG Ultra, and it cannot do this. The UniFiOS only allows creating VLANs, meaning it only has one network on VLAN 1 for the whole device. Which device would allow me to do everything I need? Thanks. Best regards.
can i connect this to lc fiber box direct to replace isp modem so i only have this.? If this is to much power for home, what is next in line ubiquti to connect direct to lc fiber optic box ? Also is it compatible with reolink cameras?
Hi can the harddrives for the camerad be backed up to a nas?
Hi. Do you know if this device will be able to handle 3 WAN connections?. 2 Wans load balancing mode and a third one as failover i.e starlink. Could you advise please?
Interested to see if shadow mode is working how I’m thinking with the switch being in place before the wan connections. Right now I have my modem connected through the network as you did in your starlink setup but will that also apply to shadow mode now where I can set both udms to do that. Also doing the same with failover lte modem so now I’m thinking of trying both routed through the network to have a super seamless experience.
Any word on if this improves PPPoE throughput? Unfortunately some of us are stuck on services that, while Multigigabit, are hampered by the throttled throughput of PPPoE on the /SE.
What is the software your using to make the example diagram?
The built in switch doesn’t have 2.5? What?
Instead of running the drives as RAID 1 is there a way to run it as JBOD to increase total storage capacity?
question, what software you used to create the visual of the home network? Great Video!!
I have the original UDM Pro, including VMs, it manages ~2k machines currently just fine, and the only way I'm upgrading to another Ubiquiti device is if they finally add support for IPv6-only VLANs. (There's also an issue with bonded interfaces reporting as two devices with the same IP, but I've been working with their support team for a couple weeks now to hopefully resolve this).
Can i use it as a router too? i have a pppoe connection
Hey chris, another great video. Got a question regarding WAN LINKS. If i have /30 subnet from my provider, do you need to configure both UDM pro max of the sync will just copy and config to the secondary?
When are they going to add multi chassis lagg so you can have a redundant core
That enterprise set up has some nice HA and redundancy, but the single point of failure at the aggregation switch is an issue.
I'm currently running 2 UDM Pros in Shadow mode with 2 ISPs in a fail-over config, would I need a switch inbetween each ISP's modem and each UDM Pro to achieve HA Shadow mode? From what I've gathered, most ISPs in the US handout a single IP so I'm not sure if this would work in a failover config without 2 extra switches and double-NAT which doesn't seem ideal. Does that sound right or am I missing something?
Hello Pros, does the UDM-Pro-Max have still the issue that all traffic going out of the WAN port is affected by by natting, so that I can not use it with VLANS on the WAN interface behind a third party SD-WAN or even other firewall solution. This would be a real benefit using the device in enterprise environments where networks/devices must be reached from other locations without port forwarding which is useless in enterprise scenarios. Would be nice if you find some time to to at this.
still missing wireguard site to site.. done waiting for it. Moving all my locations to PFSense.
So... You'll always need a switch before the two dream machines to get one internet source to both? 🤔 Which Unifi switches should you even be using for this?
Hello... struggling to find the videos you have with Kevin Houser... I hope you can help me.
I purged out a ton of my old content...those videos were very outdated.
Chris, do you know what’s the difference in number of cameras setup in the pro max vs pro se ?
Can you tell me whats a program you used to draw the toplogy ?
Sad, I was looking for the open case as you did with pro/SE
Ugh, in your test for shadow mode you just moved your single point of failure to the small switch between the gateways and the internet. I'm struggling with this with Meraki firewalls. At one site I have Comcast dedicated ethernet yet their device only allows one port to be active, meaning you have to put in a switch between multiple firewalls and the Comcast equipment. Which is ridiculous because their CABLE business internet routers have FOUR local ports so you can easily put one port to each firewall. I have the same issue with Verizon FIOS coming out of an ONT. Just one local connection so you have to use a switch between the ISP router to the firewall devices.
Interesting. We've never adopted Protect as the cost to replace all our cameras with Ubiquiti cameras would be ridiculous. But if we did..... I would want to be able to split the camera recording between the two drives for faster I/O speeds, rather than have raid functionality .
Anyone know if will be able to migrate from a UDM Pro to Pro-Max through a simple backup and restore?
What's the realistic amount of clients this can handle if I'm running about 6 to 8 switches and about 70 APs?
What software do you use for your system diagrams?
What if the aggregation switch fails?
What filesystem do they format the drives to?
I just got my first unifi AP. Using self hosted controller. I love the unifi UI and unifi network selfhosted. Wish it was more affordable but I know you pay for what you get. My next item to get is a unifi switch. I do not have a rack so my options are limited.
I realize it's not for "home users" but AT&T already offers 5Gbps internet where we live. Why get a crippled Pro that can't handle the full internet speed? My wife does medical editing from home, so I don't have the option of disabling IDS/IPS because of HIPPA guidelines.
Does the backplane have the same limitations?
the shadow mode sure is fun.. but out of 200's install not 1 udm as failed yet for us. so this would be for really big place that usually use high end router or something. its as good idea for ubiquiti try and get that market
Does the 4.0 version still use P2P or can you VPN or Wireguard into your system from the app on your Android device?
Shadow mode sounds great. Will it be available for uxg pro? What about static ip?
Any improvements to PPPoE performance with this?
the 2.5g port on my UDM-SE died recently, managed to get it RMA'd but even on a replacement it's very unreliable when there's high bandwidth utilisation, it'll literally just drop out at times. I've had to opt for an SFP RJ45 Transceiver just to mitigate this issue. If I recall correctly the ethernet controller used is a Realtek 8125 which is notorious for being unreliable. Hope it's different in this model.
can i do 2 isp for shadow mode?
Thanks from Kurdistan it is wonderful!
I hope they will add the HA failover mode to the other UDMs, as this is the only thing that I would want from this one. With a 1gbit connection outside and an NVR, I really don't need the features of this. Except that I do want the HA.
Also, it's not clear how to handle the switch that the UDMs connect to. In your setup example, you still have the single point of failure in the AGGR switch. But will it work to have the two UDMs go to separate 10gbit switches?
To me it feels very silly that they kept the 8 port switches and not added an extra WAN 10gbit fiber port. OTOH this thing is only rated for 5gbit performance with all security features on, so maybe that's okay. It does annoy me that I have to choose between direct fiber input (I do that now in the office on our UDM Pro) or two LAN 10 gbit lines. I assume these choices were done to keep development cost down, but that just makes this thing look a bit like a frankenswitch (TM).
Great video. I agree with what you said about the lack of POE ports. By the way, who crimped that blue patch cable 🙂
What about the amount of VPN sites at the same time?? I got 25 sites that I need to connect each other.
One feature I would love to see with Ubiquiti's switch lineup is the ability to stack switches to make one logical switch. I would highly consider Ubiquiti in a medium sized network if they had that!
I would only be interested in this if the drives raid 1 could be used for Unifi talk.
How does shadow mode work with wan failover?
can you show how to do fully meshed LAN infrastructure? Does Unifi support this yet?
For the wan fail over, does it share the single public IP or do both units require different public IPs? Sonicwall can share, but other cloud solutions require separate IPs to keep each device cloud connected. Great video, and blast you, I just looked and fios now offers 5Gb internet... The upgrade battle never ends.. :)
Just a really quick question will multi-wan work with the shadow mode.
Yes absolutely!
Perfect, then that feature can't come soon enough.@@CrosstalkSolutions
Shadow mode protects against a UDM failing but, at least in the example you showed, you still have single points of failure in the downstream switches. Is a UDM failure more likely than a switch failure?
It's just for demonstration.
At the enterprise level, which this equipment is designed for, anything core you would have redundant everything, not just the gateway, and that really shouldn't have to be pointed out at every level.
@@jbunselmeyerProblem is that the UDM-Pro-Max has only a single 2,5 GBit/s WAN Port and two SFP+ Ports. This limits you quite a bit. You could use the 2,5 Gbit/s Port as WAN and then use the two SFP+ Ports to link to your redundant core switches. This hoewer means you're stuck with 2,5 Gbit/s WAN. If you want to use one of the SFP+ Ports as WAN to get more bandwith you only have a single SFP+ Port left to link to your core switch (which isn't enough for a redundant setup).
And all this means you'r only getting a single WAN Port and won't be doing redundant internet links from two diffrent providers (or two links to the same provider ...).
So the UDM-Pro-MAX appears to only be a little redundancy but not really an enterprise solution with high uptime requirements.
Nice GW, but why don't they do 25 GbE to the LAN-Side.