No PoE ports since an enterprise deployment would have dedicated PoE switches Then they add 2 HDD bays...would an enterprise deployment not use a dedicated NVR?
I think it missed the ball and should have had 4x SFP+ ports to allow for true redundancy and resiliency. 2 internet links for wan failover. 2 core switch links for an individual link to a pair of aggregation switches. (Each aggregation switch has a link to both UDM Pro Max) Most redundant and resilient setups have 2 of everything. If a core switch dies, the secondary link to the secondary switch takes over. It still has a single point of failure with 1 link cable to 1 switch and if a aggregation switch dies, it still needs manual input to physically move the SFP uplinks from dead switch to active switch
@@darrenorange2982 that’s nice, 2.5 Gb/s port when it can route 5 Gb/s….. makes sense. 2x 10G SFP+ for WAN and 2x 10G SFP+ for LAN with 4x 1G RJ45 for shadow mode, DMZ, console etc would make much more sense.
I think its important to mention that the 200 UniFi devices and 2000 client devices are numbers just for wifi/network devices. These new UDM's are still Protect limited to about 24 cameras. Any more than that, and you risk running out of processing power to run both at once, let alone Access.
Great video as usual Chris, but I REALLY wish Unifi would allow the Protect videos to be natively backed up to another device (either on site and/or off site) incase of theft or other issues.
You can record to the UniFi NVR as usual, but enable RTSP and use ffmpeg on any other machine to save recordings. My NAS records from all cameras in 15 minute segments, too. And then shared over Samba, so can view them over a network drive.
Excellent video as always. Can't say that I understand why Ubiquiti didn't put 2x 3.5" into the SE when they were going to do it here anyways. Unless they maybe thought it would cannibalize the sales of this device? As for large scale installs, wouldn't they use a dedicated NVR instead? I would actually more understand having PoE than the two HDD. A dedicated NVR you could put almost anywhere on a network. However, laying down RJ45 cables can sometimes be limited. Having access PoE in lots of places is always a nice bonus.
What good is shadow mode with a setup like the one presented at 9:13? There are still single points of failure, like the USW Aggregation switch to start with. You would need at least two of them. Then, the distribution switches could still fail.
Would be interesting, how much performance you could measure with iperf3 single thread just routing between two vlans on the LAN SFP+ port. Performance was way to slow in my setup with UDM PRO. Hope they have fixed that.
my guess is there is a dumb switch between the ISP and the UDM-Pros. But then you re-introduce single point of failure. you are almost better off creating a private vlan for the ISP; assigning that to a few ports of the switches and handling it that way. I think he does that in is "Lakehouse building to building bridge"video
Why? Can't their switches do routing? No need to have the WAN port be anything faster than 10 gig SFP+. I do, however, wonder why Ubiquiti is so afraid of the QSFP form factor. Their switches are totally pointless and I will not buy them. Way imbalanced between their uplink ports vs. primary ports. No options, like every other vendor has, for something like an all-SFP switch with 24 or 48 ports. Do they think none of their customers run fiber to cameras or access points?
@nrees87 on the SE you can do that. I use 1 SFP+ port to go to an Aggregation and the other SFP+ going to a 48 pro poe switch. Using the 2.5Gbe to go to the UCI and port 8 on the built in Gbe switch going to a t-mobile 5G modem
I have the UDM SE and my WAN ethernet (Port 9) is 2.5GbE. I don't think this is new to the Pro Max. Appreciate all the content, was definitely valuable in getting my own Unifi network up and running!
can you 2x aggregation switches. each connected to an SFP+ port on a UDMP? in the example around 10:18 the agg switch is a major single point of failure. not even secondary power from RPS.
So no poe on the switch but you get redundant hdd bays so that you can dump an enterprise worth of cameras onto it? That doesn’t add up. You’d have a separate nvr for that with enough room to store everything for 3-6 months. I don’t get it
Not to mention having redundant links between switches as well, where in his diagram you would have 2 x Agg switches, with both UMDP/SE/Maxs connected to both Agg switches, with an interconnection between the Agg switches. There would then been connections from both Agg switches to every subsequent device switch in the structure, so regardless where you had a failure, you still had full communication between the UDMPs and every switch on the network (except the failed device). Admittedlyit would be a headache to setup and get working to that level of redundancy, but once its setup your only fail point is an actual DC outage... which if it was really critical to you, you would then have a secondary (backup) DC site setup the same as well where you do regular config backup restores to whilst running in either a hot or cold DR setup..
Hi, thank you for the great review! Does shadow mode scenario have session pickup functionality? So is the standby unit aware of ongoing sessions on an active unit?
I got this for my home network because I’m unsure where my latency problem came from. I have the original home Dream Machine and it says it handles 120 clients. Well I maxed that out with home automation gear and my network went to shit. Latency above 500ms So I’m wondering if my 15 cameras caused the problem so I didn’t want to run the dream machine special edition and end up getting over 70% of its capabilities. So I will get my Poe separately and with the pro max I know I won’t outgrow it. Now I have to decide if my 2 WiFi access points are enough or do I need to keep the old UDM just as an access point.
We didn't use the UDM in the last install. With just 10 cameras, it struggled to keep the HD streams stored. The NVR is the best for low cost, but the NVR-Pro smashes it. We've just pushed 37 cameras to it and it's perfect. We do ANPR and gate control too. Two on the site for redundancy... For a large deployment, where the Pro-Max would be used - the UDMs strength is running Internet connections - not recording video....
I assume the built in switch is still limited by a gig connection to the WAN? “This is for LARGE deployments!” Then why even have it? Make them all SFP+ with a single RJ45 for shadowing.
During shadow mode configuration, does a OS update reboot both UDM's at the same time? Or does each udm reboot 1 at a time to ensure uptime during the update process?
I second that! I changed everything at my house, everything at my dads house everything at my in-laws house and my brother in laws house and i manage it all, not everything came from this channel but its defiantly be an invaluable tool
Hi Chris, Am I right in saying that if you have a 10Gbps WAN connection, you'd need to have it going into an Aggregation/Pro switch to be able to pass out the SFP+ connections to the 2 UDMs?
Wouldn’t it make more sense to have two USW-Aggregation switches? As you have just moved the single point of failure to a device that doesn’t support redundant power.
Yes - you'd want redundancy at every level - it's just an example...don't take it as the rule of law. Or rather, I should say you should be building in as much redundancy as the customer's tolerance allows for - that's going to be different for every customer. Network consulting 101.
Right its a balancing act, if you have 5 of them sure you are covered but if you never use them you have wasted money, redundancy in my experience seems to be an afterthought. At least in customers minds. You also need to have things that are mission critical, and then things are luxury. The example you made the UDM is mission critical as none of the other components work without it, having a backup is mission critical. The other switches could be farmed to an old switch laying around if it failed or mission critical areas could be plugged directly into the UDM. It all comes down to cost vs benefit.
I'm revamping a network at the moment and I'll be having 2 firewalls (Probably Fortigate 600's as i need 10Gb throughput) and those will be connected to 2 of the USW Pro-aggregation switches. Any HA set up can't be having a single point of failure in it as you say.
Hi Chris, regarding the Flex 10 GbE switch that you are using to split your WAN ISP conmnection, did you have to do any configuration to make this work on the switch itself with VLANS? If so, could you potentially post a guide or perhaps additional instructions on howm to accomplish this? It looks like the Flex 10GbE has a white LED which means its unadopted/unmanaged so I would assume youre using it as a dumb switch as opposed to a managed one? I just got two pro maxes and want to use HA but only have one downstream ISP connection from ATT Fiber for the 5GB internet. Thanks in advance!
Shadow mode protects against a UDM failing but, at least in the example you showed, you still have single points of failure in the downstream switches. Is a UDM failure more likely than a switch failure?
At the enterprise level, which this equipment is designed for, anything core you would have redundant everything, not just the gateway, and that really shouldn't have to be pointed out at every level.
@@jbunselmeyerProblem is that the UDM-Pro-Max has only a single 2,5 GBit/s WAN Port and two SFP+ Ports. This limits you quite a bit. You could use the 2,5 Gbit/s Port as WAN and then use the two SFP+ Ports to link to your redundant core switches. This hoewer means you're stuck with 2,5 Gbit/s WAN. If you want to use one of the SFP+ Ports as WAN to get more bandwith you only have a single SFP+ Port left to link to your core switch (which isn't enough for a redundant setup). And all this means you'r only getting a single WAN Port and won't be doing redundant internet links from two diffrent providers (or two links to the same provider ...). So the UDM-Pro-MAX appears to only be a little redundancy but not really an enterprise solution with high uptime requirements.
What is the main goal for those 2 HDD slots? just a simple NAS system?. Is this device able to boot up some OS off those HDDs? Will these be counted for diskstation software, let's say to access them remotely?
How does the IP HA work, does it rely on VRRP or are the interfaces in a shutdown state when the UDM is in passive mode? Jus interested on the IP side of things.
Thoughts on getting a UDM-Pro/Max vs UISP Router - Pro. I have a large UISP network with about 30 UniFi WAP’s and a few UniFi and Edgemax switches. Looking to replace Edgerouter Pro. I can’t find much on the UISP-R Pro.
Hi Chris, since you get Unifi equipment early, do you know if there's a follow-up to the UDM-SE where the ports have PoE (unlike the Pro Max), increased backplane bandwidth, and more CPU power? I used the UDM SE with 60+ users and found the throttling and packet shaping hurt speed and even required reboots and rework of the network configuration. I eventually gave up on throttling and had a very limited set of rules in order to not overburden the CPU.
Any word on if this improves PPPoE throughput? Unfortunately some of us are stuck on services that, while Multigigabit, are hampered by the throttled throughput of PPPoE on the /SE.
@CrosstalkSolutions I would love it if you could make a video on setting up port forwarding/firewall rules to forward traffic to internal servers on a network. I have a multi-IP/single WAN connection but cannot get the rules to work reliably.
Can you use a unifi switch vlan to split the internet connection? We do this at my office with some Cisco 9300s because of stacking and power stacking one switch can power the other switch if it looses power or fails.
can i connect this to lc fiber box direct to replace isp modem so i only have this.? If this is to much power for home, what is next in line ubiquti to connect direct to lc fiber optic box ? Also is it compatible with reolink cameras?
With so many service providers offering over 1 GB connection speeds, it's odd that Ubiquiti isn’t keeping pace and giving ports a minimum of 2.5 connections on most of their prosumer equipment. It sucks to consider buying this $6-700 piece of equipment to get the faster throughput.
@@jbunselmeyerbut this is where this is a miss. They’re marketing this as large scale deployments, yet the speed and features are closes to a home user. This is really udm pro 2.0 not a higher level device. I expect unifi to run out their udm pro and then discontinue them when they see the low sales of the max.
Hi. Do you know if this device will be able to handle 3 WAN connections?. 2 Wans load balancing mode and a third one as failover i.e starlink. Could you advise please?
This feels like an odd device. If this is meant for big deployments, why keep the protect support while dropping PoE? Wouldn't those customers just have NVR/NVR Pros for even more redundancy & storage? Similarly 8 GbE ports seems like a waste if you're just going to plug it into a larger switch anyway. Seems like they could drop a lot of the fluff and just make a pure router/controller with dual WAN in, 1 or 2 GbE ports for Shadow mode, 2 SFP+ ports for core switch redundancy and probably have a better device for it. Would love to see a Dream Machine Pro SE 2 with the dual HDD support and some 2.5GbE PoE++ ports for their WiFi 7 gear. Would make a kick-ass future-proofed homelab/small office controller without requiring the NVR and a big pro switch for basic NVR redundancy and faster WiFi support.
I wonder if the 8 Gigabit Ports have full Gigabit-Speed each this time, or just share 1GB Bandwitch on the Backplane for all Ports like the UDM Pro/SE...
Interested to see if shadow mode is working how I’m thinking with the switch being in place before the wan connections. Right now I have my modem connected through the network as you did in your starlink setup but will that also apply to shadow mode now where I can set both udms to do that. Also doing the same with failover lte modem so now I’m thinking of trying both routed through the network to have a super seamless experience.
Hello. how are you? I have a question regarding this device versus a USG Pro 4. In the USG Pro 4, LAN ports 1 and 2 are independent ports, and I can configure an independent segment for each of them (each one on VLAN 1). Is this possible with this new line of devices? I purchased a UCG Ultra, and it cannot do this. The UniFiOS only allows creating VLANs, meaning it only has one network on VLAN 1 for the whole device. Which device would allow me to do everything I need? Thanks. Best regards.
I also think the Aggregate switches should have failover/HA - if the Aggregate dies then you basically end up in the same position as loosing the UDM. Also, if you are an enterprise customer more than likely you will be using an NVR or NVR-Pro. It would be good if Ubiquiti started adding these features to other suitable devices.
Hello Pros, does the UDM-Pro-Max have still the issue that all traffic going out of the WAN port is affected by by natting, so that I can not use it with VLANS on the WAN interface behind a third party SD-WAN or even other firewall solution. This would be a real benefit using the device in enterprise environments where networks/devices must be reached from other locations without port forwarding which is useless in enterprise scenarios. Would be nice if you find some time to to at this.
Yes I agree 2 SFP+ with link aggregation on each switch I would upgrade. Was disappointed my UDM does not support link aggregation Also I know when using Cisco 6500 equipment we can spread link aggregation between two switches ( working as a team) Wish that feature would exist on UNIFI
Hey chris, another great video. Got a question regarding WAN LINKS. If i have /30 subnet from my provider, do you need to configure both UDM pro max of the sync will just copy and config to the secondary?
Your large deployment diagram doesn't show the RPS connected to the two Switches. It also probably should have included a switch to split the WAN connection which will likely be needed. It's a bummer that the 8 port aggregation switch doesn't support RPS, for a single switch that's critical like aggregation that would be huge. In a large deployment it would be worth the cost bump to the 28 port Agg switch just to have RPS.
and... i lost interest, Ubiquity please make an affordable basic 2.5 gig switch an 8 port 2.5gig _ 10gig sfp+ switch with 60w POE would be nice. like the old 60w POE 8 port switch but faster.... and designed for like... home/SMB use.
Just discovered your channel, and I've thoroughly enjoyed your videos that I've watched. Starlink Gen 3 review, Starlink in motion (major thanks for that), internet down a mine shaft, and now this one. I have twenty-ish years in IT, specializing in Systems & Networks. Excellent content, sir! I'd like to ask a question, though. What is that large rectangular Ubiquiti device mounted to the wall of your left side in the video? I've been trying to identify it but keep failing.
Ok I am new to all this unifi stuff. I thought this was what I needed for my home. Guess not. What would you recommend? Planning on 3 wifi 7 access points. And 3 cameras. I want them to be POE for everything. I do have really fast fiber 1.5g was wanting to plug fiber right into my unifi system.
Interesting. We've never adopted Protect as the cost to replace all our cameras with Ubiquiti cameras would be ridiculous. But if we did..... I would want to be able to split the camera recording between the two drives for faster I/O speeds, rather than have raid functionality .
Ugh, in your test for shadow mode you just moved your single point of failure to the small switch between the gateways and the internet. I'm struggling with this with Meraki firewalls. At one site I have Comcast dedicated ethernet yet their device only allows one port to be active, meaning you have to put in a switch between multiple firewalls and the Comcast equipment. Which is ridiculous because their CABLE business internet routers have FOUR local ports so you can easily put one port to each firewall. I have the same issue with Verizon FIOS coming out of an ONT. Just one local connection so you have to use a switch between the ISP router to the firewall devices.
I have the original UDM Pro, including VMs, it manages ~2k machines currently just fine, and the only way I'm upgrading to another Ubiquiti device is if they finally add support for IPv6-only VLANs. (There's also an issue with bonded interfaces reporting as two devices with the same IP, but I've been working with their support team for a couple weeks now to hopefully resolve this).
I just got my first unifi AP. Using self hosted controller. I love the unifi UI and unifi network selfhosted. Wish it was more affordable but I know you pay for what you get. My next item to get is a unifi switch. I do not have a rack so my options are limited.
I'm currently running 2 UDM Pros in Shadow mode with 2 ISPs in a fail-over config, would I need a switch inbetween each ISP's modem and each UDM Pro to achieve HA Shadow mode? From what I've gathered, most ISPs in the US handout a single IP so I'm not sure if this would work in a failover config without 2 extra switches and double-NAT which doesn't seem ideal. Does that sound right or am I missing something?
I hope they will add the HA failover mode to the other UDMs, as this is the only thing that I would want from this one. With a 1gbit connection outside and an NVR, I really don't need the features of this. Except that I do want the HA.
Also, it's not clear how to handle the switch that the UDMs connect to. In your setup example, you still have the single point of failure in the AGGR switch. But will it work to have the two UDMs go to separate 10gbit switches? To me it feels very silly that they kept the 8 port switches and not added an extra WAN 10gbit fiber port. OTOH this thing is only rated for 5gbit performance with all security features on, so maybe that's okay. It does annoy me that I have to choose between direct fiber input (I do that now in the office on our UDM Pro) or two LAN 10 gbit lines. I assume these choices were done to keep development cost down, but that just makes this thing look a bit like a frankenswitch (TM).
I realize it's not for "home users" but AT&T already offers 5Gbps internet where we live. Why get a crippled Pro that can't handle the full internet speed? My wife does medical editing from home, so I don't have the option of disabling IDS/IPS because of HIPPA guidelines.
"Noone has this much unifi equipment at home."
Sounds like a challenge to me
LOL...Yeah...hold my beer~
This was absolutely my first thought. 🤣
😂😂
Does Christ even know his audience?! lol
came here to say this exactly! hah!
No PoE ports since an enterprise deployment would have dedicated PoE switches
Then they add 2 HDD bays...would an enterprise deployment not use a dedicated NVR?
Just realized it doesn't have PoE. I was about to replace my UDM Pro SE but guess not! I like having that.
I think it missed the ball and should have had 4x SFP+ ports to allow for true redundancy and resiliency.
2 internet links for wan failover.
2 core switch links for an individual link to a pair of aggregation switches. (Each aggregation switch has a link to both UDM Pro Max)
Most redundant and resilient setups have 2 of everything. If a core switch dies, the secondary link to the secondary switch takes over. It still has a single point of failure with 1 link cable to 1 switch and if a aggregation switch dies, it still needs manual input to physically move the SFP uplinks from dead switch to active switch
That's a fair point.
Yeah would make more sense to have just had six or eight SFP+ ports. Plus maybe a 5gb WAN port with PoE given Ubiquiti make a PoE powered ONT.
Needs a DMZ port really to be a "good" firewall
SE has 2.5Gbe wan port.
@@darrenorange2982 that’s nice, 2.5 Gb/s port when it can route 5 Gb/s….. makes sense.
2x 10G SFP+ for WAN and 2x 10G SFP+ for LAN with 4x 1G RJ45 for shadow mode, DMZ, console etc would make much more sense.
So should we be waiting for a UDM enterprise so I can get 25gig sfp
I think its important to mention that the 200 UniFi devices and 2000 client devices are numbers just for wifi/network devices. These new UDM's are still Protect limited to about 24 cameras. Any more than that, and you risk running out of processing power to run both at once, let alone Access.
Great video as usual Chris, but I REALLY wish Unifi would allow the Protect videos to be natively backed up to another device (either on site and/or off site) incase of theft or other issues.
You can record to the UniFi NVR as usual, but enable RTSP and use ffmpeg on any other machine to save recordings. My NAS records from all cameras in 15 minute segments, too. And then shared over Samba, so can view them over a network drive.
Oh and you can technically backup/export the original recordings on the UDM over SSH as well. Though you need a tool to decrypt/convert them.
I use a docker container to backup all my footage to my server. It works great.
@@terrellclarkdetails please
@@terrellclark can you provide a link to the container you use?
Excellent video as always.
Can't say that I understand why Ubiquiti didn't put 2x 3.5" into the SE when they were going to do it here anyways. Unless they maybe thought it would cannibalize the sales of this device?
As for large scale installs, wouldn't they use a dedicated NVR instead? I would actually more understand having PoE than the two HDD. A dedicated NVR you could put almost anywhere on a network. However, laying down RJ45 cables can sometimes be limited. Having access PoE in lots of places is always a nice bonus.
What good is shadow mode with a setup like the one presented at 9:13? There are still single points of failure, like the USW Aggregation switch to start with. You would need at least two of them. Then, the distribution switches could still fail.
Would be interesting, how much performance you could measure with iperf3 single thread just routing between two vlans on the LAN SFP+ port. Performance was way to slow in my setup with UDM PRO. Hope they have fixed that.
How did you split your one single WAN Internet connection with the switch to make two of them?
You plug them both into the switch. Since only the primary or failover needs to connect to your WAN connection at a time you are fine.
my guess is there is a dumb switch between the ISP and the UDM-Pros. But then you re-introduce single point of failure. you are almost better off creating a private vlan for the ISP; assigning that to a few ports of the switches and handling it that way. I think he does that in is "Lakehouse building to building bridge"video
I think UI dropped the ball on this one. A device meant for that many devices and users should have 2x 25Gb ports and 8x 10Gb SFP+ ports.
Hell, I'd settle for dual 10gbe LAN ports so I can LAG them to the USW-AGGREGATION switches.
Why? Can't their switches do routing? No need to have the WAN port be anything faster than 10 gig SFP+. I do, however, wonder why Ubiquiti is so afraid of the QSFP form factor. Their switches are totally pointless and I will not buy them. Way imbalanced between their uplink ports vs. primary ports. No options, like every other vendor has, for something like an all-SFP switch with 24 or 48 ports. Do they think none of their customers run fiber to cameras or access points?
They keep droppign the ball...for the last 10 years. Looking at you mFi.
Has the firewall and IDS system come up to speed with something like PFSENSE or is it still lagging behind.
@nrees87 on the SE you can do that. I use 1 SFP+ port to go to an Aggregation and the other SFP+ going to a 48 pro poe switch. Using the 2.5Gbe to go to the UCI and port 8 on the built in Gbe switch going to a t-mobile 5G modem
I have the UDM SE and my WAN ethernet (Port 9) is 2.5GbE. I don't think this is new to the Pro Max. Appreciate all the content, was definitely valuable in getting my own Unifi network up and running!
Would be nice if you could use the pair of drive bays (optionally) for a basic network share instead of for Protect.
Wouldn't you do a fiber loop between all switches and both UDM?
2:24 I mean the UDM Pro isn't really "the previous model"... the SE is, and the SE also has 2.5G WAN.
How does the failover work for failures on the LAN? Will it track the port status and automatically fail over?
can you 2x aggregation switches. each connected to an SFP+ port on a UDMP? in the example around 10:18 the agg switch is a major single point of failure. not even secondary power from RPS.
So no poe on the switch but you get redundant hdd bays so that you can dump an enterprise worth of cameras onto it? That doesn’t add up. You’d have a separate nvr for that with enough room to store everything for 3-6 months. I don’t get it
It should have 4 SFP++ for full redundancy with dual connection to switches
Not to mention having redundant links between switches as well, where in his diagram you would have 2 x Agg switches, with both UMDP/SE/Maxs connected to both Agg switches, with an interconnection between the Agg switches. There would then been connections from both Agg switches to every subsequent device switch in the structure, so regardless where you had a failure, you still had full communication between the UDMPs and every switch on the network (except the failed device). Admittedlyit would be a headache to setup and get working to that level of redundancy, but once its setup your only fail point is an actual DC outage... which if it was really critical to you, you would then have a secondary (backup) DC site setup the same as well where you do regular config backup restores to whilst running in either a hot or cold DR setup..
When is UniFi Os 4.0 supposed to be released?
Not even in EA yet. Will take some time.
Hi, thank you for the great review! Does shadow mode scenario have session pickup functionality? So is the standby unit aware of ongoing sessions on an active unit?
Doesn't appear to have the session table synchronized no.
"No one has this much Unifi gear at home." - Challenge accepted
Love it...
Huh. His large network sample is smaller than my home unifi setup
Jus what I was about to say, I guess I'm a no one then 🙂
I got this for my home network because I’m unsure where my latency problem came from. I have the original home Dream Machine and it says it handles 120 clients. Well I maxed that out with home automation gear and my network went to shit. Latency above 500ms
So I’m wondering if my 15 cameras caused the problem so I didn’t want to run the dream machine special edition and end up getting over 70% of its capabilities.
So I will get my Poe separately and with the pro max I know I won’t outgrow it. Now I have to decide if my 2 WiFi access points are enough or do I need to keep the old UDM just as an access point.
Love, can you do a network diagram showing two aggregation switches
Does shadow mode also support load balancing?
Particularly if each UDM-pro-max is connected to a different ISP.
We didn't use the UDM in the last install. With just 10 cameras, it struggled to keep the HD streams stored. The NVR is the best for low cost, but the NVR-Pro smashes it. We've just pushed 37 cameras to it and it's perfect. We do ANPR and gate control too. Two on the site for redundancy... For a large deployment, where the Pro-Max would be used - the UDMs strength is running Internet connections - not recording video....
you are blaming the udm for a hard drive problem lmfao. They run the cameras fine if your drive isn’t bottlenecking
I assume the built in switch is still limited by a gig connection to the WAN? “This is for LARGE deployments!” Then why even have it? Make them all SFP+ with a single RJ45 for shadowing.
Will the next one be the Pro Max Ultra Plus Premium? These names are insane.
I just commented on it, its really dumb actually, kinda childish I think to be honest
Pro max Platinum+
How are your two routers sharing a single ISP connection? Are they each pulling a unique public IP? Are they static or DHCP?
During shadow mode configuration, does a OS update reboot both UDM's at the same time? Or does each udm reboot 1 at a time to ensure uptime during the update process?
Whatever UniFi is paying you, it isn't enough.
The amount of UniFi products I've bought because of this channel.... 😅😅😅😅😅😅
I agree.
I second that! I changed everything at my house, everything at my dads house everything at my in-laws house and my brother in laws house and i manage it all, not everything came from this channel but its defiantly be an invaluable tool
Love your username. It made me lol
@@larrypost6217 the 5gb/s limit with IDS/IPS it the problem. 10gb/s is the normal thing for most isp, one even offers 25gb/s for just 65$.
Hi Chris,
Am I right in saying that if you have a 10Gbps WAN connection, you'd need to have it going into an Aggregation/Pro switch to be able to pass out the SFP+ connections to the 2 UDMs?
Was there any noticeable Fan noise? my UDM:SE is pretty silent, and I was hoping the new Pro Max would remain the same.
Wouldn’t it make more sense to have two USW-Aggregation switches? As you have just moved the single point of failure to a device that doesn’t support redundant power.
Yes - you'd want redundancy at every level - it's just an example...don't take it as the rule of law.
Or rather, I should say you should be building in as much redundancy as the customer's tolerance allows for - that's going to be different for every customer. Network consulting 101.
Right its a balancing act, if you have 5 of them sure you are covered but if you never use them you have wasted money, redundancy in my experience seems to be an afterthought. At least in customers minds. You also need to have things that are mission critical, and then things are luxury. The example you made the UDM is mission critical as none of the other components work without it, having a backup is mission critical. The other switches could be farmed to an old switch laying around if it failed or mission critical areas could be plugged directly into the UDM. It all comes down to cost vs benefit.
@CrosstalkSolutions but ubiquiti doesn't support multi chassis lagg. You can't do 2x agg switches each with a downlink to every switch.
@@ciaranfarley it can still to fall over. The second one would only be used if the first one failed, but you still have fall over.
I'm revamping a network at the moment and I'll be having 2 firewalls (Probably Fortigate 600's as i need 10Gb throughput) and those will be connected to 2 of the USW Pro-aggregation switches. Any HA set up can't be having a single point of failure in it as you say.
Hi Chris, regarding the Flex 10 GbE switch that you are using to split your WAN ISP conmnection, did you have to do any configuration to make this work on the switch itself with VLANS? If so, could you potentially post a guide or perhaps additional instructions on howm to accomplish this? It looks like the Flex 10GbE has a white LED which means its unadopted/unmanaged so I would assume youre using it as a dumb switch as opposed to a managed one? I just got two pro maxes and want to use HA but only have one downstream ISP connection from ATT Fiber for the 5GB internet. Thanks in advance!
Instead of running the drives as RAID 1 is there a way to run it as JBOD to increase total storage capacity?
Shadow mode protects against a UDM failing but, at least in the example you showed, you still have single points of failure in the downstream switches. Is a UDM failure more likely than a switch failure?
It's just for demonstration.
At the enterprise level, which this equipment is designed for, anything core you would have redundant everything, not just the gateway, and that really shouldn't have to be pointed out at every level.
@@jbunselmeyerProblem is that the UDM-Pro-Max has only a single 2,5 GBit/s WAN Port and two SFP+ Ports. This limits you quite a bit. You could use the 2,5 Gbit/s Port as WAN and then use the two SFP+ Ports to link to your redundant core switches. This hoewer means you're stuck with 2,5 Gbit/s WAN. If you want to use one of the SFP+ Ports as WAN to get more bandwith you only have a single SFP+ Port left to link to your core switch (which isn't enough for a redundant setup).
And all this means you'r only getting a single WAN Port and won't be doing redundant internet links from two diffrent providers (or two links to the same provider ...).
So the UDM-Pro-MAX appears to only be a little redundancy but not really an enterprise solution with high uptime requirements.
What is the software your using to make the example diagram?
What is the main goal for those 2 HDD slots? just a simple NAS system?. Is this device able to boot up some OS off
those HDDs? Will these be counted for diskstation software, let's say to access them remotely?
How does the IP HA work, does it rely on VRRP or are the interfaces in a shutdown state when the UDM is in passive mode? Jus interested on the IP side of things.
Thoughts on getting a UDM-Pro/Max vs UISP Router - Pro. I have a large UISP network with about 30 UniFi WAP’s and a few UniFi and Edgemax switches. Looking to replace Edgerouter Pro. I can’t find much on the UISP-R Pro.
Hi Chris, since you get Unifi equipment early, do you know if there's a follow-up to the UDM-SE where the ports have PoE (unlike the Pro Max), increased backplane bandwidth, and more CPU power? I used the UDM SE with 60+ users and found the throttling and packet shaping hurt speed and even required reboots and rework of the network configuration. I eventually gave up on throttling and had a very limited set of rules in order to not overburden the CPU.
In shadow mode, does the secondary UDM notify you if it has a failure or is not running correctly?
Can you access the footage recorded on the shadow device when it was primary for a little while and then changes back to shadow mode?
Any word on if this improves PPPoE throughput? Unfortunately some of us are stuck on services that, while Multigigabit, are hampered by the throttled throughput of PPPoE on the /SE.
Just a really quick question will multi-wan work with the shadow mode.
Yes absolutely!
Perfect, then that feature can't come soon enough.@@CrosstalkSolutions
Thank you as always Chris with great information. I may just stay with my old UDM-Pro for now but that dual hard drives would be nice upgrade. :)
All you need is an NVR.
@@JacksonCampbellyup. On offer now too
@CrosstalkSolutions I would love it if you could make a video on setting up port forwarding/firewall rules to forward traffic to internal servers on a network. I have a multi-IP/single WAN connection but cannot get the rules to work reliably.
Can you use a unifi switch vlan to split the internet connection? We do this at my office with some Cisco 9300s because of stacking and power stacking one switch can power the other switch if it looses power or fails.
When are they going to add multi chassis lagg so you can have a redundant core
question, what software you used to create the visual of the home network? Great Video!!
Hello... struggling to find the videos you have with Kevin Houser... I hope you can help me.
I purged out a ton of my old content...those videos were very outdated.
can i connect this to lc fiber box direct to replace isp modem so i only have this.? If this is to much power for home, what is next in line ubiquti to connect direct to lc fiber optic box ? Also is it compatible with reolink cameras?
With so many service providers offering over 1 GB connection speeds, it's odd that Ubiquiti isn’t keeping pace and giving ports a minimum of 2.5 connections on most of their prosumer equipment. It sucks to consider buying this $6-700 piece of equipment to get the faster throughput.
How many home users actually would use/need more than 1 gigabit Internet? Seems like a sweet spot to me.
@@jbunselmeyerthis is not a product for a average home user so it should absolutely not have just 1 gb ports
@@jbunselmeyerbut this is where this is a miss. They’re marketing this as large scale deployments, yet the speed and features are closes to a home user. This is really udm pro 2.0 not a higher level device. I expect unifi to run out their udm pro and then discontinue them when they see the low sales of the max.
@@jada1173 The original comment was about service providers, so I was referring to internet speeds, are you talking LAN speeds?
@@HaydonRyan The original comment was about service providers, so I was referring to internet speeds, are you talking LAN speeds?
Hi. Do you know if this device will be able to handle 3 WAN connections?. 2 Wans load balancing mode and a third one as failover i.e starlink. Could you advise please?
This feels like an odd device. If this is meant for big deployments, why keep the protect support while dropping PoE? Wouldn't those customers just have NVR/NVR Pros for even more redundancy & storage? Similarly 8 GbE ports seems like a waste if you're just going to plug it into a larger switch anyway. Seems like they could drop a lot of the fluff and just make a pure router/controller with dual WAN in, 1 or 2 GbE ports for Shadow mode, 2 SFP+ ports for core switch redundancy and probably have a better device for it.
Would love to see a Dream Machine Pro SE 2 with the dual HDD support and some 2.5GbE PoE++ ports for their WiFi 7 gear. Would make a kick-ass future-proofed homelab/small office controller without requiring the NVR and a big pro switch for basic NVR redundancy and faster WiFi support.
Chris, do you know what’s the difference in number of cameras setup in the pro max vs pro se ?
Hi can the harddrives for the camerad be backed up to a nas?
I wonder if the 8 Gigabit Ports have full Gigabit-Speed each this time, or just share 1GB Bandwitch on the Backplane for all Ports like the UDM Pro/SE...
What's the realistic amount of clients this can handle if I'm running about 6 to 8 switches and about 70 APs?
Interested to see if shadow mode is working how I’m thinking with the switch being in place before the wan connections. Right now I have my modem connected through the network as you did in your starlink setup but will that also apply to shadow mode now where I can set both udms to do that. Also doing the same with failover lte modem so now I’m thinking of trying both routed through the network to have a super seamless experience.
Shadow mode sounds great. Will it be available for uxg pro? What about static ip?
Does the backplane have the same limitations?
Can you tell me whats a program you used to draw the toplogy ?
Does the 4.0 version still use P2P or can you VPN or Wireguard into your system from the app on your Android device?
Hello. how are you? I have a question regarding this device versus a USG Pro 4. In the USG Pro 4, LAN ports 1 and 2 are independent ports, and I can configure an independent segment for each of them (each one on VLAN 1). Is this possible with this new line of devices? I purchased a UCG Ultra, and it cannot do this. The UniFiOS only allows creating VLANs, meaning it only has one network on VLAN 1 for the whole device. Which device would allow me to do everything I need? Thanks. Best regards.
The built in switch doesn’t have 2.5? What?
I also think the Aggregate switches should have failover/HA - if the Aggregate dies then you basically end up in the same position as loosing the UDM. Also, if you are an enterprise customer more than likely you will be using an NVR or NVR-Pro. It would be good if Ubiquiti started adding these features to other suitable devices.
Any improvements to PPPoE performance with this?
What software do you use for your system diagrams?
Hello Pros, does the UDM-Pro-Max have still the issue that all traffic going out of the WAN port is affected by by natting, so that I can not use it with VLANS on the WAN interface behind a third party SD-WAN or even other firewall solution. This would be a real benefit using the device in enterprise environments where networks/devices must be reached from other locations without port forwarding which is useless in enterprise scenarios. Would be nice if you find some time to to at this.
Yes I agree 2 SFP+ with link aggregation on each switch I would upgrade. Was disappointed my UDM does not support link aggregation
Also I know when using Cisco 6500 equipment we can spread link aggregation between two switches ( working as a team) Wish that feature would exist on UNIFI
Hey chris, another great video. Got a question regarding WAN LINKS. If i have /30 subnet from my provider, do you need to configure both UDM pro max of the sync will just copy and config to the secondary?
Your large deployment diagram doesn't show the RPS connected to the two Switches. It also probably should have included a switch to split the WAN connection which will likely be needed. It's a bummer that the 8 port aggregation switch doesn't support RPS, for a single switch that's critical like aggregation that would be huge. In a large deployment it would be worth the cost bump to the 28 port Agg switch just to have RPS.
and... i lost interest, Ubiquity please make an affordable basic 2.5 gig switch an 8 port 2.5gig _ 10gig sfp+ switch with 60w POE would be nice. like the old 60w POE 8 port switch but faster.... and designed for like... home/SMB use.
Can i use it as a router too? i have a pppoe connection
can you show how to do fully meshed LAN infrastructure? Does Unifi support this yet?
Just discovered your channel, and I've thoroughly enjoyed your videos that I've watched. Starlink Gen 3 review, Starlink in motion (major thanks for that), internet down a mine shaft, and now this one. I have twenty-ish years in IT, specializing in Systems & Networks.
Excellent content, sir!
I'd like to ask a question, though. What is that large rectangular Ubiquiti device mounted to the wall of your left side in the video? I've been trying to identify it but keep failing.
That’s the UniFi Dream Wall.
@@CrosstalkSolutions Awesome! Thanks!
What filesystem do they format the drives to?
So what’s a good gateway for a 10gbps internet connection?
So what you're saying is this would be great for my home network?
still missing wireguard site to site.. done waiting for it. Moving all my locations to PFSense.
Ok I am new to all this unifi stuff. I thought this was what I needed for my home. Guess not. What would you recommend? Planning on 3 wifi 7 access points. And 3 cameras. I want them to be POE for everything. I do have really fast fiber 1.5g was wanting to plug fiber right into my unifi system.
Go for the UCG-Max.
@ and then something like the USW-Ultra-60W for the Poe to the access points?
Why no redundancy in the aggregation SW level?
What if the aggregation switch fails?
Interesting. We've never adopted Protect as the cost to replace all our cameras with Ubiquiti cameras would be ridiculous. But if we did..... I would want to be able to split the camera recording between the two drives for faster I/O speeds, rather than have raid functionality .
Ugh, in your test for shadow mode you just moved your single point of failure to the small switch between the gateways and the internet. I'm struggling with this with Meraki firewalls. At one site I have Comcast dedicated ethernet yet their device only allows one port to be active, meaning you have to put in a switch between multiple firewalls and the Comcast equipment. Which is ridiculous because their CABLE business internet routers have FOUR local ports so you can easily put one port to each firewall. I have the same issue with Verizon FIOS coming out of an ONT. Just one local connection so you have to use a switch between the ISP router to the firewall devices.
I have the original UDM Pro, including VMs, it manages ~2k machines currently just fine, and the only way I'm upgrading to another Ubiquiti device is if they finally add support for IPv6-only VLANs. (There's also an issue with bonded interfaces reporting as two devices with the same IP, but I've been working with their support team for a couple weeks now to hopefully resolve this).
I just got my first unifi AP. Using self hosted controller. I love the unifi UI and unifi network selfhosted. Wish it was more affordable but I know you pay for what you get. My next item to get is a unifi switch. I do not have a rack so my options are limited.
I'm currently running 2 UDM Pros in Shadow mode with 2 ISPs in a fail-over config, would I need a switch inbetween each ISP's modem and each UDM Pro to achieve HA Shadow mode? From what I've gathered, most ISPs in the US handout a single IP so I'm not sure if this would work in a failover config without 2 extra switches and double-NAT which doesn't seem ideal. Does that sound right or am I missing something?
How does shadow mode work with wan failover?
Anyone know if will be able to migrate from a UDM Pro to Pro-Max through a simple backup and restore?
That enterprise set up has some nice HA and redundancy, but the single point of failure at the aggregation switch is an issue.
I hope they will add the HA failover mode to the other UDMs, as this is the only thing that I would want from this one. With a 1gbit connection outside and an NVR, I really don't need the features of this. Except that I do want the HA.
Also, it's not clear how to handle the switch that the UDMs connect to. In your setup example, you still have the single point of failure in the AGGR switch. But will it work to have the two UDMs go to separate 10gbit switches?
To me it feels very silly that they kept the 8 port switches and not added an extra WAN 10gbit fiber port. OTOH this thing is only rated for 5gbit performance with all security features on, so maybe that's okay. It does annoy me that I have to choose between direct fiber input (I do that now in the office on our UDM Pro) or two LAN 10 gbit lines. I assume these choices were done to keep development cost down, but that just makes this thing look a bit like a frankenswitch (TM).
Great video. I agree with what you said about the lack of POE ports. By the way, who crimped that blue patch cable 🙂
What about the amount of VPN sites at the same time?? I got 25 sites that I need to connect each other.
Doesn’t having only a single aggregation switch, kind of defeat the purpose of shadow mode and having a high availability redundant network?
can i do 2 isp for shadow mode?
What does an aggregation switch do?
I realize it's not for "home users" but AT&T already offers 5Gbps internet where we live. Why get a crippled Pro that can't handle the full internet speed? My wife does medical editing from home, so I don't have the option of disabling IDS/IPS because of HIPPA guidelines.
Sad, I was looking for the open case as you did with pro/SE