CHF389.20
Ubiquiti UniFi Dream Machine Pro
Bewertung für Ubiquiti UniFi Dream Machine Pro
Do not buy. This has major weaknesses that mean it is not ready for real-world use.
This is, without doubt, the worst piece of networking equipment that Ubiquiti has ever produced.
Let's count the problems.
1. There is no physical power button, so if (rather, when) there is an issue, there is no way to reliably shut the device down without either yanking the power cable out the back, or performing a factory reset.
2. The WAN routing mechanism ALWAYS uses NAT, and it can't be changed. So forget using this with a second router unless you want the joy of double NAT (not good for certain devices, and generally not ideal for performance).
3. The device forces open REMOTE access management from the web. Yes, you read that correctly, the UDM Pro is so poorly coded that it has an open back door for hackers to come in and manage the device remotely. Sure, they might need to have obtained your UI.COM account details, but think on this... the Ubiquiti system is now a perfect honeypot for hackers because they know that if they can hack that, then they can gain access to any network which has a UDM on it. THIS IS POSSIBLY THE MOST STUPID THING THAT I HAVE COME ACROSS IN 30 YEARS OF WORKING WITH NETWORKS.
Not only that, the UnifiOS is very flaky and the implementation on the UDM Pro is, well, not good.
This is clearly (in June 2020) an alpha release, and perhaps in a year or so's time, when they Ubiquiti team have worked through all the bugs - especially in their thinking - then the product might be great.
But right now, it is a very expensive paperweight that you simply cannot risk adding to your network.
Do NOT buy.
Contra
- Force the use of NAT, so can't be used as a second router.
- Remote management via UI Cloud is mandatory.
Well, more negative can be said about this product. Professional users should first have a look at the UniFi Community and follow UDM Pro threads and issues and disappointment it had caused worldwide. Amateur or semi-professional users actually don’t need a 19” rack unit.
It looks like code releases miss the quality and the all-in-one dream looks charming at glance, but indeed it’s a very marketing driven product which can satisfy only basic uses cases. You may think that each of the components is pro, but the threat management is so poor and based on open-source free of charge rule base that everyone can have on another open-source device (for less money for the hardware). Switching module has 1 GB backplane for 8x 1Gb ports. You can’t aggregate those ports to LACP either. 10Gb interfaces have fluctuating bandwidth indicating that there is something wrong about the ports.With the version I got, I was able to disable remote management in /settings
@Raphakaram, the UDMPro is always open to remote management. The UDM, on the other hand, does allow remote management to be switched off in settings.
As @JayAr says, this is currently a marketing/buzzword friendly product that consistently and continually fails to deliver as an enterprise- or pro-level device. Several months on from buying it, I can attest that it is still the worst networking device I've come across, and I still cannot recommend it to anyone.
Again, most home users don't need it, and no commercial user should risk their business with it.Ubiquiti just reported a data breach: https://www.heise.de/news...
This is why such devices should not be connected/linked to the cloud. Let's see how they will react and communicate regarding the data breach. Depending on the outcome my UDM Pro will go back to Digitec unused in its original packaging.still true with the latest firmware?
It's getting worse, Ubiquiti doesn't seem to care about security and transparency:
https://krebsonsecurity.com/2021...
“It was catastrophically worse than reported, and legal silenced and overruled efforts to decisively protect customers,” Adam wrote in a letter to the European Data Protection Supervisor. “The breach was massive, customer data was at risk, access to customers’ devices deployed in corporations and homes around the world was at risk.”Let's crack this FUD a little.
Power button... Not sure how to take this being the first priority here. If you have a rack mounted hardware, you usually also either use a PDU to switch things, or easy access to the power plugs. In newer devices the power cables even lock into the device so it can;t be pulled accidentally. Nicer PDU's have similar protections. I also own a couple Mikrotik routers, they have no power buton either and also provisions to keep cables in place. Not having a power button for a crucial critical infrastructure like that is good design. I ran my UDM pro for almost 6 months, without a singular problem or reboot needed. Not sure why an absence of a power button was such a big issue.
You can disable the double NAT. It's hidden in the "old" settings unfortunately, as the new settings are default now. Bad UI, agreed, but not impossible. IGMP proxy not being possible in the current software is a much more annoying thing for people in Switzerland using certain digital TV providers.
The remote access is also wrong. You need once to use the cloud account to set it up (also not ideal) but once done, you can create a local only user and then kill the cloud user. That shuts off all the remote access. The rest is firewall settings, however strict you want it.
Is it perfect? No. It's a very solid device for the price though, and you need some very special edge cases before this no longer works for you.
And in that case get a Mikrotik one, there you can do pretty much everything, with a GUI that isn't that great, or all by command line if you like, but you are able to change everything.Agree with you. I`m quite happy with the devices for an enhanced home usage. Even though I use the device behind another router, which is completely disabled and giving the public IP to the security gateway, no natting on that device.
I don`t see any fancy requirements to use the ubiquitiy security gateway behind another router using NAT in a home configuration.It has since been found out that the breach wasn't from an external party but from the Head of Cloud at Ubiquiti itself: https://www.theverge.com/2021...
The supposed Whistleblower was also the same eployee, he's also kind of an idiot for believing this could work.
In my opinion this is much better than as to what we previously believed.With some tricks, it is actually possible to install- and run the UniFi Dream Machine Pro completely WITHOUT the UI Cloud integration. You do not even need to have an UI Account.
It is also no problem having the UDM Pro behind a router - I have mine behind a pfSense router and am not using any of the "gateway functionalities" of the UDM. I use it purely for the Network Devices (Switches and APs) and the Cameras.
You can find documentation how to install and run the Dream Machine Pro "offline", means without connecting it to the internet here:
https://www.tech-island.com/kb...
However this product still does have some problems, i.ex. you cannot create "sites" for grouping network equipment in different locations and it is by far not the best device, although it is currently the only device with which one can manage the network and camera devices on one appliance.
