Question about Ubiquiti UDM Pro, pfsense, and online gaming

iDurr

n00b
Joined
Jan 28, 2021
Messages
5
Hi all!

I have a couple of questions about a specific Ubiquiti product, the Unifi Dream Machine Pro, as well as the network performance if a pfsense box were to be added as a firewall.

First, can someone explain how the ui cloud account works with the UDM Pro in first time setup? I've read that you have to login the your ui cloud account on initial setup of the UDM Pro, is that still the case? If so, can you disable the option to login with your ui account and only login locally instead? I would like to not need to login with my ui account at all if that's doable.

Second, I want to take advantage of pfsense as an IDS/IPS with DPI. While the UDM Pro has these features, I would like to see them enabled on both the UDM Pro and a pfsense box. I'm wondering, is setting a pfsense box in bridge mode from my ISP modem to my UDM Pro a viable solution for IPS/IDS/DPI?

Finally, if I were to use a pfsense box in bridge mode only between my ISP modem and UDM Pro, would this setup affect my online gaming experience, given that I have good hardware for the pfsense box?
 

Vengance_01

Supreme [H]ardness
Joined
Dec 23, 2001
Messages
6,272
You now need a UI account to get to the cloud Key. From there the controller software can be a local login but the UI Protect is cloud based. The Pro has alot of power where you can turn on full everything. I would not recomend using the pfsense box imo. Makes things way less complicated.
 

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
19,875
I guess first question is if the UDM Pro does the IDS/IPS with DPI, why even use the pfsense box? You are just doubling up the same roles.
 

iDurr

n00b
Joined
Jan 28, 2021
Messages
5
I guess first question is if the UDM Pro does the IDS/IPS with DPI, why even use the pfsense box? You are just doubling up the same roles.
Thank you for your reply! Since I don't know how the UDM Pro implents its IDS/IPS, I'm wondering if the pfsense box would allow me to tune the IDS/IPS to how I'd like it VS the way that Ubiquiti has theirs setup. Is it correct to assume that as long as I give pfsense good hardware that IDS/IPS/DPI won't slow down my connection noticeably? For example, I've seen report of UDM Pro users who have IDS/IPS cranked up to the max with DPI enabled and they're able to saturate their connection, that's what I would like to see except out of a pfsense box.
 

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
19,875
Def with pfsense, while it can run on old hardware, it is those modules that start to add CPU load considerably, if you want to max out all those options you may be looking at at least a quad core i5 / AMD of 4th gen or higher, that could also be overkill pending how much traffic you push through it. PFSense like will give you far more granular control of those options vs Ubiquiti.
 

iDurr

n00b
Joined
Jan 28, 2021
Messages
5
Def with pfsense, while it can run on old hardware, it is those modules that start to add CPU load considerably, if you want to max out all those options you may be looking at at least a quad core i5 / AMD of 4th gen or higher, that could also be overkill pending how much traffic you push through it. PFSense like will give you far more granular control of those options vs Ubiquiti.
That's really good to know thank you, if I had the right hardware to run Snort/Suricata heavily, would I see a higher ping in things like online gaming?
 

Vengance_01

Supreme [H]ardness
Joined
Dec 23, 2001
Messages
6,272
Thank you for your reply! Since I don't know how the UDM Pro implents its IDS/IPS, I'm wondering if the pfsense box would allow me to tune the IDS/IPS to how I'd like it VS the way that Ubiquiti has theirs setup. Is it correct to assume that as long as I give pfsense good hardware that IDS/IPS/DPI won't slow down my connection noticeably? For example, I've seen report of UDM Pro users who have IDS/IPS cranked up to the max with DPI enabled and they're able to saturate their connection, that's what I would like to see except out of a pfsense box.
Its kinda a waste getting a UDM Pro IMO. Just use pfsense as your router on 1 interface straight from your modem as a WAN connection and then second interface for LAN1, and etc... for connection back to your managed switch.
 
Top