Move from pfsense to UDM Pro?

I am toying with the idea of getting a UDM Pro and replacing my pfsense box. The rest of my network is already Unifi stuff anyway. I no longer have a need for most of the stuff I was using pfsense for, so a lot of its capability is wasted these days. Aside from pfblocker.

Here is what I really need from the router, simple VPN into the network, basic VLAN setups, some form of filtering would be good to replace pfblocker. That is about it really. I have a 1Gbs fiber line, pretty sure from what I have read the UDM Pro should be fine pumping those speeds even with IDS/IPS turned on. I also plan to add a few cameras to my home as well. Starting with the new Unifi doorbell cam. Figure getting everthing in one box is the best way to start.

One of the reasons for doing this is to repurpose my pfsense box as a VM server. I then want to move my jails on FreeNAS to the old pfsense box. But that is outside the scope of this topic.

So, am I totally crazy to do this? The cost is less of an issue. So, no need to bring that up as a con. I am strictly looking to sanity check myself and make sure I am not somehow going to hose myself in ways I did not plan on. So, am I crazy or stupid to do this? Please let me know.

I thought about going down that same road, the cost isn’t really that much considering the price of the Pro Box ($515 Canadian). I just spent close to that for a QOTOM Q355G4 Barebone Mini PC - Core i5, AES-NI, 4 Intel LAN with memory and SSD to run pfSense on. Like you said, if you already have all Ubiquiti, then I would think it’s a no brainer. I’ve been learning about pfSense, thanks to Tom’s and others videos and documentation, it’s been a fun (and at times frustrating) experience, but that’s how one learns. II did think about going all in on Ubiquiti, but possibly at a later date…need to get it past the boss lady…lol.

We never use UDM / UDM Pro for customers and they do seem to be a bit buggy but getting better. Their user VPN setup is really lacking in terms of features. I look at them as generic consumer routers with VLAN and a fancier way to manage them.

1 Like

Thanks Tom.

What kind of bugs? Anything in particular or just random things?

As for the VPN part, I really just want it to dump me into my local LAN for remote access to a couple things and to use for when I am at hotels on their WiFi. Will it at least acomplish this or are there issues I am unaware of? Seems like the most basic form of VPN function that almost anything should be able to do, but I could be wrong.

Per many users in the forums and ones contacting us there does appear to be stability issues but the VPN problem is they don’t have OpenVPN support for users.

Ok, thanks. Maybe I will wait for things to cook a little longer before diving into that one. Pfsense has treated me well for several years now, so I am in no hurry to get rid of it. Was just kinda wanting a new shiny thing to play with, I guess.

I guess I could get another SSD and slap untangle on it and play with that in the mean time.

You mentioned having a FreeNAS box, I know TrueNAS Core 12 has OpenVPN server capabilities now. So you could possibly use that for your VPN server if UDM is lacking?

Lot’s of things have VPN so yes, that is an option but it requires more work to create all the routing rules. Another option could be using https://www.zerotier.com/

I thought of that. But would like to keep the VPN on the firewall if possible. If not, I would likely spin up a VPN server on the VPN box. Trying to pull everything off the FreeNAS/TrueNAS at some point so it is strictly storage.

In your shoes, I’d stick with the current setup, if you’ve setup pfsense and it’s working just leave it. Instead buy a box and stuff it with ram to run your vms.

The OpenVPN setup on pfsense is pretty good, not seen too many other GUI implementations of it that are better.

I have OpenVPN and IPsec setup on pfsense now. I think part of me just wants a new toy. Pfsense has been running things for four or five years now on my network. Been a solid firewall. Like I said a couple of posts ago, I might just get another SSD and play with Untangle on it. Thatway I don’t have to worry about losing anthing on the pfsense setup. Just swap drives and be back at it if needed. Then, if the UDM Pro gets better in a year or so, maybe make the leap. Maybe.

Had a UDM-Pro for circa a month in Feb-March and it was dire. Stats all over the place, quirky rules, constant beta releases.

Raise the issue on the UI forums and you basically get shot down for not being a fanboy. Looking for some second hand Rukus APs these days as I’ll remove the rest of the UI kit if possible and leave their awful approach to the fanboys.

Don’t get me wrong their switches and AP have been ok, but the UDM-PRO awful.

I rotate between Untangle, Sophos XG Home and a bit of pfsense. All better than anything UI offer.

You can take a backup, then just reinstall pfsense then restore the image. Though make sure you have the corresponding pfsense ISO too, if Netgate do an update they remove the previous version from their site.

Save yourself a few quid.

SSD’s are so cheap these days, it’s almost like buying a flash stick. Local Microcenter has several name brand ones going for $25-30 for 120GB. More than enough for a firewall. Plus the case the server is in has hot swaps. Makes it all too easy to just swap drives. I can always wipe one for use later on another system. So, not a huge deal.

1 Like

hello

i work in a hotel as a we deploy 800+ of unifi ap including usg pro but i do plan to move pfsense from usg and looking now the best hardware from netgate for my experience usg lack of functionality like no policy base routing, no openvpn etc and somehow the firmware buggy but unifi seitch and ap’s are really good the only problem is the usg firewall.

cheers

1 Like

I am pretty sure I will shift gears to Untangle instead. Gonna try the home version and see how that goes for a year or two. Revisit the UMD Pro and see if it is better by then. Or just stick with Untangle/pfsense.

So what of you wanted to go the opposite direction, but we’re already using the udmp for unifi protect etc. Is there a way of turning your expensive udmp into an expensive NVR and handing over the firewall/routing to pfsense? Anyone had any luck doing this?

1 Like