Random idea for Unifi + EdgeRouter and later pfSense

I currently have a setup that is nearly full Unifi, except for:

  • FTTH ISP that refuses to give info to get into the router (I ‘found my way’ but you cannot use bridge mode as it has IPv4 and IPv6, they just don’t support it)
  • Cable Modem (proper public IP)
  • EdgeRouter 8 Pro (SFP model)
  • Some old POE injector in my office that I need to replace one day

I would love to have the full dashboard of Unifi, and I have the CK2+ with too many cameras. When the new NVR comes out (hoping, I may or may not have seen early access), it seems that could become the video head-end, I am thinking to use that for video.

However, I would love the UDM-Pro for the Unifi experience. The issue is that it just doesn’t cut it for multiple load balancing groups, with two unbalanced ISPs, with failover option to ‘the other line’ as needed but with sticky destination IP setup. For this reason, plus UDM-Pro not stable yet, and seeing what happened to the XG router, I am on the ERPro8 still.

If I move to a pfsense based head-end, would it be possible to stick the UDM-Pro behind that very much in ‘just pass it all through’ mode, with VLANs but getting data? no routing inside the UDM-Pro at all but all would go ‘out’ to pfsense and then pfsense would route?

Crazy idea but hey, the ERPro8 is getting quite long in the tooth and it is just a random thought that someone else may have tried. The lower-level USGs never did enough to handle the load, so that wouldn’t really be an upgrade. If the above doesn’t make sense, I will likely end up replacing the ERPro8 with a pfsense box of some sort, ideally with 10G uplink and I’ll throw in a 10G Unifi switch to handle the main links to the two 48 port master switches (office + main rack).

Appreciate your feedback on the likely crazy idea!

I don’t think there is a way to get the UDM Pro to work in a transparent mode.

Makes sense. Fingers crossed when this COVID-19 stuff finally gets better, I can buy the NVR and some drives, then reduce load on CK2+.

I would like to get myself a 1U rack mounted pfSense with SFP+; Most likely I won’t need more than 2Gbit max in the next few years as 1Gbit here is 400 bucks a month vs 200Mbit at 70 bucks per month. I may however hook up more than one of those via pfSense one day.

The ERPro8 finally supports more than 2 WAN links, so there is a fairly good chance of me getting a 2nd FTTH provider and then have the slower cable line as my ‘real backup’.

Fingers crossed I can find a way to get IP4 public IP onto my WAN port one day, plus enable IP6.