My current network setup consists of a Spectrum modem, pfSense, two USW-24-Poe switches, a few Flex Minis, and an 8-port switch in my office. I plan to move everything into a rack and prepare for the installation of fiber optic cables soon. Currently, I run the controller software on a Raspberry Pi, but it’s experiencing issues and requires replacement. I also have three APs.
Moving forward, I intend to switch to UniFi Protect for all my cameras and add more. Consequently, I’ll be purchasing the UNVR.
I’m seeking suggestions on how to structure the entry point of my network. My idea is to buy a cloud key to eliminate the reliance on new hardware like a UDM. However, I’m unsure about the specific hardware I need to purchase or whether a cloud key and a UDM suffice. My goal is to transition away from pfSense and adopt a fully UniFi-based system. Do I require a UXG to replace pfSense, or can I use a cloud key and a UDM instead? I’m not concerned with learning or the complexity of the setup; I simply want to achieve the most efficient solution. The incoming fiber optic connection will be symmetrical 5G.
I often get confused about the differences between UXG and UDM and what hardware is required or if both are necessary. Ideally, I’d like to replace my current modem and ensure future-proofing for the fiber installation. Additionally, I currently use OpenVPN to connect back home to pfSense, so I need to be able to replicate this functionality with any solution. Any and all assistance is greatly appreciated.
I can provide some of my recent experience with this. I went through a similar issue of not quite understanding the offerings of unifi unfortunately after I had purchased some of this stuff. Based on what you listed to already have in place. I would suggest get the cloudkey plus and make that as your controller to replace the Rasberry PI. It also will support a hardrive for your protect planning for camera situation. Keep your psSense hopefully it has a way to tap a fiber connection or supports the throughput you need from your isp.
After the mistake of purchasing the UDM-Pro for me. The way I understood it, I was hoping to get the console, the nvr for cameras, fast switch, and not use the gateway portion. They kind of advertise it like that. I did not have a good experience with the all in one solution. As portion of that equipment were not in comparison of features to the firewall you get out of pfSense and other limitation I did not like with separation. So I ended up getting the cloud key to support the controller and camera portion.
Based on your question here are some examples that might help.
Example1:
ISP connection → pfSense (equipment to support anticipated Bandwidth) —> Switches and APs you already own (trunk this to your pfsense) —> Cloudkey pluggged into one of the switches. Then your bottleneck would be the limited speed of your switches. I think some of the switches you mentioned only support 1g connection
Example 2:
ISP connection ---- UDM —> switches and AP’s
Example 3:
ISP Connection — UXG (Most of the gateway products don’t support 5gb speeds I think the lowest version is the UXG-Pro) —> switches and AP’s — Cloudkey pluggged into one of the switches.
I don’t know anything about the hardware of UDM or UXG, so take my response with a grain of salt.
I think it is a terrible idea to combine routing and NVR on the same platform. This cannot be any good for the routing performance unless there actually 2 separate hardware systems in those machines, e.g. if the routing is done on ASICs.
You are not mentioning any hypervisors. So assuming you dont have any and don’t want any, Example 1 (from @ITspec) seems to make the most sense to me.
I’m in agreement with your thoughts in this. I know I’ll probably have to update my existing switches as well which is fine. I’m ordering a cloud key plus today to take care of that portion.
I was leaning towards the uxg pro as the gateway since I’ll be grabbing the nvr too. I feel like it’s more hardware instead of the all in one solution, but I’m ok with it. AIO solutions ar le great but they always seem to lack somewhere. My pfSense box only has 1g ports right now so either way I will have to upgrade. The main orher way I was leaning towards was the udm se but again, still researching and debating.
Definitely appreciate your insight and sorry you had so many issues. Hopefully I can avoid some of that by using your experiences though.
Only running proxmox but not for pfSense. Option 1 does make sense as well if opt to stay with pfSense. I figured if I move to all unifi I’d prefer to keep things separate but I’m still learning.
I haven’t seen any use case requirement that would require more then 1G for your routing. I understand that you really WANT to move away from pfSense, but the 1G ports are just a rationalisation to support your wish.
Now we’re talking. You don’t really need any Unifi hardware to run the Unifi Network controller app. You can run this in a VM using docker. Not a problem at all.
You seem to really want to spend the bucks on Unifi cameras and their NVR solution. Nothing bad about that. You could as well go for other cameras and a free and open source NR solution like Frigate, but it is of course more work for less bucks.
an All-Unifi network also has a charm. It depends on how “pro” you like to go and how much time you want to spend tinkering. All Unifi means it is the least amount of work and has more restrictions. This can be perfectly what fits your needs. Still, I’d not combine routing and NVR if you want to go for performance and a fiber network in your home.
Yeah I get the ‘pro’ portion and restrictions. I don’t use a ton of the functionality in pfsense but do like the ease of use for rules and vlans. I’ve also got my pfsense in it’s own ‘small’ pc case and not a rack, so it’s also about just minimizing the space being utilized. Obviously there are multiple ways to go about this and options.
I’ve got a bunch of ONVIF cameras and use BI right now for the nvr. Again, just comes back to moving everything into a rack and keeping it clean. Plus the charm of being all unifi, I think you nailed the thoughs on that 100% haha. It does sound/look good for everything to be the same brand etc.
Given that I already run proxmox, I don’t see any reason I couldn’t run the unifi controller there do you? Similar to docker and I don’t see an issue. Thanks for all of your input.
You can just have a VM and install docker there, then use the two containers for the applications and for the database. Proxmox supposedly supports running containers directly, but I have never used Proxmox, so I can’t say anything bout that.
Before updating the application container, pull a config backup from the Unifi Network app UI, just in case, but I never had problems where i’d had needed that backup.
This is also how you would migrate: pull a config backup form your current controller device, and when you startup the controller in the VM the first tme you can provide the config backup so that it comes up with all your config as before on the other device.
