Simple setup Netgate 1100 - UDM

Good morning,
I am trying to find a simple guide on how to setup the following :
ISP <-> Netgate 1100 <-> UDM, essentially to have the security/routing done on Netgate 1100 and ports + WiFi by the UDM.
I cannot find much but one post where Tom talks about double-NAT’ing and … not much more. Any video or advice on what to plug where and potentially basic rules to setup?
Thank you.

To use both you can double NAT. It’s just adds more complexity to the network.

Thanks Tom, I saw you indeed suggested that. So you plug the “LAN” labelled port of the Netgate onto the WAN of the UDM, and the Netgate will provide it an IP, then you let the UDM manage the “clients” connected to it or to WiFi.
And you manage the lot on Netgate via VLANs ?

Your life will be a lot easier if you trade the UDM for a managed switch and Cloud Key controller.

Thanks for your answer, which switch model would you recommend ? And what does that “cloud key” controller bring into the picture ?

I recommend you start here: https://unifi-planner.ui.com

The Cloud Key is a dedicated Unifi controller. Sure, you could set it up with the app, but you wont get all of the features Unifi has to offer. You could also install the controller on a local server or raspberry pi but I find the Cloud Key controller requires less messing around and “just works”. I would get the Gen2 version, or Gen2 Plus if you want to try out a Unifi camera or two someday. See: UniFi / Accessories / Cloud Key – Ubiquiti Inc.

*Keep in mind that your Netgate 1100 is replacing the Unifi router (USG or UDM). It doesn’t really make sense to have one router plugged directly into and routing traffic to another router. ISP <> Router <> Switch <> APs, controller, clients, etc (segmented by VLANs). I hope this helps.

Thank you for your messages.
So that Cloud Key gen2+ brings the Network and Protect software. And then an AP is required as it does not seem to be bringing that. I will explore the planner as suggested.

Right, if you want to plug things into a network you need a switch, if you want Wi-Fi you need one or more wireless access points (APs), and if you want traffic to route between different networks you need a router. If you want to control all of that from a single pane then you need a controller. The UDM tries to combine these things but I feel it doesn’t work very well. If you want networks that just work then use Unifi for the switches and APs and pfSense for the router (I’m a big fan of Netgate). I’m not saying that a UDM wont work for some people, it will, but as soon as you start asking more than the very basics you run into problems. I don’t like problems with my network or my clients networks. Stuff that “just works” makes life easy.

*I sometimes edit for clarity right after posting.

That is very clear, thank you ex1580 for your help and advices !

AlisonD: I have cofigured a home n/w similar to what I think you were wanting to do. I used a Unifi POE switch (initially the 8 port switch w/4 POE ports) with a Gen2 Cloud Key controller. If you have 3 or fewer unifi AP’s they plug into the POE ports on the switch, the other POE port for the CK. One of the 4 non-POE ports serves as ‘trunk’ line to pass traffic from the AP’s (and whatever else you want to put on the switch) up to the SG 1100 LAN interface. Configuring the AP’s and the POE Switch is very intuitive with a graphical user interface (running on the CK controller). The nice thing about this setup is that you can run several independent wireless networks thru each of the AP’s using VLANS… I think each AP can handle up to 4 different wifi networks w/VLANS. pfSense, is straighforward. However, if you want to set up VLANS on the SG-1100 it was very confusing (due to the somewhat unusual network card and port assignment on the SG-1100) until I found a video that Tom posted on how to configure VLANS on the SG-1100:

There was a step in the configuration that was missing from the pfSense documentation but Tom pointed it out! I also run a Unifi doorbell camera with the Cloud Key providing a separate network for cameras and local disk drive to store images. I will add other cameras (seamlessly) once unifi cameras come back in stock.

Thanks a lot atp_aviator (and Tom inevitably :blush:)