The Dangers of First Impressions - Unifi Dream Machine Pro

Sat, Jun 20, 2020

I’ve recently purchased¹ a Ubiquiti UniFi Dream Machine Pro to be the basis of my home network. I’m generally happy with it now but it’s out-of-the-box experience was so bad it’s the first Ubiquiti equipment I’ve had that I have seriously considered returning.

Background

My ISP made a new 1000/50 plan available^{2 3}. Ubiquiti’s 3-port UniFi Security Gateway could barely handle the 250/25 plan I’d previously been using with all the intrusion detection features turned off. The 4-port UniFi Security Gateway has a reputation for being very noisy and as this was going to be located in my bedroom⁴ that was a non-starter.

The UniFi Dream Machine tops out at about 850Mbps with intrusion detection enabled which left the UDM Pro as the only Ubiquiti option available. Checking online and with people who already had one indicated that the noise level would be acceptable⁵ so that’s what I ordered.

The equipment it replaces is:

• A 3-port UniFi Security Gateway. These are getting a bit dated but still solid little devices for slower connections.
• An UniFi Switch 8. This connected the security gateway to the rest of the apartment. Powered over PoE from one of my other switches⁶.
• A UniFi Cloud Key Gen 2 which previously ran the UniFi controller for the network.

The Setup

For the Dream Machine line Ubiquiti have decided to require the use of a Ubiquiti account. The direct consequence of this is that the UDM Pro cannot be configured without an active internet connection. I had assumed that as my USG had happily worked with my ISP with no configuration that the newer (and significantly more expective) UDM Pro would similarly have no issues.

I was wrong.

When first powered on the UDM Pro could not establish an internet connection. This meant it couldn’t be configured. It’s essentially an aluminium paperweight with a small screen confirming it’s uselessness. OK, not all technology works the first time. Let’s try to troubleshoot. Only there is no actual troubleshooting information made available. The UniFi app and the setup web UI do not give any details on the failure, just the option to change some settings I already had correct.

It’s about this point you might start to wonder if Ubiquiti knows who their target market for this device is. Failing to give useful information when something breaks is an Apple trick⁷ but they’re dealing with consumers and have a much larger marketing budget to smooth over their failures. Ubiquiti call this an enterprise device and for my money⁸ when an enterprise device fails there needs to be something more substantial than an error screen that lacks any actionable information⁹.

Things I tried in order to work include:

• Using my ISP’s (excellent) tools to verify that everything was working on their end and to reset the connection
• Trying the various connection settings even though I was confident they were correct (they were, this didn’t help)
• Swearing
• Leaving the connection disconnected for a few hours in case some MAC address or similar was cached somewhere. This was a very long shot and comprehensively missed.
• Verify the old network gear still worked to verify it wasn’t a coincidental fault elsewhere.

Eventually after some Googling I found a suggestion to update the firmware. The procedure for this is:

• Download the firmware to a computer that has an Ethernet port that you can wire directly to the UDM Pro.
• Restart the UDM Pro in recovery mode.
• Assign a specific static IP to the computer and connect it to the UDM Pro.
• Use the recovery UI to update the firmware.
• Hope this fixes the damn thing.

Fortunately this did allow it to finally get an internet connection and proceed through setup. But the entire experience was aggravating and gives me serious pause as to some of the design choices Ubiquiti has made.

Australia’s National Broadband Network is a monument to governmental disfunction and the toxic incompetence of our politics but the equipment I have isn’t really that unusual. You plug an Ethernet cable in, DHCP gives you an IP and you’re away¹⁰. Network equipment advertised as enterprise grade should be able to handle this. But no one’s perfect and sometimes there will be issues. What raises this from annoyance to unacceptable is that Ubiquiti have made having an internet connection mandatory for the device to do anything at all and then left users stranded when their device can’t use a perfectly functional connection on setup.

Post Setup

Once past the connectivity issues the import of my previous network configuration went very smoothly. The network performance with full intrusion detection enabled has reached about what I’d consider the limits of of a fibre NBN connection. The unit has run quietly and done a couple of background firmware updates with no incident. In general once configured it’s been very effective. I’ve reported a couple of minor glitches in the controller but it’s generally been rock solid at the tasks I actually want. There have been a number of reports of instability and other issues with the Dream Machine devices but they’ve stabilised it enough that it works well for me.

The continuing need to have a Ubiquiti account to work with it is something I’m not entirely happy with. I’d prefer if all administration could only be done locally but for my usage¹¹ that’s not a deal breaker.

Summary

Ubiquiti has produced a product family that’s a solid improvement over the Cloud Key/USG pairing that was their previous offering and simultaneously made me opposed to it being used by anyone non-technical. My parents¹² run a UniFi network so I can manage some of their stuff from the other side of the country. The non-pro UDM looks like it would be a great upgrade for their network if I could trust it. And after this experience I just can’t. I could not lead them through troubleshooting if that became necessary. I’ve suggested UniFi gear to a lot of people but now I would need to add additional caveats about technical proficiency. For a lot of people I might suggest just getting Nest WiFi instead because sure it’s made by an organisation that wants all your data to sell you ads but in most cases you can be confident it will just work.

You’ve made me sad Ubiquiti. Some business type has decided to force your accounts on people and it’s making your products less compelling and harder to recommend. Please stop.

Good:

• Handles a 1000/50 connection with all the security options turned on
• Effectively silent
• Transfer of existing network setup is very smooth

Bad

• Inbuilt switch isn’t PoE

Ugly

• Out of the box it can just not work
• Forced Ubiquiti account turns setup issues into disasters

---

1. I lack the social media presence to qualify for free gear. ↩︎

2. For various reasons they’re making much more conservative guarantees about the service which is a responsible attitude. My experience with the service has been that they deliver as close to these values as you could reasonably expect. ↩︎

3. The new plan is also cheaper so it’s a huge jump in value. I’m pretty happy about it. ↩︎

4. This is where the NBN equipment is located so the gateway device has to be located here. ↩︎

5. This has been true in practice, if it makes any noise I can’t hear it. ↩︎

6. Powering switches from other switches is extremely useful, I try to do it as much as is practical. ↩︎

7. An incredibly aggravating one I wish they’d stop. ↩︎

8. And it was a decent amount of my money. ↩︎

9. Suggesting I change settings isn’t enough when those settings are correct and there’s no information on the failure to work with. ↩︎

10. Yes, I’m aware this is simplistic. ↩︎

11. As a cis white male on The Internets unlikely to be the target of nation states or criminal groups and not involved in any crime my threat model isn’t that deep. ↩︎

12. There are many people out there whose parents are highly proficient with technology. Please do not generalise these comments which refer to my parents specifically who have many skills in non-technology areas. ↩︎