UDM Pro SE bit the dust. Keep the replacement or move on?

UDM Pro SE was defective when I bought it for the new house in '22. Can’t boot if anything is plugged into it. The trick is to never let it lose power. Sooo, unifi said to do an RMA. I have 4 work from home users, so I bought a liebart GXT4-1500RT120 from excess UPS. That delayed the problem. Now I have to send the unit in, before the warranty is up.

I use pfsense for the router, and unifi APs for wifi. The APs are meh, but worked great when I had a unifi cloud key gen 1. When I got the SE, I also got an ac mesh and u6-lr, 2 doorbells, and 2 small egg size cameras for the dogs. The UDM SE really was going to be my router, but since it was unreliable, I just used it for the switch (poe), controller for wifi, and protect. I learned to really like pfsense running haproxy as my all in one routing/proxy.

I have a 24 port Netgear GSM7224v2 (sfp, no sfp+), which I can use to replace the switch part of the SE.

A Mikrotik crs305-1g-4s+in connects desktop, server, UDM SE, and a 2.5 gbps switch. The 2.5gps switch connects to another server (2.5 gbps) and another server via its 2nd sfp+.

The 2nd floor ap is on a moca 2.5 gbps backhaul.
The 2 first floor backhauls are 1gbps eth. All 3 backhauls terminate to cheap 8port x 1gbps switches.

This setup was amazing for a 900 square foot ranch. But I got the UDM when I moved to a 4000 square foot 3 level home. All interior walls are drywall, and wood, with serious amounts of insulation for sound deadening. There are metal plates over stud bays that contain utilities.
I’m guessing this is so you don’t hang a picture and trike a pipe or a wire. (Home builder must have really wanted silence between rooms).

Servers provide the usual media services, VM’s, repositories, etc… one is used for customers to reclaim data from failed hard drives, and tends to push a lot of data out.

This is a lot of rambling to say the sprawl has gotten me. Terrible wifi, a dead controller, and a serious hodgepodge of spare gear holding together a pretty janky lan.

Would I be better off staying with the replaced UDM SE, or are there better, more holistic options I should lean in to?

Surprisingly, the moca links are the most reliable part of the whole dang setup.

Anyone have thoughts or suggestions?

If it were me, I would finish that RMA and make sure it works. But given the investment into the Protect side of things, unless you’re wanting to also replace the doorbells and cameras, it’s either one of the dream machines or picking up one of the Cloudkey+ boxes and a separate switch, since you’ve already got PFsense running out front.

Otherwise, it sounds like there’s a couple of different problems here (beyond the faulty device you received), but correct me if I’m wrong:

• WiFi is not performing as you’d like
• Managing all the various switch brands is a pain

For the WiFi, it’s sounding like you may need more access points to deal with the interference in the walls to get good WiFi signals where it matters to have them. The square footage ratings they list for the APs are an ‘up to’, assuming no blockage. 5 and 6 ghz are also more affected by obstacles than 2.4ghz is.

Also, Unifi has a tool to help with placement locations, if you have floorplans for it:

Crosstalk had a decent talk about AP placement, too:

For the switching, if you’re not using all 8 ports on those 1gbe switches, the Flex minis are a relatively inexpensive way to put 4 ports (+ backhaul) into an area and move those into the SDN’s single pane of glass. The Pro Max 16 would get you some 1GbE, 4x 2.5GbE, and two 10gb sfp+ – far as I can tell it’s their least expensive option to get some 2.5gbe ports. There’s also a PoE variant, if needed. Paired with one of the USW-Aggregation switches, that’d take care of the mikrotik cs305’s SFP+ coverage (albeit in a larger form factor).

These would be the stay with UniFi options, anyway, which is one of the three holistic network things that come to mind (TPLink Omada and Engenius are the other two, but may or may not do the cameras and security side, or have varying levels of cloud-required). There’s probably others, I’m just not aware of them personally.

I should also say, while I run some UniFi stuff, I don’t drink their kool-aid. I have my misgivings about Ubiquiti, and complaints about the products I’ve bought, but with your setup already being mostly there as is I don’t know that I’d switch away from them since the other options aren’t enough better to make a meaningful difference. Call it lock-in or what have you, but it’d be more expensive to tear it all out and do it over vs. changing out a couple pieces of the setup (which at least to me, was part of the main draw for their stuff in the first place).

Crazy I post that and then I see Netgear has the wax630e on sale for 190. But I’ve not experienced their APs before. The unifi doorbells are not all their cracked up to be, given the cost. BUT my spouse is accustomed to the app, and I hadn’t considered that before. My ac-pro in the basement is the best performing. The u6-lr on second floor is in second place for reliability. I use the u6-mesh on the first floor, and a uap-ac-mesh for the garage, because I didn’t want to deal with running wires on the first floor ceiling when I first moved in. I’m guessing that will need to change. I could move it outside and find a replacement device for first floor (brick home gets no signal on the outside).

I also have a spare N5105. Maybe I burn it all down and rebuild pfsense from scratch. Or maybe I just use the UDM SE as it was intended and run a reverse proxy on one of the servers.

Have you used Unifi for a firewall? I know they’ve come a long way from back in 2018/19 when just the firmware upgrades were a bit rough. Right now everyone is gone, and work machines are off. And I still have more clients than I would have thought.

SmartSelect_20240616_1840131353×370 50.1 KB

I would assume unifi could handle a measly 100-120 clients spread over 4 APs, plus routing.

Yep, to mixed success, but as recently as this year. Started with a USG, tried the new Gateway Lite and found it no better performing than the USG (one of my gripes), and the Gateway Max (seemed fine, and yay for 2.5 gbe ports). The rest of my gripes were around missing features, or the new ‘easy mode’ firewall rules and DNS adblock sinkholing being opaque about what it’s actually doing under the hood, so I’m still evaluating my options there. My environment is quieter than your count of wired clients, though, and it’s a 3:1 ratio of wired:wireless clients, so that’s going to be a confounding factor for comparison.

Given how many things are on the WiFi though, a quick table for what the radios can do (at least per their tech specs on the store page):

The first thought with the above in mind is that if the access points don’t use MU-MIMO (a PCMag explainer here), there’s going to be a lot of slap fights over who gets to be on the radio if everybody’s busy at the same time. Especially given the wireless backhaul also needing to be a client on whichever AP it’s talking to to get on the wired network, as that ‘client’ is going to want a lot of air time from whoever it’s talking to. Is the U6 LR also meshing, or was that and the ac-pro the wired ones?

It might be worth taking a laptop or phone with a speed test app on it to try and hit some public speedtest site, and ideally a locally hosted iperf instance on one of your servers from the various rooms in the house. Perfect world, one set of data during a quiet time, one set during a busy time, that way how much performance is being lost when things are chatty is easier to sort out. Alternate option is in the UniFi dashboard, if you’re on a new-ish version (last couple of months) it has a feature in the topology panel to ‘Show Internet Traffic’ (little play icon in the upper left) that will show which clients are using what bandwidth, and what path its taking through the network to get there. I don’t know if that requires use of their firewalls or not, however - can’t find a doc for it - but it is probable that it does.

Otherwise, wife-acceptance factor allowing, if you can temporarily run a cable to the access points that would rule in or out the mesh connections being the problem. Especially if they’re having to chain through multiple APs to get on the wire.

Also, I tripped over this in the process of poking around at this, another person who has a multi-story house with brick exterior. Maybe it will help with planning whatever the next step ends up being: