I’ve upgraded my fiber internet plan beyond 1gb and need to replace my Unifi Dreamrouter with something that can handle 2Gbps… now the dreamrouter works great for me as I am using it with a U6-enterprise AP and I do like it that it is my controller for the gear.
Now it looks like it’s impossible to disable NAT in Unifi (at least from the GUI). I did find this which seems to suggest a boot up script may be able to do it (haven’t tried this yet): https://community.ui.com/questions/Disabling-NAT-on-the-UDM-Pro-REDUX/7dd5f125-49f7-413b-ba07-c32352c89b8b?page=3
Before I go fiddle with this - I was hoping someone here may have solved this problem already and can share some pointers?
TL;DR
- I need to use a different (faster) router for my network (dhcp, rules, nat)
- I would like to keep the DreamRouter and turn it into a passthru device (switch, controller only no routing or firewalling) but I do want to try to keep “Security Insights” (Network traffic inspection) enabled and working.
I may put a pfsense/opnsense running off a mini PC that has dual 2.5gb ports; my other option is firewalla… but the issue remains it looks like you can’t easily turn the Dreamrouter into a switch+controller only mode + keep network traffic monitoring working Imgur: The magic of the Internet
I don’t think you can do what you want. In order to keep the traffic monitoring it must be actively looking at traffic, which would mean the UDR would still be a bottleneck on your bandwidth.
Your options would be to get a more powerful 3rd party router and use the UDR as a controller only and lose all the gateway integrations like traffic monitoring, or upgrade to a more powerful Unifi Gateway like the Dream Machine Pro.
The Firewalla is pretty nice, but the high performance one you would need costs the same or more than a UDMP from what I remember.
You can keep it as a “network controller”, in which case you need to put some other router/firewall next to it that can handle the traffic.
Pass-through, no. It is hardware-limited to Gigabit.
The big maybe
It could be possible to have a 2.5Gbit switch between ISP and Router and then have two interfaces on the Router work together.
No idea if that is possible with your ISP (good luck digging through their support…) or with the UDR.
Yeah, no. Not with home-gamer budget gear 
Edit: Nevermind, the Latvians are at it again
Could have the firewall handle traffic and firewall things, then have the UDR sit on the side lines doing DNS, DHCP, etc. Exclude the gateway address from the DHCP-pool, tell the UDR to serve the interface of the firewall as the gateway . That should work (and is achievable with home-gamer gear).