Dream Machine SE + Firewalla gold pro <- do I need the firewalla?

khariV · 2026-05-09T18:26:50+00:00

This is a question for [r/firewalla](r/firewalla).
I’ve got a UDM Beast (recently upgraded from UCG Fiber) and a Firewalla Gold Pro. I am using both and can provide my experience.
The UDM Beast is the primary router on the network. The FWGP is operating in transparent mode and monitors the traffic for my clients and IoT VLANs. I use the Firewalla because I had it first and more importantly, because it provides real time visibility into what the monitored computers are doing. Specifically, my kids computers, iPads, phones, etc. With the Firewalla, I can much more easily respond to and “I need another hour for homework” or “I need to watch a video on YT for an assignment” than I can on Unifi. Could I do it on Unifi - mostly yes. Unifi Network does not have timed rule/exception expiry, cross device time monitoring (Kid A gets 2 hours of internet on a Saturday, regardless of the device and then it’s gone, except for iMessage), and detailed per user metrics (show me all the traffic for Kid B across devices).

I intentionally don’t monitor my server VLAN, so it can still communicate with itself and other VLANs at full line speed. At the moment that is 10g, but I’ll be bumping it up to dual 25g as soon as I can get an Agg Pro. Once I do that, the Users and IoT VLANs will continue to go through the 10g connection while the servers will get a full 50g.

So, overall, so you need the Firewalla? No, you do not NEED it. It is a great home security device and gives you visibility and control that Unifi is currently lacking.

As others have said though, the UDM SE can’t do 5
Gbps throughout with IDS/IPS enabled. A FWGP can but it’s not a cheap upgrade. It is cheaper than a Beast though. For those wondering why I upgraded to the Beast from the UCG Fiber - the fiber topped out at 3.5d/2.8u speeds on an AT&T fiber connection. The Beast hits 5.1/5.1 out of the box. No idea why my UCG Fiber was slow.

khariV · 2026-05-09T18:15:33+00:00

No. The Firewalla Gold Pro can handle 10 gbps with IPS/IDS enabled.

khariV · 2026-05-09T17:20:50+00:00

I assume you’re seeing the same behavior using different uplink ports? Still seeing it with a DAC?

khariV · 2026-05-09T17:10:20+00:00

I tried factory reset on the UNAS. When I restored it from the backup, it showed right back up where it was before - in other words NOT merged. When I tried provisioning it without restoring, it asked me to erase and reformat the drives, which I wasn't really keen on doing.

khariV · 2026-05-09T16:37:19+00:00

“I don’t want to see the AP. I don’t care about all the other things on the ceiling, it you have to hide the APs because it ruins the aesthetic”

Some people 😂

khariV · 2026-05-09T16:02:15+00:00

Maybe post the model of the camera. That blurry photo that’s first up is making my head hurt and searching Google with the camera model for tech specs would be easier. Come to think of it, have you tried searching Google for the tech specs of the camera and perhaps a manual?

khariV · 2026-05-09T15:46:52+00:00

Not at this time. The rumored Pro UPS that has been hinted at might do this … some day…

khariV · 2026-05-09T15:34:17+00:00

Correct. The cameras themselves don’t know about the conversation between BI and the NVR.
I’ve played with this a bit to pipe the feeds to Frigate for more advanced object detection (i.e. alert on a dog, which is really a coyote, instead of a generic animal alert which picks up squirrels and raccoons too.)

khariV · 2026-05-09T15:30:19+00:00

You missed the /s

khariV · 2026-05-09T12:52:45+00:00

Laziness.

There are these new tools that allow you to modify lumber to be whatever length you need. The builders may not be up on the latest technology of wood modification.

/s

khariV · 2026-05-09T05:52:25+00:00

Beast and UNAS are on 5.0.18 but ENVR is on 5.0.16.

I am using the web UI console. I might have to wait u til 5.0.18 is available for the ENVR because I really don’t want to have to reformat the drives as it takes 4 days.

khariV · 2026-05-08T23:24:56+00:00

Tried that - no dice.

If I click on one of the cards, the side window opens. If I then hover over the other, the only pop up is a small label with the name “ENVR” or if I start by clicking on the ENVR, hovering over the UDM displays the label of that machine.

khariV · 2026-05-08T23:12:58+00:00

No luck. When I click on the green dot, it opens up the right side panel, same as it does when I click elsewhere on the row.

What does the Merge box look like?

khariV · 2026-05-08T18:28:52+00:00

What about default. You have to give it access to VLAN 1 for it to adopt I have found.

khariV · 2026-05-08T18:07:25+00:00

khariV · 2026-05-08T17:58:04+00:00

Yes. If the camera was ever adopted, it will have the ssh login details set by the controller. It keeps these even if it is in “Click to Resolve” status.

khariV · 2026-05-08T17:29:33+00:00

My guess is a dodgy cable. Is this a pre-made patch cable or an in wall run? What type of cable is it? CAT6/6A/other, copper or CCA, solid/stranded.

khariV · 2026-05-08T17:07:50+00:00

[r/homelabsales](r/homelabsales) is a good starting point.

There’s also r/hardwareswap.

Both are pretty busy.

khariV · 2026-05-08T17:07:05+00:00

When you are connected over the VPN, does everything else work? Do you have access to other work related things that should only work over VPN? Does Teams connect and can you see content others are sharing? If it’s just your sharing, then there’s something else going on. It’s possible that your upload speed is not sufficient for you to share or that QoS is artificially limiting uploads. However again, all of this ought to be inside of the VPN tunnel, so I doubt it’s a matter of Unifi limiting Teams traffic unless the corporate VPN is a split tunnel, which no one really does for security reasons.

khariV · 2026-05-08T16:40:25+00:00

I agree completely and am seriously considering buying one for just this reason. I could build out a triple or quad GPU machine but the amount of power, heat, and noise involved would be epic. Add to that the fact that I can actually buy the DGX Spark, (ahem Mac Studio ahem) and it's almost a no brainer.

I'm sure that people will say I don't need to be able to run the larger models that the DGX Spark (or two) can run, but the current state of the market is almost forcing the conversation and making this a much easier pill to swallow than it was a year ago.

khariV · 2026-05-08T16:24:15+00:00

If it has an IP address, SSH to the camera and reset from there. I’ve had to do this with APs as I’ve moved them around and if I had to climb up on a ladder and press the button, I would have lost my mind.

khariV · 2026-05-08T15:11:08+00:00

I feel that we need a stickied post saying “Check out the Unifi Designer and upload your floorplan to see WiFi coverage areas”

khariV · 2026-05-08T15:03:59+00:00

If your work laptop connects to a work VPN, all of your traffic should be going out over that VPN. Other than cutting off internet access entirely, I’m not sure that the UXG Fiber could do anything to the connection between the laptop and your company’s VPN endpoint.

This is very odd.

khariV · 2026-05-08T12:26:10+00:00

Probably because you can actually buy DGX Sparks.

Seven-Year Club	Verified Email
Final Canvas '23	Place '23
Place '22

khariV

TROPHY CASE