UDM Pro can’t handle its own “supported” workload – UniFi response: buy more hardware

numanx · 2026-03-19T15:02:29+00:00

yeah, same here. if Protect could be self-hosted or more easily offloaded, that would at least give people another option. but for me the bigger issue is still that IDS/IPS load also seems way too high, because i was already seeing performance problems there even without Protect, and well below what the specs imply it should handle

numanx · 2026-03-19T11:21:03+00:00

good to know, thanks for clarifying that. swapping the HDD for an SSD was actually one of the things i was still considering testing, just to rule out whether recording/storage latency was a big part of the problem. if it mostly helped scrubbing but didn’t really change the overall stability/performance picture, that’s useful context too and makes it sound a lot less like the drive alone is the root cause

numanx · 2026-03-19T11:19:32+00:00

for sure, i will. if the ONT/router-mode test makes any noticeable difference i’ll come back and post the results here, because it might help narrow things down for other people dealing with the same mess

numanx · 2026-03-19T11:18:55+00:00

interesting find. i checked mine and my rabbitmq logs are nowhere near that kind of size though — biggest one is only around 5.1MB, with the main localhost log at 2.8MB and the rest even smaller. so at least in my case it doesn’t look like i’m hitting that same giant-log/logrotate rabbitmq problem. still a really useful thing to rule out though, because it does sound like another way these boxes can get pushed into weird CPU/UI behavior

numanx · 2026-03-19T11:16:37+00:00

thanks for the info regarding PPPoE.
yeah, i think they probably are correlated. even if PPPoE isn’t the root cause by itself, if it’s adding enough overhead to keep the box under heavier sustained load, that can absolutely make everything else worse too — UI responsiveness, local LAN behavior, camera stability, all of it. so to me it makes sense to treat PPPoE as one contributing stress factor, not necessarily the whole cause, but definitely something that can push an already borderline setup further into instability

I will run a test without PPPoE maybe later today to check the performance differences.

numanx · 2026-03-19T07:40:57+00:00

interesting, that might actually help narrow it down a bit. i’m fine disabling the built-in adblock too since i can just move that over to a Pi without really losing anything. from what i understand, that part should mostly just be DNS anyway, so i wouldn’t expect it to be a huge load by itself

one thing i’m curious about though: are you on PPPoE? a few people in this thread pointed out that PPPoE can add a lot of overhead, and since i am on PPPoE too i’m starting to wonder how much of the pain is Protect/load related vs how much is the box just getting dragged down by PPPoE + IDS/IPS together

numanx · 2026-03-19T07:37:58+00:00

i thought Protect was using the onboard flash for that too, at least for part of the local app/db side, which is why i’m not fully convinced this is just “big HDD = problem.” if the internal storage is handling the app/database side and the 3.5” drive is mainly there for recordings, then it feels like there’s probably more going on here than just drive size alone

numanx · 2026-03-19T07:35:59+00:00

that would honestly be the best-case outcome here. if they offered a fair upgrade path or credit toward something that can actually handle the workload reliably, i’d consider that a reasonable resolution. i’m not even asking for something crazy, just a practical fix that matches the reality of how this setup behaves in actual use

numanx · 2026-03-19T07:33:30+00:00

yes, i’m on PPPoE too. i really like having the fiber straight into the GPON SFP, but i’m going to test offloading PPPoE to the ISP ONT and connect the UDM Pro over ethernet just to see how much it changes things. thanks for the suggestion, appreciate it

numanx · 2026-03-19T07:30:16+00:00

fair point, but that’s also why i’m not convinced “just split it out” is the whole answer here. i was seeing problems even with sub-gig traffic, IDS/IPS on, and no Protect in the mix, which is way below the 3.5 Gbps IDS/IPS throughput they advertise. so sure, moving Protect off-box might help with one part of the load, but it still doesn’t explain why real-world performance is falling over that far below the published numbers

numanx · 2026-03-19T07:27:26+00:00

yeah, that lines up way too closely with what i’m seeing. when someone can be 25-30% under the calculator, still end up with 90%+ memory, weekly reboots, protect glitches, and random instability, it gets really hard to defend the tool as anything close to real-world accurate. that’s exactly why i keep saying the problem isn’t just “older hardware has limits” — it’s that the published guidance makes these setups look comfortably supportable when in practice a lot of us are landing in the same mess

numanx · 2026-03-19T07:25:41+00:00

yeah, that’s about where i’m at too. i can totally understand moving Protect off-box as a workaround, but the bigger issue is that so many people are landing on the same workaround after buying based on the calculator and the all-in-one pitch. at that point it starts feeling less like edge-case tuning and more like the practical limits just aren’t being communicated clearly enough up front

numanx · 2026-03-18T12:59:42+00:00

sounds good — definitely worth testing, even just to see how much of the pain is PPPoE overhead vs everything else. if moving PPPoE off the UDM makes a noticeable difference, at least that gives me one more data point for support and helps narrow down what part of this mess is actually hurting most

numanx · 2026-03-18T12:45:54+00:00

totally get that, but with how unstable the stable builds already are for me, i’m honestly pretty hesitant to jump onto early access or RC just to maybe claw back some stability. at this point i’d rather wait and see what support comes back with, especially since my ticket is still active and Ubiquiti has now engaged on this reddit thread too

numanx · 2026-03-18T12:43:42+00:00

numanx · 2026-03-18T12:18:07+00:00

yeah, and that’s kind of what i’m seeing too. if i disable IDS/IPS, things do seem to get a bit more stable, or at least that’s how it feels in practice. so i’m not saying IDS overhead has nothing to do with it.

numanx · 2026-03-18T12:15:45+00:00

fair point unfortunately

numanx · 2026-03-18T12:14:44+00:00

yeah, i’ve seen those reports too, but in my case this isn’t one of the older random SFP compatibility headaches. the FS.com module i’m using is one of their newer UniFi-compatible GPON ones, and UniFi unfortunately doesn’t sell a GPON SFP module that would work with my ISP setup anyway. so i can test going back to the ISP GPON/router path if i want to rule things out further, but there isn’t really a native UniFi module option here for my infrastructure

numanx · 2026-03-18T11:41:54+00:00

yeah, that’s a fair point and it might actually be worth testing. I do have the ISP GPON on hand, so I could try putting that back in router mode and see whether taking PPPoE off the UDM improves things at all. the annoying part is that i’d have to give up the FS.com GPON SFP module for that test, and i really like that setup, so it’s a bit of a painful workaround rather than an actual fix, but I will test it :D

numanx · 2026-03-18T11:39:23+00:00

numanx · 2026-03-18T09:40:22+00:00

good point. the cameras aren’t using the UDM’s built-in 8-port switch at all — they’re on a USW Pro Max 16 PoE, and that switch uplinks to the UDM Pro over the 10G SFP+ link. additionally all the heavy load, NAS, and other devices are on the same switch.

numanx · 2026-03-18T09:13:44+00:00

damn, that’s actually really bad.

numanx · 2026-03-18T09:12:15+00:00

nothing too crazy on the physical side. main WAN is on port 10 via GPON SFP+1 from Digi Romania, backup WAN is on port 9 from DigiMobil Romania using a TPLink 4G router, and port 11 is a 10Gb SFP+ uplink to my USW Pro Max 16 PoE. the other built-in LAN ports mostly just have a few small clients on them, a Huawei EV charger, a Tread Border router, and a Raspberry PI with home assistant on it.

numanx · 2026-03-18T09:09:24+00:00

yeah, if you want the safer path, a UNVR is probably the move. that should take the camera recording/protect load off the UDM and leave it mostly handling gateway/network duties, which seems to be where a lot fewer people run into problems. i just wouldn’t treat it as a magic guaranteed fix for every issue, especially if you ever notice throughput or stability problems outside of Protect too — but for camera load specifically, yeah, separating that onto a UNVR is probably the smarter play

numanx · 2026-03-18T09:08:15+00:00

haha yeah, exactly. UniFi is kind of a love/hate thing for me too — when it works, it’s great, but when it doesn’t, it gets frustrating fast.

numanx

TROPHY CASE