Who's switched to UDM for small business office(s)?

I have an old SonicWall that’s about to hit EOL, and the business owner has balked at the cost of an NSA2700 with all of the licenses (not that we really need ALL of the extra licenses). He asked me to check out Ubiquiti, since the price is right.

Currently have 8 offices - “main” office is like 50 computers, and all of the rest are less than 20 each. Fiber at eat location (200mb at the main office, 50mb at the others). S2S VPN back to main office. Internet hosted VOIP phones. Not exactly a giant operation.

Has anyone moved to Ubiquiti for a small operation? What has your experience been like?

Hello! Thanks for posting on r/Ubiquiti!

This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can.

Please read and understand the rules in the sidebar, as posts and comments that violate them will be removed. Please put all off topic posts in the weekly off topic thread that is stickied to the top of the subreddit.

If you see people spreading misinformation, trying to mislead others, or other inappropriate behavior, please report it!

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

We currently have 2 sites with UDM Pros. They are connected to each other with a VPN over fiber. Each site averages around 200 clients. There are roughly 15 APs at each site.

It’s been rock solid.

I did replace the APs last year because the prior ones were 3 years past EOL and no longer receiving updates. Tbh, it’s kinda rare I need to do anything with the network. I do review the logs every so often and keep up with patches.

This summer we are consolidating both builds into a single new location - while doubling our square footage. I’ve been happy enough with this setup that we will bring all the existing equipment with us plus pick up another $20k or so of additional gear.

I have full stacks in roughly 30 offices and it’s been smooth sailing.

Anyone who just says “it’s not for businesses” isn’t worth listening to. Unifi has serious limitations that should be considered but it’s up to you (or whoever the company pays) to determine if it meets your needs.

I use it at home and at work we deploy Unifi Hardware to smaller clients as it a decent system, quite easy to get going and we rarely touch it.

We have some larger clients with full Unifi Stacks working fine with RADIUS authentication for wireless and such. Does what it needs to and clients like it for the prices and lack of licenses to unlock features.

Support can be an issue though we get some through our suppliers and we have more of a direct route to Ubiquiti as we have 6 large hosted controllers now.

Overall Small to Medium clients are Unifi and larger ones or ones with internal IT as well tend to go HPE Aruba or Ruckus and some Meraki though not all like the licenses needed

As long as the business doesn’t have a need for 1-1 NAT with multiple routable IPs, it’s a good solution. I know that 1-1 NAT is coming in a future release.

I started using UDM-Pro and SE for a few SMB clients with 1Gb internet (1Gb capable Meraki or Cisco was hugely expensive).

Overall they are fine, but I’ve had issues with VPN not routing multiple networks correctly in my own test network.

They seem solid enough, especially since the cost is low. If client needs a few security cameras as well, it’s a no-brainer.

Have 28 small offices running UDMP/SE that connect back to a UXG Pro with DIA + GPON at the home office. Small offices are a mix of At&T DSL & GPON, Spectrum & Optimum HFC. No issues with S2S. Occasionally a tunnel will drop and require a UDM reboot. By occasionally I mean twice a year +/-. At most we see about 250Mbps of throughput over ipsec which more than meets our needs.

Honestly, I love ubi for my home use, or maybe I’d use it for a super small business like 5 people? For any small business larger than that I’d honestly go Meraki.

Yep. Three business saving thousands over license and maintenance fees.

Wouldn’t use a Ubiquiti firewall for business needs.

Not reliable for business.

I deployed it at a small office to add NGFW features and a MFA VPN. Agree its been pretty solid.

One gap is support. We moved to a new office and had to switch from Fios to Comcast. VPN went offline. Support was definately lacking. I’d submit a ticket then get a note overnight, mostly pointing me to some article I’d already found. Trying to find technical details about how to troubleshoot was excruciating (what ports & protocols were in use; what does One Click VPN actually use, etc).

Fortunately I was able to get Comcast to help resolve.

  1. Don’t use Bridge Mode, use the hidden “Passthru” mode which turns the router into managed infrastructure on Comcasts side. The “Next Hop” router is teh cable modem
  2. This may require a static IP. Might be able to get away without one, but that means headaches.

Basically, when it works its great, when things go sideways getting it back can be a challenge.

I was literally sold on Fortinet until all of this hack business too.

What was your experience like?

Sounds more of a ISP issue - good you got figured out.
UniFi now has site suooort. It is fairly expensive. It shows up in my Site Manager just click the little icon in bottom right of a site - but you better be sitting down before you do LOL.

Ubiquiti has had a bad run with security recently too.

Not flexible enough (as in not many advanced features), software is buggy, behind the competition on features, and lately security has been a big issue. I use a EdgeRouter (different Ubiquiti line) at home but I wouldn’t recommend any Ubiquiti firewall product or router for business. I would use their switches and APs if you’re not using any network protocols that Ubiquiti doesn’t support.

Speaking of support there isn’t any, at least until very recently. We still don’t really know what that support will even look like because it is just getting rolled out.

Ubiquiti stuff is easy to use and cheap, but with that ease you give up features and security.

In 5 business applications, the UDM Pro and SE just kept having different issues. It wasn’t that it wasn’t filling working but I was getting calls daily. I recommended it so I took the loss on replacing it in all 5 businesses. These businesses were small to medium. Small meaning under 5000 sq ft and under 150 devices being used.

Medium meaning grocery store at about 30k square feet, I used the Special edition for that, about 300 devices on network and guest network. All on access points of direct wired.

I was using it as a router and firewall. I switched to PF Sense 8200 for my router firewall solution and it’s been great. I sold the UDMs on eBay, took a massive loss. Kept one special edition for home use and it’s been perfect.

The issues were weird, it was configured properly. As a home user it works perfectly fine and might be overkill for what I need. It was a very expensive test and experiment. But if I see UDMs being used in a busy business application, I will change them out asap.

Little A, Little B.

Despite uploading my config, I never got confirmation from support “This should work”, and settings were somewhat scattered and not clearly labeled, so I wasn’t quite sure I had them right; complicated by remnants of unsuccessful VPN configs. And I could not find any way to confirm what IP UID One Click VPN is using, just showed the name of the connection (which was of course the OLD site name)

On teh ISP/Comcast side, Passthru mode is not revealed as an option, only bridge mode, so without speaking to support you wouldn’t know it exists, much less is the preferred mode.

Had the documentation even said UID One Click VPN uses UDP 600 and UDP 10180 to negotiate encryption keys before connection via IPSec I could have at least talked with Comcast about WHAT I thought might be blocked, I was fortunate to get solid support from the Comcast side, which was completely unexpected given their reputation.