Best start with Unifi gear

Thank you for letting me know! I will definitely try this out once the new Network App is released.

Some great conversation in this thread. I was able to pick up a Dream Machine Pro Special Edition at my local Micro Center, open box, for $100 off for $399. I have been hesitant of using any routing from Unifi since I have much better control with pfSense.

With the new "Zone" based firewall it was the final feature for Unifi to include for me to make the jump. Slowly I have been configuring the unit. The great thing is that it was able to bring down the cloud backup of my current controller and install it on the new UDM Pro SE. That way all my UI devices, hosts, VLAN, etc persist.

All I have left to do is configure the zones and firewall rules and I can make the swap. Probably this weekend. Can't wait to have a single app to manage the entire network stack.

I have been tempted to migrate to the zone based firewall but haven’t done it. I have several vlans setup and don’t want to mess things up.

Curious peoples opinions on it.

It's a game changer. So much easier to understand and configure. There's already quite a few YouTube videos explaining ZBF if you need a hand after switching. Keep in mind that you will likely have duplicate rules that you may not need after switching. Go through each zone and clear out what you don't need. Of course, if everything is working and you choose to, you can simply leave things as is after switching.

I wish I would have had it when I was creating the firewall rules initially. Since I have already created all the fire rules I need, I haven't really been able to test it. It makes more sense than the LAN IN, LAN OUT, etc though.

Why not migrate your existing rules? That's essentially what it does. You can revert back if necessary.

From what I see migration into Zone is one click. It will create a backup, and if you want to go back you can restore. It's documented pretty well on the configuration page.

You are going to be SO very happy...having the Network app to see/control everything is like a drug. So cool/addictive. WIsh I had moved on from my ER and non-Unifi switches years ago, just didn't realize what I was missing.

Agree...once you see the layout/logic of the Zone Firewall table, things become so much easier to do than LAN IN/LAN OUT, as @stephen_nutt also noted.

This ^^^ Easy to fall back.

I did migrate but no reason to touch the migrated ones because it's working. I didn't mean that I was avoiding the migration.

Your logic and self control is amazing.

The fear of my wife and kids if the internet goes down is inspirational.

I feared for my life a month ago when my Raspberry Pi 4 bricked trying to update Node Red. Thank God I keep good backups.

Speaking of fear...Cloud Gateway Max arrives in a couple of days. Will switch it out for my Cloud Gateway Ultra which will go to my son's new house (along w/a U6-LR). His house/yard area is small enough that the one U6 should be more than enough coverage.

So to do the swap...

1. Do a System Config Backup in Control Plane>Backups
2. Disconnect existing CGU from network
3. Connect new CGM to WAN and run an ethernet cable from one of its LAN ports to my laptop
4. Boot up CGM, IIRC it will automatically look for and apply available Unifi OS updates - 4.1.13 is current for Cloud Gateways.
5. Log into Network app using Unifi credentials
6. If CGM doesn't do it automatically, update Network app to current version (9.0.114) that is also on my CGU
7. Go to Controle Plane>Backups>Restore and choose the backup I just made
8. CGM restores backup, and all my Unifi stuff is belong to me

Question: One thing I'm not 100% sure of is whether it matters if I attach my base switch (which links my CGM to all my other switches/APs) to my new CGM before or after I restore the backup of my CGU. Does that matter?

Did I miss anything?

New gear just announced!!!!

If i remember right i don't think my CGM installed the network app automatically. It did update the Unifi OS immediately. I believe this is because it can run several of the Unifi Apps including the network one. In theory you could use the CGM just for Protect if you wanted to though it wouldn't make allot of sense. I would definitely plan to log into the CGM control plan and install the network app. Other then that i think you go it.

Network app is always installed by default.

You cannot.

That is not what I remember. It wasn't there I had to install the network app and the protect app on it. Now a friends Unifi Express which can't do anything other then be a network devices had it by default. Of course that was also on a different software version then what is currently avaliable.

Trust me, I do these quite a bit. On UniFi cloud gateways, Network is always installed by default. You likely had to update the Network app, but it was definitely already there. The other apps can be optionally installed after.

Here's another video that showcases the UCG Max. At the timestamp I have the video linked to, you can see Network is already installed when he goes to Applications after initial setup.

Control plane is for the gateway device itself. Network is needed for just about everything else, including network settings for the gateway. The gateway cannot run without Network. UniFi devices, including the gateway itself are configured/maintained via Network.