It took me quite some time to finally review the Ubiquiti Dream Machine Special Edition (UDM-SE). I generally cover consumer products, and this is an advanced device designed for pro-consumers, SMBs, or even enterprise environments.
However, with faster broadband and the adoption of Multi-Gig, the line between a business and a demanding home has slowly blurred. And with a current street price of $500, the UDM-SE is an excellent fit. It’ll work well for both worlds and is affordable enough.
If you’re looking to build a top-notch multi-Gigabit-capable network, the UDM-SE is the ultimate router that will be relevant long in the future. I’d still call it cutting-edge today, a year after launch.
Though not perfect, the Ubiquiti Dream Machine Special Edition is a dream come true for many.
Ubiquiti Dream Machine Special Edition (UDM-SE): Representing the flexible non-Wi-Fi and “Enterprise of Things” approach
Ubiquiti’s UDM-SE is special compared to the previous version, such as the UDM-Pro. It’s the company’s latest non-WiFi UniFi controller.
Ubiquiti: UniFi vs AmpliFi
UniFi and AmpliFi are two major networking product lines from Ubiquiti. They serve two demographics and have different architectures.
The UniFi family — represented by the Dream Machine (UDM), UDM-Pro, UDM-SE…, or the Dream Router (UDR) — aims at business/pro/enterprise users. They are comprehensive routers that can also function as the central controllers of various products.
On the other hand, the AmpliFi family, represented by the HD Wi-Fi system or the Alien, is for the home environment. They are simple Wi-Fi routers, easy-to-use but with a limited feature set.
The UDM is the first UniFi product that works well as a home router, thanks to its friendly design. In a way, it’s a bridge between the two product lines. And the UDR further solidifies that approach.
Eventually, Ubiquiti might phase out AmpliFi to focus on UniFi as its only encompassing platform.
The UDM-SE is also the first to run Ubiquiti’s UniFi OS 3, further unifying the company’s hardware for the company’s “Enterprise of Things” effort.
Specifically, The UDM-SE continues the trend, first made available to home users by the UDR, where it works as an encompassing controller device — it’s a console — for multiple hardware categories called “applications”. Currently, there are six of them, including:
- Network: All things related to the function of a network, including network settings/features, Wi-Fi, mesh, and the support for extender/access points, etc.
- Protect: The support for IP cameras as a surveillance system.
- Talk: The support for Voice over IP phone.
- Access: A “platform designed for Access Control Systems” — per Ubiquiti. Examples are door-related security IoT devices, such as doorbells, keyfobs, locks, etc.
- UID (UniFi Identity): A premium feature for enterprises that allows single sign-on across multiple hardware platforms and applications.
- Connect (currently in Early Access): A fully integrated “Enterprise of Things” hardware and software solution that works with UID to simplify IT management for organizations.
The UDM-SE can run all of these apps simultaneously. (The UDR can only run one extra besides the default Network app.)
It’s worth noting that each application is a separate world with various in-depth settings. That’s to say, the UDM-SE has so much more to offer than any standard router — it can be overwhelming.
In this review, I looked at the UDM-SE mostly as a router for a large home or an office with some light experience with Protect. But first, let’s check out the networking console’s appearance.
Ubiquiti Dream Machine Special Edition: Detail photos
Ubiquiti UDM-SE: A standard enterprise design, a bit rigid multi-Gigabit router
As a networking device, the UDM-SE is a rackmount piece of equipment designed for those with a network rack. But you can also place it on a flat surface, like most switches.
The router is Dual-WAN-ready right out of the box with two permanent WAN ports: a 2.5GBASE-T port and a 10Gbps SFP+ port. Neither of these ports can be programmed to work as a LAN port.
The second SFP+ plus LAN port is the only multi-Gigabit port for the local network. As a result, to have a Multi-Gig network, you need a switch. In this case, you can get a transceiver to turn this post into a 10GBASE-T, but it’s best to get an SFP+-ready switch, such as the Zyxel XS1930-12HP or the Enterprise 8 PoE.
I used both for this review — you need one to handle Ubiquiti’s Multi-Gig Wi-Fi access points, such as the U6 Enterprise, which I also used for the testing.
Tips
The UDM-SE’s SFP+ ports are 10Gbps DAC-only. Two things to keep in mind:
- If you want to use them with a non-Ubiquiti device, such as a managed Multi-Gig switch, set the third-party device’s SFP+ port in DAC or Auto (and not SFP+) mode. Else, no SFP+ copper cable will work.
- If you want to use transceivers to convert them into 10GBASE-T ports, the TP-Link TL-SM5310-T worked best in my experience.
Finally, the UDM-SE has eight PoE Gigabit LAN ports. You can use them to host any wired devices, including PoE cameras, IP phones, access points, and more.
As a network controller, the UDM-SE has 128GB of onboard SSD. But there’s a tray in the middle to add a hard drive or SATA SSD of any capacity. This storage space is for its many functions. Among other things, it’ll hold the video footage for the Protect App.
In case you’re wondering, the storage space is not user-accessible. The UDM-SE doesn’t function as a mini NAS server.
The UDM-SE hardware leaves much to be desired, especially on the network port front. But still, it’s vastly superior to the UDR, as you’ll note in the table below.
Ubiquiti UDM-SE vs UDR: Hardware specifications
Tips
To upgrade from the UDR to UDM-SE, first, get the two to the same UniFi OS and application versions. After that, back up the former’s settings to a file and restore the file on the latter.
Ubiquiti’s Wi-Fi support is always in the router (controller) + extender/access point configuration. You cannot turn a Wi-Fi-enabled console into a Wi-Fi satellite. As a result, upon upgrading from the UDR to the UDM-SE, there’s no way to repurpose old hardware within your network.
UDM-SE: No built-in Wi-Fi, but that’s a good thing
The UDM-SE doesn’t have a built-in Wi-Fi access point — it’s one of the few non-Wi-Fi routers I’ve reviewed. And that’s a good thing.
As the world is juggling between Wi-Fi 6, Wi-Fi 6E, and Wi-Fi 7 — all with their relevancy — getting a Wi-Fi router can limit your option.
The point is: a non-Wi-Fi router’s relevancy is independent of Wi-Fi. And you can easily add Wi-Fi to it via an access point.
In fact, coupling the UDM-SE with the U6 Enterprise and you’ll get a better Wi-Fi solution than the Dream Wall with a couple of hundred US dollars to spare. (The console can manage any UniFi APs via the Network application.)
And using a router and a few access points is the best way to build a serious Wi-Fi network.
Ubiquiti UDM-SE: A powerful network controller
As a network controller, the UDM-SE has everything the UDR has and much more.
Hardware-wise, it has more PoE ports, multi-Gigabit support, a larger internal storage option, and much higher capability. But software-wise, the two are identical since both are UniFi controllers.
The way it works, you manage an UniFi controller via a web user interface or an optional UniFi mobile app. No matter which you want to use, like most other enterprise-grade solutions, you must first register a login account with Ubquititi. In return, you can manage the network locally and on the go.
Ubiquiti and privacy
All Ubiquiti network hardware requires a login account and remains connected to the vendor to work, whether you choose to use the mobile app or the web user interface.
And that implies privacy risks. Here’s Ubiquiti’s privacy policy.
Privacy is a matter of degree. While it’s never a good idea to have your network managed via a third party, the data collection varies from one company to another.
Lots of network configurations, detailed port and device management
With UniFi OS 3 and Network 7, the UDM-SE offers an incredibly detailed network configuration and port management.
You can view each’s port function and activity in real time and configure it with various options, including PoE (on or off), isolation, max data rate, etc.
You can do virtually anything you’d want to do with the UDM-SE’s ports or connected clients, and in comprehensive ways. And the console has everything you can think of regarding network, Wi-Fi, and mesh configurations.
The amount of customizability can be overwhelming. But you can start with default settings and gradually change over time as your needs grow.
Excellent traffic management and VPN support
Like the case of the UDR, the UDM-SE has an incredibly well-designed Traffic Management section.
You can create web-filtering or traffic-routing options via rules applicable to various categories (domain, regions, content types, applications, IP addresses, etc.) and targets (individual or a group of devices). After that, you can enforce each rule with flexible scheduling.
In short, this is the best “Parental Controls” feature, though it’s much more in-depth than simple content filtering.
And the UDM-SE’s support for VPN is also excellent. With UniFi OS 3, the console now features WireGuard VPN — the best protocol to date regarding security, ease of use, and performance.
It also has the proprietary Teleport feature designed specifically for mobile users.
Extra: VPN Protocols
This portion of additional content is part of the VPN explainer post.
WireGuard
Wireguard is the latest VPN protocol. Debuted in 2016, initially only for Linux, but since 2020 has been available cross-platform (Windows, macOS, BSD, iOS, Android).
Using cryptography, the new protocol is slated to be extremely simple yet fast. WireGuard is still under development but has proven to be the most secure, easiest-to-use, and simplest VPN solution.
WireGuad is on the way to possibly replacing all existing protocols below.
OpenVPN
As the name suggests, OpenVPN is a flexible VPN protocol that uses open-source technologies, including OpenSSL and SSL.
As a result, it has a high level of customizability and is the most secure. It also can’t be blocked.
In return, OpenVPN requires extra client software, making it less practical. But this protocol is the best if you want to be serious about VPN.
L2TP/IPsec
Short for Layer 2 Tunnel Protocol is the second most popular VPN protocol — it’s also a built-in application in most modern operating systems — and an interesting one.
It has no encryption by default, so it’s not secure where the IPsec — or IP security — portion comes into play to provide encryption. Therefore, this protocol is rigid in port use and can be blocked by a third party.
The point is L2PT/IPsec is great when it works. And it does in most cases, which ultimately depends on whether the local network of the remote device allows it to pass through.
PPTP
Short for point-to-point tunneling protocol, PPTP is the oldest among the four and is on the way out.
First implemented in Windows 95 and has been part of the Windows operating systems and many other platforms since PPTP is well-supported and the easiest to use.
However, it’s also the least secure. It’s better than no VPN at all, and it does its purpose of making a remote device part of a local network.
That said, if you take security seriously, or have other options, skip it. On the other than, it sure is better than nothing and good enough for most home users.
Effective Firewall and Security
The UDM-SE has an in-depth and versatile set of firewall security features.
Admin users can scrutinize/manage connected clients and their traffic via detailed real-time reports. They can also block traffic by type, source, or target, block online ads, and prevent online threats.
For example, if your server gets lots of port scans or attacks from multiple IP addresses of the same country, you can choose to block all traffic from or to that country.
Most importantly, all these security features do not throttle down the performance, like in the case of the UDR. The UDM-SE has enough power to handle all its networking features without slowing down.
***
Overall, as a router, the Ubiquiti UDM-SE is by far the most feature-rich. No other home or SMB router even comes close. And being a router is just one of many things this console can do. But you can say the same about any other UniFi controller running the same UniFi OS 3.
What makes the UDM-SE special is that it’s the first among its peers to feature the new OS version and has enough to deliver true multi-Gigabit performance even in a Dual-WAN setup. The UDM-Pro, for example, has a Gigabit WAN port and hasn’t yet gotten the UniFi 3 treatment.
Ubiquiti UDM-SE’s performance: A gratifying experience
For this review, I used the UDM-SE, a U6 access point, an Enterprise 8 PoE switch, and a few UniFi cameras (to try out the Protect application) for months. It’s been a truly gratifying experience.
The whole setup worked well, and I could easily keep tabs on the network. The UniFi mobile app has almost the same access to the system as the web user interface, which is helpful.
In terms of local throughput performance, I measured the UDM-SE’s network ports by using a couple of transceivers, which might have adversely affected the performance. Also, since the router has just one 10Gbps LAN port, I put it in a double-NAT to copy data from my 10Gbps-capable server via its other 10Gbps WAN port. This setup is also not ideal for performance.
Still, the console proved to be a formidable multi-Gigabit router, as shown on the performance chart.
Regarding Internet speeds, in my anecdotal real-world experience, the UDM-SE generally delivered the sustained broadband speed of around 6.5Gbp out of a 10Gbps Fiber-optic line — as shown in the screenshot above.
That’s the highest I’ve gotten in all multi-Gigabit routers I’ve tested.
Pros
Powerful enough to run all Ubiquiti’s business hardware segments simultaneously
Reliable and fast multi-Gigabit performance with robust Dual-WAN support
A complete set of useful networking features, including powerful security/web-filtering and WireGuard VPN; excellent web user interface; useful mobile apps
Built-in PoE support; comparatively affordable; no subscription required; quiet
Cons
No Multi-Gig or 10GBASE-T (PoE) LAN port
Requires an account with Ubiquiti to work; not wall-mountable; runs a bit hot
Conclusion
The Ubiquiti Dream Machine Special Edition (UDM-SE) is one of the most, if not the most, satisfying routers I’ve used. And that means a lot since being a router is just one of many things this piece of networking hardware can do.
But at the same time, it’s also far from perfect. The lack of Multi-Gig LAN ports alone means you must spend extra to build a true multi-Gigabit network. Additionally, the “Enterprise of Things” approach can be overwhelming for most home users. For now, this is still a niche device.
However, at the end of the day, if you’re looking to build a truly robust home or business network that’s muti-Gigabit-ready on both WAN and LAN sides, the UDM-SE is an excellent option. I’d be generous and say it is as close as can be to a dream come true for savvy users and networking enthusiasts.
Consider one today!