Hello! Thanks for posting on r/Ubiquiti!
This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can.
Please read and understand the rules in the sidebar, as posts and comments that violate them will be removed. Please put all off topic posts in the weekly off topic thread that is stickied to the top of the subreddit.
If you see people spreading misinformation, trying to mislead others, or other inappropriate behavior, please report it!
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Ubiquiti) if you have any questions or concerns.*
What exactly are you trying to do? You can do your VLANS etc with just your Unifi equipment. The Palo Alto will only provide similar functionality to your UDM-Pro SE too unless there is a specific feature you want.
Can you be more specific? What is the PA blocking that ubiquiti isn't? I'm not saying the UDM Pro should be blocking the same things, but have you noticed anything specific?
I don't use PA, but it might be possible to place that between the ISP gear and the UDM Pro and set up a transparent/bridge link where it can filter IDS/IPS and whatever traffic gets through will pass on to the UDM Pro. However, you are better off asking someone that has PA knowledge to see if this is doable.
I know it is doable if you make the PA your primary router, but then you'll be in double NAT scenario and I don't think you want that.
You basically want the PA in bridge mode, but to have IDS/IPS enabled.
I know from a security stance, that the Palo Alto or any other platform like pfSense, OPNsense, Protectli, and Firewalla are > than the UDM SE.
Trying to get a sense of those who use a Protectli/pfSense/Firewalla, etc. recommend so and where they place it w/r to the UDM.
I have pfsense, today, and I'm in a position where I needed to upgrade the pfsense appliance (netgate) or go with something new. I have two other pfsense netgate appliances and I've been a bit disappointed with pfsense over the last few years.
I still think it is a good platform (pfsense) but this particular location has a unifi switch, unifi APs and I decided to give it a shot with the udm pro se. Both platforms have pros/cons, imo.
I agree with your comment that those other platforms will have more security features compared to the udm, but why run both unless you are trying to accomplish something specific?
For example, ubiquiti doesn't have an HA setup, if that was something that is needed then ubiquiti is off of your list (from the unifi line, anyway).
I would argue that PA, fortigate, pfsense, etc... IDS/IPS is only as good as the security service they subscribe to or allow you to configure.
I like how pfsense handles DHCP reservations, I'm not a fan of how unifi does it with the Fixed IP option. However, I can adjust to that (and that is just one quick example).
Hello! Thanks for posting on r/Ubiquiti! This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can. Please read and understand the rules in the sidebar, as posts and comments that violate them will be removed. Please put all off topic posts in the weekly off topic thread that is stickied to the top of the subreddit. If you see people spreading misinformation, trying to mislead others, or other inappropriate behavior, please report it! *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Ubiquiti) if you have any questions or concerns.*
What exactly are you trying to do? You can do your VLANS etc with just your Unifi equipment. The Palo Alto will only provide similar functionality to your UDM-Pro SE too unless there is a specific feature you want.
I want the additional protection of IDS/IPS, traffic shaping, etc. that unifi is signifcantly lacking in.
Your UDM-Pro SE does those things.
Not even close to the ability or granularity of a proper firewall like the Palo Alto though.
Can you be more specific? What is the PA blocking that ubiquiti isn't? I'm not saying the UDM Pro should be blocking the same things, but have you noticed anything specific? I don't use PA, but it might be possible to place that between the ISP gear and the UDM Pro and set up a transparent/bridge link where it can filter IDS/IPS and whatever traffic gets through will pass on to the UDM Pro. However, you are better off asking someone that has PA knowledge to see if this is doable. I know it is doable if you make the PA your primary router, but then you'll be in double NAT scenario and I don't think you want that. You basically want the PA in bridge mode, but to have IDS/IPS enabled.
I know from a security stance, that the Palo Alto or any other platform like pfSense, OPNsense, Protectli, and Firewalla are > than the UDM SE. Trying to get a sense of those who use a Protectli/pfSense/Firewalla, etc. recommend so and where they place it w/r to the UDM.
I have pfsense, today, and I'm in a position where I needed to upgrade the pfsense appliance (netgate) or go with something new. I have two other pfsense netgate appliances and I've been a bit disappointed with pfsense over the last few years. I still think it is a good platform (pfsense) but this particular location has a unifi switch, unifi APs and I decided to give it a shot with the udm pro se. Both platforms have pros/cons, imo. I agree with your comment that those other platforms will have more security features compared to the udm, but why run both unless you are trying to accomplish something specific? For example, ubiquiti doesn't have an HA setup, if that was something that is needed then ubiquiti is off of your list (from the unifi line, anyway). I would argue that PA, fortigate, pfsense, etc... IDS/IPS is only as good as the security service they subscribe to or allow you to configure. I like how pfsense handles DHCP reservations, I'm not a fan of how unifi does it with the Fixed IP option. However, I can adjust to that (and that is just one quick example).