Optimize your home safety with these recommendations.
Optimize your home safety with these recommendations.
I’m starting this journey with some basic knowledge of PC hardware and networking, but this is my first time exploring home security systems. I’m seeking a reliable solution that meets these requirements: remote video access, motion alerts from anywhere, local recording storage, no subscription fees.
Here are the main setups I’m considering:
- Ubiquiti Protect with Remote Management enabled
- UDM-Pro connected via Netgear router (bridged)
- Cameras linked directly to UDM-Pro, doorbell on Netgear, VPN setup for UDM-Pro
- Netgear router using DDNS for UDM-Pro
- Modem → UDM-Pro → Netgear router via SFP+ (router supports this)
- Raspberry Pi as a proof-of-concept; full server needed for proper VPN via DDNS
- Home Assistant with selected cameras
I’m leaning toward option 3 for its straightforward configuration, especially since it avoids subscriptions. However, I’m worried about motion detection notifications and whether constant VPN access is necessary. The G4 doorbell connected to Wi-Fi near UDM-Pro could also be affected by network changes.
If you have experience with these setups, could you advise on the most secure and user-friendly choice? Any suggestions for alternatives would be appreciated.
The UMD pro is a router on its own. Following best practices means avoiding connecting routers to other routers. This can lead to double NAT and complicate camera monitoring when you're outside your house. Netgear should only be used as an access point. Outside of that, I'm not an expert in home security.
It seems the setup might need adjustments. The UDM-Pro could likely function in that network setup, but it would depend on proper configuration.
I've experienced this problem before. During an ISP switch, we told the new provider we'd use our own router and only a modem. After setup, we faced ongoing connectivity problems. They attempted several fixes, like replacing the modem, but the issues persisted. It wasn't until I researched the modem's model that I discovered it came with a built-in router. Changing it to bridged mode resolved all our concerns.
The correct name for that setup is an internet gateway. These devices come with routers built in, so adding another router behind them can cause double NAT issues. Bridge mode disables many router functions and sends WAN traffic straight to the next device. You’ll still need bridge mode if you rely on an internet gateway and also use UDM-Pro. When using a wireless router in AP mode, its Ethernet ports become switch ports. In practice, connecting a switch between your modem/gateway and router isn’t typical. Just connect the AP directly to the UDM-Pro. It’s natural to worry about data leaks to online services that store personal details. Still, turning off remote management means you may lose access to camera feeds via UniFi Protect. Instead, consider using a hosted UniFi Controller—either self-hosted on cloud hosting or a service like Hostifi that manages the cloud. Be aware you’re sharing your data with another party, which could face similar risks. Hostifi isn’t inexpensive, but it’s a solid replacement for UniFi’s cloud solution and simpler to install. The cost may be worth it if you need to manage several site controllers. Check the UniFi Community Forums for tailored advice, as their users are more informed about these configurations.
The Netgear Router in option 3 wouldn't be bridged. This raises a concern I mentioned earlier—would the UDM-Pro function properly if positioned behind another router? I’d only connect cameras directly, not anything else. Honestly, I’m not too concerned about what data might be accessible. A single email address is essentially worthless, and passwords can be changed. My main worry is someone could compromise my cameras or other network devices. That’s why the VPN with DDNS would make sense. With Remote Management turned off, I could theoretically connect to my local network and access UNIF Protect remotely. However, I’m uncertain if motion alerts would remain functional without constant VPN connectivity. I’ve considered sharing this on the Ubiquity community, but I wasn’t sure about its activity level, so I thought I’d begin here since it appears quite active.
You’d face double-NAT with that configuration. Do you really need the Netgear router? What model is it? If you prefer to retain the Netgear unit, perhaps a UNVR would be a better choice than the UDM-Pro. Yes, it’s working! For such issues, expert advice is essential.