 Tom here from Lawrence Systems and I made a video about whether or not you should buy a Unified Dream Machine Pro. Unfortunately, many people already purchased these before watching that video or realizing the shortcomings of the device. So then the next question comes up, how do I integrate another firewall with it? And that's what this video is here to explain for those of you that really want to keep your Unified Dream Machine because you're using it for cameras or as your Unified Controller or any other functionality. And you're going, well, I still like a better firewall for the VPN features or any of the other shortcomings that you found with the Unified Dream Machine. And before we dive into the details of this video, if you'd like to learn more about me and my company, head over to LawrenceSystems.com. If you'd like to hire us for a project, there's a hires button right at the top. If you want to support this channel in other ways, there's a affiliate links down below to get your deals and discounts on products and services we talk about on this channel. Now, the first question that comes up is usually what diagram software are using. And this is diagrams.net. Second question is which firewall goes first and sits at the edge of the network and connects directly to the internet? I really recommend whatever the replacement firewall you have is the one you put first. And the reason for that is you end up, if you reverse this situation where you put the Unified Dream Machine, have it directly connected to the internet. If you're trying to do VPNs, you have the trouble of double netting all the time. And for any rule you create in a port forward, you'll have to create first port forward in the first device and then a second port forward in the second device. This is kind of a pain. In this scenario, and we're using PF Sense as an example, if you put PF Sense at the edge, unless you're using it for VPN, you control all the rules, you build all the networks and everything right here inside of PF Sense. Now that does include using the LAN. And yes, you can use the eight switch ports still on this and work in the scenario that we're going to go here. So we have this setup where the WAN would be directly connected to the internet by your ISP. Then we have your LAN 192.168.10.1 assigned to the PF Sense. And you would have PF Sense handing out addresses. You want to make sure the address range starts above the range that you're assigning for the Unified Dream Machine, which we just assigned it.2 for simplicity here. So make sure your DHCP range doesn't have a conflict. So start it at least three or higher. Next is yes, you would plug right from the LAN you created over to here. That includes if you wanted to trunk any VLANs. And I have videos talking about Unify and PF Sense and VLANs. And this will still work in these scenarios because they can still be defined. But by doing it this way, you need LAN 2 to be, and it can be your IoT network. It can actually be any other LAN as you've configured in PF Sense connected to the WAN port of the Unified Dream Machine. The reason for doing that is that the only way the Unified Dream Machine can reach out and actually get to the dashboard or reach an update server. So you can tell it to update is through its WAN port. And if you were to jumper these over, so to speak, and have the WAN port to be in the LAN port, you could end up with some weird conflicts of it may not route properly. I've had a few people, few people tell me that it would work that way. But I don't think that's the best idea to keep them within the same subnet. That's why I have LAN 2 as a separate subnet. And whatever that subnet is, you don't have to do anything special on the Unified Dream Machine. Just leave the WAN at DHCP and it will get an assigned address from the PF Sense firewall. Next, the question comes, what about all the devices? What about by switches and my access points? Well, you can actually plug these into and use these ports. You can then plug it into another switch. One thing of note is if you have already configured Unified Dream Machine and you have all these devices adopted, when you change the internal LAN IP of your Dream Machine, you may find that it loses some of these devices. I've found it not to be absolutely rock solid on updating the Inform URLs. The easy solution is unadopt them first, put them basically in a default state, change the IP address of your Dream Machine, and then re-adopt the devices and start bringing them back into the network. This is a quick and easy way to solve the problem and avoid any potential troubleshooting you have by updating or manually updating the Inform URL to the new IP address assigned to the Unified Dream Machine. But from here, you can still build out more VLANs. Matter of fact, the one LAN cable plugging from a PF Sense into here would allow it to be trunked so you can send all the different VLANs and I have a few videos on that topic so that can all be pushed down the pipe over to here, come to all the other devices. You can build out a separate camera network if you wanted to and each of these cameras can then still talk to your Unified Dream Machine Pro. So all of those functionalities work. The functionality you're going to lose when you do this is going to be the analytics dashboard that you get will go away. You're not going to have any of those deep analytics statics. Not that I think they were very good. They don't even have that much in the way of insight, in my opinion, but you will lose all the stats because you're not routing anything through there. It will connect to the Unified Dashboard for remote control and management, but not for any of the statistics that you'll get. Now, as far as how you actually change the IP address on there, all I did was go into right here into settings, then to networks, and then we typed in 192.168.10.2 slash 24. Then we have that set as the gateway IP. It has the range here, but we want to make sure DHCP server is set to none. This is important because you can't have two devices handing out DHCP on network because that would cause conflicts. It'll start hand out overlapping IP addresses. But other than that, that's all you have to do to make this scenario work. And this is a demo LAN I had set up where I have this setup configured and working with some devices attached to it. So absolutely it'll work. It's going to solve the problem you have of maybe you need different VPNs. You'd like to have PF Sense, for example, controlling all the different VPNs in and out and some of the cool features that come with that. But you still want this inside your network where it's accessible, where it manages the unified controller software, maybe some cameras or anything else you have tied to your dream machine and have that functionality still exist. Now, hopefully this clears up when people ask the question of how do I integrate it with my, you know, new firewall that I got such as a PF Sense. But honestly, my better recommendation always is to get something like either a cloud key to host the controller on or host the controller yourself or even reach out to someone like hostify to handle all the controller hosting. There's a few different options. I mean, the controller software is free. You could just run it on your local computers or local Linux server that you have or even, you know, rent some server space in the cloud. There's a few different scenarios. The unified dream machine is not necessary. You can use all these devices without it. But of course, if you're using something like unified protect, and you're using it with the dream machine or you're using one of the unified doorbells, which ties to the dream machine, and you don't want to buy a separate protect system, I get it. And this can be a cost saving measure because well, you've already spent the money, you already have the device. So hopefully this clears this up. Leave your comments, concerns down below and however to forms for a more in depth discussion. Thanks. And thank you for making it all the way to the end of this video. If you've enjoyed the content, please give us a thumbs up. If you would like to see more content from this channel, hit the subscribe button and the bell icon. If you'd like to hire a short project, head over to lauranceystems.com and click the hires button right at the top. To help this channel out in other ways, there's a join button here for YouTube and a Patreon page where your support is greatly appreciated. For deals, discounts and offers, check out our affiliate links in the description of all of our videos, including a link to our shirt store where we have a wide variety of shirts that we sell and designs come out well randomly. So check back frequently. And finally, our forums. Forums.LauranceSystems.com is where you can have a more in depth discussion about this video and other tech topics covered on this channel. Thanks again for watching and look forward to hearing from you.