UDM Pro Local Admin Account? and Wan SFP question

[Dataanti]

Hey guys, got a quick question in regards to the UDM-pro setup requiring a UI account and remote access being forcefully enabled with no way to disable it. I would imagine some of you here are running this router and might be able to answer these questions.
 

I have been thinking about getting this router, but this problem is the only thing holding me back. I do not understand why any router would require something like this, it is a nice option to have I guess for those whom want to access their router remotely (i prefer to just VPN into my network and access it remotely like that) but to have it always on and no way to disable it, and requiring it on set up to me is a bit ridiculous
 

However all the posts that i see complaining about this design flaw are all from about 7-10 months, I am wondering if they have added in the option to use local admin accounts only, and to skip the UI account creation during setup. Or at the very least being able to disable remote access or even decouple the account from the router after setup, so that only a local client with a local admin account can see and do anything on the router.
 

I gotta ask, what do people who buy this device for use on an intranet do to set it up? or if you do set it up with a UI account, what do you do if your WAN connection is dead and you need to get into the router to fix it, how do you do that if the only access to the router is through the online portal, you would essentially have an absolutely useless router. or what if you do not even have an internet connection at the time of setup? to me this seems like an incredibly smooth brained oversight that has absolutely no good reason for it to exist.

A side question: does the WAN SFP ports support sync rate of 2.5g? I cannot find any recent posts online about it, but some post indicate that there was a firmware update in the works to enable 2.5g sync rates on the WAN SFP ports, I just want to confirm this is indeed the case. It is not a super big deal breaker, I just really want to yeet my ISP's garbage modem/router combo out the window for its terribly buggy "advanced DMZ" mode and no proper bridge mode, so I am stuck with a double NAT. HH3000 users may know my pain.




If there is no solution to the first question, Is there any other good alternatives the a router like the UDM pro? Not being able to disable or skip the UI account creation should be a massive deal breaker for any network admin cause stuff like this happens all the time: 

 

[sybreeder]

Yes for first configuration you need to create account with ubiquiti. But then you can create local account on device itself and turn off remote access. 

You can access router loccaly without internet just put ip address of router and login - you can use either online credentials or local. 
I use mine UDM-PRO as a replacement for Opnsense as a VM. I needed something with at least one SFP+

 

In case of WAN 2.5g it's on their roadmap. If you put SFP+ to RJ45 transciever that supports 2.5g it will connect to 2.5g if boths sides works with that speed. But that require RJ45

In theory you could try set in CLI:

Change From:

case SPEED_10000:

case SPEED_2500:

    mac_mode_needed = AL_ETH_MAC_MODE_10GbE_Serial;

    break;

 

Change To:

case SPEED_10000:

    mac_mode_needed = AL_ETH_MAC_MODE_10GbE_Serial;

    break;

case SPEED_2500:

    mac_mode_needed = AL_ETH_MAC_MODE_SGMII_2_5G;

    break;

 

Manually assign it in CLI

root@Server:/lib# ethtool -s eth9 speed 2500

 

https://community.ui.com/questions/1-9-is-OUT/3c18191e-381f-4747-a7ca-8215bd98f50f#answer/a9f53bb8-7ac0-417a-bc59-93b20c0ff200

[steyrs]

Here is how to disable remote access.

• Login with your online account credentials and password

• Choose system settings (bottom right of your screen)

• Choose advanced

• Disable Remote Access

• Confirm that "Transfer owner" won't be available if you disable remote access.

Job done ;)