New Idea

Official Lets Encrypt Support for HTTPS

Submitted by -
Status: Accepted

Rather than self-signed certs, web-exposed controllers should have the ability to grab and automatically maintain a Let's Encrypt cert as a one-click solution.

 

Forum thread: http://community.ubnt.com/t5/UniFi-Wireless/Lets-Encrypt-and-UniFi-controller/m-p/1406670#M131139

Smart Radio Management

Submitted by -
Status: Accepted

Hi guys, is there any chance Ubnt can make a function similar to Aruba's Adaptive Radio Management or Ruckus's Channelfly? This could help people with dedicated UniFi Controller to have better performance and allows the UAPs to optimize themselves (controlling Transmit Power and choosing the best Channel) automatically preventing interference from each other without needing a IT. This could really help when it comes to large deployment in companies, saving their IT hours of walking around with WiFi Analyzer tweaking the WiFi. As we all know, as of now setting Transmit Power to Auto is essentially setting it to High and this problem has been known for years. I guess this is a change that benefits most people. 

 

Thanks, 

Jack. 

Modern Protocols

Submitted by -
Status: Accepted

It is about time this equipment supported "Up to date Protocols"

IGMPv3 "wanted for over 3 years now"

IPv6 Full support

SNMPv3

 

I do not for the life of me understand why this equip. does not support these Protocols.

 

Make Unifi Dashboard modular - pick and choose what to display

Submitted by -
Status: Accepted

I like the unif interface.  The only problem is that I have an edge switch and not a unifi one.  I also don't have some of the other unifi devices that are listed.  it would be nice to pick and choose what is displayed in the dashboard, so the parts that I'm not utilizing can be hidden.

 

Thanks!

Sequentially Update APs

Submitted by -
Status: Accepted

Allow an option when "Automatically upgrade AP firmware" is enabled to make updates sequential instead of simultaneous.

 

We have some overlap in our network coverage and rather than having the whole wireless network go down, it would be preferable to wait for each AP to update and re-provision before moving onto the next one, maintaining basic coverage during an update.

 

This might also be useful if there happens to be a bad update; instead of potentialy taking down your whole system, you'd only be stuck with one bum AP.

Linux Unifi Controller default Debian setup is grossly insecure

Submitted by -
Status: Accepted

After installing the Unifi Controller (5.2.9-8748) on a Debian Sid system from the Ubiquiti APT repository on a Debian Sid system, I was shocked to discover that the package automatically installed and started a full-blown network service as root, with no security hardening whatsoever.

This basically means that anyone who manages to breach into the Unifi Controller (say, by remotely exploiting a vulnerability in the built-in HTTP server) gets immediate unfettered root access to the entire machine, without even having to lift a finger. That's quite appalling, and it goes against the fundamental, well-known, decades-old Unix best practice of not running daemons as root.

There is no reason whatsoever for the controller to run as root, as it doesn't require any special privileges for normal operation. As a matter of fact, the following hardening procedure will downgrade the controller to much more restricted privileges, while still allowing for proper operation:

# systemctl stop unifi
# groupadd unifi
# useradd -g unifi -s /bin/false -d /dev/null unifi
# chown -R unifi:unifi /var/log/unifi /var/lib/unifi
# rm -rf /var/run/unifi
# cat > /etc/systemd/system/unifi.service.d/security.conf <<EOF
[Service]
RuntimeDirectory=unifi
User=unifi
Group=unifi
PrivateTmp=true
PrivateDevices=true
ProtectSystem=strict
ProtectHome=true
ProtectKernelTunables=true
ProtectControlGroups=true
NoNewPrivileges=true
ReadWritePaths=/var/log/unifi
ReadWritePaths=/var/lib/unifi
ReadWritePaths=/var/run/unifi
EOF
# systemctl daemon-reload
# systemctl start unifi

The above not only runs the Unifi Controller under its own dedicated user and group, it also uses advanced systemd features to completely lock down the daemon, including making almost everything read-only, hiding access to devices, and preventing anything running under the controller from running setuid binaries. This kind of setup makes it extremely difficult for an attacker to escalate their privileges upon a successful compromise of the Unifi daemon.

Can we please have this setup (or something similar) be the default for the Debian package, instead of running network-facing services as root by default? Please?

Please add UAP connected/reconnected alert emails

Submitted by -
Status: Accepted

It is helpful that i am notified via email that a UAP disconnects.

 

however i never get a re-connect notice.

 

With so many hotels that use the UAP's and staff sometimes bumping cables and rebooting switches, it would be very helpful to get a "reconnected" alert email when the UAP's come back.

 

Now i need to vpn in, open up my controller and look, and it has become time consuming and frustrating.

 

please add email "up/connected/reconnected" alerts.

 

Thanks!!!!

Client Isolation without Guest Portal

Submitted by -
Status: Accepted

I typically create a seperate VLAN and SSID for IoT devices like smart thermostats and automation controllers so they do not co-mingle with internal and guest traffic. However, if there is a guest portal already active, I have no easy way to isolate the IoT devices from one another.

 

It would be useful to have an option to isolate clients that is seperate from the guest portal.

 

So it would look like:

SSID A - Internal - 192.168.1.x - no portal - no isolation

SSID B - Guest - 192.168.20.x - guest portal - isolated

SSID C - IoT - 192.168.30.x - no portal - isolated

 

I would imagine it would be similar to the restricted\allow networks within the Guest Control settings or simply a check box to isolate clients on that wireless network.

 

Thanks!

Hotspot Manager Guests - Voucher Notes missing

Submitted by -
Status: Accepted

Hi,

  

Problem:

 In 'Hotspot Manager' -> 'Guests' there is no column for Notes.

 

When you create a voucher you can specify details in 'Notes'. For example you can specify the user's full name.

But when the voucher is in use it dissapears from the 'Vouchers' section (no idea why?).

You then have to go to the 'Guests' section but the column 'Notes' is no longer shown.

This means there is no easy way to identify which user is connected to which voucher, since it only shows the device name...

So when you have to revoke a voucher, good luck in finding the correct device!

 

The strange thing is, the original 'Notes' details are still available in the database.

When you're in the 'Guests' section and you search for a word you specified in the Notes of a voucher, it will find the voucher!

 

So that is why I think it is easy to implement. The data is there, it's only hidden.

 

I searched the internet for days now and there are a lot of users with this problem. There are even users who choose to use a 3rd party hotspot manager because of this.

So could you please add this column ?

 

Thanks in advance!

Full unicode/emoji characters support in wireless network names

Submitted by -
Status: Accepted

Emoji are unicode emoticons available on all mobile operating systems and the latest versions of Apple and Microsoft operating systems. 

 

Emoji has delivered us many timeless classics such as: 

 

💩 - the pile of poop 

🍆 - the aubergine

🚮 - the trash

 

It would be great if the character restrictions in the controller were removed to allow for emoji characters to be inserted in to SSID names. 

config.properties text box in UI

Submitted by -
Status: Accepted

I can imagine that there will always be something missing from the UI that config.properties handles.  Can we get a text box in sites (shown only when advanced features is on) that lets us put these entries in the UI?

Configurable Band Steering

Submitted by -
Status: Accepted

This is not a "new idea" per se as there have been several discussions about this feature, but I did not see it in this section. A senior member suggested that "announce timers" may easily be configured, can be found here:

http://community.ubnt.com/t5/UniFi/Does-UniFi-automatically-move-5-GHz-capable-clients-to-5-GHz/td-p/534240

View cpu en memory load of controller

Submitted by -
Status: Accepted

Didn’t found this one before.

Would it be possible to view the current cpu en memory load in the UniFi web interface from the system on which the software is running? This could be visible like on the EdgeMax routers.
4.JPG

Most people access the software through the web interface but never actually ssh on to the server to look at the server load. This way you can detect easy if the system on which the UniFi software is running needs some extra memory for example.

Channel Overlay Map

Submitted by -
Status: Accepted

Add the option to view the channels of AP's on the map view.  Would make it much easier to explore and manage same channel interference.

Just two views, one for each frequency, each channel has its own colour and is displayed with the same method used in the coverage map.

 

Duplicates:
http://community.ubnt.com/t5/UniFi-Feature-Requests/Request-Better-Unifi-MAP-visualisation-and-configuration/idi-p/1245104

Implement additional Dynamic VLAN support for Unifi Switches

Submitted by -
Status: Accepted

Currently dynamic VLANs can only be VLAN ID's that arent already configured in the controller.  This is not very usefull as you cant really configure a tagged VLAN on the uplink interface of a switch or a routable network on the USG that leverages that tag.  

 

It would be a huge benifit to be able to configure in the unifi console a corporate network and leverage it for dynamic assignment on the switches as we do the AP's today.  It would be benificial even if you had to check a box making the VLAN eligable for dynamic VLAN assignment and you couldnt manually in the controller assign it to a switch interface outside of a trunk interface.

Per Access Point and Per SSID Statistics

Submitted by -
Status: Accepted

Ability to see historical association data on a per access point and per SSID basis and not just an overall overview

Edit VPN Networks from App

Submitted by -
Status: Accepted

I just noticed that on my phone app I can't delete a vpn network.  This could be very useful when you need to rebuild a problematic tunnel for a customer.

 

Thanks!

v4 controller - show number of users per AP on clients tab

Submitted by -
Status: Accepted

As the title says, this was very simple to see on v3 controller, it was shown next to the AP name on the dropdown menu(filter by AP), and also on the footer(showing x users of y, or x - y / z). Now on controller v4, I can see how many users/guest are connected to an AP, but only on the devices tab, not on the clients tab, so what I'm asking is an easy way to see the number of clients per AP on the clients tab, maybe next to the AP name on the dropdown menu, like it was on v3.

unifi4.jpg

White List-Authorized User List

Submitted by -
Status: Accepted

I am looking at a solution to provide Wi-Fi access to the student dormitory I operate for a state college. We currently have wired access in the rooms and wireless in the common areas but I am looking at making wireless available in the rooms and common areas. I was told that the UniFi product line would allow me to have a portal page where I could have each user enter their last name, room number, and year of birth and compare that to a pre-populated list of authorized users without having to put in a Radius server. Is this correct? I have read the user's manual and really don't see how/where/what format to put this list in nor how to tie it to the portal page. 

I would really like to have a clean interface where I could enter the user name which would be the last name and room number of the student and the password be their year of birth.  We have a lot of students that have multiple wireless devices and this way I could at least limit access.

Global Dashboard is inaccessible for 1-in-12 males (and more)

Submitted by -
Status: Accepted

Colour blindness is a thing, and it's VERY difficult to see differentiation of VERY thinly lined icons giving up & down status.

 

It's important to not only use colour to indicate status, especially given this field is largely male dominated and the high proprotion of red/green colour blind males.