Rather than self-signed certs, web-exposed controllers should have the ability to grab and automatically maintain a Let's Encrypt cert as a one-click solution.
Hi guys, is there any chance Ubnt can make a function similar to Aruba's Adaptive Radio Management or Ruckus's Channelfly? This could help people with dedicated UniFi Controller to have better performance and allows the UAPs to optimize themselves (controlling Transmit Power and choosing the best Channel) automatically preventing interference from each other without needing a IT. This could really help when it comes to large deployment in companies, saving their IT hours of walking around with WiFi Analyzer tweaking the WiFi. As we all know, as of now setting Transmit Power to Auto is essentially setting it to High and this problem has been known for years. I guess this is a change that benefits most people.
I like the unif interface. The only problem is that I have an edge switch and not a unifi one. I also don't have some of the other unifi devices that are listed. it would be nice to pick and choose what is displayed in the dashboard, so the parts that I'm not utilizing can be hidden.
Allow an option when "Automatically upgrade AP firmware" is enabled to make updates sequential instead of simultaneous.
We have some overlap in our network coverage and rather than having the whole wireless network go down, it would be preferable to wait for each AP to update and re-provision before moving onto the next one, maintaining basic coverage during an update.
This might also be useful if there happens to be a bad update; instead of potentialy taking down your whole system, you'd only be stuck with one bum AP.
After installing the Unifi Controller (5.2.9-8748) on a Debian Sid system from the Ubiquiti APT repository on a Debian Sid system, I was shocked to discover that the package automatically installed and started a full-blown network service as root, with no security hardening whatsoever.
This basically means that anyone who manages to breach into the Unifi Controller (say, by remotely exploiting a vulnerability in the built-in HTTP server) gets immediate unfettered root access to the entire machine, without even having to lift a finger. That's quite appalling, and it goes against the fundamental, well-known, decades-old Unix best practice of not running daemons as root.
There is no reason whatsoever for the controller to run as root, as it doesn't require any special privileges for normal operation. As a matter of fact, the following hardening procedure will downgrade the controller to much more restricted privileges, while still allowing for proper operation:
# systemctl stop unifi # groupadd unifi # useradd -g unifi -s /bin/false -d /dev/null unifi # chown -R unifi:unifi /var/log/unifi /var/lib/unifi # rm -rf /var/run/unifi # cat > /etc/systemd/system/unifi.service.d/security.conf <<EOF [Service] RuntimeDirectory=unifi User=unifi Group=unifi PrivateTmp=true PrivateDevices=true ProtectSystem=strict ProtectHome=true ProtectKernelTunables=true ProtectControlGroups=true NoNewPrivileges=true ReadWritePaths=/var/log/unifi ReadWritePaths=/var/lib/unifi ReadWritePaths=/var/run/unifi EOF # systemctl daemon-reload # systemctl start unifi
The above not only runs the Unifi Controller under its own dedicated user and group, it also uses advanced systemd features to completely lock down the daemon, including making almost everything read-only, hiding access to devices, and preventing anything running under the controller from running setuid binaries. This kind of setup makes it extremely difficult for an attacker to escalate their privileges upon a successful compromise of the Unifi daemon.
Can we please have this setup (or something similar) be the default for the Debian package, instead of running network-facing services as root by default? Please?
It is helpful that i am notified via email that a UAP disconnects.
however i never get a re-connect notice.
With so many hotels that use the UAP's and staff sometimes bumping cables and rebooting switches, it would be very helpful to get a "reconnected" alert email when the UAP's come back.
Now i need to vpn in, open up my controller and look, and it has become time consuming and frustrating.
please add email "up/connected/reconnected" alerts.
In 'Hotspot Manager' -> 'Guests' there is no column for Notes.
When you create a voucher you can specify details in 'Notes'. For example you can specify the user's full name.
But when the voucher is in use it dissapears from the 'Vouchers' section (no idea why?).
You then have to go to the 'Guests' section but the column 'Notes' is no longer shown.
This means there is no easy way to identify which user is connected to which voucher, since it only shows the device name...
So when you have to revoke a voucher, good luck in finding the correct device!
The strange thing is, the original 'Notes' details are still available in the database.
When you're in the 'Guests' section and you search for a word you specified in the Notes of a voucher, it will find the voucher!
So that is why I think it is easy to implement. The data is there, it's only hidden.
I searched the internet for days now and there are a lot of users with this problem. There are even users who choose to use a 3rd party hotspot manager because of this.
So could you please add this column ?
Thanks in advance!
I typically create a seperate VLAN and SSID for IoT devices like smart thermostats and automation controllers so they do not co-mingle with internal and guest traffic. However, if there is a guest portal already active, I have no easy way to isolate the IoT devices from one another.
It would be useful to have an option to isolate clients that is seperate from the guest portal.
So it would look like:
SSID A - Internal - 192.168.1.x - no portal - no isolation
SSID B - Guest - 192.168.20.x - guest portal - isolated
SSID C - IoT - 192.168.30.x - no portal - isolated
I would imagine it would be similar to the restricted\allow networks within the Guest Control settings or simply a check box to isolate clients on that wireless network.
Emoji are unicode emoticons available on all mobile operating systems and the latest versions of Apple and Microsoft operating systems.
Emoji has delivered us many timeless classics such as:
💩 - the pile of poop
🍆 - the aubergine
🚮 - the trash
It would be great if the character restrictions in the controller were removed to allow for emoji characters to be inserted in to SSID names.
I can imagine that there will always be something missing from the UI that config.properties handles. Can we get a text box in sites (shown only when advanced features is on) that lets us put these entries in the UI?
This is not a "new idea" per se as there have been several discussions about this feature, but I did not see it in this section. A senior member suggested that "announce timers" may easily be configured, can be found here:
Didn’t found this one before.
Would it be possible to view the current cpu en memory load in the UniFi web interface from the system on which the software is running? This could be visible like on the EdgeMax routers.
Most people access the software through the web interface but never actually ssh on to the server to look at the server load. This way you can detect easy if the system on which the UniFi software is running needs some extra memory for example.
Currently dynamic VLANs can only be VLAN ID's that arent already configured in the controller. This is not very usefull as you cant really configure a tagged VLAN on the uplink interface of a switch or a routable network on the USG that leverages that tag.
It would be a huge benifit to be able to configure in the unifi console a corporate network and leverage it for dynamic assignment on the switches as we do the AP's today. It would be benificial even if you had to check a box making the VLAN eligable for dynamic VLAN assignment and you couldnt manually in the controller assign it to a switch interface outside of a trunk interface.
Add the option to view the channels of AP's on the map view. Would make it much easier to explore and manage same channel interference.
Just two views, one for each frequency, each channel has its own colour and is displayed with the same method used in the coverage map.
As the title says, this was very simple to see on v3 controller, it was shown next to the AP name on the dropdown menu(filter by AP), and also on the footer(showing x users of y, or x - y / z). Now on controller v4, I can see how many users/guest are connected to an AP, but only on the devices tab, not on the clients tab, so what I'm asking is an easy way to see the number of clients per AP on the clients tab, maybe next to the AP name on the dropdown menu, like it was on v3.
I am looking at a solution to provide Wi-Fi access to the student dormitory I operate for a state college. We currently have wired access in the rooms and wireless in the common areas but I am looking at making wireless available in the rooms and common areas. I was told that the UniFi product line would allow me to have a portal page where I could have each user enter their last name, room number, and year of birth and compare that to a pre-populated list of authorized users without having to put in a Radius server. Is this correct? I have read the user's manual and really don't see how/where/what format to put this list in nor how to tie it to the portal page.
I would really like to have a clean interface where I could enter the user name which would be the last name and room number of the student and the password be their year of birth. We have a lot of students that have multiple wireless devices and this way I could at least limit access.
Colour blindness is a thing, and it's VERY difficult to see differentiation of VERY thinly lined icons giving up & down status.
It's important to not only use colour to indicate status, especially given this field is largely male dominated and the high proprotion of red/green colour blind males.
- msmith1 on: Disable Secondary Ethernet port on UAP
- verisarioc on: Mobile App - turn off PoE port
- Railgun on: Request for troubleshooting tools
- BengalTiger on: NOT type of firewall rule
- BengalTiger on: Sorting based on KUDOS in THIS forum??
- commobytes on: [HELP] Setup WiFi for LARGE HOUSE + Gaming
s on: New Router Between USG-PRO4 - USG-XG-8
- UBNT-pain on: Request
- verisarioc on: Hosting guest portal
- toddp on: Cloud Key Auto Reboot
- DPI signature for NFS traffic
- Option for 2FA "Remember Device" and Session Duration
- Request: Full Unicode Support in SSID (Web UI)
- Order of Operation for Firmware Upgrades.
- REQUEST - Add device hostname to Mac Address
- Request - Static IP on LAN2 for management
- Update Windows Controller running as a service remotely for 20 sites!
- DPI Restriction on adult websites
- Configure RTLS packets from UAPs
- Request - Switching easily to a new controller without backup/restore process of the old controller