New Idea

Request - VPN (L2TP) Customization

Submitted by - Wednesday
Status: New Idea

With the recent changes in security protocols in June. We are not passing our PCI compliance for our merchant account, due to the VPN (L2TP) we have setup. We need to be able to strengthen Encryption Cipers and Diffie-Hellman groups. 

 

Our PCI Compliance Scans have revealed:

---------------------------------------------------------------------------------------------------

Weak Encryption Ciphers identified on VPN Device

Mode: Main, Encryption: 3DES, Hash type: SHA, Auth method: pre-shared key, DH Group: Group 2

 

Weak encryption ciphers, such as DES or 3DES, were identified as supported on this VPN device. These weak ciphers could make it easier for a context dependent attack to compromise the integrity of IKE sessions established with this device.

 

Affected users should consider removing support for DES/3DES encryption ciphers on this VPN device. It's also important to note that if DES or 3DES are in use, there may also be required changes for VPN clients and/or VPN peers depending on usage.

---------------------------------------------------------------------------------------------------

Weak Diffie-Hellman groups identified on VPN Device

 

Diffie-Hellman Groups 1 to 4 are no longer considered safe for strong encryption. It is estimated that these groups have a security level of 80-90 bits which is no longer adequate to protect the encryption keys used during IKE phase 2. Furthermore, Group 5 (Modp-1536) has a security level of 120 bits which is slightly under to protect AES-128 encryption keys. Stronger groups have been designed for the Diffie-Hellman key exchange in RFC 3526.

 

Use Diffie-Hellman Key Exchange Group 5 or higher where possible, or the highest available to the VPN endpoints.

---------------------------------------------------------------------------------------------------

 

Currently we cannot customize these settings and it would be excellent to have this option available to do so.

Going Green Request: Guest/Hotspot Voucher issue via Email

Submitted by - Wednesday
Status: New Idea

I believe currently Guest/Hotspot has the voucher-authorization feature. However, in its current implementation, vouchers need to be printed and this is not environment friendly, especially for establishments with high guest/visitor traffic.

 

Is it possible to have voucher created/generated and send via email to the guest/visitor?

 

I have seen this kind of implementation in enterprises that has guest-wifi infrastructure and a simple portal to enter some info and the system automatically generates an email sent to the visitor.

Edit walls in Map Designer

Submitted by - Saturday
Status: New Idea

It'd be useful if you could select a wall and change it's thickness or material type, rather than having to delete it and re-add it

Support Ubuntu 18.04 and others including MongoDB 3.6.x

Submitted by - 3 weeks ago
Status: New Idea

I emailed support about this, and they suggested I post this as a "feature request" on the community forum, which seems an odd way of going about it, but okay.

After upgrading my Ubuntu machine from 16.04 to 18.04 I was unpleasantly surprised to see that the Unifi management software is incompatible with the version of MongoDB included in Ubuntu 18.04.  Considering this release has been out for 3 months (with betas available prior to that), I would have expected this to have been resolved.

So, here's my feature request: Ubiquiti, please support MongoDB versions newer than 3.4, so that Ubuntu 18.04 (and any other distributions that upgrade MongoDB) users can use Unifi again.

Request: Force All Outgoing DNS Traffic to Specific Server

Submitted by - 3 weeks ago
Status: New Idea

I have a USG-PRO-4 and just switched from pfSense. In pfSense I was able to catch all outgoing DNS requests (regardless of which server they were pointed at) and redirect them to some other internal or external DNS server. Part of my security and content filtering strategy requires this but there is currently no easy way to do it with the UniFi controller.

 

Can this be added as an option in the controller GUI? Something like a checkbox that says "Redirect DNS Requests" and a field to manually enter an address.

 

Currently files have to be modified by hand and the changes won't persist once a change is made to the USG from the controller. Below are a few links that outline the necessary changes, which can't be done from the controller.

 

https://community.ubnt.com/t5/UniFi-Routing-Switching/USG-Firewall-Rules-for-OpenDNS/m-p/1807093#M33337

 

UniFi Cloud Key Bundle UniFi SDN Controller 5.9.x

Submitted by - a week ago
Status: New Idea

UniFi Cloud Key  Bundle UniFi SDN Controller 5.9.x   anytime soon.....

its important!!

Request: Block Adult Content

Submitted by - 2 weeks ago
Status: New Idea

Hello,

 

I have a feature request. I know its possible with Cisco Umbrella, but I would like to have it integrated in Unifi products.

 

Is it possible to have a category within the DPI Restriction settings that will block Adult content. Someone from the helpdesk told me that it's possible to select Streaming to block Adult content, but since its 2018 and we also use Netflix and Spotify it's does not make sense to block that aswell. 

 

In some countries adult content is forbidden, but Netflix/Spotify are both not forbidden.

 

Thank you so much!

 

Barcodes on Unifi Vouchers

Submitted by - 3 weeks ago
Status: New Idea

We wish to have barcodes made on Unifi Vouchers. This makes it easier to register users and codes when selling Vouchers. It is in the EU a legal requirement to could inform authorities about who has used a given IP address at a given time. It must be possible to make a barcode corresponding to the voucher code on a voucher.

[Request] Please provide redundancy of the controller.

Submitted by - 2 weeks ago
Status: New Idea

We need to provide controller redundancy in order to build wireless in large sites.

[Request] Please enable controller version upgrade from GUI.

Submitted by - 2 weeks ago
Status: New Idea

Please enable controller version upgrade from GUI.

Support DNS-over-TLS

Submitted by -
Status: New Idea

Cloudflare recently published their DNS resolver openly under 1.1.1.1:

https://blog.cloudflare.com/announcing-1111/

https://blog.cloudflare.com/dns-resolver-1-1-1-1/

 

For fully preventing plaintext DNS queries over the public internet, one would require a DNS resolver to support DNS-over-TLS or DNS-over-HTTPS. As such, it would be great if USG could support DNS-over-TLS: https://developers.cloudflare.com/1.1.1.1/dns-over-tls/

USG disable Port forwarding instead of Delete

Submitted by -
Status: New Idea

It would be handy sometime to Disable a Port forwarding rule (for later use), instead of Deleting it.

Disable_rule.jpg

Multiple SSID’s on the same vlan

Submitted by - 3 weeks ago
Status: New Idea

We would love to use your products within a k12 public school environment but we are running into a slight issue that other vendors like Ruckus & Cisco has you beat. 

 

the k12.sd.us school systems have it within their S.O.P. to use radius server 802.1x authentication.

Unifi works just fine with Radius - the issue is what to do with other NON Active directory devices like

phones, Ipads, etc. that are not members of the Radius. 

 

With Ruckus & Cisco I can just make another SSID wpa2 personal on the same vlan. 

 

With Unifi I must assign other ssid's with a vlan.  I understand the logic behind this but it makes it hard to sell

to schools when I have to add some kind of routing between vlan-x back to the default computer vlan just to add a 2nd ssid.

 

Please give us some options. 

Ban endpoints that use Proxies/Tunnels/Torrents

Submitted by - a month ago
Status: New Idea

It would be great if we could ban users for an X amount of time when DPI detects an attempt to use a Proxie, Tunnel or download torrents rather then trying to filter traffic to block it.

[Request] Cloud Unifi email notification

Submitted by - 3 weeks ago
Status: New Idea

 

As the email notification in the unifi controller, add notification in settings of Cloud at https://unifi.ubnt.com/ to know for example when the cloud key controller become offline or have problems that cannot be sent by the controller himself.

Auto start Controller

Submitted by - a month ago
Status: New Idea

Hello,

 

I would really like the option, either during installation or afterwards, to configure the Controller to auto-start on Windows startup - before user login.

 

I realize there are instructions online for installing the Windows service component of the controller but this becomes a PITA when it's time to upgrade the controller software. You have to remember to go in and disable the service before upgrading and then issue the commands to reinstall the service each time the Controller is upgraded.

 

I've also found that some people had success scheduling the Controller to auto-start using Windows Task Scheduler, however I've had mixed results with that. Right now it's working by running the command: "java -jar "C:\Users\*username*\Ubiquiti UniFi\lib\ace.jar" ui" but I have no idea if running it like that is supported and will cause issues down the road.

 

There really should be an easy and officially supported way to either enable or disable the controller from starting with Windows, and this should be compatible with Windows, Java, and Controller upgrades.

Request for Separate Guest Portal for different Wireless Networks

Submitted by -
Status: New Idea

Currently, We have only one Guest Portal corresponding to Wireless Networks with Guest Policy turned on.

 

I'd like to set my Wireless Networks(within a wireless AP):

SSID1(Guest Policy on) to use GUEST POLICIES with Authentication method: Hotspot

SSID2(Guest Policy on) to use GUEST POLICIES with Authentication method:  Facebook Wi-Fi

SSID3(Guest Policy on) to use GUEST POLICIES with Authentication method: Simple password

SSID4(Guest Policy on) to use GUEST POLICIES with Authentication method: No authentication

 

Is that possible?

 

This is my idea: Request for Separate Guest Portal for different Wireless Networks

 

best regards,

 

 

Support DNS-over-HTTPS

Submitted by -
Status: New Idea

Cloudflare recently published their DNS resolver openly under 1.1.1.1:

https://blog.cloudflare.com/announcing-1111/

https://blog.cloudflare.com/dns-resolver-1-1-1-1/

 

For fully preventing plaintext DNS queries over the public internet, one would require a DNS resolver to support DNS-over-TLS or DNS-over-HTTPS. As such, it would be great if USG could support DNS-over-HTTPS: https://developers.cloudflare.com/1.1.1.1/dns-over-https/

SSL Certificate change in UI

Submitted by -
Status: New Idea

I think now when google have some restrictions for un protected sites and prices of ssl you should think about how to change SSL certificate easy way from UI.

 

Please deliver ASAP.  For me it is MUST. When i had windows controller i replaced keystore file but for CloudKey this is very big pain.