USG passthrough/monitor mode

Submitted by -

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Manual Workaround: UPDATE 1/25/2017:  

 

See the excellent How-To from @wnoisephx on page 35 of the comments here:

 

https://community.ubnt.com/t5/UniFi-Routing-Switching-Feature/USG-passthrough-monitor-mode/idi-p/1537588/page/35#comments

 

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

 

Original Post:

 

I have a couple of networks where I will never replace the router (for one I can't - it's provided as part of the environment) but I would still like to have stats in the controller.

 

Inspired by this thread:  https://community.ubnt.com/t5/UniFi-Routing-Switching/USG-behing-firewall-transparent-mode/m-p/1534439#M13229

 

I would like to see a pass through mode for the USG where it passes traffic with no NAT, no firewall rules, no DHCP, etc.  Just analyzes traffic.

 

Even better - a monitor mode where I could feed a USG a mirror of the port that goes to my exising router so I don't have to have latency of the USG in the packets path. Use it as a sensor, basically.  

 

I think you guys would sell a boatload of USGs if you supported this!  

 

EDIT:  It appears to be on the roadmap:  https://community.ubnt.com/t5/UniFi-Routing-Switching/USG-Feature-Roadmap-January-2017-update/m-p/1792230#M31948

 

Specificially:

 


In Progress / Near Future

  • DPI support in passthrough mode or on monitor interface

 

Thanks @UBNT-cmb

Comments
by
on ‎07-27-2017 07:19 PM

Been a year since this was requested and the Roadmap hasn't been touched in a few months, starting to wonder if these features are vapor Man Sad

by
on ‎07-27-2017 11:14 PM

+1

by Ubiquiti Employee
on ‎07-28-2017 12:44 PM

So this is a technically challenging feature to support.  So as mentioned before the timeline on this one is far from short.  We are investigating - but do not have a viable path to implementation on this yet - aside from what was listed above, which is using firewall rules to accomplish this (which many will dislike).

 

Thanks,

Brandon

by
on ‎07-28-2017 12:57 PM

@UBNT-Brandon Thank you for at least giving us an update.

 

I hope you can understand that I'm very frustrated that the status is still "investigating", even though @UBNT-cmb put it on the roadmap (which iirc wasn't planned that much into the future).

by
on ‎07-29-2017 06:59 PM

how can this feature NOT exist and the product be called ENTERPRISE ? 

 

NAT has no standards and my USG needs to be rebooted often due to some fscked up NAT table issues. 

 

 

by Ubiquiti Employee
on ‎07-31-2017 09:55 AM

Note that this is for bridging - which is an L2 feature.  Not wanting NAT is different from this - and can be accomplished with routing (L3 featureset).

 

Thanks,

Brandon

by
on ‎07-31-2017 01:18 PM
@UBNT-Brandon - if there is a way to do this now with routing and disabling NAT, it would be well worth your while to have someone create an FAQ in the Help section so I can link everyone to it. While less than ideal I think it would make most people happy!
by
on ‎07-31-2017 01:33 PM
+1 on EricE's comment. I would go for routing. Even if it's a beta feature
by Ubiquiti Employee
on ‎07-31-2017 10:30 PM

You can disable NAT very easily. Others have posted guides for disabling every individual NAT rule, but that's needlessly complicated (and needed config can differ from one configuration to another). A single NAT rule to not NAT is all that's needed to disable NAT. See my post here

by
‎08-01-2017 10:10 AM - edited ‎08-01-2017 10:10 AM

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

 

UPDATE 8/1/2017:  Instructions on how to disable NAT are now provided by @UBNT-cmb here:   https://community.ubnt.com/t5/UniFi-Routing-Switching/Guide-to-disabling-NAT-on-USG/m-p/2012460#M525...

 

While not bridge mode, this should enable a USG to be somewhat transparently inserted into your Internet uplink for monitoring only.  

 

Now to test!

 

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=