New Idea

Spanning tree port cost, edgeport, auto-edge UI control

Submitted by - a week ago
Status: New Idea

Would be nice to have per-port spanning tree cost, edgeport and auto-edge configuration. 

Include IPv6 Settings into the Controller.

Submitted by -
Status: Accepted

I'm fully aware that IPv6 can be configured from the CLI now but UniFi is a SDN product which means that all if not most features should be able to be configured from the controller. not from the CLI.


I'm suggesting that UBNT include the IPv6 Settings under WAN settings for USG like as shown below. (Sorry, my drawing isn't very good)

Screenshot from 2016-12-23 23-38-11.png

In the IPv6 Connection Type, the following should be included:

1. Native IPv6

2. Tunnel 6to4

3. Tunnel 6in4

4. Tunnel 6rd

5. Static IPv6


Other than that, the following options in the picture should alse be included:

Screenshot from 2016-12-23 23-50-01.png


I don't know how Asus did it, but their routers are smart enough to get the right prefix without my intervention, I wish USG will have this feature too.


I wish UBNT will include full IPv6 support into the controller ASAP that is easy to setup without much technical knowledge. Ubnt Banana


Thank you.


Allow configuration of switch LACP load-balance mode

Submitted by - a week ago
Status: New Idea

port-channel load-balance allows configuration of 7 different modes. UniFi switches can only use the default 3 currently, should UI-expose configuration of this parameter. 

USG url logging for guest users

Submitted by - Thursday
Status: New Idea

As per law we should be able to log guest user internet activity per session, atleast top level domain access logs. This is becoming necessity as per new anti-terrorist laws for providing public wifi.


Ask :

Figure out a way to log URL to a remote logging server directly from AP or USG which is handling guest accounting would be super useful

Speed control for wired guests on USG

Submitted by - Wednesday
Status: New Idea

in "networks" i created a network called "LAN guest" with purpose as "guest" and VLAN 2 ID & IP series


USG is serving guest portal to LAN users but it's not controlling the speeds, and i doubt it's controlling the Time & data limit as well.


When will guest controls be provided for LAN guests?




USG should be able to handle wired guest similar to how unifi APs do, with designated speed, data n time limits set using API

USG Parental controls - Group controls (kid1 devices in a group) - Allot time per application

Submitted by - 3 weeks ago
Status: New Idea


I'd like to see a way to do granular parental controls. 

Such as creating groups and then adding all devices (wired & wireless) from each kid into a kid1-group for each kid (kid1,kid2, etc), then granular alloting time for all devices from kid1-group, and alloting time per application per kid1-group, assign webprofiles to kid1-group,  etc, and then a "superhandy interface to add and delete apps, time, block etc, " see below for more detail.


Currently have :

  • 1 USG
  • 1 Unifi Controller
  • 2 Unifi US-8-60W switches
  • 2 Unifi AP AC PRO access points


Got into Unifi for stability purpose and so I could properly separate out the guest wifi and with a VLAN. Also I like the SDN approach, the interface and the application on the phone/tablet.


In my previous network setup I had some possibility to do timed access control for all devices (not just wifi connected by also all hardwired ones). I also had the option to assign predefined web/url profiles to each device (and the option to use a customized profiles based on the webcategories available for these profiles).


Nice that you can assign hours of use to wireless networks but you cannot to hardwired networks.

And overall it would e easier if an option like this could also be assigned to a "group" with devices in it.


Overall would be very usefull to have some (much more) parental controls / group controls


1. Create user groups based on a set of devices

  • Including not just wireless devices but also wired devices
  • usergroup "Kid1": Tablet (wifi), phone (wifi), laptop (wifi), desktop (wired ethernet) 
  • usergroup "Kid2": Tablet (wifi)
  • And allow to create groups with groups in it: Kids group includes Kid1 and Kid2


Then be able to do various types of controls with these groups:


2. Control Internet access times through the USG (on basis of a group):

  1. block traffic between 10:00PM-08:30AM for all devices assigned a "user group" kid1
  2. block traffic between 8:00PM-08:30AM for all devices assigned a "user group" kid2
  3. etc


3. Amount of time that can be used per "user group"

  • I.e. assign 4 hours to all devices in "user group" kid 1
  • Assign amount of hours per day, for example assign 4 hours for Tuesday to Sunday, and Monday is computer free day so is 0 hours.
  • Allow the option when devices are used at the same time that only counts as if one device was being used.



4. Control "access times" and "alloted time on a day"  easy via the unifi App on my phone (and controller)

  • A view that shows "user groups" 
  • Per "user group" "easily" add additional or reduce time or block the "user group" (all devices in that group), s
  • Give an extra 15 minutes or 30 minutes outside the assigned time.
  • Per "user group" easily increase the time one off to end a bit later i.e. this day you can use Internet till 11:00 PM instead of 10:00PM by pressing "add 15 minutes to end time"
  • Block for that day (block button that only blocks that day and goes back to the program by end of day). 


5. Possibility to create "webfiltering profiles" 

  • Options to create "allow lists", "block lists", based on "custom urls"
  • Option to use "predefined website categories" I.e. block categories such as, Adult, Advertising, Dangerous materials, Drugs, Gambling, Malware, Phishing, Redirector, Hate, Violence, etc
  • And then also the option to customize these categories.


6. Per group control assign a "webfiltering profile"



7. Assign firewall rules against "user groups"



8. Have predefined firewall rules / profiles suitable for kids (similar to webfiltering profiles).

  • Then assign a "usergroup" to such a firewall rules profile


Had webfiltering profiles I could assign per device on my synology RT1900AC, that was very usefull. I.e. block the kids from in particular known malware sites was usefull (but also adult and hate I thought very usefull).


9. Allot time per application (use DPI) per "all devices in a user group"

Since the USG already does DPI also define "alloted time" per application (DPI based)

  • I.e. "devices in user group KID1" can use 60 minutes Facetime per day / Kid 1 and all his/her devices can do 60 minutes facebook per day .
  • I.e. "devices in user group KID1" can use 120 minutes Netflix per day


Edit 1: as mentioned below Circle is a very good example, like the level of granularity, easy interface, etc.

Would be nice if something like that were implemented (software wise, or as a separate hw component) .



Edit 2: added tying DPI data to "user  groups".


USB LTE/4G Failover

Submitted by - 3 weeks ago
Status: New Idea

Have a configuration screen to allow the inclusing of USB WAN devices for the USG.  Plenty of workarounds are posted, but nothing direct.


In my example, I've taken a MikroTik, and nat to the usb LTE interface from a VLAN.  That VLAN is trunked on the trunk, a port on the switch is configured for that VLAN and carried to to WAN2.


We really should have a simple built in option to attach devices directly to the USG, then check a box for failover.


Submitted by - a week ago
Status: New Idea

Would be nice if you could include enabling/disabling the SIP ALG helper in the Controller GUI. 


It's lacking even the basics in the Controller, let's hope there are massive improvments to follow soon.

Live Traffic Monitoring

Submitted by - a month ago
Status: New Idea

Ability to monitor live traffic much like the monitoring/debugging features on an ASA.

Add port forwarding configuration to Routing & Firewall settings page

Submitted by - 2 weeks ago
Status: New Idea

Just a feature request to add port forwarding functionality to the above page.  While I appreciate that it's already within its own section of the USG configuration, given its function, it seems to be a logical place for it to exist.  You then have a one stop shop for these related functions.

Don't think you need to remove the functionality from where it is now so much as add it to the page in a similar format as the FW rules are today.

As the page would be irrelevant without a USG, a simple tag similar to other USG dependant functions could be included to ensure folks understand the prerequisites. 

IPTV (VLAN bridge) on USG

Submitted by - 3 weeks ago
Status: New Idea

Many ISPs deliver multiple services with diffrent VLANs.


USG currently works with internet delivered with VLAN tags. "Use VLAN ID" settings in the GUI.


ISP also deliveres IPTV on a seperate VLAN which needs to be only bridged. (NO NAT, NO firewall, nothing) the settop box will request DHCP directly from the ISP


Many of the consumer grade routers have these predefined by country and ISP, or just let the user enterteh VLAN ids.


USG GUI can just enable the option and manual input of these VLAN ids, even dedicate the VOIP port for IPTV instead.


Built OpenVPN Support for Client access

Submitted by -
Status: New Idea

It is i Pain in the rear that there is no  real secured client based VPN support. PPTP is not tthe annswer! Please add a usefull client vpn solution to the USG!

Cold spare

Submitted by - Friday
Status: New Idea

I would like to suggest a cold spare option.


Whilst for some setups it is possible to use HA setups, sometimes there are setups involving DSL (or other) modems in bridged mode where HA doesn't work. In these situations, I typically leave duplicate pre provisioned hardware.



I would really like to suggest the ability to assign a "cold spare" - I envisage usage something along the lines of:


An adopted cold spare has everything other than uplinks to the controller disabled so that we can leave spare hardware at a site

Upon diagnosing a fault, a technician can go to the controller, decommision/mark a device as faulty and then clone it to a pre-adopted "cold spare".

The technician can then tell the client (or other technician) to simply unplug one piece of hardware and swap it for another port by port.


And then carry on like normal...


I see the HA idea being approved and agree that for the long term, a good HA solution would be nice - but as I said, there are some situations where you have DSL bridges or single upstreams where that won't work and you need a cold spare.... In addition, this would be great for switches!


Faster Provisioning of updates

Submitted by - a week ago
Status: New Idea

It takes 1-3 minutes to apply a firewall rule and have the provision out.  Why is the provisioning process so long?  This makes testing a new configuration very very time consuming.

IPSec site-to-site UI won't accept hostnames for peer address for USG

Submitted by - 3 weeks ago
Status: New Idea

In the IPSEC site to site settings for my USG, I have a site with a dynamic address that initiates a vpn to my site with a static address.  It would be helpful if the peer could be listed as a hostname instead of forcing an IP address.

Define DHCP options in UniFi controller.

Submitted by -
Status: Accepted

This is VERY basic. I can't believe that this is not already part of the interface.


You need this for everything from VoIP to Software deployments, ETC.

Better API Support

Submitted by - Thursday
Status: Invalid

A lot of tools out there allow for automation of treatment for endpoints on the network.  This can range from moving an endpoint to a remediation VLAN to killing access all together depending on the health/state of said endpoint.


Currently the API is not officially supported.  Its geared mostly towards the unifi wireless.  It does not provide much control of the Switching and USG portions of unifi.  Previously the last.inform was a goldmine in gatherthing data, however since 5.4.9 it no longer exists...


For control of devices we do have dynamic VLAN assignments via 802.1x, but this functionality is biast towards the wireless gear, as it is near useless on the switches.  You cannot create a VLAN on the switch in which its ID will be used by dynamic VLAN.  Which means it is impossible to get a routeable interface from the USG to the switch as the switch's uplink cannot tag said VLAN...  Additionally dynamic VLAN assignments via 802.1x is lacking by the fact Change of Autorization is not supported by both the AP's and Switches Ubiquiti produces. 


The ask:

Allow the API to be queried for DPI data/VLAN assignments/etc by MAC and/or IP address.

Allow the API to be queried for all data previously found in the inform.last i.e. USG external IP address.

Allow the API to reassign a switch port to a new VLAN when fed a MAC address or switch/port.

Manipulate USG firewall policies through the API.

Assign "Listening IP" for L2TP VPN

Submitted by - a week ago
Status: Accepted

In my setup now, I cannot use Remote User VPN's because my USG is behind another NAT device...


In my situation, this is unavoidable, as I have a device in front of the USG that balance more than 2 ISP connections.


Since the "WAN IP" address of my USG is an internal address, I cannot use the VPN services provided through UniFi because L2TP and other VPN Services do not recognize the incoming packets as valid. 


Maybe adding a configuration option for the real IP address to match VPN packets to would be better?


See this post:



Switch Statistics Granularity

Submitted by - Thursday
Status: New Idea

Using UniFi controller 5.4.11 and UniFi switch 24. While wireless activity can be reported on 24hr, week or month basis, the switch statistics are only available on 24hr (one day at the time) basis. Please add week and month aggregation for switch stats as well.



USG DHCP MAC Address Reservations

Submitted by -
Status: Accepted

it would be great to have the possibility to preconfigure a static IP address for devices inside Controller GUI via MAC Address before you connect the device to the network.