Can we get a custom dashboard widget that has the date/time and uptime? An option for both local/gmt would be good as well. Perhaps this could be used as an example as well. The reason I wan this is that I get too much stale data and a quick place to look would be helpful.
This purpose of this idea is to add enterprise high availability to the USG lineup with minimal development effort. Basically, modify the Unifi controller to allow two gateways to be adopted to a site, one is the Active gateway, the other is Backup/HA device. All traffic processes through the Active firewall, Backup sits idle until an HA event occurs.
1. Active and Backup USG must be the exact same hardware model.
2. Both USGs must be connected to the exact same Layer2 environment on LAN and WAN interfaces. For example, if the Active USG has a 802.1q trunk on the LAN interface and a DHCP WAN connection on the WAN interface, the Backup USG must be cabled in the same way.
3. Connection state information is not maintained between the Active and Backup USG device. This means all NAT sessions will expire during a failover event.
Theory of operation:
[ Failover ]
1. The Active USG carries all Layer3 site traffic and houses all active Layer3 interfaces for the site, just like in a traditional single USG deployment.
2. The Backup USG has no Layer3 interfaces up, with the exception of the HA interface,which is defined as a special network or interface in the Unifi controller and enforced during adoption. (More on this later).
3. A designated HA interface/newtork on each USG is used to send HA heartbeats between the two USGs, as well as sync the commit configuration from the Active to the Backup USG. When the backup USG misses several consecutive HA heartbeats from the Active USG, the Active USG is considered to be down, which triggers the HA failover.
4. The designated interface could be a dedicated hardware interface on the USG -or- could be a Unifi network configured for HA. For example, a network could be configured in Unifi as type "HA", instead of "Coprporte", which would instruct the USGs to use a vlan trunk sub-interface to communicate HA status.
5. When an HA failover event occurs, the Backup USG brings all of the Layer3 interfaces into the up/up state using all of the same interface IPs as the Active USG.
[ Failback ]
1. When the failed USG is repaired and returned to service, the first interface initialized after boot up is the designated HA interface. This interface will be used to check if an Active USG is present by listening for HA heartbeat messages. If not, this unit becomes the Active USG. If one is present, this USG goes into Backup USG mode.
2. Once the Active USG has been found, a config sync is initiated from the Active USG to the backup USG.
3. The freshly booted Backup USG stays in this dormant state until the Active USG fails.
[ HA device onboarding ]
* The site already has an active USG which is adopted by the Unifi controller
* The Unifi controller has an interface/network defined as "HA" and is already provisioned on the Active USG.
* The HA device is cabled up exactly the same as Active USG.
1. The new HA device boots up like a normal USG in a unadopted state, grabs a DHCP address on the management LAN and then advertises itself to the Unifi controller
2. The Unifi controller presents the new USG device as an adoptable device, however instead of the normal "Adopt" link, the link reads "Adopt HA device to EXISTING_USG_DEVICE_NAME"
3. Adopting the HA device will provision the HA device with the exact same configuration as the Active USG, but with all interfaces other than the HA interface/network in the down/down state.
Is it possible to get a Info for the blocked Website.
We have actually a "strange line up" for the Unifi Routing, which is still logic, but as time pass, the newly introduced IDS/IPS will need to be provided at 1 Gbps speed in a "consumer friendly" package
- USG-3P (fanless) : gigabit speed, with 85-90 Mbps IDS/IPS
- USG-4P-Pro (rack mounted) : gigabit speed, with 250-300 Mbps IDS/IPS
- USG-? (fanless) : 10 (?) gigabit speed, with gigabit IDS/IPS
- USG-XG (rack mounted) : 10 gigabit speed, with gigabit IDS/IPS
Sure, this depend on hardware capability from Cavium to deliver the right processor as the right price.
Note : no fancy screen, fancy stuff, just a fanless, small format router, like the USG-3P, easy to deploy at the propoer price for Ubnt and the consumers
So, I know it has been mentioned in other places (Specifically I have included a link to the forum topic) but I would like to create a new idea request specifically for realtime bandwidth activity.
I have ran into several occasions where clients are limited in bandwidth and will call about slow speeds. I would like to be able to see at a glance what the current usage is and, if possible, who is using it. Right now I would settle for just a graph showing the last ~15min - 1hr.
As it stands now, I am going to have to figure out some option of monitoring this. Sadly, in my own home, I am going to be replacing the USG with a PFsense box. It was either this or put in an edgerouter X as a transparent monitor and I would rather keep the device chain smaller. The USG will sit on the shelf as I wait hoping this will be implemented. :-)
I hope the images below will spell out better what I and others like me would like to see. Ubiquiti makes wonderful products and I hope you all will see the potential in this suggestion and implement it.
Looking at the controller I beleve these stats are already gathered so I would hope it wouldn't be too difficult to create a graph on the dashboard showing these stats.
This is ultimately what I would love to see. I am able to see at a glance what the traffic is and who my "top talkers" are.
I would even be OK with just simply something that keeps a live update.
I also have included a link to a couple forum topics discussing this further. Hopefully they might provide more insight as well.
Thank you for your consideration.
I love Ubiquti products, but having installed a USG Pro-4, I'm left disappointed in the lack of basic DHCP and DNS settings that are available. Yes I know, I can probably achieve what I want to in the command line, but I shouldn't have to. The idea of UBNT gear is that it's easy to use.
What's missing are namely:
- The ability to specify (and view an entire list) of statically assigned IP addresses. I shouldn't have to click on each individual device to specify a static IP or check if one has been set.
- The ability to set hostnames for devices that don't specify one (or use a hardcoded IP). I should be able to create my own static DNS entries for devices that hostnames cannot be set for. In addition, the handling of hostnames for devices with static IP's (hardcoded in the device itself) seems broken. I shouldn't have to get an IP from DHCP to be able to browse to it by DNS name.
If you want an example of how it should be done, take a look at pfSense, OPNSense or even Windows services.
When I'm comparing between Meraki Security Devices and USG, I realised a very important feature which USG lacks, which is the support for USB Cellular Stick.
I believe that the support for USB Sticks are crucial for:
1. Deployments that relied on cellular data as their primary connection.
2. Mission critical deployments which use cellular data as their failover.
Other than that, I don't see the reason for UBNT to not support USB Cellular Stick because even a cheap $40 mini router from TP-Link supports this function.
Suggestions on how to deploy support for USB Cellular Stick.
I would suggest UBNT add another option called "USB Cellular Stick" under the USG > WAN > Connection Type.
In the "USB Cellular Stick" Option, I would suggest putting "Country" and "Carrier" with preset settings like the ones shown below:
When we select the preset settings, please show the username and password of the preset settings in a blurred out column below so that we know which APN is used with the preset settings (Some Carriers have multiple APNs).
Other than that, please add a "Custom" settings option under the Username and Password for the APN settings so that we can use custom APNs when the situation requires it.
Personally, I don't think that the Connection Mode and Authentication Type have to be included.
Supported USB Cellular Sticks.
I would suggest UBNT to support only the mainstream USB Sticks since the USG isn't meant to be a cellular modem/router. I'll leave the supported USB Stick list from Meraki and other vendors below for reference:
Lastly, I would suggest UBNT to include a USB port for USB Cellular Stick on the next revised version of USG-3P so that the USG-3P can be deployed as a teleworker gateway.
I have blocked some unwanted ports with a firewall rule and would like to receive an alert when someone tries to connect to these ports. I asked from customer support how to do this and currently there is no way for a firewall rule to trigger an alert. I consider this to be one of the basic functions of a modern firewall.
I'm fully aware that IPv6 can be configured from the CLI now but UniFi is a SDN product which means that all if not most features should be able to be configured from the controller. not from the CLI.
I'm suggesting that UBNT include the IPv6 Settings under WAN settings for USG like as shown below. (Sorry, my drawing isn't very good)
In the IPv6 Connection Type, the following should be included:
1. Native IPv6
2. Tunnel 6to4
3. Tunnel 6in4
4. Tunnel 6rd
5. Static IPv6
Other than that, the following options in the picture should alse be included:
I don't know how Asus did it, but their routers are smart enough to get the right prefix without my intervention, I wish USG will have this feature too.
I wish UBNT will include full IPv6 support into the controller ASAP that is easy to setup without much technical knowledge.
It you be nice that everytime there is a change in the transmission this information was logged, because this coud represent an physical problem.
The TX of an port changed from 1G to 100Mbps, log that.
1000 FDX changed to 10HDX, log that as well...
This should happen for every TX rate change.
In the attachment there is a AP showing 10HDX, and it should be 1000FDX, but there is no log about it... It would helpfull to know when it started, so everyone could troubleshoot the problem better and faster.
I could be a great addition, if it was possible to enable colors og the connections in the Topology map, based on their utilization percentage.
This would be an easy way of visualizing bottlenecks in the infrastructure.
The UI does not give any visibility into whether the USG Gateway was able to obtain any IPv6 prefixes from the upstream provider.
This should be visible in the WAN section:
Similarly, there were no events around obtaining or losing DHCPv6 leases from the WLAN.
Sometimes we find ourselves in the position of remotely looking for a device that should be on the LAN but isn't there now. It would be helpful to see a history of some kind in the client, in the events, or in the Insights list. Something like this:
Even if we only saw the history on Insights when it's on the WIRED screen, that would be helpful. The event history shows the APs which a wireless client was last connected to which is helpful at times, so this would basically be the equivalent. I know it current shows which LAN.
Any one of these three by itself would be helpful in that situation. I don't know which would be easiest to include, but it seems (to me and I'm no dev) like one should be simple - probably with the event log one being simplest.
If somebody has another method to accomplish this, I'd be grateful.
Manual Workaround: UPDATE 1/25/2017:
I have a couple of networks where I will never replace the router (for one I can't - it's provided as part of the environment) but I would still like to have stats in the controller.
I would like to see a pass through mode for the USG where it passes traffic with no NAT, no firewall rules, no DHCP, etc. Just analyzes traffic.
Even better - a monitor mode where I could feed a USG a mirror of the port that goes to my exising router so I don't have to have latency of the USG in the packets path. Use it as a sensor, basically.
I think you guys would sell a boatload of USGs if you supported this!
EDIT: It appears to be on the roadmap: https://community.ubnt.com/t5/UniFi-Routing-Switching/USG-Feature-Roadmap-January-2017-update/m-p/1792230#M31948
In Progress / Near Future
- DPI support in passthrough mode or on monitor interface
Can support be added for updating DDNS when a WAN connection fails?
Currently, when WAN1 fails over to WAN2, DDNS is not updated. This is true even if the same DDNS settings are entered in both WAN sections.
Additionally, if DDNS is manually updated when WAN2 becomes active, DDNS is not updated again when WAN1 is restored. This I believe to be a bug, but the restoral of WAN1 should trigger an update to DDNS as well, even if WAN2 is still active.
This would apply to failover WAN only and not load-balanced connections.
Please and thanks.
Right now there two amazing EdgeRouters are launched, the EdgeRouter 4 and EdgeRouter 6. Both perform great for an affordable price in a compact and energy efficient form-factor. It would be very nice if we could have those routers with UniFi software, using them as USG's.
The routing performance is impressive:
|1518 bytes throughput||3 Gbps||4 Gbps||4 Gbps||6 Gbps|
|1518 bytes pps||240,000||320,000||320,000||490,000|
|64 bytes throughput||512 Mbps||1.2 Gbps||1.8 Gbps||1.8 Gbps|
|64 bytes pps||1,000,000||2,400,000||3,400,000||3,400,000|
If you compare the features you see that the ER-4 and ER-6 would be great additions.
|CPU||Dual-core 500Mhz||Dual-core 1GHz||Quad-core 1GHz||Quad-core 1GHz|
The ER-6P's five gigabit RJ45 ports can deliver 24 and 48 volt PoE, with 60 watt max. That's perfect to power up to 5 access points (AC Pro / AC IW Pro / AC Mesh Pro). It would be the perfect set-up for a small unifi installation: Just the USG-6P and 5 access points, plus the SFP for uplink.
I think a USG-4 and USG-6P would be amazing additons to the current USG line-up. If priced the same as the EdgeRouter versions it would be killer routers.
|CPU||Quad-core 1GHz||Quad-core 1GHz|
- msemisch on: UniFi - USG 4 PRO Info on Blocked Website
- niclivewireauto on: Log all the changes of the transmition rates
- wayne-wickens on: Publish SCOM (System Center) Management Pack or work with Microsoft to certify
- UBNT-benpin on: Add a comment field in Unifi Firewall Groups
- UBNT-cmb on: USG High Availability - Active/Standby failover
- jposluns on: Allow IPS / IDS to be configured to monitor the WAN port only.
- justme1968 on: 1 Gbps IDS/IPS capable router for the Unifi USG lineup
- GJ007 on: USG Pro - DOM Support
- 0xE1 on: (PoE-) Switch with 24/48 gigabit ports and 4 SFP+ ports
- SpicySpice on: DHCP & DNS servers need significant work
- Add SNMP Location/Contact to columns under Devices
- WAN aggregation between 2 USG
- Backup to remote location
- Custom dashboard - date / time / uptime
- UniFi - USG 4 PRO Info on Blocked Website
- ISP Outage Reporting
- USG Multiple Routing Table for Multi WAN same time support.
- Log all the changes of the transmition rates
- Object based Firewall rules
- USG / Unifi Controller - auto-manage port forwarding for controller itself