Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

×
New Idea

Port range forwarding to different range

Submitted by - 2 weeks ago
Status: New Idea

Currently, it is only possible to forward from 5001-5005 to 5001-5005.
It would be nice if you can do something like 5001-5005,5009  to 6002-6006,6010 wiithout create rules on every ports

DPI Date Filter & Last Cleared Date

Submitted by - 3 weeks ago
Status: New Idea

It would be nice if you could filter through DPI data by date which I realize could take a bit to implement.  

 

 

On an easier front, It would be super helpful if it showed the last time the DPI stats were cleared in the controller.

Dynamic DNS per WAN interface

Submitted by - Friday
Status: Implemented

Hi, I would like to suggest an improvement to the UniFi GUI regarding USG dynamic dns.

 

I already see that some people requested the ability to just call an url when the IP address changes. That would be awesome but belongs to the original thread.

 

The topic here is to allow the Dynamic DNS to run from each WAN interface. I may need the IP address of both WAN1 and WAN2 linked to a ddns service. On linux, I am used to doing this by issuing "curl --interface ppp0" ... and the url call will go through the interface I told curl to use. The Dynamic DNS service will see the originating IP and all works fine.

 

So, if you ever develop the Custom URL dyndns feature, remember to add an option to chose which WAN to use (and default to use the main/active WAN interface).

Include support for USB Cellular Stick in USG.

Submitted by -
Status: New Idea

When I'm comparing between Meraki Security Devices and USG, I realised a very important feature which USG lacks, which is the support for USB Cellular Stick.  

 

I believe that the support for USB Sticks are crucial for:

1. Deployments that relied on cellular data as their primary connection. 

2. Mission critical deployments which use cellular data as their failover. 

 

Other than that, I don't see the reason for UBNT to not support USB Cellular Stick because even a cheap $40 mini router from TP-Link supports this function.

 

Suggestions on how to deploy support for USB Cellular Stick. 

I would suggest UBNT add another option called "USB Cellular Stick" under the  USG > WAN > Connection Type.

 

In the "USB Cellular Stick" Option, I would suggest putting "Country" and "Carrier" with preset settings like the ones shown below:

Screenshot from 2017-04-22 10-51-48.png

 

When we select the preset settings, please show the username and password of the preset settings in a blurred out column below so that we know which APN is used with the preset settings (Some Carriers have multiple APNs). 

 

Other than that, please add a "Custom" settings option under the Username and Password for the APN settings so that we can use custom APNs when the situation requires it.

 

Personally, I don't think that the Connection Mode and Authentication Type have to be included. 

 

Supported USB Cellular Sticks.

I would suggest UBNT to support only the mainstream USB Sticks since the USG isn't meant to be a cellular modem/router. I'll leave the supported USB Stick list from Meraki and other vendors below for reference:

https://documentation.meraki.com/MX-Z/Cellular/3G_-_4G_Cellular_Failover#Supported_USB_Modems

http://www.tp-link.com.my/support/3g-comp-list.html?model=TL-MR3020

https://www.asus.com/event/networks_3G4G_support/

http://www.dovado.com/en/support/modems

 

Lastly, I would suggest UBNT to include a USB port for USB Cellular Stick on the next revised version of USG-3P so that the USG-3P can be deployed as a teleworker gateway.

 

Include IPv6 Settings into the Controller.

Submitted by -
Status: Accepted

I'm fully aware that IPv6 can be configured from the CLI now but UniFi is a SDN product which means that all if not most features should be able to be configured from the controller. not from the CLI.

 

I'm suggesting that UBNT include the IPv6 Settings under WAN settings for USG like as shown below. (Sorry, my drawing isn't very good)

Screenshot from 2016-12-23 23-38-11.png

In the IPv6 Connection Type, the following should be included:

1. Native IPv6

2. Tunnel 6to4

3. Tunnel 6in4

4. Tunnel 6rd

5. Static IPv6

 

Other than that, the following options in the picture should alse be included:

Screenshot from 2016-12-23 23-50-01.png

 

I don't know how Asus did it, but their routers are smart enough to get the right prefix without my intervention, I wish USG will have this feature too.

 

I wish UBNT will include full IPv6 support into the controller ASAP that is easy to setup without much technical knowledge. Ubnt Banana

 

Thank you.

Jack.

Topology map - connection color based on utilization

Submitted by -
Status: New Idea

I could be a great addition, if it was possible to enable colors og the connections in the Topology map, based on their utilization percentage.

 

This would be an easy way of visualizing bottlenecks in the infrastructure.Capture.PNG

Allow configuration of USG web UI listen address

Submitted by -
Status: New Idea

We should allow configuring the "service gui listen-address" config node to restrict which IPs the UI binds. 

 

Requested here for instance. 

Easily block an entire country

Submitted by -
Status: Accepted

I'd like to be able to quickly block an entire country worth of IP addresses. This is trivial for a small country, say Cambodia, but with China having over 7000 assigned IP blocks this gets to be a really big headache. Ideally, I'd like a drop-down list of countries to block, and have the IP blocks for those countries pulled dynamically from somewhere like IPDeny

 

Double bonus points if I can tell it "only allow from USA, drop everything else."  

 

This is gonna take all week.....This is gonna take all week.....

As an interim measure, can you at least let me copy and paste a huge list of IP blocks?

[USG] [Kernelperformance] Backport fq_codel fixes from 4.4

Submitted by -
Status: New Idea

Hey i checked the usg kernel and it uses a pretty old cpu intensive version of fq_codel

 

There were changes made in the 4.4 Kernel but they should be backportable to the kernel you guys are using.

https://lists.bufferbloat.net/pipermail/codel/2016-May/002220.html

 

Most notable are the results (Quote from the link above.):

Thus far this batch drop patch is testing out beautifully. Under a
900Mbit flood going into 100Mbit on the pcengines apu2,  cpu usage for
ksoftirqd now doesn't crack 10%, where before (under
pie,pfifo,fq_codel,cake & the prior fq_codel) it went to 88% and
ultimately bad things happened, like losing routability.

I've had it running for hours and I hardly notice it's there.

Performance for the normal cc controlled and/or sparse flows is
unaffected, aside from the uncontrolled flows eating their percentage
of the link.

Nice work. Thx. This should go into -stable.

 

Can some dev try to apply that in his freetime and check how much it really improves the ksoftirqd cpu usage on ubiquiti hardware ?

 

I would try to compile the kernel myself but i have no idea how that works with the sdks and changes you guys did. 

L2TP 2FA Support

Submitted by -
Status: New Idea

Would it be possible to implement 2FA into the L2TP setup on UniFi?

USG site-to-site VPN enhancements

Submitted by -
Status: New Idea

Advanced options settings should be more through for Site-to-Site VPNs in the controller.

 

Break out Phase 1 / Phase 2 parameters where applicable.

Configurable lifetime.

Secondary / Backup peer IP.

 

SHA384/512 integrity if the hardware supports it.  (256 was accepted in another idea.)

Additionally, AES-GCM 128/256 if the hardware supports it, but it might be a stretch.

Option to select Speed Test Service and Server

Submitted by - 4 weeks ago
Status: New Idea

Hi,

 

I don't know which service and server is current using to Speed Test.

Would be nice if we could select Speed Test Service (speedtest.net, simet.nic.br, etc) and also which server we would like to use in speed test.

The idea is to have some settings in Unifi Controller.

 

Today from Brazil I'm having 100% more latency in Unifi Speed Test and about 5% less bandwidth (comparing with speedtest.net with BR server or simet.nic.br.

Provide a USG AMI on Amazon EC2

Submitted by - 3 weeks ago
Status: New Idea

I have a remote network in AWS that I'd like to make just another Site in my Unifi controller with a USG managing all the routing/firewall.  If Ubiquiti offered an EC2 AMI that was the USG software, I could easily weave this into my AWS VPC as the firewall for that private network.

 

This would let me treat my cloud network like just another extentsion of my network.  I could manage routing / firewall rules to/from it in USG like any other site, rather than needing to manage AWS networks with yet a different and more complex interface than Unifi.  

dns address in forward rule / Firewall rule

Submitted by - 3 weeks ago
Status: New Idea

Hi,

 

maybe it is possible to add following request.

 

- to add a DNS address at the PORT FORWARD RULE or for the FIREWALL RULE in the ´"from" form at the moment it looks like for me that it is only possible to add some ip addresses (i receive following message: "This field can have an IP address, a range of IP addresses separated by a dash (-), or a subnet.").  

 Bildschirmfoto 2017-08-27 um 11.06.33.png

 

But i need to enter some dns adresses becaus, i have some remote sites with a dyndns address

 

thanks

 

best regards

See DPI data for past month.

Submitted by -
Status: Accepted

My company is trying to find creative ways to help sell the idea of monthly subscriptions to monitor there network. We feel if we could send them a monthy report of upgrades that were performed, crashes, and DPI data for the last month it would create more value in a monthly service contract.

 

Thanks

More flexible periodic speed test

Submitted by - 4 weeks ago
Status: New Idea

Today is possible to choose between 10 and 49 minutes to run the speed test.

Why is not possible to choose every hour or every 2 hours or also only one time per day?

 

I have a very stable internet connection (dedicated optical fiber). So why I have to use bandwidth to test every 49 minutes?

 

One / two times a day is enough.

"Request" Add ability to see WAN1 and WAN2 Internet Status.

Submitted by -
Status: New Idea

It would be great to be able to see the status of the "Internet" connection on WAN1 and WAN2 in the GUI.  I have set up numerous USGs that use WAN2 as failover, but have no way of seeing the active internet status of each port.  The only thing that shows in the GUI is the Connection to the Modem.

USG OpenVPN client w/GUI support

Submitted by -
Status: Accepted

An OpenVPN client for the USG with GUI support.  Routes ALL WAN traffic through the tunnel without additional confugration when the client is connected.  Should by default accept DNS settings sent from the VPN server etc.  You get the idea, limit what ISPs can do to collect, profile, and sell personally identifiable data.

USG passthrough/monitor mode

Submitted by -

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

It Works: UPDATE 9/13/2017:  Instructions on how to disable NAT are now provided by @UBNT-cmb here  

 

 

Steps to make it work by @ecomerc here :

 

Here are the corrective items
1) Add the USG internal network(s) to "Network Protection" -> "Firewall" as the source for all outgoing rules
2) Add the USG internal network(s) to the "Network Protection" -> "NAT" masqerading sources
3) My major fault. make sure the USG internal networks are NOT assigned the the UTM already: "Interfaces & Routing" -> "Interfaces" -> "Additional Addresses"

then it works.

 

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

 

Original Post:

 

I have a couple of networks where I will never replace the router (for one I can't - it's provided as part of the environment) but I would still like to have stats in the controller.

 

Inspired by this thread:  https://community.ubnt.com/t5/UniFi-Routing-Switching/USG-behing-firewall-transparent-mode/m-p/1534439#M13229

 

I would like to see a pass through mode for the USG where it passes traffic with no NAT, no firewall rules, no DHCP, etc.  Just analyzes traffic.

 

Even better - a monitor mode where I could feed a USG a mirror of the port that goes to my exising router so I don't have to have latency of the USG in the packets path. Use it as a sensor, basically.  

 

I think you guys would sell a boatload of USGs if you supported this!  

 

EDIT:  It appears to be on the roadmap:  https://community.ubnt.com/t5/UniFi-Routing-Switching/USG-Feature-Roadmap-January-2017-update/m-p/1792230#M31948

 

Specificially:

 


In Progress / Near Future

  • DPI support in passthrough mode or on monitor interface

 

Thanks @UBNT-cmb

Built OpenVPN Support for Client access

Submitted by -
Status: New Idea

It is i Pain in the rear that there is no  real secured client based VPN support. PPTP is not tthe annswer! Please add a usefull client vpn solution to the USG!