Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

×
New Idea

Allow configuration of USG web UI listen address

Submitted by - 2 weeks ago
Status: New Idea

We should allow configuring the "service gui listen-address" config node to restrict which IPs the UI binds. 

 

Requested here for instance. 

Topology map - connection color based on utilization

Submitted by -
Status: New Idea

I could be a great addition, if it was possible to enable colors og the connections in the Topology map, based on their utilization percentage.

 

This would be an easy way of visualizing bottlenecks in the infrastructure.Capture.PNG

Include support for USB Cellular Stick in USG.

Submitted by -
Status: New Idea

When I'm comparing between Meraki Security Devices and USG, I realised a very important feature which USG lacks, which is the support for USB Cellular Stick.  

 

I believe that the support for USB Sticks are crucial for:

1. Deployments that relied on cellular data as their primary connection. 

2. Mission critical deployments which use cellular data as their failover. 

 

Other than that, I don't see the reason for UBNT to not support USB Cellular Stick because even a cheap $40 mini router from TP-Link supports this function.

 

Suggestions on how to deploy support for USB Cellular Stick. 

I would suggest UBNT add another option called "USB Cellular Stick" under the  USG > WAN > Connection Type.

 

In the "USB Cellular Stick" Option, I would suggest putting "Country" and "Carrier" with preset settings like the ones shown below:

Screenshot from 2017-04-22 10-51-48.png

 

When we select the preset settings, please show the username and password of the preset settings in a blurred out column below so that we know which APN is used with the preset settings (Some Carriers have multiple APNs). 

 

Other than that, please add a "Custom" settings option under the Username and Password for the APN settings so that we can use custom APNs when the situation requires it.

 

Personally, I don't think that the Connection Mode and Authentication Type have to be included. 

 

Supported USB Cellular Sticks.

I would suggest UBNT to support only the mainstream USB Sticks since the USG isn't meant to be a cellular modem/router. I'll leave the supported USB Stick list from Meraki and other vendors below for reference:

https://documentation.meraki.com/MX-Z/Cellular/3G_-_4G_Cellular_Failover#Supported_USB_Modems

http://www.tp-link.com.my/support/3g-comp-list.html?model=TL-MR3020

https://www.asus.com/event/networks_3G4G_support/

http://www.dovado.com/en/support/modems

 

Lastly, I would suggest UBNT to include a USB port for USB Cellular Stick on the next revised version of USG-3P so that the USG-3P can be deployed as a teleworker gateway.

 

Easily block an entire country

Submitted by -
Status: Accepted

I'd like to be able to quickly block an entire country worth of IP addresses. This is trivial for a small country, say Cambodia, but with China having over 7000 assigned IP blocks this gets to be a really big headache. Ideally, I'd like a drop-down list of countries to block, and have the IP blocks for those countries pulled dynamically from somewhere like IPDeny

 

Double bonus points if I can tell it "only allow from USA, drop everything else."  

 

This is gonna take all week.....This is gonna take all week.....

As an interim measure, can you at least let me copy and paste a huge list of IP blocks?

[USG] [Kernelperformance] Backport fq_codel fixes from 4.4

Submitted by -
Status: New Idea

Hey i checked the usg kernel and it uses a pretty old cpu intensive version of fq_codel

 

There were changes made in the 4.4 Kernel but they should be backportable to the kernel you guys are using.

https://lists.bufferbloat.net/pipermail/codel/2016-May/002220.html

 

Most notable are the results (Quote from the link above.):

Thus far this batch drop patch is testing out beautifully. Under a
900Mbit flood going into 100Mbit on the pcengines apu2,  cpu usage for
ksoftirqd now doesn't crack 10%, where before (under
pie,pfifo,fq_codel,cake & the prior fq_codel) it went to 88% and
ultimately bad things happened, like losing routability.

I've had it running for hours and I hardly notice it's there.

Performance for the normal cc controlled and/or sparse flows is
unaffected, aside from the uncontrolled flows eating their percentage
of the link.

Nice work. Thx. This should go into -stable.

 

Can some dev try to apply that in his freetime and check how much it really improves the ksoftirqd cpu usage on ubiquiti hardware ?

 

I would try to compile the kernel myself but i have no idea how that works with the sdks and changes you guys did. 

Include IPv6 Settings into the Controller.

Submitted by -
Status: Accepted

I'm fully aware that IPv6 can be configured from the CLI now but UniFi is a SDN product which means that all if not most features should be able to be configured from the controller. not from the CLI.

 

I'm suggesting that UBNT include the IPv6 Settings under WAN settings for USG like as shown below. (Sorry, my drawing isn't very good)

Screenshot from 2016-12-23 23-38-11.png

In the IPv6 Connection Type, the following should be included:

1. Native IPv6

2. Tunnel 6to4

3. Tunnel 6in4

4. Tunnel 6rd

5. Static IPv6

 

Other than that, the following options in the picture should alse be included:

Screenshot from 2016-12-23 23-50-01.png

 

I don't know how Asus did it, but their routers are smart enough to get the right prefix without my intervention, I wish USG will have this feature too.

 

I wish UBNT will include full IPv6 support into the controller ASAP that is easy to setup without much technical knowledge. Ubnt Banana

 

Thank you.

Jack.

L2TP 2FA Support

Submitted by - 2 weeks ago
Status: New Idea

Would it be possible to implement 2FA into the L2TP setup on UniFi?

USG - WAN 1+2 bundling for a higher bandwidth !

Submitted by - a month ago
Status: New Idea

It would be a very cool feature, if you could combine 2 WAN ports of the security gateway for more download and upload bandwidth. Currently there are 2 possibilities:

 

  • Load Balancing
  • Backup WAN.

 

I would like to bundle the speeds of 2 WAN ports.

Provider 1: 500mbit down / 100mbit up

Provider 2: 500mbit down / 100mbit up

= 1000mbit down / 200mbit up :-)

 

That would be a very cool feature ! Pls iclude this feature if it´s possible.

PS: Sorry for my bad english. (come from German)

 

Thanks

with best regards

Christian

USW - disable or dim port LEDs

Submitted by - a month ago
Status: New Idea

For home use, I'd really like the switch port lights to be a little bit dimmer or even completely off.

 

The switch is somewhat visible, so I'd rather not have to have black tape making it look bad. The AirPort Time Capsules my UniFi gear is replacing had very tiny, dim port lights, which were fine because they didn't light up the room at night.

 

I know there have been some threads on this, but I haven't seen a feature request specifically, so figured I'd track it here too.

USG site-to-site VPN enhancements

Submitted by -
Status: New Idea

Advanced options settings should be more through for Site-to-Site VPNs in the controller.

 

Break out Phase 1 / Phase 2 parameters where applicable.

Configurable lifetime.

Secondary / Backup peer IP.

 

SHA384/512 integrity if the hardware supports it.  (256 was accepted in another idea.)

Additionally, AES-GCM 128/256 if the hardware supports it, but it might be a stretch.

Built OpenVPN Support for Client access

Submitted by -
Status: New Idea

It is i Pain in the rear that there is no  real secured client based VPN support. PPTP is not tthe annswer! Please add a usefull client vpn solution to the USG!

USG passthrough/monitor mode

Submitted by -

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

UPDATE 8/1/2017:  Instructions on how to disable NAT are now provided by @UBNT-cmb here:  

 

https://community.ubnt.com/t5/UniFi-Routing-Switching/Guide-to-disabling-NAT-on-USG/m-p/2012460#M52511

 

While not bridge mode, this should enable a USG to be somewhat transparently inserted into your Internet uplink for monitoring only.  Now to test!

 

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

 

Original Post:

 

I have a couple of networks where I will never replace the router (for one I can't - it's provided as part of the environment) but I would still like to have stats in the controller.

 

Inspired by this thread:  https://community.ubnt.com/t5/UniFi-Routing-Switching/USG-behing-firewall-transparent-mode/m-p/1534439#M13229

 

I would like to see a pass through mode for the USG where it passes traffic with no NAT, no firewall rules, no DHCP, etc.  Just analyzes traffic.

 

Even better - a monitor mode where I could feed a USG a mirror of the port that goes to my exising router so I don't have to have latency of the USG in the packets path. Use it as a sensor, basically.  

 

I think you guys would sell a boatload of USGs if you supported this!  

 

EDIT:  It appears to be on the roadmap:  https://community.ubnt.com/t5/UniFi-Routing-Switching/USG-Feature-Roadmap-January-2017-update/m-p/1792230#M31948

 

Specificially:

 


In Progress / Near Future

  • DPI support in passthrough mode or on monitor interface

 

Thanks @UBNT-cmb

SFP+ ports in smallest switches

Submitted by -
Status: New Idea
At the moment only the 48 port UniFi switch features SFP+ ports.
It would be nice to have two of them available in both the 24 and 16 ports variants? I'm thinking about having a 10Gbps connection to a NAS then serving multiple gigabit clients.

Fingers crossed! Man Happy

USG OpenVPN client w/GUI support

Submitted by -
Status: Accepted

An OpenVPN client for the USG with GUI support.  Routes ALL WAN traffic through the tunnel without additional confugration when the client is connected.  Should by default accept DNS settings sent from the VPN server etc.  You get the idea, limit what ISPs can do to collect, profile, and sell personally identifiable data.

Speedtest execution on controller

Submitted by - a month ago
Status: New Idea

Hello

 

The speedtest python script that runs on my usg has weird latency and performance compared to running the same settings on my controller. From what i read on the forums it's due to the lack of performance on the cpu and hardware offload missing. As many unifi deployment have a controller-to-site ratio of 1:1 maybe you should let customers decide if they want to run the script on the controller rather than on the USG and letting the customers pick the server, just give us a toggle(auto/manual select) and a field to compile to pick the preferred server(just the numeric id).

Blocking websites (new legal background)

Submitted by -
Status: New Idea

I suggest to add a functionality in the controller GUI to block websites (for all LAN or specific ones).

 

Entries might be done manually or as import of a CSV file.

 

I know this has been already suggested. But now there is a new legal background:

 

Background: EU/Germany changed the so called liability for disturbance.

 

Cafes and hotels are more or less granted the provider privileges. In case a guest breaks the laws e.g. by providing movies illegally, the provider of the hotspot or guest wlan is not liable for this.

 

But they might be forced by court to block several websites. Facing that a lot of cafes and hotels are using unifi, I really recommend to provide this feature. Using additional boxes or service providers is even financially besides technical complexity not a good approach for them.

 

 

SFP+ on 16 and 24 port switches

Submitted by -
Status: New Idea

I would love to see SFP+ ports on all switches. We currently have the 16XG as the center of our fiber backbone which is all 10g fiber going to the seperate building on our campus which has nothing but SFP+. 2 of our switches are the Edgemax 48 and we have thoes along with our main file server connected at 10Gb, but all our other switches are 24's with a couple 16 and 8's thrown in.

 

It would be nice to have a 10Gb connection between all the switchs reguardless of how many ports are needed. I would pay extra for a SFP+ option

View CPU Ram and temperature on USG's

Submitted by -
Status: Implemented

It would be great to be able to see the CPU and RAM Usage on the USG I know this can be done via SSH. But it would be very nice to see how much is in use just like what you guys have done with the AP's on the latest version of UniFi. Adding a temperature reading as well would be a bonus 

 

- Tom 

Traffic stats per month

Submitted by -
Status: New Idea

I want to see traffic use per month to compare to last month traffic.

I use it on sites with 3g/4g modem so I want to see from month to month how much data traffic thats been used.

Could also be interesting to see at my other places so that I can compare traffic stat and compare per month

Expanded options for IPSEC Peer-ID

Submitted by -
Status: Accepted

It would be nice if the controller and USG supported the ability to use FQDN/Email address as Peer-IDs. This is supported by StrongSWAN and should only require some basic sanity checking in the GUI. Since SWAN can already perform DNS lookups to match the FQDN to an IP, that would be relatively simple. For Email address, possibly add an extra field.

 

I would like this as some client sites have dynamic IPs and though we have DDNS working, it is a pain in the neck to have to re-IP multiple tunnels when an IP changes.