Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

×
New Idea

2.5GbE and 5GbE PoE

Submitted by - Monday
Status: New Idea

The latest generation of WiFi Access Points here in Q4 of 2017 from your competitors seems to be leaning towards 2.5GbE and 5GbE PoE+ for better bandwidth, less cable runs being necessary, and a reason for them to market their 2.5GbE PoE+ capable switches.  When will we see UniFi switches that have this capability?

[USG] Domain overrides in the DNS forwarder/resolver

Submitted by - 2 weeks ago
Status: Duplicate

Along with the ability to make direct host entries into DNS managed by Unifi, there really needs to be a way to also enter domain overrides as well.  The biggest use case for me is for sites with Active Directory.  With pfSense I can enter the forward and reverse zones and I get all my clients identified in stats and reporting - it's very nice!  Unifi desperately needs this as well!

 

Example:

Screen Shot 2017-11-11 at 12.56.59.png

 

 

Enable Zone Based Firewall in the Unifi USG

Submitted by - 3 weeks ago
Status: Duplicate

Zone firewalls were implemented in the EdgeRouters recently, and it always made WAY more sense to me than ACL based firewall rules.  I realize we just got ACL based firewall rules in the Unifi GUI - hopefully while that's still fresh it would be fairly simple to reuse a lot of that work to enable the zone firewall as well CoolgleamA

 

This thread in particular was a good discussion about this:  https://community.ubnt.com/t5/UniFi-Routing-Switching/Prevent-controller-from-pushing-down-firewall-settings-to-USG/m-p/1899307#M42575 

 

@iu4s9akkddja posted an excellent link on zone routers and in particular I liked the persons summary of zone firewalls vs. ACL firewalls:

 


While an ACL firewall can be easier to set up for simple networks such as the one in this example, a zone-based firewall is conceptually simpler (in my opinion at least) and less susceptible to the sorts of mistakes that can open up your network to the outside.


USG Threat-Detection Anti-DDoS Rate-Limiting

Submitted by -
Status: New Idea

I would like to submit a formal request for intelligent rate limiting for anti-flooding/anti-DDoS protection in the USG. See threat-detection in Cisco terms.

 

19" brackets for 8-Port Switch

Submitted by - a month ago
Status: New Idea

Hello,

 

I'm very often facing the situation where I need to install a 8 Port Switch (150W POE) in a 19" Rack. This ist only possible with the help of a shelf with costs me usually 1Unit of space. Using a 16Port Switch is simply to expensive. As well, sometimes we need to mount the switch in a wall mount (hanging) cabinet... 

 

So could you please think about manufacturing larger brackets for the 8-Port Switches?

 

thanks

ben

Include IPv6 Settings into the Controller.

Submitted by -
Status: Accepted

I'm fully aware that IPv6 can be configured from the CLI now but UniFi is a SDN product which means that all if not most features should be able to be configured from the controller. not from the CLI.

 

I'm suggesting that UBNT include the IPv6 Settings under WAN settings for USG like as shown below. (Sorry, my drawing isn't very good)

Screenshot from 2016-12-23 23-38-11.png

In the IPv6 Connection Type, the following should be included:

1. Native IPv6

2. Tunnel 6to4

3. Tunnel 6in4

4. Tunnel 6rd

5. Static IPv6

 

Other than that, the following options in the picture should alse be included:

Screenshot from 2016-12-23 23-50-01.png

 

I don't know how Asus did it, but their routers are smart enough to get the right prefix without my intervention, I wish USG will have this feature too.

 

I wish UBNT will include full IPv6 support into the controller ASAP that is easy to setup without much technical knowledge. Ubnt Banana

 

Thank you.

Jack.

Include support for USB Cellular Stick in USG.

Submitted by -
Status: New Idea

When I'm comparing between Meraki Security Devices and USG, I realised a very important feature which USG lacks, which is the support for USB Cellular Stick.  

 

I believe that the support for USB Sticks are crucial for:

1. Deployments that relied on cellular data as their primary connection. 

2. Mission critical deployments which use cellular data as their failover. 

 

Other than that, I don't see the reason for UBNT to not support USB Cellular Stick because even a cheap $40 mini router from TP-Link supports this function.

 

Suggestions on how to deploy support for USB Cellular Stick. 

I would suggest UBNT add another option called "USB Cellular Stick" under the  USG > WAN > Connection Type.

 

In the "USB Cellular Stick" Option, I would suggest putting "Country" and "Carrier" with preset settings like the ones shown below:

Screenshot from 2017-04-22 10-51-48.png

 

When we select the preset settings, please show the username and password of the preset settings in a blurred out column below so that we know which APN is used with the preset settings (Some Carriers have multiple APNs). 

 

Other than that, please add a "Custom" settings option under the Username and Password for the APN settings so that we can use custom APNs when the situation requires it.

 

Personally, I don't think that the Connection Mode and Authentication Type have to be included. 

 

Supported USB Cellular Sticks.

I would suggest UBNT to support only the mainstream USB Sticks since the USG isn't meant to be a cellular modem/router. I'll leave the supported USB Stick list from Meraki and other vendors below for reference:

https://documentation.meraki.com/MX-Z/Cellular/3G_-_4G_Cellular_Failover#Supported_USB_Modems

http://www.tp-link.com.my/support/3g-comp-list.html?model=TL-MR3020

https://www.asus.com/event/networks_3G4G_support/

http://www.dovado.com/en/support/modems

 

Lastly, I would suggest UBNT to include a USB port for USB Cellular Stick on the next revised version of USG-3P so that the USG-3P can be deployed as a teleworker gateway.

 

SSL VPN for USG

Submitted by - a month ago
Status: Duplicate

I've seen some topics around this, but not the exact one as far as I could find.

 

I would really suggest having SSL VPN for remote users on the USG.

Now, we are forced in using L2TP or PPTP. The issue with this, is that most secure networks don't allow these types of connections and are blocked.

 

Using SSL VPN, which uses port 443, is automatically allowed.

 

I've asked if it's possible to set the L2TP or PPTP to a different port, but this was not possible.

 

So; feature request: SSL VPN for remote users on the USG!

Use IPSEC and/or PPTP/L2TP vpn tunnel as Site-to-Site with Dynamic Routing

Submitted by - 2 weeks ago
Status: New Idea

Hi,

sometimes it could be useful to use these kind of protocols as site-to-site vpn in interface mode instead of simple tunnel.

 

For example Mikrotik could use that as interface, and runs dynamic routing protocol such as OSPF over PPtP or L2TP interface binding.

 

Regards!

USG UTM Anti-malware/Antivirus

Submitted by -
Status: Duplicate

To compete with some of the other SOHO firewall appliances out there, it would be great if the USG could perform packet/data filtering based on signatures. The intent would be to use the USG as an appliance to filter out malware based on signature. A similar-priced product that has this feature is the Sonicwall TZ series.

Topology map - connection color based on utilization

Submitted by -
Status: New Idea

I could be a great addition, if it was possible to enable colors og the connections in the Topology map, based on their utilization percentage.

 

This would be an easy way of visualizing bottlenecks in the infrastructure.Capture.PNG

Request for providing WAN 1 and WAN 2 active or down status on dashboard

Submitted by -
Status: New Idea

Dear Concern,

 

I am using unif USG Pro. In my case I am using both WAN port, WAN 1 is primary with higher bandwidth from ISP 1 and WAN 2 is secondry with low bandwidth from ISP 2. WAN 2 is configure for load balance and carry only 10% of actual. First thing is that on controller dashboard not a single option show us both port are active, like number of active AP's and Second thing is that when WAN 1 goes down not a single alert or event occured in log.    

 

 

Kindly provide the option for this, so it is very easy to understand which WAN link is down. 

Address group import/update from web list/file

Submitted by -
Status: New Idea

Hello,

I'd like to be able to setup a IP address group from an external source(spamhaus or a standard text file for instance) and keep it updated without having to manage it by manual intervention. That way I could set up a deny/block IP rule to drop traffic from unreliable/unsafe hosts.

Easily block an entire country

Submitted by -
Status: Accepted

I'd like to be able to quickly block an entire country worth of IP addresses. This is trivial for a small country, say Cambodia, but with China having over 7000 assigned IP blocks this gets to be a really big headache. Ideally, I'd like a drop-down list of countries to block, and have the IP blocks for those countries pulled dynamically from somewhere like IPDeny

 

Double bonus points if I can tell it "only allow from USA, drop everything else."  

 

This is gonna take all week.....This is gonna take all week.....

As an interim measure, can you at least let me copy and paste a huge list of IP blocks?

DHCP Reservations list

Submitted by -
Status: Duplicate
Would be nice and better to have a DHCP reservations page. Where I could see a list of all the DHCP static IPs that I have set. Would help me organize my network settings

Next Gen US 8-150W

Submitted by - 4 weeks ago
Status: New Idea

Hi, 

 

the current US 8-150W is certainly a good product but is missing out on some new developments.

 

In environments where noise is of the essence and a cabinet is not available the fanless design and rather small build factor is great, however there are three areas the device could be extended and also close a gap in the portfolio - it could be a US 12-225W for example.

 

1. Up to 12 Ports - not necessarily all of them POE+ powered.

2. Upgrade the SFP Portsmto SFP+ Ports, allowing the device to be connected to a e.g. Core switch US-16 XG, without creating a bottleneck compared to the 8-150W

3. Adding two 10 Gig/Multi Gig Copper Ports (e.g. Local connection to NAS, AP etc. - potentially powered)

 

This would be really something unique in the Market, addressing small enterprises and SOHO as well.

 

Currently there is only one product available close to that, what I unfortunately need to use in the meantime - the upcoming Netgear  GS110EMX.

 

best regards

 

Martin

[USG] Dead peer detection in the GUI

Submitted by - a week ago
Status: Accepted

I know there is a wonderful guide here which details how to enable dead peer detection on a USG - But.

 

Is there a reason why this is not a simple option the IPsec VPN set up?

As I have multiple VPN profiles and any small network change, causes the vti rules to become out-of-sync (these are not in the "vpn" section) and I have to re-do the whole config.gateway.json file in order to get these back into site alignment.
It is also unhappy with the L2TP vpn, which was working prior to enabling the dead peer detection. I suspect this is down to the config.gateway.json file.

Really, I'd like a GUI option to enable dead-peer-detection on an IPSec site-to-site VPN, even if it's just a tickbox at first with the suggested defaults.

DNS Based Firewall rules

Submitted by -
Status: New Idea

What would be nice is to beable to specify a DNS host in a firewall rule so we can block specific networks and domains. 

 

 

USG OpenVPN client w/GUI support

Submitted by -
Status: Accepted

An OpenVPN client for the USG with GUI support.  Routes ALL WAN traffic through the tunnel without additional confugration when the client is connected.  Should by default accept DNS settings sent from the VPN server etc.  You get the idea, limit what ISPs can do to collect, profile, and sell personally identifiable data.

USG passthrough/monitor mode

Submitted by -

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

It Works: UPDATE 9/13/2017:  Instructions on how to disable NAT are now provided by @UBNT-cmb here  

 

 

Steps to make it work by @ecomerc here :

 

Here are the corrective items
1) Add the USG internal network(s) to "Network Protection" -> "Firewall" as the source for all outgoing rules
2) Add the USG internal network(s) to the "Network Protection" -> "NAT" masqerading sources
3) My major fault. make sure the USG internal networks are NOT assigned the the UTM already: "Interfaces & Routing" -> "Interfaces" -> "Additional Addresses"

then it works.

 

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

 

Original Post:

 

I have a couple of networks where I will never replace the router (for one I can't - it's provided as part of the environment) but I would still like to have stats in the controller.

 

Inspired by this thread:  https://community.ubnt.com/t5/UniFi-Routing-Switching/USG-behing-firewall-transparent-mode/m-p/1534439#M13229

 

I would like to see a pass through mode for the USG where it passes traffic with no NAT, no firewall rules, no DHCP, etc.  Just analyzes traffic.

 

Even better - a monitor mode where I could feed a USG a mirror of the port that goes to my exising router so I don't have to have latency of the USG in the packets path. Use it as a sensor, basically.  

 

I think you guys would sell a boatload of USGs if you supported this!  

 

EDIT:  It appears to be on the roadmap:  https://community.ubnt.com/t5/UniFi-Routing-Switching/USG-Feature-Roadmap-January-2017-update/m-p/1792230#M31948

 

Specificially:

 


In Progress / Near Future

  • DPI support in passthrough mode or on monitor interface

 

Thanks @UBNT-cmb