Can support be added for updating DDNS when a WAN connection fails?
Currently, when WAN1 fails over to WAN2, DDNS is not updated. This is true even if the same DDNS settings are entered in both WAN sections.
Additionally, if DDNS is manually updated when WAN2 becomes active, DDNS is not updated again when WAN1 is restored. This I believe to be a bug, but the restoral of WAN1 should trigger an update to DDNS as well, even if WAN2 is still active.
This would apply to failover WAN only and not load-balanced connections.
Please and thanks.
It would be nice with an overview of the overall status of VPN connections (site-to-site and when the USG is a PPTP VPN client). For some VPN connection types it may be necessary to ping through the tunnel, and perhaps therefore be able to specify a host on the other end that may be pinged, in order to be able to check the health of the tunnel.
This would be very helpful to have included. Right now VPN has a touch of "fire and forget" because there is no status in the Unifi Controller. I have created some images as an example of how it could look.
My company is trying to find creative ways to help sell the idea of monthly subscriptions to monitor there network. We feel if we could send them a monthy report of upgrades that were performed, crashes, and DPI data for the last month it would create more value in a monthly service contract.
Add functionality to plug a 2nd USG device into a network and "cluster" it with an existing USG for High Availability/Failover.
Not just VRRP configuration but full HA.
- Configuration sync
- Session state sync
- Routing state sync
- Dedicated or Shared HA Interface
- Create HA Sync Network
- Heartbeat on all Interfaces
- Gateway/Next Hop Monitoring
- Failover Testing Manual or Scheduled
- Failover Alerts (including Manual/Scheduled)
- Identical hardware
- Source USG already configured
- Target USG factory defaults
- Connected to same VLANs (verifies L2 visibility on all configured networks)
I have integrated a USG for the dpi, but am really missing the ability to select the WAN based on client and/or protocol and/or time of day
Living in the a very rural environment I have a paid for high performance but data capped connection and a much slower uncapped connection.
It would be useful to be able to have the WAN traffic routable based on client and/or protocol, and also time of day (so for example the higher speed WAN can be turned off overnight).
Stats available in the controller should ideally be segmentable by WAN where applicable too.
I request acces to full VLAN functionality and QOS functionality on the line UniFi switch.
It would be great if we could access the more advanced functionality from the command line until such time as that were available in the Controller.
I just purchase six UniFi switch and assumed that the Enterprise tag and fully managed marketing meant that these features were available.
I don't know what I am going to do.
What I do know is that the UniFi hardware is the same as the EdgeMax hardware, running an older version of the firmware.
I think the entire Ubiquiti line of products is great. I was an early adopter of Vyatta and I love what they have done to with the EdgeMax routes.
An OpenVPN client for the USG with GUI support. Routes ALL WAN traffic through the tunnel without additional confugration when the client is connected. Should by default accept DNS settings sent from the VPN server etc. You get the idea, limit what ISPs can do to collect, profile, and sell personally identifiable data.
The current IPv6 implementation within controller 5.7.x results in high USG CPU utilisation due to send ia-na requests that are not used by certain UK ISPs (Sky Fibre, BT Infinity). Prefix only mode can be enabled via SSH and made persistent via json.
Could we have this implemented as a tick box option within the IPv6 setup tab within the controller?
Please see this post for more details:
The UniFi controller software does a great job detailing bandwidth useage for each client. However for those that use the UniFi Security Gateway as their main router on a metered connection, adding a overall WAN traffic counter would be very useful. Most Home router have this function.
how you think to implement a full IGMP Snooping support.
At the moment it is only possible to Activate IGMP Snopping or not
but IGMP has so much configuration options such as
IGMP Snooping: Activ / Inactiv
Unkown Multicast: forward / discard
IGMP Member Ports
router port time
member port time
static router ports
and so on
thank you (i really need this :=) )
The addition of the Firewall Rule editor to the UniFi controller is fantastic. The next thing we need schedules so rules can take effect at certain times of the day. I didn't see it yet and I'm not familiar enough with EdgeOS to know if it's possible with the CLI. For example, in a school dorm situation, we want to block Internet access after lights out but allow staff and servers, etc to have access 24x7. The WiFi has a schedule editor which is fantastic and that covers the majority of users but we also need the ability to blocked wired devices at certain times of the day or night.
Most higher end firewall/routers have the ability to create custom DNS entries for on-site use. They also have the ability to identify specific internal domains that may need to be forwarded to correct internal authoritative DNS server that hosts those domains.
Since we've installed the USG, we've lost the ability to maintain a custom DNS list for internal use, as well as lost the ability to redirect other internal domains to the proper DNS authority for that domain.
The USG needs to support both a DNS server (that lets you customize entries) as well as DNS Forwarding (on a per-entry level).
It would be nice if the controller and USG supported the ability to use FQDN/Email address as Peer-IDs. This is supported by StrongSWAN and should only require some basic sanity checking in the GUI. Since SWAN can already perform DNS lookups to match the FQDN to an IP, that would be relatively simple. For Email address, possibly add an extra field.
I would like this as some client sites have dynamic IPs and though we have DDNS working, it is a pain in the neck to have to re-IP multiple tunnels when an IP changes.
It would be great and convenient to manage simple actions like disable and enable port forwarding rules from the GUI (simple checkbox perhaps) instead of having to delete and recreate them.
I addition to this, some sort of scheduling of port forwards would be a "nice-to-have" feature.
port-channel load-balance allows configuration of 7 different modes. UniFi switches can only use the default 3 currently, should UI-expose configuration of this parameter.
- Jocee on: SFP link aggregation US-16-150W and US 24-500W
- UBNT-cmb on: Fail-over WAN log
- greatwhitehat on: Double DDNS
- blackglove9 on: Don't expose username-login on forum
- peggleg on: UBNT Modems
- node808 on: Ability to clone the a routers Mac address in the GUI
- Lupos on: Isolated VLANs
- bernardssupport on: REQUEST - DPI Custom Category for Business Process
- scott_thomson on: config.gateway.json editor available in GUI
- mlfreeman on: UniFi Power Strip
- SFP link aggregation US-16-150W and US 24-500W
- Ability to group/segregate firewall rules in the GUI
- Fail-over WAN log
- please enable LAN2 port on USG 3p to be bridged with the LAN1 network
- let us customize LAN2 port on USG! (please) :)
- Mac and ip logging
- Domain based Portforward.
- Double DDNS
- USG WAN port details
- Support for ed5519 ssh Keys in UniFi Controller