New Idea

Support DDNS for Failover WAN

Submitted by -
Status: Accepted

Can support be added for updating DDNS when a WAN connection fails?

 

Currently, when WAN1 fails over to WAN2, DDNS is not updated.  This is true even if the same DDNS settings are entered in both WAN sections.

 

Additionally, if DDNS is manually updated when WAN2 becomes active, DDNS is not updated again when WAN1 is restored.  This I believe to be a bug, but the restoral of WAN1 should trigger an update to DDNS as well, even if WAN2 is still active.

 

This would apply to failover WAN only and not load-balanced connections.

 

Please and thanks. Man Happy

VPN status on the dashboard

Submitted by -
Status: Accepted

ubnt_vpn_status.png

 

It would be nice with an overview of the overall status of VPN connections (site-to-site and when the USG is a PPTP VPN client). For some VPN connection types it may be necessary to ping through the tunnel, and perhaps therefore be able to specify a host on the other end that may be pinged, in order to be able to check the health of the tunnel.

 

This would be very helpful to have included. Right now VPN has a touch of "fire and forget" because there is no status in the Unifi Controller. I have created some images as an example of how it could look.

ubnt_vpn_health_network.png

Bandwidth limit by VLAN/ Network

Submitted by -
Status: Accepted

Add the abilty to limit transfer speed by VLAN/Network or port

IPsec IKEv2 remote access VPN support

Submitted by -
Status: Accepted

Should have IKEv2 remote access VPN support for USG in controller.

Store DPI as time series data for reporting by date/time

Submitted by -
Status: Accepted

My company is trying to find creative ways to help sell the idea of monthly subscriptions to monitor there network. We feel if we could send them a monthy report of upgrades that were performed, crashes, and DPI data for the last month it would create more value in a monthly service contract.

 

Thanks

USG High Availability

Submitted by -
Status: Accepted

Add functionality to plug a 2nd USG device into a network and "cluster" it with an existing USG for High Availability/Failover.

 

Not just VRRP configuration but full HA.

  • Configuration sync
  • Session state sync
  • Routing state sync
  • Dedicated or Shared HA Interface
  • Create HA Sync Network
  • Heartbeat on all Interfaces
  • Gateway/Next Hop Monitoring
  • Failover Testing Manual or Scheduled
  • Failover Alerts (including Manual/Scheduled)

Some requirements.

  • Identical hardware
  • Source USG already configured
  • Target USG factory defaults
  • Connected to same VLANs (verifies L2 visibility on all configured networks)

Ability to select USG WAN based on policies....

Submitted by -
Status: Accepted

I have integrated a USG for the dpi, but am really missing the ability to select the WAN based on client and/or protocol and/or time of day

 

Living in the a very rural environment I have a paid for high performance but data capped connection and a much slower uncapped connection.

 

It would be useful to be able to have the WAN traffic routable based on client and/or protocol, and also time of day (so for example the higher speed WAN can be turned off overnight).

 

Stats available in the controller should ideally be segmentable by WAN where applicable too.

UniFi switch QoS support

Submitted by -
Status: Accepted

I request acces to full VLAN functionality and QOS functionality on the line UniFi switch.

 

It would be great if we could access the more advanced functionality from the command line until such time as that were available in the Controller.

 

I just purchase six UniFi switch and assumed that the Enterprise tag and fully managed marketing meant that these features were available.

 

I don't know what I am going to do.

 

 

What I do know is that the UniFi hardware is the same as the EdgeMax hardware, running an older version of the firmware.

 

I think the entire Ubiquiti line of products is great. I was an early adopter of Vyatta and I love what they have done to with the EdgeMax routes.

 

 

USG Multiple WAN IP support in UI

Submitted by -
Status: Accepted

Support using a block of Static IP from a WAN perspective.

 

 AT&T Uverse is my ISP.

Status: Accepted

An OpenVPN client for the USG with GUI support.  Routes ALL WAN traffic through the tunnel without additional confugration when the client is connected.  Should by default accept DNS settings sent from the VPN server etc.  You get the idea, limit what ISPs can do to collect, profile, and sell personally identifiable data.

IPv6 Prefix Only Mode in Controller

Submitted by -
Status: Accepted

The current IPv6 implementation within controller 5.7.x results in high USG CPU utilisation due to send ia-na requests that are not used by certain UK ISPs (Sky Fibre, BT Infinity).  Prefix only mode can be enabled via SSH and made persistent via json.

 

Could we have this implemented as a tick box option within the IPv6 setup tab within the controller?

 

Please see this post for more details:

https://community.ubnt.com/t5/UniFi-Routing-Switching-Beta/IPv6-issues-DHCPv6-PD-Response-issues-causing-high-USG-CPU/td-p/2214911/jump-to/first-unread-message

Overall Bandwidth Useage

Submitted by -
Status: Accepted

The UniFi controller software does a great job detailing bandwidth useage for each client. However for those that use the UniFi Security Gateway as their main router on a metered connection, adding a overall WAN traffic counter would be very useful. Most Home router have this function. 

IGMP Full Support

Submitted by -
Status: Accepted

Hello,

 

how you think to implement a full IGMP Snooping support.

 

At the moment it is only possible to Activate IGMP Snopping or not

but IGMP has so much configuration options such as 

 

IGMP Snooping: Activ / Inactiv

Unkown Multicast: forward / discard

 

IGMP Member Ports

Fast leave

router port time

member port time

leave time

static router ports

 

and so on 

 

thank you (i really need this :=) )

Request - Firewall Filter Rule Schedules

Submitted by -
Status: Accepted

The addition of the Firewall Rule editor to the UniFi controller is fantastic.  The next thing we need schedules so rules can take effect at certain times of the day. I didn't see it yet and I'm not familiar enough with EdgeOS to know if it's possible with the CLI.  For example, in a school dorm situation, we want to block Internet access after lights out but allow staff and servers, etc to have access 24x7.  The WiFi has a schedule editor which is fantastic and that covers the majority of users but we also need the ability to blocked wired devices at certain times of the day or night.

 

Thanks

Switch port security and disable vacant ports

Submitted by -
Status: Accepted

It would be beneficial to have the ability to disable vacant switch ports. I would also like the ability to secure a port to a specific device. 

 

Thanks!

Use dns hostnames for IPSec VPN

Submitted by -
Status: Accepted

I would like to be able to use a dynamic hostname for IPsec VPN. Having to use only a static doesn't work for 99% of the clients I have.

Support for DNS host records and domain forwarding

Submitted by -
Status: Accepted

Most higher end firewall/routers have the ability to create custom DNS entries for on-site use.  They also have the ability to identify specific internal domains that may need to be forwarded to correct internal authoritative DNS server that hosts those domains.

 

Since we've installed the USG, we've lost the ability to maintain a custom DNS list for internal use, as well as lost the ability to redirect other internal domains to the proper DNS authority for that domain.

 

The USG needs to support both a DNS server (that lets you customize entries) as well as DNS Forwarding (on a per-entry level).

Expanded options for IPSEC Peer-ID

Submitted by -
Status: Accepted

It would be nice if the controller and USG supported the ability to use FQDN/Email address as Peer-IDs. This is supported by StrongSWAN and should only require some basic sanity checking in the GUI. Since SWAN can already perform DNS lookups to match the FQDN to an IP, that would be relatively simple. For Email address, possibly add an extra field.

 

I would like this as some client sites have dynamic IPs and though we have DDNS working, it is a pain in the neck to have to re-IP multiple tunnels when an IP changes.

USG/Controller: Enable and disable port forwarding

Submitted by -
Status: Accepted

It would be great and convenient to manage simple actions like disable and enable port forwarding rules from the GUI (simple checkbox perhaps) instead of having to delete and recreate them.

 

I addition to this, some sort of scheduling of port forwards would be a "nice-to-have" feature. Man Wink

Allow configuration of switch LACP load-balance mode

Submitted by -
Status: Accepted

port-channel load-balance allows configuration of 7 different modes. UniFi switches can only use the default 3 currently, should UI-expose configuration of this parameter.