When I was using OpenWRT based router it was possible to add/change some more advanced configuration using web interface - dedicated editor in GUI window which wrote input straight to config file. It doesn't need to have anything fancy and it would save hassles with either scp or vi editing.
For some period of time I was using controller installed in docker running on Synology NAS. I had mapped sites' base directory and could use simple editor built in Synology File Station:
It doesn't need to be so much advanced . Now, when I use Cloud Key I can clearly see difference in how easy/user friendly was to edit it directly in GUI...
So, I know it has been mentioned in other places (Specifically I have included a link to the forum topic) but I would like to create a new idea request specifically for realtime bandwidth activity.
I have ran into several occasions where clients are limited in bandwidth and will call about slow speeds. I would like to be able to see at a glance what the current usage is and, if possible, who is using it. Right now I would settle for just a graph showing the last ~15min - 1hr.
As it stands now, I am going to have to figure out some option of monitoring this. Sadly, in my own home, I am going to be replacing the USG with a PFsense box. It was either this or put in an edgerouter X as a transparent monitor and I would rather keep the device chain smaller. The USG will sit on the shelf as I wait hoping this will be implemented. :-)
I hope the images below will spell out better what I and others like me would like to see. Ubiquiti makes wonderful products and I hope you all will see the potential in this suggestion and implement it.
Looking at the controller I beleve these stats are already gathered so I would hope it wouldn't be too difficult to create a graph on the dashboard showing these stats.
This is ultimately what I would love to see. I am able to see at a glance what the traffic is and who my "top talkers" are.
I would even be OK with just simply something that keeps a live update.
I also have included a link to a couple forum topics discussing this further. Hopefully they might provide more insight as well.
Thank you for your consideration.
Internet service is expanding beyond 1 Gbps. Modems are coming with multiple Ethernet ports that can be aggregated together for > 1 Gbps service.
More than ever, we need new USGs that can aggregate WAN1 & WAN2 together. Of course this goes along with higher bandwidth LAN ports (LAG / 2.5G / 5G / 10G).
I understand that the USG3 & USG4 hardware cannot accelerate LACP. We need new hardware in the pipeline for this increasingly common use case.
Even with the latest USG-XG, it is uncertain if the ports can be aggregated together. Even if possible, its cost far exceeds the typical USG3 & USG4 audience.
Currently the only way i can quickly see if my primary link is down in the dashboard is via the speedtest widget which indicates a lower speed test result. Otherwise i need to drill into the alerts to check for failover events.
As of 5.9.32 the dashboard indicates a healthy state even when failed to the backup interface and indicates capacity and utilisation only.
Can we get the dasboard to idicate a degraded state on the USG when a failover to the backup link has occured and have the "Everything is good!" and "Network: Excellent" display a more accurate degraded/unhealthy state in both the wording and color.
So i'm wondering if this is possible, I know we can do DPI restrictions on the USG but these are quite limited and vauge.
What I was hoping we could implement is blocking based on catagories that DPI has already identified under the Stats area.
For example we get a lot of users "wasting" bandwidth doing speedtests, it would be nice to be able to block this traffic.
It would also be nice to be able to block things like Pokemon Go, I know we could block the IPs via the firewall but these seem to change a lot so blocking the traffic via DPI would be much better.
I know we could just block the "Games" catagory for Pokemon Go but we'd rather be able to block an indvidual game / application than blocking the entire games catagory.
DPI is identifying these so it should be possible?
I'd like to see UBNT create some modems:
- 3G/4G modem
- ADSL/VDSL/SDSL/G.Fast modem
- DOCSIS modem
These should all be compatible with existing USGs and EdgeRouters.
Further down the line, if all of these can be made into modules (be they an add-in card, USB, PCIe or even SFP(+)), then all the better, but lets have the USGs do more WANs than just Ethernet.
We have actually a "strange line up" for the Unifi Routing, which is still logic, but as time pass, the newly introduced IDS/IPS will need to be provided at 1 Gbps speed in a "consumer friendly" package
- USG-3P (fanless) : gigabit speed, with 85-90 Mbps IDS/IPS
- USG-4P-Pro (rack mounted) : gigabit speed, with 250-300 Mbps IDS/IPS
- USG-? (fanless) : 10 (?) gigabit speed, with gigabit IDS/IPS
- USG-XG (rack mounted) : 10 gigabit speed, with gigabit IDS/IPS
Sure, this depend on hardware capability from Cavium to deliver the right processor as the right price.
Note : no fancy screen, fancy stuff, just a fanless, small format router, like the USG-3P, easy to deploy at the propoer price for Ubnt and the consumers
It would be helpful to be able to create a VLAN that is not automatically tagged on all ports on all devices.
Where a VLAN might be useful for isolating certain types of traffic, such as high bandwidth applications, chatty services, or services that rely on broadcast, it might well be desirable to prevent that traffic from being carried across the entire network by default.
The current design requires creating a new port profile and manually applying it to ports and devices. Current tools assist in this manual process, but it is still a manual process, and new devices added to the network will use the “all” profile until configured otherwise, which can lead to periods of disruption and creates an opportunity for errors and oversights.
A strong case could be made for going further and requiring VLANs to opt in to the “all” group in the first place. The current approach is more convenient in many situations, perhaps even most situations, but the all-by-default behavior conflicts with a more secure-by-default behavior, in which a client connected to a port should not be able to access VLANs not specifically tagged on that port.
One way to balance the convenience against the security and performance benefits of isolation might be to allow a VLAN to “opt out” of the “all” group (which perhaps then ought to be renamed just to “default.”)
Keeping all VLANs on all ports maintains the convenience, while an option to isolate or opt out a VLAN would allow it to be managed more conservatively.
Stretch goal: automatically compute the path between all ports assigned to be native on a VLAN, and tag only the intermediate links as required, excluding any other ports.
I love Ubiquti products, but having installed a USG Pro-4, I'm left disappointed in the lack of basic DHCP and DNS settings that are available. Yes I know, I can probably achieve what I want to in the command line, but I shouldn't have to. The idea of UBNT gear is that it's easy to use.
What's missing are namely:
- The ability to specify (and view an entire list) of statically assigned IP addresses. I shouldn't have to click on each individual device to specify a static IP or check if one has been set.
- The ability to set hostnames for devices that don't specify one (or use a hardcoded IP). I should be able to create my own static DNS entries for devices that hostnames cannot be set for. In addition, the handling of hostnames for devices with static IP's (hardcoded in the device itself) seems broken. I shouldn't have to get an IP from DHCP to be able to browse to it by DNS name.
If you want an example of how it should be done, take a look at pfSense, OPNSense or even Windows services.
I could be a great addition, if it was possible to enable colors og the connections in the Topology map, based on their utilization percentage.
This would be an easy way of visualizing bottlenecks in the infrastructure.
The UI does not give any visibility into whether the USG Gateway was able to obtain any IPv6 prefixes from the upstream provider.
This should be visible in the WAN section:
Similarly, there were no events around obtaining or losing DHCPv6 leases from the WLAN.
Right now there two amazing EdgeRouters are launched, the EdgeRouter 4 and EdgeRouter 6. Both perform great for an affordable price in a compact and energy efficient form-factor. It would be very nice if we could have those routers with UniFi software, using them as USG's.
The routing performance is impressive:
|1518 bytes throughput||3 Gbps||4 Gbps||4 Gbps||6 Gbps|
|1518 bytes pps||240,000||320,000||320,000||490,000|
|64 bytes throughput||512 Mbps||1.2 Gbps||1.8 Gbps||1.8 Gbps|
|64 bytes pps||1,000,000||2,400,000||3,400,000||3,400,000|
If you compare the features you see that the ER-4 and ER-6 would be great additions.
|CPU||Dual-core 500Mhz||Dual-core 1GHz||Quad-core 1GHz||Quad-core 1GHz|
The ER-6P's five gigabit RJ45 ports can deliver 24 and 48 volt PoE, with 60 watt max. That's perfect to power up to 5 access points (AC Pro / AC IW Pro / AC Mesh Pro). It would be the perfect set-up for a small unifi installation: Just the USG-6P and 5 access points, plus the SFP for uplink.
I think a USG-4 and USG-6P would be amazing additons to the current USG line-up. If priced the same as the EdgeRouter versions it would be killer routers.
|CPU||Quad-core 1GHz||Quad-core 1GHz|
Would like to request a Custom DPI where by I can enter in specific IP addresses so as to better calculate the amount of legitimate bandwidth uses at our external sites. We're a construction company and at times have between 40 to 50 separate WANs to monitor the usage of SSL to our portal, citrix environment, sharepoint & goodsync cloud service as well as several other applications. Hopefully this can be something that can be looked at soon. Thanks!
I'm kind of surprised I didn't find this elsewhere.
While the catagories of DPI are all well and good, it's somewhat irrelevant when you don't know WHERE the traffic is going.
Can you please expose that level of detail to the controller. Given that this information is already being looked at, I assume that it's somewhat trival to add a couple of tables to track client/server relationships and related information.
For example, I have a VM host that has 11GB up and down of unknown traffic. Even if that did fit into a catagory, I don't know where that traffic is going to/coming from. This fits directly into a lot of security products in the same vein...while you might allow HTTP traffic to the world, if someone is abusing that, how do you know what to block?
The source/destination should be IP to keep it simple with an optional field for URI information and/or internal host name.
So either from within a paritcular catagory, we have something like...
<SRC IP> <hostname or nodename> <DST IP> <hostname or nodename> <destination URI> <rest of the stats as they are now> <connection time>
Once this information is presented, it expands the possibility of adding more searchable/sortable stats.
While I appreciate the additional load this may present to the UCK, but even then, it should be minimal as it's really only adding a few additional tables, assuming that information isn't already there and just not exposed, but for those of us running our own HW, it's a moot point.
So please add this sooner than later as this is a bit of detail that I believe is very important to getting the most out of a DPI tool.
I'd like to see a way to do granular parental controls.
Such as creating groups and then adding all devices (wired & wireless) from each kid into a kid1-group for each kid (kid1,kid2, etc), then granular alloting time for all devices from kid1-group, and alloting time per application per kid1-group, assign webprofiles to kid1-group, etc, and then a "superhandy interface to add and delete apps, time, block etc, " see below for more detail.
Currently have :
- 1 USG
- 1 Unifi Controller
- 2 Unifi US-8-60W switches
- 2 Unifi AP AC PRO access points
Got into Unifi for stability purpose and so I could properly separate out the guest wifi and with a VLAN. Also I like the SDN approach, the interface and the application on the phone/tablet.
In my previous network setup I had some possibility to do timed access control for all devices (not just wifi connected by also all hardwired ones). I also had the option to assign predefined web/url profiles to each device (and the option to use a customized profiles based on the webcategories available for these profiles).
Nice that you can assign hours of use to wireless networks but you cannot to hardwired networks.
And overall it would e easier if an option like this could also be assigned to a "group" with devices in it.
Overall would be very usefull to have some (much more) parental controls / group controls
1. Create user groups based on a set of devices
- Including not just wireless devices but also wired devices
- usergroup "Kid1": Tablet (wifi), phone (wifi), laptop (wifi), desktop (wired ethernet)
- usergroup "Kid2": Tablet (wifi)
- And allow to create groups with groups in it: Kids group includes Kid1 and Kid2
Then be able to do various types of controls with these groups:
2. Control Internet access times through the USG (on basis of a group):
- block traffic between 10:00PM-08:30AM for all devices assigned a "user group" kid1
- block traffic between 8:00PM-08:30AM for all devices assigned a "user group" kid2
3. Amount of time that can be used per "user group"
- I.e. assign 4 hours to all devices in "user group" kid 1
- Assign amount of hours per day, for example assign 4 hours for Tuesday to Sunday, and Monday is computer free day so is 0 hours.
- Allow the option when devices are used at the same time that only counts as if one device was being used.
4. Control "access times" and "alloted time on a day" easy via the unifi App on my phone (and controller)
- A view that shows "user groups"
- Per "user group" "easily" add additional or reduce time or block the "user group" (all devices in that group), s
- Give an extra 15 minutes or 30 minutes outside the assigned time.
- Per "user group" easily increase the time one off to end a bit later i.e. this day you can use Internet till 11:00 PM instead of 10:00PM by pressing "add 15 minutes to end time"
- Block for that day (block button that only blocks that day and goes back to the program by end of day).
5. Possibility to create "webfiltering profiles"
- Options to create "allow lists", "block lists", based on "custom urls"
- Option to use "predefined website categories" I.e. block categories such as, Adult, Advertising, Dangerous materials, Drugs, Gambling, Malware, Phishing, Redirector, Hate, Violence, etc
- And then also the option to customize these categories.
6. Per group control assign a "webfiltering profile"
7. Assign firewall rules against "user groups"
8. Have predefined firewall rules / profiles suitable for kids (similar to webfiltering profiles).
- Then assign a "usergroup" to such a firewall rules profile
Had webfiltering profiles I could assign per device on my synology RT1900AC, that was very usefull. I.e. block the kids from in particular known malware sites was usefull (but also adult and hate I thought very usefull).
9. Allot time per application (use DPI) per "all devices in a user group"
Since the USG already does DPI also define "alloted time" per application (DPI based)
- I.e. "devices in user group KID1" can use 60 minutes Facetime per day / Kid 1 and all his/her devices can do 60 minutes facebook per day .
- I.e. "devices in user group KID1" can use 120 minutes Netflix per day
Edit 1: as mentioned below Circle is a very good example, like the level of granularity, easy interface, etc.
Would be nice if something like that were implemented (software wise, or as a separate hw component) .
Edit 2: added tying DPI data to "user groups".
Edit 3: Understood that the kudos help to prioritize new ideas so if you support a new idea then give it a kudo.
Whe need to setup multiple vlan on the wan port
the Isp is using a vlan for Internet and different vlan for iptv.
Now we have to do that by a Json file but that will break the vpn and wan stats in the controller.
- blackglove9 on: Don't expose username-login on forum
- peggleg on: UBNT Modems
- node808 on: Ability to clone the a routers Mac address in the GUI
- Lupos on: Isolated VLANs
- bernardssupport on: REQUEST - DPI Custom Category for Business Process
- scott_thomson on: config.gateway.json editor available in GUI
- mlfreeman on: UniFi Power Strip
- Dustbeta on: Affordable USG for WAN > 1 Gbps Service
- danmero on: Request: Cold Spare mode for switches in Unifi controller interface
- madmaaxx on: VLAN ID configure for WAN port on GUI
- REQUEST: Reporting, Reporting, Reporting
- REQUEST: Add SSDP Relay to Unifi
- [Feature Request] checkbox in GUI for VPN Routing by 2 WAN with Load balance
- Switch stats features (mutiple switches and common Y-axis scale)
- Dropped Packet Alerts for USG Wans
- IPSec and DynDNS
- Request: Custom DPI
- Switch: VLAN dhcp inside switch.
- Degraded link notification in dashboard during primary link failure for USG
- Don't expose username-login on forum