[USG] Firmware v4.4.21 now available

by Ubiquiti Employee ‎05-01-2018 05:02 PM - edited ‎05-04-2018 02:15 AM (82,360 Views)

Changes since last release version 4.4.18 as follows.


  • Back end for port remapping in 5.8.x and newer controller versions
  • Fix premature expiring of TCP connection states for long-lived idle connections.
  • RADIUS server - back end improvements to remove character restrictions on passwords. ' and " were not usable previously.
  • IDS/IPS - Upgrade to Suricata 4.0.4, slight performance improvements, back end improvements and bug fixes
  • Reduce CPU utilization of statistics gathering, resolves increased CPU usage some were seeing since 4.4.18
  • Resolve memory leak in mcad
  • Back end improvements for dnsmasq as DHCP server handling of hostnames of DHCP reservations
  • Fix dnsmasq as DHCP server for networks other than /8, /16 and /24
  • Disable deprecated SSH ciphers
  • Fix source of increased CPU usage from mcad and ubnt-util in 4.4.18 and some previous dev versions.
  • Remove "noccp" from xl2tpd configuration. It should not be necessary to disable, and some Windows L2TP clients want CCP.
  • Removed offload scheduler which caused performance degradations with some configurations utilizing rate limiting user groups.
  • Import FTP conntrack fix for FTP servers that use unusual formatting of their 227 message. Would result in a hung connection previously. Not aware of any real world encounters of the issue, as FTP servers that would be impacted are very rare, was discovered by commercial QA testing tools.
  • Fix use of external guest portal through USG

USG-XG-8 Specific Changes:

  • Updated LCM firmware
  • Bluetooth back end updates
  • Kernel version upgrade, resolves high and growing CPU usage from migration processes some were seeing
  • Allow disabling autonegotiation on eth0 port

Upgrade WARNING: If using a VLAN tag on WAN, and on a controller version including port remapping (5.8.7 and newer), you should not upgrade to this version until upgrading to controller 5.8.12, 5.9.3, or newer. For that circumstance, USG must be provisioned by the newer controller version (which will happen automatically post-controller upgrade) before upgrading to any firmware version including port remapping support. 


If you have GeoIP enabled and are not yet on firmware 4.4.18 or newer, disable it first, then upgrade USG, then enable it again. The configuration has changed in a way that limited unstable controller and previous firmware version combinations could result in an invalid configuration on the new firmware versions. In that circumstance, if the upgrade is performed with GeoIP enabled, the system will have to be reset to factory defaults post-upgrade. 


Downgrade WARNING: If you upgrade to any version supporting DPI without offload, disable offload (or enable IDS/IPS) and enable DPI, you cannot downgrade to a version that does not support DPI without offload. Either disable DPI, or enable hardware offload (or disable IDS/IPS), before downgrading. Otherwise you'll have to reset to factory defaults post-downgrade and adopt again. 





  • USG
    • md5:  480331ecb9b329287ba534fffa284d1a
    • sha256:  018ea8d4531c5a1229888e8823038bbc68942436205ccfaf74823afac70e95f8
  • USG Pro
    • md5:  ac08d1835302e13033fcfa63715b5fc9
    • sha256:  3aba124fdbf480d45dbf909d7a065521d9b8ec68d775c0fbb9f04e516c9feada
  • USG-XG-8
    • md5:  1c8d1394965718a5cbbce684f8a85ec3
    • sha256:  e7edd32854aa98f9a94cec11bf507682f434fe802caca3b5079c2d296f4afdd0