Skip to content
Fiction Becomes Fact

Replacing the Unifi Security Gateway with the Unifi Dream Machine Pro

Introduction

I replaced my Unifi Security Gateway (USG) with a Unifi Dream Machine Pro (UDM-Pro), enabling features like IDS/IPS, WireGuard VPN and Unifi Protect.

I chose the UDM-Pro over the UDM-SE because I connected it to a switch with LAN ports and PoE output via a 10G SFP+ cable (the first 10G connection in my home!).

Instead of migrating, I rebuilt the network from scratch to revise old settings and switched from Unifi Network Application 6.x to 7.x. I expanded VLANs and WiFi networks, detailed here, along with my new firewall setup. Here’s a brief overview of the process.

Preparation

  1. I reviewed my device authentication credentials (SSH) which can be used to recover adopted device(s) if the migration is unsuccessful
  2. I downloaded a backup of the network application (*.unf file)
  3. I made screenshots of the most important settings like the firewall and WiFi settings

How To

  1. Turning on the UDM Pro

    1. Before turning on the UDM Pro I connected the UDM Pro to the internet by connecting a lan port to a switch (like any other device). I also connected my laptop to another LAN port to be able to approach UniFi OS on the UDM Pro.
    2. I turned on the UDM Pro and found out UniFi OS was running at https://192.168.0.1. I created a new ui.com account (yes I did not use an ui.com account before) and ensured that the UniFi OS applications and UDM Pro firmware were up-to-date.
    3. Then I disconnected the UDM Pro from the switch so I could change the gateway IP address (Default network) to the IP address of the USG.

  2. Migration

    1. The UDM Pro was now running on the USG’s IP address. In the old Unifi Network Application I made sure that all Unifi devices such as the AP and switches were ‘forgotten’ which would reset the devices to factory settings so I could reconfigure the network.
    2. Then I unplugged the USG and reestablished the connection between the UDM Pro and the switch.
    3. I restored internet by setting up a new WAN connection (optical fiber PPPoE in my case) on the UDM Pro.
    4. Within the new Unifi Network Application I could see the ‘forgotten’ Unifi devices and I adopted the devices.

  3. Client Devices

    Before I started configuring the networks/VLANs and more, I first added the client devices with MAC addresses and static IP addresses.

  4. Finally

    Fortunately, everything went smoothly. I hope this is helpful to someone. If things had gone wrong, I would have used set-default and set-inform 'http://ip-of-controller:8080/inform' with SSH, but that wasn’t necessary.

Comments

    No comments found for this note.

    Join the discussion for this note on Github. Comments appear on this page instantly.

    Tags:
    Copyright 2021- Fiction Becomes Fact