Unifi Network - Replacing the USG with the UDM Pro
I finally replaced my old Unifi Security Gateway (USG) with a Unifi Dream Machine Pro (UDM-Pro). Now I can use features such as IDS/IPS but also Teleport VPN which uses WireGuard VPN to secure remote access connections. And it is now possible to use Unifi Protect. Very nice!
I have chosen a UDM Pro, and for example not a UDM SE because I connect the UDM Pro to a switch that does have LAN ports with PoE output. The switch and UDM Pro are connected via a 10G SFP+ cable, the first 10G connection in my house! It is a pity, however, that the firmware of the UDM Pro is somewhat behind the UDM SE.
Furthermore, I decided not to migrate the network but to rebuild it from scratch. So that I can revise all the settings I made in the (distant) past again, with that I also switched from the Unifi Network Application 6.x to 7.x.
I have also expanded the number of VLANs and WiFi networks, which I have described here. There I also describe my new and compact firewall setup.
Below I briefly describe the process I went through.
Installation
Preparations
- I reviewed my device authentication credentials (SSH) which can be used to recover adopted device(s) if the migration is unsuccessful.
- I downloaded a backup of the network application (*.unf file).
- I made screenshots of the most important settings like the firewall and WiFi settings.
Turning on the UDM Pro
- Before turning on the UDM Pro I connected the UDM Pro to the internet by connecting a lan port to a switch (like any other device). I also connected my laptop to another LAN port to be able to approach UniFi OS on the UDM Pro.
- I turned on the UDM Pro and found out UniFi OS was running at
https://192.168.0.1. I created a new ui.com account (yes I did not use an ui.com account before) and ensured that the UniFi OS applications and UDM Pro firmware were up-to-date. - Then I disconnected the UDM Pro from the switch so I could change the gateway IP address (Default network) to the IP address of the USG.
Migration
- The UDM Pro was now running on the USG’s IP address. In the old Unifi Network Application I made sure that all Unifi devices such as the AP and switches were ‘forgotten’ which would reset the devices to factory settings so I could reconfigure the network.
- Then I unplugged the USG and reestablished the connection between the UDM Pro and the switch.
- I restored internet by setting up a new WAN connection (optical fiber PPPoE in my case) on the UDM Pro.
- Within the new Unifi Network Application I could see the ‘forgotten’ Unifi devices and I adopted the devices.
Client Devices
Before I started configuring the networks/VLANs and more, I first added the client devices with MAC addresses and static IP addresses.
Finally
Fortunately, what I described above went without a hitch. I hope this is of some use to someone.
Forgetting and adopting could go wrong. In that case I would have done a set-default and set-inform 'http://ip-of-controller:8080/inform' with SSH. But that was not necessary.
Here you can read more about the configuration of my network. And nowadays you can also use a Chromecast very easily with multiple VLANs.
Read other notes
Tags
Notes mentioning this note
- Unifi Network - Block Internet Access for Specific Devices
I have a number of devices that I no longer want to give access to the internet.
- Unifi Network - Setup Chromecast between VLANs
Fortunately, it is nowadays very easy to use the Chromecast within different networks/vlans. All you have to do is make...
- Unifi Network - Setup VLANs including IoT and access to Pi-hole
Here I describe which networks/VLANs and WiFi networks I have created. And how I configured the firewall and added a...
Comments
No comments found for this note.
Join the discussion for this note on this ticket. Comments appear on this page instantly.