Unifi Network - Replacing the USG with the UDM Pro

I finally replaced my old Unifi Security Gateway (USG) with a Unifi Dream Machine Pro (UDM-Pro). Now I can use features such as IDS/IPS but also Teleport VPN which uses WireGuard VPN to secure remote access connections. And it is now possible to use Unifi Protect. Very nice!

I have chosen a UDM Pro, and for example not a UDM SE because I connect the UDM Pro to a switch that does have LAN ports with PoE output. The switch and UDM Pro are connected via a 10G SFP+ cable, the first 10G connection in my house! It is a pity, however, that the firmware of the UDM Pro is somewhat behind the UDM SE.

Furthermore, I decided not to migrate the network but to rebuild it from scratch. So that I can revise all the settings I made in the (distant) past again, with that I also switched from the Unifi Network Application 6.x to 7.x. I have also expanded the number of VLANs and WiFi networks, which I have described here. There I also describe my new and compact firewall setup. Below I briefly describe the process I went through.

Installation

Preparations

1. I reviewed my device authentication credentials (SSH) which can be used to recover adopted device(s) if the migration is unsuccessful.
2. I downloaded a backup of the network application (*.unf file).
3. I made screenshots of the most important settings like the firewall and WiFi settings.

Turning on the UDM Pro

1. Before turning on the UDM Pro I connected the UDM Pro to the internet by connecting a lan port to a switch (like any other device). I also connected my laptop to another LAN port to be able to approach UniFi OS on the UDM Pro.
2. I turned on the UDM Pro and found out UniFi OS was running at https://192.168.0.1. I created a new ui.com account (yes I did not use an ui.com account before) and ensured that the UniFi OS applications and UDM Pro firmware were up-to-date.
3. Then I disconnected the UDM Pro from the switch so I could change the gateway IP address (Default network) to the IP address of the USG.

Migration

1. The UDM Pro was now running on the USG’s IP address. In the old Unifi Network Application I made sure that all Unifi devices such as the AP and switches were ‘forgotten’ which would reset the devices to factory settings so I could reconfigure the network.
2. Then I unplugged the USG and reestablished the connection between the UDM Pro and the switch.
3. I restored internet by setting up a new WAN connection (optical fiber PPPoE in my case) on the UDM Pro.
4. Within the new Unifi Network Application I could see the ‘forgotten’ Unifi devices and I adopted the devices.

Client Devices

Before I started configuring the networks/VLANs and more, I first added the client devices with MAC addresses and static IP addresses.

Finally

Fortunately, what I described above went without a hitch. I hope this is of some use to someone. Forgetting and adopting could go wrong. In that case I would have done a set-default and set-inform 'http://ip-of-controller:8080/inform' with SSH. But that was not necessary.

Here you can read more about the configuration of my network. And nowadays you can also use a Chromecast very easily with multiple VLANs.

Read other notes