UniFi – USW: Which SFP Modules Can be Used

The Ubiquiti UFiber modules are officially supported and compatible with all EdgeSwitch, EdgeRouter, UniFi Switch, UniFi Dream Machine Pro and UniFi Security Gateway models that have SFP or SFP+ ports. Multi-mode and single-mode SFP and SFP+ models are available, including single-mode BiDi models.

SKU (Model)1G (SFP)10G (SFP+)25G
UF-MM-1GUF-SM-1G-S  
UF-MM-10GUF-SM-10GUF-SM-10G-S  
UF-RJ45-1G  
UF-RJ45-10G  
UDC-1 (1m)UDC-2 (2m)UDC-3 (3m)* 
UC-DAC-SFP+ (0.5m)* 
UC-DAC-SFP28 (0.5m)  **

*Ports can be set manually to 1000mbps for compatibility between SFP+ and SFP ports. |  ***SFP28 to SFP28 (max data rate 25Gbps)

The list below includes third-party SFP/SFP+ transceivers that have been tested by community members. Please note that these should work, but we cannot assure that they will. Some modules will have multiple hardware revisions, and while one revision may work (i.e. 1.0), it’s possible that a newer revision (i.e. 1.1, 1.2, etc.) of the same module may not work.

We do, however, offer direct support for our own modules.

  • Addon 1000BASE-LX SFP MMF
  • Addon 1000BASE-SX SFP MMF
  • Brocade  10G-SFPP-TWX-0101
  • Cisco GLC-LH-SM 30-1299-01 SFP
  • Cisco GLC-SX-MM
  • Cisco GLC-SX-MM 1000BASE-SX SFP
  • Cisco SFP-H10GB-CU1M
  • Dell FTLF1318P3BTL
  • Dell FTLF8519P2BNL
  • Dell FTLX1371D3BCL
  • Dell FTLX8571D3BCL
  • FCI 10110818-2030LF
  • Finisar FTLF8524P2BNL
  • HP J4858C
  • MaxxWave MX-SX-MM-US 10G + 1.25G
  • MGB-SX 1000Base-SX
  • Mikrotik S-3553LC0D
  • Mikrotik S+31DLC10D
  • Mikrotik S+85DLC03D
  • Solid-Optics ‘SFP-GE-L-SO’ 1000Mbps
  • SourceLight SLS-1285-S5-D

1000Base-LX

  • FiberStore SFP1G-LX-31 1310nm (Single-mode SFPs): with the 8-Port switch set the Negotiation to 1G fixed. On the 24-port autonegotiation works fine.
  • Finisar FTLX1471D3BCV (dual rate – single-mode)
  • HP J4859B – (Finisar FTRJ1319P1BTL-PT Rev A)
  • HP J4859C – (Intel TXN221200000005) – no OTDR output (show fiber-ports optical-transceiver all)

1000Base-SX

  • Cisco MGBSX1 Gigabit SX Mini-GBIC SFP Transceiver
  • Fiberstore SFP-1G85-5M (multi-mode)
  • Finisar FTLF8524P3BNL (multi-mode)
  • HP J4858A (3rd party) – (FINISAR FTRJ-8519-7D) – no OTDR output

1000Base-T

  • Cisco GLC-T – (CISCO-FINISAR FCMJ-8521-3-CSC Rev 4)
  • Delta LCP-1250RJ3SR – (DELTA LCP-1250RJ3SR Rev 0000) 
  • Fiberstore SFP-GB-GE-T Module
  • Mikrotik S-RJ01 (not compatible)

10GBase-LR

  • Finisar FTLX1471D3BCV (dual rate – single-mode)

10GBase-SR

  • Cisco SFP-10G-SR
  • Fiberstore SFP-10G85-3M (multi-mode)
  • Finisar FTLX8571D3BCL (multi-mode)

DAC/Twinax

  • Addon SFP-10G-PDAC1M-AO
  • Juniper ex-sfp-10ge-dac-1m – (Amphenol 584990001 Rev A)
    • This is a 10g DAC that appears to link up at 1g when both ends are plugged into the two SFP slots of the ES-24-250W
    • I haven’t tested sending traffic over this cable, as I only have one ES-24-250W, and Juniper equipment wants to link up at 10g when using this DAC
  • MikroTik S+DA0001
  • Molex 74742-0001
  • Fibrestore 10G DAC cables

The following SFP/SFP+ transceivers have been tested by community members, but may not work reliably. They are not recommended for use with UniFi switch.

  • TP-LINK TL-SM311LS ** may not work on newer firmware, may also depend on module version
  • TP-LINK TL-SM311LM ** may not work on newer firmware, may also depend on module version

    Source :
    https://help.ui.com/hc/en-us/articles/212561258-UniFi-USW-Which-SFP-Modules-Can-be-Used

UniFi – Supported PoE Output and Input Modes

Overview

This article provides tables with information on the supported Power over Ethernet (PoE) output and input modes for Ubiquiti UniFi Switches, Access Points, Cloud Keys and Cameras.NOTES & REQUIREMENTS:

  • See each device’s Datasheet, available in their store product page or in the Downloads section, for more information on the supported PoE modes.
  • See our PoE Adapters page for more information on Ubiquiti PoE adapters/injectors that can be used to power on devices.
  • There is more information on PoE in the Power Over Ethernet (PoE) article.

Table of Contents

  1. Introduction
  2. UniFi Switches – Supported PoE Output Modes
  3. UniFi Access Points – Supported PoE Input Modes
  4. UniFi Cloud Key – Supported PoE Input Modes
  5. UniFi Cameras – Supported PoE Input Modes
  6. UniFi Switches – Supported PoE Input Modes
  7. Related Articles

Introduction

One of the challenges with large PoE deployments is figuring out how to provide power to your UniFi Access Points. When you have many access points it becomes less viable to power devices using AC PoE injectors. With non-PoE capable switches, you can add a Midspan device which acts as a collection of individual PoE injectors by receiving Ethernet from the switch with only data being transmitted and adding power out over Ethernet through the connection. Such a piece of equipment takes up additional space on your rack, while also costing you a lot of money.

To help with such deployments, UniFi Switches come in a few different models with varying numbers of ports from 8, 16, 24 and 48. These switches are endspan devices as they act as both the switch and provide PoE to devices. UniFi switches give you greater functionality when used with the different UniFi Access Point (UAP), UniFi Dream Machine (UDM), and UniFi Security Gateway (USG) models, and cost well under the amount of the midspan device alone.

UniFi Switches – Supported PoE Output Modes

Ubiquiti devices use Active PoE output. This means that the voltage the Powered Device (PD) needs is negotiated. There are three output modes:

  • PoE: Uses IEEE 802.3af standard to deliver up to 15.4W.
  • PoE+: Uses IEEE 802.3at standard to deliver up to 30W.
  • PoE++: Uses IEEE 802.3bt standard to deliver up to 60W.

Different switches provide different output methods, so it’s important to learn what power method the UniFi switches support and compare it with the power method needed to power the different UniFi devices: eg. UniFi access points, cameras or Cloud Keys.

It’s important to note that each switch has a maximum power consumption which should be considered when powering multiple UniFi devices via PoE. For example, a US-16-150W has a 150W maximum power consumption, even though it has 16 ports. The UAP-HD has a maximum power consumption of 17W. Therefore, if you were to power 16 UAP-HD on a US-16-150W, there is a possibility that the wattage could exceed what the switch is capable of supplying in certain conditions. Find each device’s power consumption in their Datasheets, found in the Downloads page, within each product’s Documentation section.

ModelPoEPoE+PoE++
USW-Pro-48-PoE(Ports 41-48)
USW-48-PoE(Ports 1-32)(Ports 1-32)
US-48-750W
US-48-500W
US-48
USW-Pro-24-PoE(Ports 17-24)
USW-Pro-24
USW-24-PoE(Ports 1-16)(Ports 1-16)
US-24-500W
US-24-250W
USW-24
US-24
USW-16-PoE(Ports 1-8)(Ports 1-8)
USW-Lite-16-PoE(Ports 1-8)(Ports 1-8)
US-16-150W
US-16-XG
USW-Lite-8-PoE(Ports 1-4)– 
USW‑Industrial(Ports 1-8)(Ports 1-8)(Ports 1-8)
US-8(Port 8)– – 
US-8-60W(Ports 4-8) –– 
US-8-150W –
US-XG-6POE
USW-Flex – – 
USW-Flex-Mini

UniFi Access Points – Supported PoE Input Modes

ModelPoEPoE+PoE++
UAP-AC-PRO –– 
UAP-AC-LR** (Mode A)–  –
UAP-AC-LITE*** (Mode A) –– 
UAP-AC-IW**– 
UAP-AC-IW-PRO**– 
UAP-AC-EDU –– 
UAP-AC-M (Mode A) –– 
UAP-AC-M-PRO –– 
UAP-nanoHD– – 
UAP-IW-HD**– 
UAP-AC-HD– – 
UAP-AC-SHD– 
UAP-XG–  –
UWB-XG– 
UAP-FlexHD
UAP-BeaconHD
U6-LR
U6-Lite

NOTES: * The IW models only support PoE Pass-Through when powered by 802.3at.** UAP-AC-LRs with a date code prior to 1634 or board revision before 17 only support 24V passive PoE.
*** UAP-AC-LITEs with a date code prior of 1634 or board revision before 33 only support 24V passive PoE.

 

Legacy Devices – Power Methods

ModelPoEPoE+PoE++
UAP– – – 
UAP-LR – –– 
UAP-PRO– – 
UAP-AC– – 
UAP-AC-Outdoor– – 
UAP-Outdoor –– – 
UAP-Outdoor+–  
UAP-Outdoor5– –  –
UAP-IW** –

NOTE: * The UAP-IW only supports PoE Pass-Through when powered by 802.3at.

UniFi Cloud Key – Supported PoE Input Modes

ModelPoEPoE+PoE++
UC‑CK–  –
UCK-G2-PLUS–  –
UCK-G2 –– 

UniFi Cameras – Supported PoE Input Modes

ModelPoEPoE+PoE++
UVC-G3–  –
UVC-G3-AF–  –
UVC-G3-DOME–  –
UVC-G3-MICRO*
UVC‑G3‑PRO
UVC-G3-Flex
UVC-G4-PRO

NOTE: * Supported when using the included 802.3af Instant PoE Adapter. See the QSG for more information. 

UniFi Switches – Supported PoE Input Modes

ModelPoEPoE+PoE++
US-8 – 
USW-Flex  
USW-Flex-Mini – 

Source :
https://help.ui.com/hc/en-us/articles/115000263008-UniFi-Supported-PoE-Output-and-Input-Modes

UniFi – UAP Antenna Radiation Patterns

Use this article to compare the different antenna radiation patterns of our UniFi Access Points. For an explanation on how to read antenna radiation patterns see UniFi – Introduction to Antenna Radiation Patterns.

About Radiation Patterns

Radiation patterns can be used to better understand how each Ubiquiti UniFi access point model broadcasts wireless signal. These patterns are what antenna engineers call reciprocal—in that the transmit-power (the capability of the AP to ‘speak’) will be highest at the peaks, and so will the receive-sensitivity (the capability of the AP to ‘hear’).

Please note that these radiation patterns are gathered in a fully anechoic environment. Their shape, peak gain/directivity and efficiency will change in installed environments. Every deployment will behave differently due to interference, materials, geometries of structures, and how these materials behave at 2.4GHz and 5GHz.

With that in mind, use these radiation plots as a “general guide” to identify where most of the energy (and receive sensitivity) of the UniFi APs is being directed; but keep present that the ultimate way to know how successful the coverage design is—is to measure it. Measure signal strength and coverage before (with mock positioning), during (as you install), and after to guarantee that you have the coverage you want—and don’t have the coverage you don’t want (for example with self-interference: APs hearing each other or other AP stations on the same channel).

Radiation Plot Format

Radius represents ‘elevation’, with 0° representing antenna gain straight under the AP, and 90° representing antenna gain at horizon. The degrees on the circumference represent ‘Azimuth’. That is to say, left/right/front/back of the AP, when mounted overhead.

Comparison Table

Use this table to compare the radiation patterns of each UAP. The first column shows where the respective colored dots found in each radiation plot is placed in the actual devices. Note that colored dots in the plots might be in the outer perimeter or closer to center.

Note: Varying scales are represented in the graphs below. Consider each graph individually and take note of scale when comparing products.

Directional color dots on device5GHz LowFrequency5GHz MidFrequency5GHz HighFrequency2.4GHzFrequency
UniFi6_dots.pngU6-Lite plot.U6-Lite.5.15GHz.pngplot.U6-Lite.5.50GHz.pngplot.U6-Lite.5.85GHz.pngplot.U6-Lite.2.45GHz.png
UniFi6_dots.pngU6-Proplot.U6-Pro.5.15GHz.pngplot.U6-Pro.5.50GHz.pngplot.U6-Pro.5.85GHz.pngplot.U6-Pro.2.45GHz.png
UniFi6_dots.pngU6-LRplot.U6-LR-_5.20GHz.png(5.20GHz)plot.U6-LR_-_5.50GHz.pngplot.U6-LR_-_5.80GHz.png(5.80GHz)plot.U6-LR-2.45GHz.png
U6-Mesh_dots.pngU6-Meshplot.U6-Mesh.5.20GHz.png(5.20GHz)plot.U6-Mesh.5.50GHz.pngplot.U6-Mesh.5.80GHz.png(5.80GHz)plot.U6-Mesh.2.45GHz.png
UDM_dots.pngUDMUDM_5.15GHz.png UDM_5.50GHz.png UDM_5.85GHz.png UDM_2.45GHz.png 
UWB-XGUWB-XG High 5.2GHz.png(High Gain)UWB-XG High 5.5GHz.png(High Gain)UWB-XG_High_5.8GHz.png(High Gain)The UWB-XG models do not operate on the 2.4GHz band.
UAP-FlexHD_dots.pngUAP-FlexHDFlexHD_5.15GHz.png FlexHD_5.50GHz.png FlexHD_5.85GHz.png FlexHD_2.45GHz.png 
UAP-IW-HDplot.UAP-AC-IW-HD_-_Summary_Plot_-_5.15GHz.png plot.UAP-AC-IW-HD_-_Summary_Plot_-_5.50GHz.pngplot.UAP-AC-IW-HD_-_Summary_Plot_-_5.85GHz.png plot.UAP-AC-IW-HD_-_Summary_Plot_-_2.45GHz.png
UAP-BeaconHD_dots.pngUAP-BeaconHDBeaconHD_5.15GHz.pngBeaconHD_5.5GHz.pngBeaconHD_5.85GHz.pngBeaconHD_2.45GHz.png
UAP-nanoHDplot.UAP-nanoHD.5.15GHz.pngplot.UAP-nanoHD.5.50GHz.pngplot.UAP-nanoHD.5.85GHz.pngplot.UAP-nanoHD.2.45GHz.png
UAP-HDUAP-AC-HD_5.20GHz.jpgUAP-AC-HD_5.50GHz.jpgUAP-AC-HD_5.80GHz.jpgUAP-HD_2.45GHz.png
UAP-XGUAP-XG 5.2GHz.pngUAP-XG 5.5GHz.pngUAP-XG_5.8GHz.pngUAP-XG_2.45GHz.png
UAP-SHDUAP-AC-SHD_Overall_A-Polar_Realized_Amp__5.20GHzfinal.pngUAP-AC-SHD_Overall_A-Polar_Realized_Amp__5.50GHzfinal.pngUAP-AC-SHD_Overall_A-Polar_Realized_Amp__5.80GHzfinal.pngUAP-SHD_2.45GHz.png
UAP-AC-LRUAP-AC-LR_5.20GHz.jpgUAP-AC-LR_5.50GHz.jpgUAP-AC-LR_5.80GHz.jpgUAP-AC-LR_2.45GHz.png
UAP-AC-M-PROUAP-AC-M-PRO_5.20GHz.jpgUAP-AC-M-PRO_5.50GHz.jpgUAP-AC-M-PRO_5.80GHz.jpgUAP-AC-Mesh-Pro_2.45GHz.png
UAP-AC-M UAP-AC-M_5.20GHz.jpgUAP-AC-M_5.50GHz.jpgUAP-AC-M_5.80GHz.jpgUAP-AC-Mesh_2.45GHz.png
UAP-AC-IWUAP-AC-IW_5.20GHz.jpgUAP-AC-IW_5.50GHz.jpgUAP-AC-IW_5.80GHz.jpgUAP-AC-IW_2.45GHz.png
UAP-AC-LiteUAP-AC-Lite_5.20GHz.jpgUAP-AC-Lite_5.50GHz.jpgUAP-AC-Lite_5.80GHz.jpgUAP-AC-Lite_2.45GHz.png
UAP-AC-PROUAP-AC-PRO_5.20GHz.jpgUAP-AC-PRO_5.50GHz.jpgUAP-AC-PRO_5.80GHz.jpgUAP-AC-Pro_2.45GHz.png
UAP-AC-IW-PROUAP-AC-IN-WALL-PRO_Overalll_A-Polar_Realized_Amp__5.20GHzfinal.pngUAP-AC-IN-WALL-PRO_Overalll_A-Polar_Realized_Amp__5.50GHzfinal.pngUAP-AC-IN-WALL-PRO_Overalll_A-Polar_Realized_Amp__5.80GHzfinal.pngUAP-AC-IW-Pro_2.45GHz.png
UMA-DUMA-D_5.2GHz.pngUMA-D_5.5GHz.pngUMA-D_5.8GHz.pngUMA-D_2.45GHz.png

Model Summary Plots

This section includes a graphic summary for each UniFi Access point shown in the table above, portraying radiation plots for Azimuth, Elevation 0°, Elevation 90° and Mapped 3D.U6 Lite

plot.U6-Lite_-_Summary_Plot.png

U6 LR

plot.U6-LR_-_Summary_Plot.png

U6 Pro

plot.U6-Pro.Summary_Plot.png

U6 Mesh

plot.U6-Mesh.Summary_Plot.png

UWB-XG

High Gain

UWB-XG-High-Gain.png

Low Gain

UWB-XG-Low-Gain.png

UDM

UDM-Summary_Plot.png

UAP-IW-HD

plot.UAP-AC-IW-HD_-_Summary_Plot.png

UAP-FlexHD

UAP-BeaconHD

UAP-nanoHD

summary-plot.UAP-nanoHD.png

UAP-HD

UAP-AC-HD-Overall_-_Summary_Plotrev2.png

UAP-SHD

UAP-AC-SHD-Overall_-_Summary_Plot.png

UAP-AC-Lite

UAP-AC-Lite-Overall_-_Summary_Plotupdated.png

UAP-AC-LR

UAP-AC-LR-Overall_-_Summary_Plotrev2.png

UAP-AC-PRO

UAP-AC-Pro-Overall_-_Summary_Plot5ghz.png

UAP-AC-IW

UAP-AC-IN-WALL-Overall_-_Summary_Plot_-_5GHzrev.png

UAP-AC-IW-PRO

UAP-AC-IN-WALL-PROOverall_-_Summary_Plot_-_5GHzfinal.png

UAP-AC-M

UAP-AC-M_-_Summary_Plotrev3.png

Note: The antennas for the UAP-AC-M were angled at 45° to generate the plots as shown in the images above.UAP-AC-M-PRO

UAP-AC-M-PRO-Overall_-_Summary_Plot_-_5GHz2.png

UMA-D

UMA-D_All_-_Summary_Plotrev.png

UAP-XG

Antenna Files (.ant)

Please note the data in the .ant files below was extracted from full model simulations. Clicking on the links in the following table will prompt the immediate download of the .ant file.

UniFi Access Point ModelDownloadable Antenna Files (.ant)
UAP-AC-IW-Pro UAP-AC-IW-Pro.zip  
UAP-AC-IWUAP-AC-IW.zip
UAP-AC-LiteUAP-AC-Lite.zip 
UAP-AC-LRUAP-AC-LR.zip
UAP-AC-ProUAP-AC-Pro.zip
UAP-AC-MeshUAP-AC-Mesh.zip
UAP-AC-Mesh-ProUAP-AC-Mesh-Pro.zip
UAP-HDUAP-HD.zip
UAP-SHDUAP-SHD.zip
UAP-nanoHDUAP-nanoHD.zip
UAP-IW-HDUAP-IW-HD.zip
UAP-XGUAP-XG.zip
UWB-XGUWB-XG.zip
UMA-DUMA-D.zip
UDMUDM.zip
UAP-BeaconHDUAP-BeaconHD.zip
UAP-FlexHDUAP-FlexHD.zip

Source :

UniFi – USW: Configuring Access Policies (802.1X) for Wired Clients

This article describes how to configure access policies (802.1X) on UniFi switches for wired clients. This article includes instructions on how to configure using the RADIUS server built-in to the UniFi Security Gateway and also UniFi Network configuration examples to point to your own authentication server. Every UniFi switch model is capable of authentication via 802.1X. The configuration does not change from model to model.

Note: Please complete the prerequisite configuration found in the UniFi – USG: Configuring RADIUS Server article before following this guide’s instructions.

How to Enable the 802.1X Service on a Switch

This option is found on the switch properties panel under Config > Services in the Security section when selecting an individual switch from the “Devices” section of the UniFi Network application.

ATTENTION:Enabling access control is done a per switch basis. If this is not enabled, the switch will not be able to act as an authenticator to pass RADIUS messages to the RADIUS server.  

Differentiating 802.1X Port Modes

  • Auto: The port is unauthorized until a successful authentication exchange has taken place.
  • Force Unauthorized: The port ignores supplicant authentication attempts and does not provide authentication services to the client
  • Force Authorized: The port sends and receives normal traffic without client port-based authentication.
  • MAC-Based: This mode allows multiple supplicants connected to the same port to each authenticate individually. Each host connected to the port must authenticate separately in order to gain access to the network. The hosts are distinguished by their MAC addresses.

Working with Port Profiles

Using port profiles for rapid deployment is recommended instead of applying 802.1X policies manually on each port.

  1. Navigate to Settings > Profiles > Switch Ports.
  2. Create a new profile with the desired 802.1X control.

NOTE:When using dynamic VLAN assignment on RADIUS the port profile must include each VLAN desired for use.

Source :
https://help.ui.com/hc/en-us/articles/115004589707-UniFi-USW-Configuring-Access-Policies-802-1X-for-Wired-Clients

Which UniFi Switch is Right for Me?

Ubiquiti UniFi switches help you power, connect, and process traffic across all of your devices. Since each deployment’s size and layout are unique, we offer several distinct switch categories meticulously designed to optimize any network in any environment. We’d like to explore these categories further to help you identify the model(s) that will deliver the most value for you.

Flex and Lite switches are designed to be more stylish than traditional switches so you can easily place them anywhere without disrupting your décor. These switches offer a wide range of bandwidth, uplink speed, and Power-over-Ethernet (PoE) capability. Plus, they look great mounted to a wall or sitting on your desk! 

Our marquee UniFi Switch models bring more uplink and power versatility to high-speed, device-dense networks. The UniFi Switch Pro line is even more powerful with enhanced fiber connectivity, routing, and PoE options.

UniFi Switch Enterprise models, coming later this year, are ideal solutions for demanding deployments. These switches are designed to direct a staggering amount of data and fully harness the power of UniFi 6 products.

To help you protect your enterprise deployment, we’ve created the UniFi Switch Mission Critical, which also be available later this year. The Mission Critical is a PoE switch with an uninterruptible power supply that will keep your pivotal devices (and UniFi Access products) running through outages and internal failures with its powerful internal battery and external backup battery connectors.

Detailed network insights anywhere, anytime

We know keeping track of ports and devices can be a headache, so we’ve engineered all of our switches to allow individual port naming, locking, and configuration—all from your UniFi Network application. Using UniFi Network, you’ll get real-time insights that will help you optimize your deployment.

Key network details are also visible on the sleek touchscreens built into our UniFi PoE Switch, Switch Pro, and Switch Enterprise models. You can even use your phone to view an augmented reality overlay that labels each port with its connected device!

See our switches in action

Your deployment is only as powerful as the switches powering it, so choosing the right UniFi Switch is critical for enhancing your network’s performance. To learn more, check out our new video above or the comparison table below for a deeper feature breakdown. Also, be sure to like and subscribe when you catch us on YouTube and check our blog regularly for brand-new UniFi content!

Choose the right switch for you


Source :
https://blog.ui.com/2021/03/30/which-unifi-switch-is-right-for-me/

Ubiquiti UniFi Network 7.0 Introduces Revamped Settings to Simplify System Configuration

Comprehensive network customization has always been a touchstone of the UniFi Network application, and a guiding principle for our developers who work tirelessly to refine it. However, providing such an immense degree of user control can sometimes complicate our larger pursuit to simplify IT for every type of user. We want our settings to provide a wealth of options while also being easy to navigate and understand. Otherwise, network optimization is only possible for the most technically adept.


UniFi Network 7.0 resolves this tension by delivering a more intuitively organized dashboard and an enhanced search engine that makes it simpler than ever to locate the exact settings you need to support your unique deployment. We’ve also expanded automation options for many settings to deliver a more plug-and-play experience for new UniFi users setting up their systems for the first time.


Making network configuration more accessible is our top priority with the 7.0 release, but long-time users can rest assured that our advanced settings remain as robust as ever. In fact, we’ve made many key innovations, including network-specific multicast DNS settings, expanded data retention options, and more sophisticated configuration copying that even accounts for the specific outlet a device is plugged into. You’ll also be able to surf through these options with unprecedented speed as we’ve drastically lowered latency within the Settings menu.


In short, UniFi Network 7.0 is about making your network settings as unique as your deployment, in terms of functionality, navigability, and even aesthetic with the introduction of Light Mode and other dashboard enhancements. There’s so much more we could cover, but no rundown could compare to seeing these improvements yourself.


However, if you’d like to start by reviewing the release’s bug fixes, known issues, OS-specific installation details, or download links, you can find them all on the Ubiquiti Community forum. Once you’ve updated to 7.0 and had some time to explore, we’d love to hear about your experience on the forum as well!

This release marks a huge advancement of UniFi by making network management deeper and more accessible—but our work continues. To follow us on our journey, make sure to check this feed periodically for new content related to product announcements, innovations, tutorials, and more.

Source :
https://blog.ui.com/2022/03/01/unifi-network-version-7-0-introduces-revamped-settings-to-simplify-system-configuration/

How to set up the ultimate Ubiquiti UniFi home network in 2022

If you’re in the market for a new Wi-Fi 6 router, the best deliver reliable coverage to all corners of your home at little cost to get started. If you need extensibility, mesh routers allow you to add additional nodes. But if you want extensive configuration options and an all-in-one solution to cover routing, switching, and home security, consider Ubiquiti’s portfolio. Its UniFi brand covers switches and routers aimed at small businesses, but it turned its attention to the consumer category over the last two years with a decent selection of products. Ubiquiti offers a range of security cameras and video doorbells under UniFi Protect, can easily integrate into an UniFi network. The best part about Ubiquiti’s home security products is they record footage locally and don’t send data to a cloud service, providing better privacy without paying a monthly license to access all the security camera and video doorbell features. So if you’re looking to overhaul your home network, here’s what Ubiquiti has to offer.

All-in-one solution: UniFi Dream Router

Ubiquiti UniFi Dream Machine reviewSource: Harish Jonnalagadda / Android Central

If you don’t want to get a standalone wired router, switch over and add wireless access points, then you’ll want to take a look at Ubiquiti’s unified solutions. The latest offering is the UniFi Dream Router, and it goes up against the best Wi-Fi 6 routers. It’s the second all-in-one device in the UniFi range — after the Wi-Fi 5-based UniFi Dream Machine — and the feature-set you get here is astounding when you consider what it costs.

But first, a rundown of the hardware: the Dream Router has a cylindrical design similar to the Dream Machine, but a tiny screen at the front shows real-time network statistics. The router has 4×4 MIMO and goes up to 2.4Gbps with Wi-Fi 6, and it utilizes 160MHz channels. There’s a dual-core CPU, 128GB of storage, an SD card slot, 2GB of RAM, and four Ethernet ports with two offering PoE.

Because it is an UniFi product, the Dream Router has an exhaustive set of configuration options that far exceed most consumer routers. For example, it lets you connect and manage Ubiquiti’s security cameras and video doorbells. It is relatively straightforward to set up from your phone, and if you don’t want to tweak every setting, that’s fine. The options are there should you need them.

Now, there are a few caveats. First, the Dream Router is still in testing and isn’t finalized, and as such, you can only buy it from Ubiquiti’s Early Access store. You’ll have to make a free account to access the store, and while it’s sold out, it’s being restocked regularly. The Dream Router sells out periodically because of its price: $79.

For under $100, there isn’t another router that delivers anywhere close to the same set of features as the Dream Router, and with the router estimated to debut for a lot more once it hits the regular sales channel, now is the best time to pick it up.

UniFi Dream Router

With 4×4 MIMO and 2.4Gbps bandwidth over Wi-Fi 6, four Gigabit Ethernet ports with two PoE ports, and a screen at the front for monitoring real-time traffic, the Dream Router is the ultimate value.

Routing: UniFi Dream Machine Pro

Ubiquiti UniFi Dream Machine Pro reviewSource: Harish Jonnalagadda / Android Central

If you want to use a standalone router for managing your home network, you should take a look at the UniFi Dream Machine Pro (UDM Pro). I switched to the UDM Pro last year, and it has been a revelation. However, unlike the Dream Machine or Dream Router, the UDM Pro is a 1U rack-mounted solution, so you will need a rack server if you want to go down this route.

The UDM Pro is designed to be a wired router, so you’ll have to buy a switch and a wireless AP to connect your wireless devices like phones, tablets, and notebooks. Now, the standout feature with the UDM Pro is that it has a 3.5-inch HDD slot to facilitate network video recording (NVR), so if you want to add Ubiquiti’s security cameras to your network, this is the ideal way to go. In addition, you can slot in a 4TB drive in the UDM Pro and access locally-stored recordings going back weeks and months.

As for hardware, the UDM Pro has a built-in switch with eight Gigabit ports with a 1GbE backplane, 10Gbps SFP+ ports, and a quad-core CPU with Cortex-A57 cores. It includes the full suite of UniFi OS applications, including UniFi Network for switching, UniFi Protect for security cameras, UniFi Talk for VoIP, and UniFi Access for managing door access in a small office environment. The UDM Pro also offers intrusion detection and prevention features that block access to malicious websites.

Having used the UDM Pro extensively for the last year, the only downside I can think of is that it lacks built-in PoE ports. So when you’re connecting Ubiquiti’s wireless access points, you will need to buy an additional PoE injector.

UniFi Dream Machine Pro

The UDM Pro sits at the heart of a prosumer UniFi install. The rack-mounted router comes with an 8-port switch and 10G SFP+ ports, a 3.5-inch drive tray to use as a network video recorder, and class-leading threat management features.

Switching: UniFi Switch 24 PoE

Ubiquiti UniFi Dream Machine Pro reviewSource: Harish Jonnalagadda / Android Central

While I have over 30 devices connected to the wireless access points in my home at any given time, I use wired connectivity for the devices that I use the most, including the work machines, TVs, and the PS5. So while the UDM Pro has an eight-port switch, I find that a 24-port option is the best way to go, particularly if you’re going to connect a lot of security cameras. For context, I’m currently using over a dozen ports on my Switch Pro 24 PoE.

As for the switch, the Switch Pro 24 PoE is a fantastic choice, but at $699, it is also very costly. My recommendation would be the standard Switch 24 PoE; it is a 24-port switch with 16 Gigabit PoE+ ports with a total power budget of 95W alongside eight Gigabit ports. Like the UDM Pro, it is a 1U rack-mountable solution, and you get a small screen on the left for viewing real-time statistics.

The 95W power budget is more than adequate for the wireless access points and security cameras, and at $379, the Switch 24 PoE costs nearly half as much as the Pro version, and while you miss out on 10Gbps SFP+ ports, it has most of the essentials covered. If you don’t want a rack-mounted solution, you should look at the Switch Lite 16 PoE, a 16-port switch with eight PoE+ ports.

UniFi Switch 24 PoE

If you need more ports for wired connections, the Switch 24 PoE is the ideal option. It has 16 802.3at PoE ports with a cumulative power budget of 95W and can easily accommodate a slate of wireless access points and security cameras.

Wireless: UniFi Access Point Wi-Fi 6 Lite

UniFi Access Point Wi-Fi 6Source: Ubiquiti

With a wired router and switch sorted out, you’ll need a wireless access point so wireless devices like phones and tablets can connect to your home network. Ubiquiti has three options in this area: Wi-Fi 6 Lite, 6 Pro, and 6 Long Range. As the name suggests, all three are based on Wi-Fi 6, and they share a similar design.

These APs work best when mounted on the ceiling or the wall as the antennae are positioned sideways. The $99 Wi-Fi 6 Lite has 2×2 MIMO and goes up to 1.2Gbps on the 5GHz band, with a gain of 3dBi. The $149 Wi-Fi 6 Pro and $179 Wi-Fi 6 Long Range have IP54 ratings, draw power using the 802.3at PoE+ standard, and are designed for indoor and outdoor use.

The Wi-Fi 6 Pro is the newer offering and comes with higher-gain antennae that go up to 6dBi, with maximum 5GHz throughput of 4.8Gbps, with the Long Range going up to 5.5dBi and 2.4Gbps over 5GHz. The Wi-Fi 6 Pro also is the only access point in Ubiquiti’s portfolio that offers the 160MHz channel.

I use a Wi-Fi 6 Long Range and Wi-Fi 6 Lite in my home, but if you’re starting from scratch, a good bet would be to get a Wi-Fi 6 Lite and Wi-Fi 6 Pro to get going and add more as needed. These access points seamlessly integrate into the UniFi network and can be configured with the UDM Pro.

UniFi Access Point Wi-Fi 6 Lite

The Wi-Fi 6 Lite access point has 2×2 MIMO and 1.2Gbps throughput over 5GHz, and it does a good job delivering reliable Wi-Fi 6 signal to all corners of your home.

UniFi Access Point Wi-Fi 6 Pro

Ubiquiti’s latest wireless access point has it all: 160MHz channels over Wi-Fi 6, 4×4 MIMO with a 4.8Gbps throughput at 5GHz, and the ability to connect to up to 300 clients.

Security camera and doorbell: G4 series

UniFi Protect seriesSource: Ubiquiti

Security cameras are a big part of the UniFi Protect portfolio, and Ubiquiti offers a dozen products in this area. I use a combination of the G3 Flex, G4 Bullet, and the G4 Dome inside (and outside) my home, and they’re pretty good at what they do. Ubiquiti’s cameras draw power over PoE and let you record 1080p footage, plus you get weather resistance with the G4 series.

In my use case, I found the G3 Flex to be ideal as an indoor camera as it can be positioned just about anywhere inside the house, with the G4 Bullet and G4 Dome suited for outdoor use. The G3 Flex starts at $79, and you can pick up a pack of three for $229

The G4 Bullet offers 1440p recording that sells for $199, and if you want 4K video, 3x zoom lens, and IP67, you will need to get the $449 G4 Pro. Several users had issues with condensation on the G4 Bullet last year, but that hasn’t been a drawback for me. I haven’t used Ubiquiti’s doorbells just yet. Still, the G4 Doorbell offers a similar set of features as other smart video doorbells, including two-way audio, motion detection, and Wi-Fi connectivity. Here’s a breakdown of the feature-set that each security camera offers:

UniFi Protect seriesSource: Ubiquiti

You can pair the security cameras and doorbells to any UniFi routing solution with UniFi Protect. As for managing the security devices, you can install the UniFi Protect app on your phone and configure motion detection areas, privacy zones where the cameras won’t record footage, and smart detection for faces and vehicles.

You get a decent number of options for notifications, including the ability to set custom schedules and receive information at a set time. The cameras do a good job with motion detection and notification alerts, and UniFi Protect has a good UI that lets you view events and see recorded footage with ease. The best part is that all footage is stored locally, so you don’t have to pay a license fee to access all the features on offer. Unfortunately, there’s no active monitoring like you get with Arlo or Ring, but UniFi Protect gets a lot right for a self-hosted solution.

UniFi Camera G3 Flex

The G3 Flex is a great indoor camera, thanks to its versatile design. You get 1080p video recording, integrated IR LEDs for motion detection at night, and a built-in mic.

UniFi Camera G4 Bullet

The G4 Bullet has 1440p recording, a weather-sealed design, a built-in mic, a 110-degree angle of view, and LEDs for recording at night.

Building your UniFi network

Ubiquiti UniFi Dream Machine Pro reviewSource: Harish Jonnalagadda / Android Central

Ubiquiti has significantly expanded its consumer offerings in the last two years, and if you’re interested in getting started with an UniFi home network, you have a lot of choices. The UDM Pro is ideally suited as a routing solution because of the hardware on offer and the extensive feature-set and configuration. You can pair it with a multitude of switches and wireless access points.

The reason why I switched to UniFi was the extensibility. I started with the UDM Pro, Switch Pro 24 PoE, and the Wi-Fi 6 Long Range and Wi-Fi 6 Lite for wireless access. As for security cameras, I have three units of the G3 Flex for indoor use and a G4 Bullet located outside.

I’m now eyeing the Wi-Fi 6 Pro for the balcony as that’s the one area where I don’t get adequate coverage, and the G4 Doorbell as the video doorbell. I’ve deliberated getting a Nest Doorbell, but considering I have an UniFi Protect system set up anyway, I figured the G4 Doorbell would be a better alternative.

The biggest issue with Ubiquiti products is availability. The security cameras, in particular, are constantly sold out, so you will have to wait for a restock to get your hands on the G4 Bullet or even the Dream Router. Then you’ll need to factor in cabling as most of these devices connect over Ethernet. I’m fortunate that my home has internal Cat5 cabling, but you will need to consider that if you’re looking to make the switch.

The sheer amount of features in UniFi Network, the ease-of-use of UniFi Protect, and the fact that you have complete control over the recorded footage make Ubiquiti’s products an excellent choice for prosumers. Of course, building out the entire network is a sizeable investment if you’re picking up a UDM Pro, Switch 24 PoE, two APs, and a few security cameras, but at the end of the day, you get a scalable network that will serve you well for several years.

Source :
https://www.androidcentral.com/how-set-ultimate-ubiquiti-unifi-home-network-2022

Ubiquiti UniFi – Run the Network Application as a Windows Service

Windows services are often useful since they are background applications that don’t require any attention from the end-user. The service launches upon startup, without any intervention from the user. The service is a direct replacement for running the Network application manually (via the icon or a scheduled task), so there is no need to run the UniFi Network application if it is being run as a Windows service.

This article describes how to set up the UniFi Network application to run as a Windows service, and how to update it when it’s running this way.NOTES & REQUIREMENTS:

  • Applicable to the latest UniFi application versions for Windows.
  • This article applies to UniFi applications that are installed on Windows Desktop (Windows 10) and not Windows Server versions.
  • It is recommended to only install the x64 version of Java 8 for the UniFi Cloud Access Portal to work properly.
  • Make sure to allow the ports used by the UniFi application through the Windows Firewall. See the UniFi – Ports Used article for more information. 

How to set up the UniFi Network application as a Windows Service

ATTENTION: It is recommended to only install the x64 version of Java 8 for the UniFi Cloud Access Portal to work properly. However, older versions of the Network application may require both x64 and x86 Java to be installed on a Windows x64 system.

1. Close any instances of the UniFi Network application on the computer. If the UniFi Network application was just installed, make sure to open the application manually at least once, or let it run at the end of the wizard. Once you see the message UniFi Network application (a.b.c) started, the application may be closed.CLI:Open an administrative Windows Command Prompt (CMD) window.

2. Change the directory to the location of UniFi installation.

cd "%UserProfile%\Ubiquiti UniFi\"

Click to copy

3. Once in the root of the UniFi folder, run the following command to install the UniFi Network application service:

java -jar lib\ace.jar installsvc

Click to copy

4. Wait for the installation to complete, indicated by the Complete Installation log message.

5. Start the service with the command below: 

java -jar lib\ace.jar startsvc

Click to copy

6. Open a browser and navigate to the application’s IP address or https://localhost:8443.

How to upgrade a UniFi Network application that is running as a Windows Service

1. Create a backup of your Network application.CLI:Open an administrative Windows Command Prompt (CMD) window.

2. Change the directory to the location of UniFi installation.

cd "%UserProfile%\Ubiquiti UniFi\"

Click to copy

3. Once in the root of the UniFi folder, issue the following to uninstall the Network application service:

java -jar lib\ace.jar uninstallsvc

Click to copy

4. Wait for the service uninstall process to complete. 

5. Launch the Network application and update it through the Settings section. Alternatively, download the latest installation file from the Downloads section.

6. Repeat the steps from the section above after the new Network application version is installed.

Source :
https://help.ui.com/hc/en-us/articles/205144550-UniFi-Run-the-Network-Application-as-a-Windows-Service

Ubiquiti UniFi – USG Advanced Configuration Using config.gateway.json

This article describes how to perform advanced configurations on the UniFi Security Gateway (USG and USG-PRO-4) using the config.gateway.json file. This article is not applicable to the UniFi Dream Machine models. The UDM line does not support configurations done outside of the UniFi Network application.NOTES & REQUIREMENTS:

  • Ubiquiti Support cannot assist in the creation of the config.gateway.json file nor will assistance be provided for command line configuration. If assistance is required, feel free to visit our Community to create a topic and ask for help with your desired configuration.
  • This article covers advanced configuration, and should only be used by advanced users.

Table of Contents

  1. Introduction
  2. Creating the config.gateway.json File
  3. Editing the config.gateway.json File
  4. Testing & Verification
  5. Related Articles

Introduction

The config.gateway.json is a file that sits in the UniFi Network application filesystem and allows custom changes to the USG that aren’t available in the web GUI. Some possible customizations will be: configuring site-to-site VPNs with hostnames, policy routing certain traffic out WAN2, or even adding multiple IP addresses on an interface. These features don’t exist in the UniFi Network application yet, so the config.gateway.json file will supplement those features until they’re available in the GUI.

When making customizations via the config.gateway.json file, it is best to enter only the customizations that can’t be performed via the Network application. If the formatting is incorrect, a provisioning loop will be triggered on the USG, and a reboot will take place once the USG comes out of the provisioning loop. At this point the config.gateway.json file could be corrected or removed to correct this.WARNING:Some users may find they can get away with using the full config, but this is not recommended as it will most likely cause issues down the road. A provisioning loop might take place when a setting is changed in the Network application that conflicts with a setting in the config.gateway.json file.

Creating the config.gateway.json File

By default, the config.gateway.json file doesn’t exist, it has to be created in order to use it. 

1. Create a new file using a text editor such as TextEdit or Notepad++.

2. The structure of a json file is just as important as the words themselves. Incorrect placement of brackets, indentations, line breaks or any other structural element will make the json file invalid. It is recommended to run the text through a json validator in order to verify it has the correct syntax. The JSON Formatter website is one example of the many options of json validators you’ll find online.

3. Once the contents of the file has been validated, save it by naming it config.gateway.json and placing it under the <unifi_base>/data/sites/site_ID directory stored on the Network application. User Tip:Depending on your operating system, placing the file under this directory might be as simple as drag and drop, or using a FTP server might be necessary. The config.gateway.json file must have unifi:unifi as the owner and group permissions. You can check to verify with ls -l <unifi_base>/data/sites/site_ID. To change it, once you’re in the site directory, use the command: chown unifi:unifi config.gateway.json

The location <unifi_base> will vary from one operating system to another. See this article for more information. The site_ID can be seen in the URL of your browser when on the Network application. The original site is named “default”, and every site that is created will be assigned a random string. For example, this is what would be seen in the URL bar when inside the dashboard page of a site:

https://127.0.0.1:8443/manage/s/ceb1m27d/dashboard

In the above case, the random string ceb1m27d is the folder name that shall be used under <unifi_base>/data/sites/Therefore, the config.gateway.json should be placed inside <unifi_base>/data/sites/ceb1m27d/.User Tips:

  • On Cloud Key install the path for the .json file is: /srv/unifi/data/sites/[site name/default]/
  • On an Ubuntu install the path for the .json file is: /usr/lib/unifi/data/sites/[site name/default]/

Editing the config.gateway.json File

Before customizing firewall or NAT rules, take note of the rule numbers used in the UniFi Network application under Settings > Routing & Firewall > Firewall. Default firewall rules start at either 3001 or 6001, and NAT rules will also start at 6001 (which don’t overlap with firewall rules). The custom rules created in the config.gateway.json cannot have duplicate rule numbers with the existing rules in the USG, or there will be a provisioning loop. It is recommended to put custom rules before the existing ruleset, as the lower number will win between two matching rules.NOTE: When editing thiscustom json file, it is not necessary to include everything. You must only include the complete “path” to the items you have edited, anything outside of the path can be omitted. Think of each node in the json file as a folder that is nested within other folders (except for the level 1 folder which is our main section). The folder path that takes you from level 1 all the way down to the item you will be configuring must be present in the json file. See this example where we want to edit “close”, which has the following path: system > conntrack > timeout > tcp > close.  

levels.png

Notice that in level 3 “modules” is also present along with “timeout”, but we will not include it in the json file because it is not part of the path to “close”. Same with the other items in level 5 under “tcp”. They do not need to appear in the config.gateway.json file because they are not part of the path. A successful change then, in the configuration of “close” from 10 to 20 would look like this:

success.png

The following is an example of how a DNAT rule is created for DNS configured using EdgeOS formatting:

1. Connect to the USG via SSH, and issue the following commands:

configure
set service nat rule 1 type destination
set service nat rule 1 inbound-interface eth0
set service nat rule 1 protocol tcp_udp
set service nat rule 1 destination port 53
set service nat rule 1 inside-address address 10.0.0.1
set service nat rule 1 inside-address port 53
commit;save;exit

2. Next is displaying the config. The following command displays the entire config in a JSON format:

mca-ctrl -t dump-cfg

 The config can also be exported if preferred. The following example exports the output to the config.txt:

mca-ctrl -t dump-cfg > config.txt

3. Find the appropriate section with the custom changes in the config output, for our example above it would be the following:

                "nat": {
                        "rule": {
                               "1": {
                                       "destination": {
                                               "port": "53"
                                       },
                                       "inbound-interface": "eth0",
                                       "inside-address": {
                                               "address": "10.0.0.1",
                                               "port": "53"
                                       },
                                       "protocol": "tcp_udp",
                                       "type": "destination"
                               },

4. Above is the custom rule, but it’s missing all the closing brackets (}) at the end to make it correct. If you look at the config output from the start, there is a certain format that is required for the file to be read correctly. Each node in a section must be separated by a comma (,), and it section must begin with an opening bracket ({) and finish with a closing one (}). Follow the existing format carefully. If the above rule is the only change in the config.gateway.json, you would edit it to look like so:

{
       "service": {
                "nat": {
                        "rule": {
                               "1": {
                                       "destination": {
                                               "port": "53"
                                       },
                                       "inbound-interface": "eth0",
                                       "inside-address": {
                                               "address": "10.0.0.1",
                                               "port": "53"
                                       },
                                       "protocol": "tcp_udp",
                                       "type": "destination"
                               }
                       }
               }
       }
}

5. If there are multiple sections to add, say Firewall, Service, VPN, the closing bracket for that section would be followed by a comma (},), before starting the next section. You can see these formatting details in the example below.

The DNAT rule # ranges are from 1-4999, and the Source/Masquerade rule numbers are from 5000-9999. If you wanted to add a port forward (DNAT) in the config.gateway.json for WAN2 in a multiWAN (load-balance) setup, this is what the config.gateway.json would look like with only this particular NAT rule:

{
	"service": {
		"nat": {
			"rule": {
				"4500": {
					"description": "port_forward_WAN2",
					"destination": {
						"address": "100.64.100.100",
						"port": "22"
					},
					"inbound-interface": "eth3",
					"inside-address": {
						"address": "192.168.1.100"
					},
					"protocol": "tcp",
					"type": "destination"
				}
			}
		}
	}
}

And if we were to add a VPN with hostnames to the file, the config.gateway.json would look like the one below. Notice the opening and closing brackets, as well as the bracket with comma before starting with the "vpn" section:

{
	"service": {
		"nat": {
			"rule": {
				"4500": {
					"description": "port_forward_WAN2",
					"destination": {
						"address": "100.64.100.100",
						"port": "22"
					},
					"inbound-interface": "eth3",
					"inside-address": {
						"address": "192.168.1.100"
					},
					"protocol": "tcp",
					"type": "destination"
				}
			}
		}
	},
	"vpn": {
		"ipsec": {
			"site-to-site": {
				"peer": {
					"yyyy.ignorelist.com": {
						"authentication": {
							"id": "xxxx.ignorelist.com"
						},
						"local-address": "xxxx.ignorelist.com"
					}
				}
			}
		}
	}
}

Testing & Verification

It’s recommended to validate the code once finished creating the config.gateway.json. There are a number of free options out there, jsonlint.com is used by the Ubiquiti support team quite often.

After adding the config.gateway.json to the UniFi Network site of your choosing, you can test it by running a “force provision” to the USG in UniFi Devices > select the USG > Config > Manage Device > Force provision. This will take a while to provision (30 seconds to 3 minutes), and if it stays in provisioning longer than that, there may be a formatting error in the config.gateway.json, and you are experiencing the provisioning loop that was mentioned earlier. You can check server.log in the application and search for commit error. You can usually find what went wrong with the provisioning of the newly customized configuration in the log files. Find information about that here.User Tip:An easy way to test the validity of the json file is: python -m json.tool config.gateway.json

Deleting Changes or Reverting to Previous State

To remove a certain advanced configuration, just delete the section pertinent to that configuration in the config.gateway.json file. To completely remove all advanced configurations created in the config.gateway.json file, delete the file or rename it. This will void all manual changes. The USG will be provisioned with the current config contained within the UniFi Network application.

A best practice when editing an already working config.gateway.json file is to create a backup. If you need to add additional changes to the config.gateway.json file, rename the current file to config.gateway.json.old, essentially creating a backup, and copy all the existing and new changes into a new file named config.gateway.json. This way, if there happens to be any mistakes resulting in a “commit” error or provisioning loop, you can delete config.gateway.json, and try again starting from config.gateway.json.old.

Source :
https://help.ui.com/hc/en-us/articles/215458888-UniFi-USG-Advanced-Configuration-Using-config-gateway-json

Ubiquiti UniFi – Explaining the system.properties File

This article describes what the system.properties file is used for and how to edit it.NOTES & REQUIREMENTS:This article includes some advanced configurations that should only be performed by advanced users. Advanced configurations are not supported by our Support team. The Community is the best place to find experts to guide you with advanced configurations.

Table of Contents

  1. Introduction
  2. Manually Specify the IP Interface for UniFi Network Application Communication
  3. Advanced Database Configuration
  4. SMTP Related Settings
  5. User Tips & Notes

Introduction

The system.properties file, found within <unifi.base> in the data folder, is the file inside the UniFi server installation directory, which defines system-wide parameters for the UniFi Network application. Here are just a few notable examples of supported configuration changes for UniFi Network application made in the system.properties file:

  • Manual override of the Application IP Interface (the address to which Devices send inform packets).
  • Advanced Database adjustments.
  • Port Assignments, for purposes of the UniFi Network application communicating with Managed Devices, redirecting Guest Portal traffic, etc.

WARNING:Before editing the system.properties file, remember to create a backup of your system and download it to a safe place. It is also necessary to stop the application before performing any change in the file to avoid errors after changes are made.

The system.properties file can be edited directly via any text editor. Keep in mind that lines preceded by hash-tags (#) exist as comments and are non-operational. Make edits at the bottom of the file. After changing this file, you’ll need to manually trigger provisioning on each site in order to make these effective.NOTE:The system.properties file is created when UniFi Network runs successfully. If you cannot find the file within the <unifi_base>, create it by running the UniFi Network application .

Manually Specify the IP Interface for UniFi Network Application Communication

If a UniFi OS Console (or device hosting the application) has multiple IP interfaces, the following configuration can manually set the exact IP interface that adopted APs should communicate to the Network application:

  • system_ip=a.b.c.d           # the IP devices should be talking to for inform

Advanced Database Configuration

Below are advanced database configurations that most users will never need. Note: We do not perform tests on these configurations, they are enabled for the convenience of database experts. One possible usage scenario is where few people run their application on a NAS, which has a smaller footprint than a normal server, hence there’s a need to reduce the required resources.

  • unifi.db.nojournal=false    # disable mongodb journaling
  • unifi.db.extraargs            # extra mongod args

The configuration below is used to facilitate UniFi Network application installation. Again, most users will never need to set this. When the is_default is set to true, the application will start with factory default configuration. For normal, everyday users, an uninstallation and then fresh re-installation is recommended over this.

  • is_default=true

From the UniFi Network application you can configure the autobackup frequency, amount of backups to store, time of backup, etc. At the time of writing this, you cannot change the storage location via the application. We do have a variable in the system.properties if you wish to change the storage location. Currently, the default points to:

1. For Cloud Key: /data/autobackup (where SD card is mounted as /data by default)
2. For software installs: {data.dir}/backup/autobackup

  • autobackup.dir=/some/path

The UAP-AC-EDU is recommended to be managed from a local application. The current communication from the EDU mobile app relays from app to Network application to EDU. If the mobile device is remote to the EDU, then you just need to open the appropriate ports. If the UniFi Network application is remote to the EDUs, then you need to add the following line to system.properties.

  • stream.playback.url.type=inform

(5.5.15+/5.6.7+) We’ve added HSTS support to the application. Do note that it is default disabled. This should only be enabled if you know what you’re doing with it. This will only ever be a system.properties value so it can be easily disabled in case of issues. If you run into issues, you likely will need to clear your browser’s cache after disabling this and restarting the service. To enable HSTS support add the following:

  • unifi.https.hsts=true
  • unifi.https.hsts.max_age=31536000
  • unifi.https.hsts.preload=false
  • unifi.https.hsts.subdomain=false 

NOTE: Currently no characters after the custom line(s) are allowed. This includes spaces, pound/sharp signs/comments, etc.

SMTP Related Settings

By default, SMTPS validates certificates and will reject self-signed or untrusted certificates. If your mail server uses an untrusted certificate, you must disable certificate verification with the following: smtp.checkserveridentity=false

Starting with UniFi Network version 6.1, STARTTLS is opportunistically enabled by default; e.g. will be used if the server announces support for it, and will require a trusted certificate. If using a self-signed or untrusted certificate, you must disable STARTTLS by setting the following: smtp.starttls_enabled=false

This only controls whether STARTTLS will be used if the server supports it. To force its use, see: starttls_required

With UniFi Network version 6.1 and newer, STARTTLS is opportunistically enabled by default, but only required if using port 587. This behavior can be overridden by setting smtp.starttls_required=true to force the use of STARTTLS on ports other than 587, or to make STARTTLS optional on port 587, set it to false.

If smtp.starttls_enabled=false is set, the starttls_required value has no impact.

User Tips & Notes

  • If receiving error, it’s possible there are hash tags (#) present in front of commands. Hash tags indicate comments, and will make commands not work until hash tag is removed.
  • If you want to reduce the logging frequency on your RPi UniFi Network application, see this Community threadATTENTION:Without logs, it is impossible to receive appropriate support. Use this tip under your own discretion. See how to extract logs in our UniFi – How to View Log Files article.
  • If you cannot find the system.properties file, it might not have been created yet. This file is created once the UniFi app runs successfully. If you need to change port numbers because of a port clash, it doesn’t count as a successful launch and does not create the file, so you can’t alter the port numbers to avoid the clash.

    Source :
    https://help.ui.com/hc/en-us/articles/205202580-UniFi-Explaining-the-system-properties-File