UniFi - USG Adoption: How to Adopt a USG


Overview


This article describes how to adopt a UniFi Security Gateway (USG) into an existing network, and replacing an already functioning router. 

NOTES & REQUIREMENTS: This article applies to the all USG models: UniFi Security GatewayUniFi Security Gateway Pro or UniFi Security Gateway XG.

Table of Contents


  1. Introduction
  2. Plan the Deployment
  3. Configure the LAN Network
  4. Change the USG LAN IP Before Adoption
  5. Adopt the USG and Configure the WAN
  6. Related Articles

Introduction


Back to Top

With gateway devices having a static LAN IP, the process of adopting a USG can differ from that of a UniFi Access Point (UAP) and a UniFi Switch (USW) in that it may require some initial IP configuration prior to adoption. This article will guide users through said process.


Plan the Deployment


Back to Top

When deploying into an existing network, the USG will replace the current router or firewall device. The USG's WAN will plug into the Internet connection, and its LAN into the switch for the internal network.

IMPORTANT: When replacing a current router, the USG will substitute it and take over its IPs, so to prevent issues during the process, remove the old router before attempting to adopt. Do not connect the USG's WAN until after it has been adopted.

If an Internet Service Provider's (ISP) modem is currently acting as the router, there are additional considerations in the modem’s configuration. It is usually best to put the modem into bridge or passthrough mode, so the USG’s WAN obtains the public IP, and the modem’s involvement is limited to bridging. See the modem’s and ISP’s documentation for instructions and options, as these can vary widely. The current router’s LAN subnet and IP will need to change, as it will no longer be connected directly into the LAN network. 


Configure the LAN Network


Back to Top

To configure the IP and other LAN parameters that will be deployed to the USG once adopted, launch the UniFi Controller. Once there:

  1. Go to Settings > Networks
  2. Find the network you wish to edit, and click on Edit, under Actions on the far right of the LAN table.
  3. Set the IP and DHCP parameters as desired, and click Save.
  4. Now the configuration is ready to deploy to the USG. It may be adopted now.

Change the USG LAN IP Before Adoption


Back to Top

If the controller is on a subnet other than the USG’s default 192.168.1.0/24, it is necessary to change the USG’s LAN IP so the controller and USG can communicate. To do so, follow these steps (for USG version 4.3.60 and newer):

  1. Go to https://192.168.1.1 on your browser.
  2. It will prompt you to enter your username and password. Use your UniFi Controller credentials.
  3. Go to the Configuration section and edit the LAN IP and DHCP server parameters as necessary.
If the USG is using an older version prior to 4.3.60 or if for some reason performing this configuration via CLI is preferred, click here to see the CLI steps. It is recommended to always upgrade to the newest firmware available to avoid security issues.

1. Connect a computer to the LAN NIC (LAN port) of the USG. It will obtain a 192.168.1.x IP from DHCP.

2. SSH into 192.168.1.1 using username and password combination of  ubnt / ubntSee this article for more on default username and password and this article if you need guidance with SSH.

3. For this example, the controller is on 10.0.0.50/24, so let's change the USG’s LAN IP to 10.0.0.1. Choose an available IP within the subnet of the local controller.

4. In the SSH session, run the following:

For USG:

configure
set interfaces ethernet eth1 address 10.0.0.1/24
delete interfaces ethernet eth1 address 192.168.1.1/24
commit

For USG Pro:

configure
set interfaces ethernet eth0 address 10.0.0.1/24
delete interfaces ethernet eth0 address 192.168.1.1/24
commit

Now the USG’s LAN IP is 10.0.0.1/24. The SSH session will drop.  

NOTE: On the USG Pro, if the controller is in the 192.168.2.0/24 subnet, it is necessary to delete the eth2 address 192.168.2.1/24 before committing the changes.

5. Plug the USG’s LAN into the network with the controller at 10.0.0.50

6. Go to the UniFi Controller and adopt it. Note: Before adopting, make sure you changed the LAN network in the Controller Settings as described above, so it doesn’t revert back to the default controller configuration of 192.168.1.1/24.


Adopt the USG and Configure the WAN


Back to Top

To adopt the USG, navigate to the Devices section using the side menu on the left.

  1. Find the USG and click the Adopt button. It will provision the configuration as currently defined in the controller and reboot. While it’s doing that, configure your WAN interface specifics.
  2. Navigate to Settings > Network > WAN and edit the network. In the Connection Type drop-down, pick the appropriate type for your Internet connection. Refer to information provided by your ISP to obtain this information. If using a static IP WAN, make sure to also define two DNS servers here. This is optional for DHCP and PPPoE WANs, as your ISP will likely assign a DNS server, but can be manually specified in that case if desired.
  3. After the WAN configuration provisions to the USG, unplug the WAN from the existing router, and plug the USG's WAN to the Internet connection. For cable and DSL service, it is often required to power cycle the modem after connecting a new gateway device. In those cases, power cycle the modem after plugging in the USG’s WAN.

After the modem boots back up, you should have Internet connectivity from your LAN via the USG. Verify the WAN information in the controller (following step 2 once again).


Related Articles


Back to Top

UniFi - Default Username and Password

Intro to Networking - How to Establish a Connection Using SSH

UniFi - How to Setup your Cloud Key and UniFi Access Point (for beginners)

UniFi - Advanced Adoption of a "Managed By Other" Device