This article describes how to adopt a UniFi Security Gateway (USG) into an existing network, and replacing an already functioning router. With gateway devices having a static LAN IP, the process of adopting a USG can differ from that of a UniFi Access Point (UAP) and a UniFi Switch (USW) in that it may require some initial IP configuration prior to adoption. This article will guide users through said process.
Table of Contents
- Plan Deployment
- Configure the LAN Network
- Change the USG LAN IP Before Adoption
- Adopt the USG and Configure the WAN
- Related Articles
When deploying into an existing network, the USG will replace the current router or firewall device. The USG's WAN will plug into the Internet connection, and its LAN into the switch for the internal network.
When replacing a current router, the USG will substitute it and take over its IPs.
Do not connect the USG's WAN until after it has been adopted.
If an Internet Service Provider's (ISP) modem is currently acting as the router, there are additional considerations in the modem’s configuration. It is usually best to put the modem into bridge or passthrough mode, so the USG’s WAN obtains the public IP, and the modem’s involvement is limited to bridging. See the modem’s and ISP’s documentation for instructions and options, as these can vary widely. The current router’s LAN subnet and IP will need to change, as it will no longer be connected directly into the LAN network.
|Note: If replacing an existing USG with a different USG, you must forget the existing USG from the controller before adopting the new one.|
Configure the LAN Network
To configure the IP and other LAN parameters that will be deployed to USG once adopted, launch the UniFi Controller. Once there:
- Go to Settings
- Select Networks
- Click on Edit, under Actions on the far right of the LAN table
- Set the IP and DHCP parameters as desired, and click Save
Now the configuration is ready to deploy to the USG. It may be adopted now.
Change the USG LAN IP Before Adoption
If the controller is on a subnet other than the USG’s default 192.168.1.0/24, it is necessary to change the USG’s LAN IP so the controller and USG can communicate. A local UI option exists for USGs running on firmware v4.3.60 and newer. For older versions, it can easily be done via CLI.
|Note: On USG version 4.3.60 and newer, you can browse to https://192.168.1.1 and configure the LAN IP and DHCP server parameters there rather than following the below CLI instructions.|
1. Connect a computer to the LAN NIC (LAN port) of the USG. It will obtain a 192.168.1.x IP from DHCP.
2. SSH into 192.168.1.1 using username and password combination of ubnt / ubnt. See this article for more on default username and password.
3. For this example, the controller is on 10.0.0.50/24, so let's change the USG’s LAN IP to 10.0.0.1. Choose an available IP within the subnet of the local controller.
4. In the SSH session, run the following (for a USG, on a USG Pro replace eth1 with eth0):
set interfaces ethernet eth1 address 10.0.0.1/24
delete interfaces ethernet eth1 address 192.168.1.1/24
Now the USG’s LAN IP is 10.0.0.1/24. The SSH session will drop.
|Note: On the USG Pro, if the controller is in the 192.168.2.0/24 subnet, it is necessary to delete the eth2 address 192.168.2.1/24 before committing the changes.|
5. Plug the USG’s LAN into the network with the controller at 10.0.0.50
6. Go to the controller and adopt it. Note: Before adopting, make sure you changed the LAN network in the Controller Settings as described above, so it doesn’t revert back to the default controller configuration of 192.168.1.1/24.
Adopt the USG and Configure the WAN
In the UniFi Controller, browse to Devices using the left-hand side menu.
1. Find the USG and click the Adopt button. It will provision the configuration as currently defined in the controller and reboot. While it’s doing that, configure your WAN interface specifics.
2. In USG’s Properties pane on the right side, go to the Configuration tab, and expand WAN 1. (Click on the USG on the Devices list to make the Properties pane appear). In the Connection Type drop-down, pick the appropriate type for your Internet connection. Refer to information provided by your ISP to obtain this information. If using a static IP WAN, make sure to also define two DNS servers here. This is optional for DHCP and PPPoE WANs, as your ISP will likely assign a DNS server, but can be manually specified in that case if desired.
3. After the WAN configuration provisions to the USG, unplug the WAN from the existing router, and plug the USG's WAN to the Internet connection. For cable and DSL service, it is often required to power cycle the modem after connecting a new gateway device. In those cases, power cycle the modem after plugging in the USG’s WAN.
After the modem boots back up, you should have Internet connectivity from your LAN via the USG. Verify the WAN information in the controller (following step 2 once again).