This article describes how to adopt a UniFi Security Gateway (USG) into an existing network, and replacing an already functioning router.
Table of Contents
- Plan the Deployment
- Configure the LAN Network
- Change the USG LAN IP Before Adoption
- Adopt the USG and Configure the WAN
- Related Articles
With gateway devices having a static LAN IP, the process of adopting a USG can differ from that of a UniFi Access Point (UAP) and a UniFi Switch (USW) in that it may require some initial IP configuration prior to adoption. This article will guide users through said process.
Plan the Deployment
When deploying into an existing network, the USG will replace the current router or firewall device. The USG's WAN will plug into the Internet connection, and its LAN into the switch for the internal network.
IMPORTANT: When replacing a current router, the USG will substitute it and take over its IPs, so to prevent issues during the process, remove the old router before attempting to adopt. Do not connect the USG's WAN until after it has been adopted.
If an Internet Service Provider's (ISP) modem is currently acting as the router, there are additional considerations in the modem’s configuration. It is usually best to put the modem into bridge or passthrough mode, so the USG’s WAN obtains the public IP, and the modem’s involvement is limited to bridging. See the modem’s and ISP’s documentation for instructions and options, as these can vary widely. The current router’s LAN subnet and IP will need to change, as it will no longer be connected directly into the LAN network.
Configure the LAN Network
To configure the IP and other LAN parameters that will be deployed to the USG once adopted, launch the UniFi Controller. Once there:
- Go to Settings > Networks
- Find the network you wish to edit, and click on Edit, under Actions on the far right of the LAN table.
- Set the IP and DHCP parameters as desired, and click Save.
- Now the configuration is ready to deploy to the USG. It may be adopted now.
Change the USG LAN IP Before Adoption
If the controller is on a subnet other than the USG’s default 192.168.1.0/24, it is necessary to change the USG’s LAN IP so the controller and USG can communicate. To do so, follow these steps (for USG version 4.3.60 and newer):
- Go to https://192.168.1.1 on your browser.
- It will prompt you to enter your username and password. Use your UniFi Controller credentials.
- Go to the Configuration section and edit the LAN IP and DHCP server parameters as necessary.
If the USG is using an older version prior to 4.3.60 or if for some reason performing this configuration via CLI is preferred, click here to see the CLI steps. It is recommended to always upgrade to the newest firmware available to avoid security issues.
Adopt the USG and Configure the WAN
To adopt the USG, navigate to the Devices section using the side menu on the left.
- Find the USG and click the Adopt button. It will provision the configuration as currently defined in the controller and reboot. While it’s doing that, configure your WAN interface specifics.
- Navigate to Settings > Network > WAN and edit the network. In the Connection Type drop-down, pick the appropriate type for your Internet connection. Refer to information provided by your ISP to obtain this information. If using a static IP WAN, make sure to also define two DNS servers here. This is optional for DHCP and PPPoE WANs, as your ISP will likely assign a DNS server, but can be manually specified in that case if desired.
- After the WAN configuration provisions to the USG, unplug the WAN from the existing router, and plug the USG's WAN to the Internet connection. For cable and DSL service, it is often required to power cycle the modem after connecting a new gateway device. In those cases, power cycle the modem after plugging in the USG’s WAN.
After the modem boots back up, you should have Internet connectivity from your LAN via the USG. Verify the WAN information in the controller (following step 2 once again).