This article describes how to adopt a UniFi Security Gateway (USG) into an existing network, and replacing an already functioning router. For first time setup where an existing router is not being replaced, please use the USG's Quick Start Guide (QSG), followed by the UniFi User Guide. Find each model's QSG in their product page when navigating from here. If additional information is required, please see the UniFi - Device Adoption article.
Table of Contents
- Plan the Deployment
- Upgrading Firmware Before Adoption
- Configure the LAN Network
- Change the USG LAN IP Before Adoption
- Adopt the USG and Configure the WAN
- Related Articles
With gateway devices having a static LAN IP, the process of adopting a USG can differ from that of a UniFi Access Point (UAP) and a UniFi Switch (USW) in that it may require some initial IP configuration prior to adoption. This article will guide users through the process.
Plan the Deployment
When deploying into an existing network, the USG will replace the current router or firewall device. The USG's WAN will plug into the Internet connection and its LAN into the switch for the internal network.
IMPORTANT: When replacing a current router, the USG will substitute it and take over its IPs, so to prevent issues during the process, remove the old router before attempting to adopt.
If an Internet Service Provider's (ISP) modem is currently acting as the router, there are additional considerations in the modem’s configuration. It is usually best to put the modem into bridge or passthrough mode, so the USG’s WAN obtains the public IP, and the modem’s involvement is limited to bridging. See the modem’s and ISP’s documentation for instructions and options, as these can vary widely. The current router’s LAN subnet and IP will need to change, as it will no longer be connected directly into the LAN network.
Upgrading Firmware Before Adoption
To upgrade the firmware before adoption an SSH client is required. The USG will need internet access to complete the upgrade process.
1. Open your SSH client and open up a session to 192.168.1.1.
2. Log in with the default username and password of "ubnt".
3. Use the following command:
To find the firmware link, navigate to the downloads page. From here, select download button shown below.
Accept the terms if you wish to proceed. Then select Copy URL. This URL will be used in step 3 above.
After entering the upgrade command the USG will reboot with the newest firmware image. If the USG has not been adopted it will still be in a default state.
Configure the LAN Network
To configure the IP and other LAN parameters that will be deployed to the USG once adopted, launch the UniFi Controller. Once there:
- Go to Settings > Networks
- Find the network you wish to edit, and click on Edit, under Actions on the far right of the LAN table.
- Set the IP and DHCP parameters as desired, and click Save.
- Now the configuration is ready to deploy to the USG. It may be adopted now.
Change the USG LAN IP Before Adoption
If the controller is on a subnet other than the USG’s default 192.168.1.0/24, it is necessary to change the USG’s LAN IP so the controller and USG can communicate. To do so, follow these steps (for USG version 4.3.60 and newer):
- Go to https://192.168.1.1 on your browser.
- It will prompt you to enter your username and password. Use ubnt/ubnt if device is in default state.
- Go to the Configuration section and edit the LAN IP and DHCP server parameters as necessary.
If the USG is using an older version prior to 4.3.60 or if for some reason performing this configuration via CLI is preferred, click here to see the CLI steps. It is recommended to always upgrade to the newest firmware available to avoid security issues.
Adopt the USG and Configure the WAN
To adopt the USG, navigate to the Devices section using the side menu on the left.
- Find the USG and click the Adopt button. The controller will provision the configuration as currently defined in the controller and reboot. While it’s doing that, configure your WAN interface specifics.
User Tip: If you experience an issue where the status of the device loops from trying to adopt > disconnected > trying to adopt, it may be an issue with the firewall of the machine hosting the UniFi Network Controller. Port 8080 must be open for inbound traffic. Either open up that port or turn off the firewall if that’s a possibility. See what ports are needed for UniFi here: UniFi - Ports Used.
- Navigate to Settings > Network > WAN and edit the network. In the Connection Type drop-down, pick the appropriate type for your Internet connection. Refer to information provided by your ISP to obtain this information. If using a static IP WAN, make sure to also define two DNS servers here. This is optional for DHCP and PPPoE WANs, as your ISP will likely assign a DNS server, but can be manually specified in that case if desired.
- After the WAN configuration provisions to the USG, unplug the WAN from the existing router, and plug the USG's WAN to the Internet connection. For cable and DSL service, it is often required to power cycle the modem after connecting a new gateway device. In those cases, power cycle the modem after plugging in the USG’s WAN.
After the modem boots back up, you should have Internet connectivity from your LAN via the USG. Verify the WAN information in the controller (following step 2 once again).