UniFi - Network Controller: Regenerating an IDS/IPS Token


Overview


After reading this article readers will understand how to regenerate a token used for IDS/IPS functionality. The instructions below will guide users on how to navigate the MongoDB for the UniFi Controller. These steps can be used when restoring from a backup and using a new UniFi Security Gateway (USG). In this scenario, the old token would potentially be used on two USGs at the same time or report alerts on an incorrect site.

NOTES & REQUIREMENTS:
This article covers advanced configuration on Debian-Based Linux/Cloud Key and Windows, and should only be used by advanced users. Applicable to UniFi Controller v5.9+ and UniFi Security Gateways (all models).

Table of Contents

  1. Steps: How to Erase an Old Token and Generate a New One on Debian-Based Linux/Cloud Key
  2. Steps: How to Erase an Old Token and Generate a New One on Windows
  3. Testing & Verification
  4. Related Articles

Steps: How to Erase an Old Token and Generate a New One on Debian-Based Linux/Cloud Key


Back to Top

Debian-Based Linux and Cloud Key

1. Disable IPS or IDS in the UniFi Controller UI, under Settings > IPS.

2. SSH or open a console on the device hosting the UniFi Controller.

3. Open a MongoDB shell to the ace directory:

mongo localhost:27117/ace

4. Locate the site code. The "NAME_HERE" value should be replaced with your site name as it appears in the upper-right corner drop down menu on the UniFi Controller web UI. Spaces are allowed, and site names are case sensitive.

db.site.find({"desc":"NAME_HERE"})
NOTE: The ObjectID will be your site code. Keep this for reference in the next step.

5. Locate the correct IPS setting document. The "SITE_ID_HERE" will be the ObjectID that was found in step 4.

db.setting.find({"key":"ips","site_id":"SITE_ID_HERE"})
NOTE: The ObjectID for this query will be your IPS setting document. Keep this for reference in the next step.

6. Remove the utm_token from the database:

db.setting.update({"_id": ObjectId("IPS_ObjID_HERE")},{ $set: { "utm_token":""}})

7. Enable IPS or IDS in the UniFi Controller web UI under Settings > IPS.


Steps: How to Erase an Old Token and Generate a New One on Windows


Back to Top

1. Disable IPS or IDS in the UniFi Controller UI, under Settings > IPS.

2. The Windows UniFi installer does not include the mongo binary. Visit the MongoDB official download website, and download the .zip release that corresponds to your server's CPU architecture. Alternatively, download 2.4.14 here directly: 2.4.14.zip.

3. Extract \bin\mongo.exe to a working directory of your choice. In this example, we will use C:\ips\. You may ignore all other files included in the package.

4. Open the command prompt by pressing WINDOWS + R.  In the popup, type cmd and press ENTER.

5. In the command prompt, change to the working directory:

cd C:\ips\

6. Open a MongoDB shell to the ace directory:

mongo --port 27117
use ace

7. Locate the site code. The "NAME_HERE" value should be replaced with the site name as it appears in the upper-right corner drop down menu on the UniFi Controller webUI. Spaces are allowed, and the site name is case sensitive.

db.site.find({"desc":"NAME_HERE"}) 
NOTE: The ObjectID will be your site code. Keep this for reference in the next step.

8. Locate the correct IPS setting document. The "SITE_ID_HERE" will be the ObjectID that was found in step 7.

db.setting.find({"key":"ips","site_id":"SITE_ID_HERE"})
NOTE: The ObjectID for this query will be your IPS setting document. Keep this for reference in the next step.

9. Remove the utm_token from the database:

db.setting.update({"_id": ObjectId("IPS_ObjID_HERE")},{ $set: { "utm_token":""}})

10. Enable IPS or IDS in the UniFi Controller webUI under Settings > IPS.


Testing & Verification


Back to Top

Referencing the utm_token before and after this process should be enough to see that it either did or did not change. See here for quick ways to test IPS/IDS.


Related Articles


Back to Top

UniFi - USG: Configuring Intrusion Prevention/Detection System (IPS/IDS)


We're sorry to hear that!