UniFi - Network Controller: Regenerating an IDS/IPS Token (Debian-Based Linux/Cloud Key)


After reading this article readers will understand how to regenerate a token used for IDS/IPS functionality. The instructions below will guide users on how to navigate the MongoDB for the UniFi Controller. These steps can be used when restoring from a backup and using a new UniFi Security Gateway (USG). In this scenario, the old token would potentially be used on two USGs at the same time or report alerts on an incorrect site.

This article covers advanced configuration, and should only be used by advanced users. This article applies to the following firmware and devices:
  • UniFi Controller 5.9
  • UniFi Security Gateway (All models)

Table of Contents

  1. Steps: How to Erase an Old Token and Generate a New One
  2. Testing & Verification
  3. Related Articles

Steps: How to Erase an Old Token and Generate a New One

Back to Top

Debian-Based Linux and Cloud Key

1. Disable IPS or IDS in the UniFi Controller UI, under Settings > IPS.

2. SSH or open a console on the device hosting the UniFi Controller.

3. Open a MongoDB shell to the ace directory:

mongo localhost:27117/ace

4. Locate the site code. The "NAME_HERE" value should be replaced with your site name as it appears in the upper-right hand corner drop down menu on the UniFi Controller web UI. Spaces are allowed.

NOTE: The ObjectID will be your site code. Keep this for reference in the next step.

5. Locate the correct IPS setting document. The "SITE_ID_HERE" will be the ObjectID that was found in step 3. 

NOTE: The ObjectID for this query will be your IPS setting document. Keep this for reference in the next step.

6. Remove the utm_token from the database:

db.setting.update({"_id": ObjectId("IPS_ObjID_HERE")},{ $set: { "utm_token":""})

7. Enable IPS or IDS in the UniFi Controller web UI under Settings > IPS.

Testing & Verification

Back to Top

Referencing the utm_token before and after this process should be enough to see that it either did or did not change. See here for quick ways to test IPS/IDS.

Related Articles

Back to Top

UniFi - USG: Configuring Intrusion Prevention/Detection System (IPS/IDS)

We're sorry to hear that!