UniFi - Network Controller: Regenerating an IDS/IPS Token (Debian-Based Linux/Cloud Key)


Overview


After reading this article readers will understand how to regenerate a token used for IDS/IPS functionality. The instructions below will guide users on how to navigate the MongoDB for the UniFi Controller. These steps can be used when restoring from a backup and using a new UniFi Security Gateway (USG). In this scenario, the old token would potentially be used on two USGs at the same time or report alerts on an incorrect site.

NOTES & REQUIREMENTS:
 
This article covers advanced configuration, and should only be used by advanced users. This article applies to the following firmware and devices:
  • UniFi Controller 5.9
  • UniFi Security Gateway (All models)

Table of Contents

  1. Steps: How to Erase an Old Token and Generate a New One
  2. Testing & Verification
  3. Related Articles

Steps: How to Erase an Old Token and Generate a New One


Back to Top

Debian-Based Linux and Cloud Key

1. Disable IPS or IDS in the UniFi Controller UI, under Settings > IPS.

2. SSH or open a console on the device hosting the UniFi Controller.

3. Open a MongoDB shell to the ace directory:

mongo localhost:27117/ace

4. Locate the site code. The "NAME_HERE" value should be replaced with your site name as it appears in the upper-right hand corner drop down menu on the UniFi Controller web UI. Spaces are allowed.

db.site.find({"desc":"NAME_HERE"})
NOTE: The ObjectID will be your site code. Keep this for reference in the next step.

5. Locate the correct IPS setting document. The "SITE_ID_HERE" will be the ObjectID that was found in step 3. 

db.setting.find({"key":"ips","site_id":"SITE_ID_HERE"})
NOTE: The ObjectID for this query will be your IPS setting document. Keep this for reference in the next step.

6. Remove the utm_token from the database:

db.setting.update({"_id": ObjectId("IPS_ObjID_HERE")},{ $set: { "utm_token":""})

7. Enable IPS or IDS in the UniFi Controller web UI under Settings > IPS.


Testing & Verification


Back to Top

Referencing the utm_token before and after this process should be enough to see that it either did or did not change. See here for quick ways to test IPS/IDS.


Related Articles


Back to Top

UniFi - USG: Configuring Intrusion Prevention/Detection System (IPS/IDS)


We're sorry to hear that!