UniFi Security Gateway Pro

From Pumping Station: One Wiki
Jump to: navigation, search


UniFi Security Gateway Pro
File:TBD
Owner/Loaner PS:One
Serial Number SERIAL NUMBER
Make/Model UniFi Security Gateway Pro
Arrival Date 12/2017
Usability yes
Contact CTO
Where Dell PS 38S Server Rack
Authorization Needed yes
Hackable no
Estimated Value $300
Host Area CTO


UniFi Security Gateway Pro Area: CTO https://wiki.pumpingstationone.org/UniFi_Security_Gateway_Pro



Status

Online as of 12/30/17

Device will be moved to the new infrastructure location with other PS:1 maintained equipment.

Backup

Configuration is backed up with the UniFi Controller.

Configuration

Please see UniFi Controller for extended configuration information. USG is managed from controller interface.

Port configuration is as follows:

  • LAN Port 1
  • LAN Port 2
    • Disconnected. May be used in the future to service member rack.
  • WAN Port 1
    • Connected to primary internet connection, currently the Motorola SURFboard SB6120 on top of the Dell PS 38S Server Rack
  • WAN Port 2
    • Disconnected. Will be used in the future for a failover/backup internet connection.

Enable IPv6 Support

IPv6 support is in progress. Documentation to enable this is found here.

Initial Setup

Instructions for adpoting a USG Pro can be found here

Adpoting a USG Pro into an existing network

NOTE: This has been tailored for PS:1's existing network setup.

1. Connect a computer into the LAN NIC (LAN port 1) of the USG. It will obtain a 192.168.1.x IP from DHCP.

2. SSH into 192.168.1.1 using username and password combination of ubnt / ubnt.

3. For this example, the controller is on 10.100.0.9/20, so let's change the USG’s LAN IP to 10.100.0.1. Choose an available IP within the subnet of the local controller.

4. In the SSH session, run the following (Since this is a USG Pro, eth1 has been replaced with eth0 per Ubiquiti instructions):

  • configure
  • set interfaces ethernet eth0 address 10.100.0.1/20
  • delete interfaces ethernet eth0 address 192.168.1.1/24
  • commit

Now the USG’s LAN IP is 10.100.0.1/20. The SSH session will drop.

Controller Configuration

In order for the USG to work properly, you must correctly configure the appropriate settings in the UniFi Controller GUI located at https://10.0.0.9:8443 or via https://unifi.ubnt.com/

Under "Settings" > "Networks", select edit on the network named "LAN".

The following settings should be configured as such:

  • Name
    • LAN
  • Purpose
    • Corporate
  • Parent Interface
    • LAN
  • Gateway/Subnet
    • 10.100.0.1/20
  • Domain Name
    • ad.pumpingstationone.org
  • IGMP SNooping
    • Disabled
  • DHCP Mode
    • DHCP Server
  • DHCP Range
    • 10.100.3.1 - 10.100.14.254
  • DHCP Name Server (EACH IP IS A SEPERATE FIELD)
    • Manual
      • 10.100.0.132, 10.100.0.105, 10.100.0.1, 8.8.8.8
  • DHCP WINS Server
    • Disabled
  • DHCP Lease Time
    • 86400 seconds
  • DHCP Gateway IP
    • Auto
  • DHCP UniFi Controller
    • 10.100.0.9
  • DHCP Gaurding
    • Enabled
      • 10.100.0.1
  • UPnP LAN
    • Disabled

ADVANCED SETTINGS:

  • DHCP NTP Server
    • Disabled
  • DHCP Network Boot
    • Enabled
      • 10.100.0.110
      • /pxelinux.0
  • DHCP Time Offset
    • Disabled
  • DHCP WPAD URL
    • Empty
  • DHCP TFTP Server
    • Empty