IB with USG (Unifi Security Gateway)?

@axel_k 

If you cant manage to change the network settings on the USG, leave it as it is.

Change the IB network to 192.168.2.1 or whatever you like and connect the USG gear to a LAN port on the IB.

Use the DMZ feature on the IB (enable expert mode on and look at the network tab => DMZ).

Choose the USG in the pull down list and all should work fine. Now you have on the USG side a double NAT setup.

if you want to run SWTV on the USG side, you need to setup igmp and make some firewall rules afaik.

@Tux0ne and @BurningRoli are the experts regarding USG and TV.

edit: SWTV can be connected directly to the IB and it will still work.

Hi @mabu1 , thanks for the reply. Will try that tonight. Just to clarify: I should attach the USG to the IB from the USG's WAN port right?

So, USG WAN port => IB LAN port (2.5gb/s red one, for example).

@axel_k 

Yes exactly, IB LAN to USG WAN. But I would recommend to use a 1 GBit link. Heard about some issues with the 2,5 GBit link here in the german part of the community.

@mabu1 

Happy to report I got it working following your advice.

For future reference, this is what I did:

1. Put IB on 192.168.0.1, network mask 255.255.0.0. Set DHCP range in IB to 192.168.0.101-192.168.0.254

2. Add static DHCP route for USG in IB configuration, give it 192.168.1.1

3. Factory reset USG, connect to IB 1 gbps LAN port

4. Put USG in DMZ in IB config

5. Restart AP, adopt USG.

Now the Unifi wifi is working fine and giving devices IPs in the 192.168.1.x range, whereas the IB wifi is also operational and giving devices IP in 192.168.0.x range. Once I can confirm everything is 100% OK with the unifi wifi I will turn that one off.

Thanks for the help!!

@axel_k 

Sorry, I didn't mentioned to have static dhcp on the IB port for the USG. But you figured it out.

Dear @axel_k,

Dear @mabu1,

The description on how to solve the connection of an USG to an IB seems very promissing.

I will try it in the coming days. I tried it already once and I gave up.

can you confirm that this should work with both USG models:

• Ubiquiti USG : UniFi Security Gateway Pro 4

• Ubiquiti USG: UniFi Security Gateway

Thank you for your great help!

@SumSum 
I don‘t see any problem why it should‘t work with a USG-PRO-4, hence it is working with a USG.

Please keep in mind ipv6 could be a bit of a hurdle with the combination IBx and USG.

Hello @SumSum with the USG-Pro-4 you can use it to replace the internet-box.

Hello @Biorn1950 ,

When you say replace the internet box, you mean replace the functions of the internet box ?

I have a 10Gb fibre to the home (FTTH) were would I connect it if not on the Internet Box ?

@SumSum 

with 1Gbs FTTH you can connect the usg4pro directly to the fiber OTO while the sfp receiver.

Thank you,

You said 1Gb but I have 10Gb would this work too ?

No because xgs-pon receiver (for 10Gbs) is SFP+ and USG-PRo is SFP only.

But ubiquiti is launching a new model (UXG-PRO) with SFP+ capabality, which is in beta atm.

You can‘t replace the IB3 on a PON line with any Ubiquiti product so far. The problem is not the SPF+ or SPF only, it is about the different technique of P2P and P2MP used for transport and encryption.

If you want to replace the IB3 on PON, check the BBCS Proved Equipment List.

@mabu1yes you can, I already did it with an EdgeRouter-X SFP

@Biorn1950 
I still assume you have a 1Gbit P2P fiber connection over ethernet protocol. That’s just works fine.

Regarding the question from @SumSum about a replacement of the IB3 on a 10 Gbit XGS-PON line, I can tell you that will not work with any Ubiquiti gear so far. Why so? On a PON several users share the same fiber and each user receives all data from all others. This is a shared medium, like cable. In order to manage traffic to the corresponding user, all traffic is encrypted. Decryption is done on customers router and not the SFP.

In any case you managed to have a running xgs-pon 1Gbit link up, please let us know the details. We are eager to know.

@Biorn1950 
In case you haven‘t noticed the german thread about xgs-pon modems in bridge mode.

@mabu1To resume because you mix abbreviations and things and it's not clear: (PON is just fiber)

• 1Gbs = G-PON  = ubiquiti products work
• 10Gbs = XGS-PON  = no compatible products atm

About P2MP there is no reason ubiquiti product have issue.

---

@mabu1 wrote:

@Biorn1950 
In case you haven‘t noticed the german thread about xgs-pon modems in bridge mode.

---

I don't understand deutsch. If you can resume to me.

@Biorn1950 

PON is a Passiv Optical Network and will perhaps work with Ubiquiti UFiber.

AON is an Active Optical Network and terminates in a hub, means P2P over Ethernet.

Please describe your gear and clarify if you have p2p or p2mp and provider. Otherwise we talk past each other.