Thursday, May 22, 2025
Latest:
NETWORK ADMINISTRATIONSsnmp

UniFi 5.7.20 – Now With IPS!

UniFi 5.7.20 is out! New features include IPv6, GeoIP Blocking, IDS/IPS and more! Let’s take a look! While this isn’t an LTS release it does have new features we’ve all been waiting for! Contact me today for Ubiquiti Networks information and Ubiquiti Networks Support!

More Info:
Contact me for network consulting and best practices deployment today! We support all Ubiquiti Networks, Grandstream, MikroTik, Extreme, Palo Alto, and more!

IPS Hit Document: https://goo.gl/3WNKmj
My Amazon Link: https://www.amazon.com/shop/williehowe
H5 Mailing List: http://h5llc.com
H5 Discord: https://discord.gg/3xyT8NX
Netool: https://netool.io use code WILLIEHOWE to save at least 10%!
Digital Ocean Referral Link: https://m.do.co/c/39aaf717223f
Consulting Contact: https://h5technology.com
Support Agreement: https://h5technology.com/support

Support my channel and keep the lab growing!

Come back for the next video!
Twitter – @WillieHowe
Instagram – @howex5

SUBSCRIBE! THUMBS-UP! Comment and Share!

source

by Willie Howe

snmp protocol

You May Also Like

Implementar un servidor en Microsoft Azure con Windows Server 2019,

Alice AUSTIN

¿Qué es OpenStack? – Facultadtech.com

Komputer dersleri/Windows Server 2016/70-741/ Ders 4 (DNS root hints)

40 thoughts on “UniFi 5.7.20 – Now With IPS!

  • What’s the deal with the impact of disabling hardware offload? This isn’t mentioned at all?

  • (GEOIP FILTERING) If I use allow instead of block is everything else blocked?

  • My USG always crashes and gets disconnected when IPS enabled. How did u solve the issue?

  • Can you run the USG as Layer 2 IPS only? I want to put a Mikrotik as the main router and the USG as Layer 2 IPS.

  • Thanks for the explanations! Very interesting stuff

  • what happens if someone else changes your location from an address to coordinates?

  • Do you recommend using the web based controller (when you first go to the device's ip) or the downloaded software? I'm not sure if there is a way to get them to work together, but so far it's been one or the other, even trying the same login. Love the videos!

  • I just got a USG pro 4 and it keeps rebooting randomly. It seems to be fine e when I turn off the IPS. Anyone else have this problem?

  • the ipv6 now is the internet standard and now the rfc of ipv4 is obsolet.. the actual rfc its 8200 (ipv6) .. i think that is why unifi is including ipv6

  • I'm using raspberry pi2 instead of cloud key and it works very well. The same Pi is hosting FreePBX and it works 365/24 for two years now. I reboot it probably once a quarter just because I have updated drivers.

  • Thanks, Willie, great video. Just getting started with Unifi products, so this was really helpful.

  • So I'm guessing the idea is to upgrade the firmware of all AP's from their list first, then upgrade the controller?

  • I did this update last week and now My Vlans dont work with the unifi ap's you can connect to the wireless but you cant get a ip and you cant get anywhere on the network I had to put all the wireless networks on the local lan just to stay afloat. ubnt Is taking there time to get back with me on a fix. they think its a bug so watch out for this update. im using one USG 3 poe switches and 15 unifi ap's and one new ac ap's

  • Anyone having issues with notifications on IPS? When I select email for IPS alert and apply changes it will not save.

  • So the IPS screen states that enabling IPS will affect the throughput of the USG and disable hardware offload, but there is no mention if enabling the IDS option will also affect throughput and hardware offload. Does anyone know if this is the case?

  • Living is Australia and hearing that ~80Mbps is slow makes me sad on my 7Mbps 🙁

    Thanks for the video btw!

  • Is the speed limits introduced by IDS/IPS only on the internet facing connection? Would be insane if its on the internal/Lan facing connections as well!

  • Where is 1 to 1 NAT. They have been saying they are coming out with it for 2 years now. I have a USG Pro 4

  • did i hear correct. did you say that all of the ips filtering happens at ubnt?

  • You make my job supporting UniFi so much easier. I'm able to focus on what is most relevant. Thanks for making your videos in sync with the latest updates!

  • Do they have the VLAN assignment for VPN working? I’ve tried to assign this before but it never filters. It allows the VPN client to access all VLANs.

  • I love that geolocation blocking is available yet, and I have a perfect test for it. On my self-hosted website for my side-business, I've been getting lots of contact emails from Russia.

  • Great video, as always.
    I'm curious about the screen capture software you are using. can you name it or recommend one?

  • It sounds kinda shitty that they are no longer supporting or will soon stop something that I believe I installed new ones just a couple of months ago and they are supposed to be a what like Enterprise stuff

  • Dammit all. Just bought my UniFi Ap-LR a year ago. Do I need to needlessly replace him? He works just fine.

  • Do you know if the usg 4 pro slows down to 80 when intrusion protection is running

    Keep up the good work Willie

  • I’m new to Ubiquity and new to your channel. I want to extend a sincere thank you for providing great videos. I’ve learned so much from your channel. I’ve used your amazon links a few times for purchases in order to give something back for your time. I would like to suggest you setup a Patreon account. I for one would become a supporting member.

  • does geo ip banning work only if you have usg or it works on aps too i have er8 sorry its worded badly or is there a geo ip filtering on edge router too

  • I'd suspect they are using suricata (or possibly snort) for IDS/IPS. You can create your own rules or subscribe to many lists. For instance alienvault OSSIM uses suricata. They also provide Open Threat Exchange (OTX). They can use all these points to detect threats and curate them for you.

  • you have old gui you need to hit shift f5 to refresh your cached page

  • I've enabled IPS. I've looked around but I can't see where would I find or see the notifications. Meaning – I see people are adding information to the google doc – but where are they getting that information from?

  • Fantastic channel, excellent videos, I'm learning so much with your explanations, just got all my gear from ubiquiti to redo my home office, I face a dilemma, got 3 ap's and a 60w unifi switch, USG pro 4, per my surprise it cannot handle IP blocks from my ISP (I have a set of 8), decide to buy the edgerouter 5poe, so what should I do, keep the edgerouter and return the usgpro 4? or CLI the config of the usg to handle the multiple IP set, if so, how? is it stable?
    Thanks

  • Glad to see IPv6, IDS and IPS. I had IPv6 working in PFSense with comcast before changing to USG. Each added feature gets us closer to saying goodbye to those proprietary firewalls that require support contracts for firmware updates and short life cycles. FYI: I didn't notice a change to my 20Mbps with IDS enabled.

  • ALERT!!Possible issue: Enabling IPS after 5.7.20 upgrade on an older USG with product code 1611k bricks the device

     
      Friday
     
     
     
      Gateway 80:2a:a8:4c:61:68 configuration commit
      error. Error message: { "COMMIT" : { "error" : "ufffe[
      service ips ]nDEBUG: new ips mode at /opt/vyatta/sbin/ips-config.pl line
      57.nDEBUG: current config ipsn _enable 7n _signature 24n _signatureupdate
      n _tor enablen _alien enablen _bridge00 bridge0 iface0: n _bridge01
      bridge0 iface1: n _bridge10 bridge1 iface0: n _bridge11 bridge1 iface1: n
      _iface eth1: op=addn _homenet: 192.168.90.0/24n _homenet: 192.168.10.0/24n
      _homenet: 192.168.1.0/24nDEBUG: old config ipsn _enable 0n _signature n
      _signatureupdate n _tor n _alien n _bridge00 bridge0 iface0: n _bridge01
      bridge0 iface1: n _bridge10 bridge1 iface0: n _bridge11 bridge1 iface1:
      nDEBUG: signature scheduler at /opt/vyatta/sbin/ips-config.pl line 62.nno
      crontab for rootnno crontab for rootn0 */24 * * * /opt/unifi/ips/bin/getsig.shnDEBUG:
      tor enable at /opt/vyatta/sbin/ips-config.pl line 141.nDEBUG: alien enable
      at /opt/vyatta/sbin/ips-config.pl line 150.nDEBUG: updating iface.yaml at
      /opt/vyatta/sbin/ips-config.pl line 161.nnuffff1nufffe[ service utm
      ]nDEBUG: utm disable -> enable, enabling utm service at
      /opt/vyatta/sbin/utm-config.pl line 43.nDEBUG: current config utmn _enable
      1n _token
      171a37f215cd0792b9aba86a89dff06fb6aeb7c3506711d561bf63264fc821612n _deviceid
      80:2a:a8:4c:61:68n _event: alertnDEBUG: old config utmn _enable 0n _token
      n _deviceid nDEBUG: new token to add at /opt/vyatta/sbin/utm-config.pl line
      52.nToken added!. Restarting utm servicenStopping UTM
      daemon:start-stop-daemon: warning: failed to kill 28507: No such processn
      failed!nDEBUG: new device id to add at /opt/vyatta/sbin/utm-config.pl line
      57.nDevice ID added!. Restarting utm servicenStopping UTM
      daemon:start-stop-daemon: warning: failed to kill 28507: No such processn
      failed!nSetting IPS sensor-name as macaddr. Please restart ips servicenRestarting
      utm servicenStopping UTM daemon:start-stop-daemon: warning: failed to kill
      28507: No such processn failed!nnuffff1nufffe[ firewall ipv6-name
      WANv6_IN ]nError: [sudo /sbin/ip6tables-restore -n -v 2>
      /tmp/iptables.out] = 256nIptables restore OKnnuffff0nufffe[ interfaces
      ethernet eth0" , "failure" : "1" ,
      "success" : "1"} , "DELETE" : {
      "failure" : "0" , "success" : "1"} ,
      "SESSION_ID" : "a52a8ccf4dbb69f2510d57e348" ,
      "SET" : { "failure" : "0" , "success"
      : "1"}}
     
     
      10:16
      am
     
     
      03/16/2018
     

     
     
      Gateway 80:2a:a8:4c:61:68 was disconnected
     
     
      10:23
      am
     
     
      03/16/2018

Comments are closed.