Create articles from any YouTube video or use our API to get YouTube transcriptions
Start for freeUbiquiti has kicked off the new year with two major releases for their UniFi line of products: UniFi OS 4.1.13 and UniFi Network 9. These updates bring a host of new features and improvements that will enhance the functionality and user experience for network administrators and enthusiasts alike.
UniFi OS 4.1.13: New Features and Improvements
The latest version of UniFi OS introduces several key features:
Directory Integration
UniFi OS 4.1.13 now supports integration with various directory services, including:
- Microsoft Active Directory
- Google Secure LDAP
- LDAP
- JumpCloud LDAP
This integration allows for more streamlined user management and authentication across UniFi devices and services.
Custom Certificates
Administrators can now upload custom SSL/TLS certificates to their UniFi devices. This feature enables secure access to UniFi devices using fully qualified domain names, both internally and externally (when properly configured). To access this feature:
- Go to the Control Plane
- Navigate to Console
- Scroll down to Certificates
- Upload your SSL/TLS certificate
It's worth noting that custom certificates for the hotspot portal are not yet supported in this release.
BGP Support
Border Gateway Protocol (BGP) support has been added, primarily for UDM Pro, SE, and Pro Max devices. To configure BGP:
- Go to Settings
- Navigate to Routing
- Select the BGP tab
- Upload a configuration file using the FRR BGP configuration format (typically with a .conf extension)
NetFlow and Packet Captures
UniFi OS 4.1.13 adds support for NetFlow and packet captures, providing network administrators with more tools for troubleshooting and analysis.
IPv6 Traffic Identification and DNS Shield
The new release includes support for IPv6 traffic identification and DNS Shield, enhancing security and network management capabilities.
Improved Logging and Notifications
Several improvements have been made to logging and notifications:
- Added system log events for unexpected shutdowns
- Support for showing IP addresses for admin changes in system logs for remote connections
- Ability to send country restriction events to remote syslog servers
- Support for sending threat or ad block detections to remote syslog servers
Other Improvements
- Hotspot 2.0 (Passpoint) support
- Custom SMTP servers for notifications
- Improved storage reformat process
- Enhanced compatibility with third-party SFP modules
- Improved WAN resiliency when changing from DHCP to PPPoE
- Better user experience when restoring backups
- Improved PoE compatibility
- Updated traffic identification signatures
UniFi Network 9: A Major Upgrade
UniFi Network 9 brings several significant features and improvements to the network management application:
Zone-Based Firewall
One of the most notable additions is the zone-based firewall. This new approach to firewall management aims to simplify the creation and management of firewall rules. To access and enable the zone-based firewall:
- Go to Settings
- Navigate to Security
- Click the "Upgrade" button
The zone-based firewall introduces the following zones:
- VPN Zone: Contains VPN servers and site-to-site connections
- DMZ: Optional zone for public servers accessible from the internet
- External Zone: Represents the internet or external networks
- Internal Zone: Represents your local network
When upgrading to the zone-based firewall, the system will automatically create a backup of your current configuration. If you decide to revert, you can restore this backup, but be aware that any changes made after enabling the zone-based firewall will be lost.
Cyber Secure by Proofpoint
UniFi Network 9 introduces Cyber Secure, a paid service powered by Proofpoint. This service offers advanced threat detection and blocking capabilities. Key features include:
- Up to 55,000 signatures (depending on the gateway model)
- 30-50 new signatures added daily
- Dedicated Proofpoint threat research team
- Participation in the Microsoft Active Protections Program
Cyber Secure is available for most UniFi Cloud Gateways, except for the Express and UXG-Lite models. The service is priced at $99 per year per site.
Network Application API
UniFi has opened up the Network Application API, allowing for greater customization and integration possibilities. Some potential uses for the API include:
- Custom hotspot voucher integration
- Rolling Wi-Fi key generation for conference rooms
The API documentation is now accessible directly from the UniFi console, providing detailed information on available endpoints and parameters.
Dashboard and Device Management Improvements
- Added support for reordering dashboard widgets
- Ability to locate or restart devices from the device tab when hovering
- Option to edit VLANs in the port manager VLAN page
Network and VPN Enhancements
- Support for third-party networks in IP and MAC Access Control lists
- Warning when configuring a site-to-site VPN with overlapping subnets
- QoS options in the routing section (requires zone-based firewall)
- Support for override WAN monitors in BGP configuration
- Link aggregation support for Enterprise and Fortress Gateways
- Ability to use duplicate remote IP addresses with different WANs on route-based IPsec site-to-site networks
Other Notable Improvements
- Support for MongoDB 6 and Java 21 for self-hosted Network servers
- Various bug fixes and performance improvements
Implementing the New Features
Enabling the Zone-Based Firewall
To take advantage of the new zone-based firewall:
- Navigate to Settings > Security
- Look for the "Upgrade" button
- Review the migration information provided
- Click "Upgrade" to enable the feature
After upgrading, you'll see a new interface for managing firewall rules based on zones. Take some time to familiarize yourself with the new layout and how your existing rules have been migrated.
Configuring IDS/IPS
To set up Intrusion Detection System (IDS) and Intrusion Prevention System (IPS):
- Go to Settings > Security
- Find the IDS/IPS section
- Toggle the feature on
- Select the networks you want to protect
- Choose between "Notify" or "Notify and Block" modes
- Apply the changes
You can also enable region blocking in this section if desired.
Exploring the API
To access the new API documentation:
- Navigate to the Control Plane
- Look for the API section
- Click on "Getting Started" for an overview
- Explore the Network API documentation for detailed endpoint information
Considerations and Best Practices
When implementing these new features, keep the following in mind:
- Always create a backup before making significant changes to your network configuration.
- When enabling the zone-based firewall, review your existing rules carefully to ensure they've been migrated correctly.
- Start with IDS/IPS in "Notify" mode to avoid accidentally blocking legitimate traffic.
- Test new API integrations in a non-production environment before deploying them to your live network.
- Keep your UniFi OS and Network application up to date to ensure you have the latest security patches and features.
Conclusion
UniFi OS 4.1.13 and Network 9 represent significant updates to Ubiquiti's networking ecosystem. The introduction of the zone-based firewall, expanded API access, and improved security features provide network administrators with powerful new tools for managing and securing their networks.
As with any major update, it's recommended to thoroughly test these new features in a controlled environment before deploying them to production networks. Take the time to familiarize yourself with the new interfaces and capabilities, and don't hesitate to consult the UniFi community forums or official documentation if you encounter any issues or have questions.
These updates demonstrate Ubiquiti's commitment to improving their products and responding to user feedback. As the UniFi ecosystem continues to evolve, we can expect to see further refinements and new features that will enhance the networking experience for both administrators and end-users alike.
Article created from: https://www.youtube.com/watch?v=d9cOUdTpzos
