Just like the Dream Machine devices and the older USG models - the new UXG Pro supports all the latest security features Ubiquiti has integrated into UniFi. These include:

  • Country Restrictions

  • Intrusion Prevention and Detection

  • Dark Web Blocker

  • Malicious Website Blocker

  • Internal Honeypot

⚠️ Note: The older USG models have some major throughput restrictions when IDS or IPS is enabled. For example, the USG-3P has a maximum of 75mbps when threat management is enabled. If you want to use IDS or IPS, we would recommend getting the newer UXG Pro as it can handle it much better.

The UXG Pro has throughput performance similar, if not the same as the UDM Pro which has a maximum throughput of 3.5Gbps with IDS/IPS enabled.

Contents

How to enable Intrusion Prevention and Detection

Testing & Verification

How to enable Intrusion Prevention and Detection

First, log into UniFi and go to 'Settings'

Next, go to the 'Firewall & Security' section

Here, we have the option to enable IPS and IDS. Ubiquiti has changed the naming recently.

'Detect only' is IDS and will only show you and alert you what security threats there are, but it won't block them.

'Detect and block' is IPS and will detect and alert you what security threats there are and it'll stop them from entering your network. This does use more system resources however.

Once enabled, we have the option to enable the Dark Web Blocker and the Malicious Website Blocker (UniFi real-time database)

To edit the categories that the UXG Pro will work on detecting and blocking, click on 'Edit threat categories'

You'll then have a list of categories to choose from. This screenshot is from UniFi with a UXG Pro attached, it might look different using a USG, UDM or UDR for example.

Testing & Verification

To test a detection, use a command line interface while connected to your UniFi gateway’s network.

Input:

curl -A "BlackSun" www.example.com

Expected alert result:

Threat Management Alert 1: A Network Trojan was Detected. Signature ET USER_AGENTS Suspicious User Agent (BlackSun). From: 192.168.1.172:55693, to:172.217.4.196:80, protocol: TCP

If the above happens, then the IDS/IPS system is working as intended.

If you run into any issues, send an email to support@hostifi.com or contact us via live chat.

Did this answer your question?