Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 4343 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG v18 and unifi controller

Gary21

Hi, I have a pretty simple setup.    Internet -> XG (v18) -> switch.  switch has cloud key, USG, unifi AP's and other devices.  I have things working fine in my v17 setup, but when setting up for v18, I am having some difficulties.  I cannot migrate my v17 to v18 due to potential corruption, so starting my v18 clean on a new fw.

1) . what do I need to setup regarding inbound for the cloud key?  I have looked at https://help.ubnt.com/hc/en-us/articles/218506997-UniFi-Ports-Used#1, but not sure how to set this up on the XG properly

2). I have setup the unifi devices to have lan to wan open access.   Any concerns with this?  I assume if I cannot trust my unifi devices then that is a fundamental issue which breaks down the entire setup

3). beside the cloud key forwarding do I need anything else setup?

4). have folks gotten the USG setup in this way to collect stats?  I do NOT want to put my XG in bridge mode.   I have tried to get the USG working in this setup under v17 without success in the past.

Topology diagram I just put together:

 

Thanks in advance for any help.



This thread was automatically locked due to age.
Parents
  • 0

    Hello

    How is the USG expected to collect stats if there is no traffic running through it?

    If you want the traffic flow and statistics of the USG, then you will need to remove the Sophos Unit.

    But given the USG cant do what the Sophos can, and is far less reliable, then best option is to dump it and set up reporting from the Sophos.

     

     

    Regards,

    Gavin Daniels. DipIT(Networking)

     

     
  • 0 in reply to GavinDaniels

    Hey Gavin - Fair enough point.  I actually used to have the USG between the XG and switch but could not get the "transparent/bridged" mode of USG to work properly. I was also hoping to use the USG so it can offload processing for a guest network, but I should be able to set that up directly with the XG.  There have been many articles about folks setting up the usg to run in transparent mode with editing a json file, which I have done in the past without success,

    So, I will drop the USG for now.  The priority is to be able to change over to my new XG v18 working with my unifi setup of cloud key, switch and 2 access points.

Reply
  • 0 in reply to GavinDaniels

    Hey Gavin - Fair enough point.  I actually used to have the USG between the XG and switch but could not get the "transparent/bridged" mode of USG to work properly. I was also hoping to use the USG so it can offload processing for a guest network, but I should be able to set that up directly with the XG.  There have been many articles about folks setting up the usg to run in transparent mode with editing a json file, which I have done in the past without success,

    So, I will drop the USG for now.  The priority is to be able to change over to my new XG v18 working with my unifi setup of cloud key, switch and 2 access points.

Children
  • +1 in reply to Gary21

    Hey There,

    Even setting the USG into Transparent, wont give you the full data flow details.

    Might want to look at a couple of Sophos AP's and dump the rest of the Ubiquiti stuff as well.

    Far easier to set a guest network, bandwidth and content filter it in the Sophos.

     

    The Sophos AP's have a few issues, but if you take the time to reduce power, they will work fine, and will provide all the other benefits of the XG.

     

    Regards,

    Gavin Daniels. DipIT(Networking)

     

     
  • 0 in reply to GavinDaniels

    Thanks, with the new GA release this issue was resolved.  I have some new issues with this version but will create separate thread.

Unfiltered HTML