In https://unifi.ui.com/device/xxx/settings/advanced

  • Advanced
    1. SSH: On / Password: S1…
    2. Device Name: CustName UDM-Pro
    3. Automatic Firmware Updates: Disabled
  • Applications
    1. Network
      • Check for updates.
  • General
    1. Firmware: Update
  • Location
    1. Set manually.

 

 

In https://unifi.ui.com/device/xxx/network/site/default/v2/dashboard

  • Settings
  • WiFi
    • Create a lan/wan Wifi Network called xxx_lan (or match old SSID)
      • You can have up to 4 SSIDs in a WiFi group
      • Speed restrictions are applied using client groups – see advanced features.
    • Create a Guest Hotspot for Guests called xxx_guest (or match old SSID)
      • Optional – Set to be available during work hours only.
  • Networks
    • Create a LAN for each virtual LAN as required (you need at least one (main one))
      • Lan (Main)
        1. Content Filter: Work
        2. Advanced:
          • IP – 192.168.1.254 -  or as required
          • DHCP – 192.168.x.30-192.168.x.249
    • Create a LAN for outgoing VPNs (site to site) as required.
  • Security
    • Internet Threat Management
      • Enabled
      • Intrusion Detection System then later change to Intrusion Prevention System
      • Level 3
      • Customize Threat Management
        1. Pick what makes sense in the environment you are working in. Level 3 will pre-set most of these.
      • Network Scanners
        1. Threat: Yes
        2. Honeyport: Optional (Enable & create if you plan to monitor)
      • Firewall
        1. Add port forwards and rules.
      • Advanced
        1. Restrict Access to Malicious IP Addresses = Yes
        2. Restrict Access to Tor = Yes
    • Traffic & Device Identification
      • Enable Deep Packet Inspection = On
      • Device Fingerprinting = On
  • Internet
    • Setup WAN connections
    • WAN – Next hop
      • For initial setup at Scottronic use DHCP
      • For onsite use net hop settings or internet provider settings
      • VLAN ID: blank / 10 / other
    • WAN2 – Alternate hop or Failover for WAN
  • System Settings
    • NZ / English / 24 hr
    • Automatic Firmware Upgrades = Off
    • Schedule Firmware Upgrades = Off (For now)
    • WiFi AI = On
    • Device SSH Authentication = Yes, Scottronic, S1…1
  • Advanced Features
    • Leave unless required