Migrating from Ubiquiti USG to UCG

I gave myself a christmas present this year. I’m using a Ubiquiti Unifi Security Gateway (short USG) for quite some time now and i thought it would be a good idea to update this device, in order to use IDS/IPS on my 1 GBit/s connection. I ordered an Ubiquti Unifi Cloud Gateway Ultra (short UCG) which arrived on Christmas Eve. And on the very next day, i migrated the USG away.

Perhaps my process to migrate the config is useful to someone else. About my environment: My Internet Connection is based on a cable modem, i don’t have to enter authentication information, i just have to plug the LAN-Port of the cable modem into the WAN-Port of my router. I have a network with one USG, multiple switches and four access points connected to those switches. There is one native network on the ports (the default network) and a multitude of VLANs.

I wrote this down a few days after the migration. I hope i remember all the steps correctly. Please check if you have to do a step on the USG or the UCG. I know it’s confusing that the names are so similar. I colored both names differently. Check twice.

1. The UCG has its own Unifi Controller. So far my controller ran in a VM on my Proxmox system. The UCG can’t be adopted by another Unifi Controller, thus in order to use it, you have to migrate your controller running somewhere in your network (as the USG didn’t have the capability to provide a controller on itself) onto the Unifi Controller on the UCG. You can’t use it with your existing controller.
2. Ensure that you have a current backup of your current controller used by the USG and download it to your computer.
3. I didn’t use the setup process of the UCG via Bluetooth. I used the webinterface instead. As the UCG has no wireless LAN you need wired LAN at this point. Plug a networking cable from your computer into one of the LAN ports of the UCG. Preferably not the one, where you want to plug your cable for the cable from your existing LAN. However as it’s a switch it should not matter, which port you chose. If i remember correctly, i’ve got an IP address via DHCP from the UCG.
4. The controller of the UCG is on standard SSL port, not on 8443. When going to this port with a web browser, the setup screen will appear. Follow the instructions.
5. You need an internet connection for updating the UCG. If you just have to plug in your DSL/Cable modem without any router configuration to get the internet connection up and running: Simply unplug the Internet connection from the WAN port of your USG and put it into the WAN port of the UCG. Skip step 7. You should now have an Internet connection on the UCG itself (and of course on your computer you are using for configuration).
6. If you need some configuration on your router to get into the Internet (like PPPoE): I didn’t try it, but i think you can just connect any LAN port of your network to the WAN port of the UCG in order to be able to update the device as you get internet via your existing LAN via the existing USG.
7. If you patch your USG frequently you will probably have a newer software version on your USG than the factory-installed version on your UCG. Update the UCG now, because otherwise you may not able to restore the backup. The software on the UCG would simply deny it if your UCG controller has a lower software version than the controller used by the USG.
8. In case you had to use step 7, you should now unplug the cable from your LAN to the UCG WAN port . Otherwise skip this step.
9. In case you had to use step 7, you should now unplug the modem from the WAN port of the USG and put it into the WAN port of the UCG. Otherwise skip this step.
10. Restore the backup of your old controller to the UCG.
11. Validate if all the important parts of the configuration were transfered onto the UCG. Check if all your LAN ports have the nescessary VLANS and VLAN tags configured on it.
12. Unplug the cable of the LAN-Port of the USG and plug it into one of the LAN-Ports of the UCG. Your network should now use the the UCG as your router.
13. Your Internet connection should be up and running again.
14. However you should be unable to do anything on all the Unifi Devices adopted by your new Unifi Controller. You have to inform all your device, that they should use the new controller. However all the devices are still controlled by the old controller. So log into your old Unifi Controller and use Sprocket-Symbol->System->Advanced->Inform Host, activate “Override” and insert the IP-Number of your new Unifi Controller (which is the UCG). Apply the configuration.
15. Wait a little bit.
16. After a short moment all the Unifi devices in your network should be visible and manageable by the new controller on your UCG.
17. Validate if everything is working to your specification.
18. Shut down your old controller after you have validated that all Unifi devices are indeed visible on the new controller.

Hope this helps.