Skip to main content
How do I configure my Ubiquti Unifi USG?
8x8 Support

How do I configure my Ubiquti Unifi USG?

  1. Last updated
  2. Save as PDF

Objective

Configure a Unifi USG 

Applies To

Ubiquiti Unifi USG and USG Pro

Procedure

1. Log in to the Unifi Controller 

Adding 8x8 Subnets:

2. Navigate to Routing & Firewall

  • Click Firewall
  • Click Groups

Firewall.PNG

3. Click "Create New Group"

  • Add a name for the group
  • Leave type as "Address IPv4" 
  • Add the 8x8 Subnets, click "+Add" as needed
  • Click "Save" once complete

Group Subnets.PNG

A rule needs to be created for WAN IN, WAN OUT, LAN IN, and LAN OUT with the 8x8 Subnets

Creating the WAN IN Rule

4. Once the group has been created navigate to Firewall -> Rules IPv4 -> WAN IN

  •  Click "Create New Rule"

  • Add a name for the rule
  • Set Action to "Accept"
  • Set Source to the 8x8 Subnet group 
  • Under Destination set the "Destination Type" to "Network"
  • Under "Network" set "LAN"
  • Click Save

Firewall WAN IN.PNG

Firewall WAN IN 1.PNG

8x8 WAN IN 2.PNG

Creating the WAN OUT Rule

5. Navigate to Firewall -> Rules IPv4 -> WAN OUT

  • Click Create New Rule
  • Create a name for the rule
  • Set Action to "Accept" 
  • Set "Source Type" to "Network"
  • Set Network to "LAN" 
  • Set Destination to "Address/Port Group"
  • Add the 8x8 Subnet group as the destination group

Firewall WAN OUT.PNG

Firewall WAN OUT 2.PNG

 

These steps will need to be duplicated for the LAN IN and LAN OUT rules as well. 

Configure Firewall Settings

6. Navigate to Routing & Firewall -> Firewall -> Settings

Disable SIP

Firewall Settings.PNG

7. Make sure SIP is set to OFF

Firewall settings 1.PNG

Set Timeouts

8. Scroll down to "State Timeouts"

  • Modify TCP Close

  • TCP Close Wait 
  • UDP Other

Set these values to 300

Firewall Settings 2 time out.PNG

 

Check DPI Restrictions

9. Navigate to Settings -> DPI -> DPI Restrictions

DPI main.PNG

Make sure there are no restriction settings for VoIP services. No setting needs to be added, the screenshot only shows this service added as an example. 

DPI Restrictions.PNG

 

Additional Information:

Testing completed on firmware: 4.4.36.5146617

  • During testing it has been found that modifying the time out options will slow down the NAT process from changing port assignments frequently 
  • The subnet white listing is not required for all configurations of USG devices, the white listing only needs to occur if inbound and outbound traffic is restricted through custom rules. But is suggested to white list the 8x8 subnets to ensure proper operations of phones.
  • DPI does not need to be disabled on Ubiquiti USG devices, but it is required that there are no restrictions under the DPI settings for VoIP traffic.
  • SSH commands can be run to configure the USG, but if any changes are made on the controller software the SSH configuration will be overwritten.

SSH Commands: 

ubnt#:configure
ubnt#:set system conntrack timeout udp stream 300
ubnt#:set system conntrack timeout udp other 300
ubnt#:set system conntrack modules sip disable
ubnt#:commit
ubnt#:save
ubnt#:exit

 

Please ensure your browser allows pop-ups to chat. (Learn more.)