September 25, 2023

UniFi Network Application 9.0.108

Important Notes

UniFi Network Application 9.0.108 adds Zone-Based Firewall, CyberSecure, Network Application API, and includes the improvements and bugfixes listed below.

Zone-Based Firewall settings

The new Zone-Based Firewall on UniFi Gateways categorizes different parts of your network into zones and allows for more granular and simplified policy management.

  • Segment your network by using fewer, simpler policies, reducing complexity and increasing visibility.
  • Configure specific policies to govern which traffic can pass between zones, based on Network Objects, IPs, ports, applications, and more.
  • The migration to Zone-Based Firewall is irreversible unless you restore a backup prior to the migration.
  • Existing policies that cannot be migrated to a single zone will be duplicated to multiple pairs.
  • Requires UniFi (Cloud) Gateway firmware version 4.1 or newer.
  • See the Zone-Based Firewall and Migrating to Zone-Based Firewalls Help Center articles for more information.

CyberSecure by ProofPoint

CyberSecure is an optional extension of our Intrusion Detection and Prevention (IPS/IDS) system, enhancing IPS/IDS with signatures from ProofPoint’s expert security researchers. It is available as an optional per-site subscription. It is available for all UniFi (Cloud) Gateways besides the Express and UXG-Lite. Please note that our existing IPS/IDS remains free.

  • Requires UniFi Cloud Gateway 4.1.8/UniFi Gateway 4.1.3 and newer.
  • See the CyberSecure Help Center article for more information.

Network Application API

The API provides powerful tools to manage Sites, Devices, and Clients, offering access to detailed configuration, real-time status, and live statistics. It supports insights for WiFi, Wired, and VPN clients, including connection details.

  • Available through Control Plane > Integrations.
  • Requires a Cloud Gateway with UniFi OS 4.1.9 or newer.
  • Next versions will include more data, so leave comments on what you would like to see.

Improvements

  • Added support for re-ordering the Dashboard widgets.
  • Added the ability to Locate or Restart devices from the Device table when hovering.
  • Added the ability to edit VLANs in the Port Manager > VLAN page.
  • Added support for MongoDB 8.0 and Java 21 on Network Servers.
  • Added Source name in the Intrusion Prevention email notifications.
  • Added support for ed25519 SSH Keys for Device Authentication.
  • Added WiFi Band column in the WiFi Settings table.
  • Added support for third-party networks in IP and MAC ACLs.
  • Added warning when configuring a Site-to-Site VPN with overlapping subnets.
  • Added QoS in the Routing section within Settings.
  • Requires the new Zone-Based Firewall.
  • Added support for Override WAN Monitors in the BGP Configuration.
  • Requires UniFi Cloud Gateway 4.1.7/UniFi Gateway 4.1.3 or newer.
  • Added support for Link Aggregation on the EFG and UXG-Enterprise.
  • Requires UniFi Cloud Gateway 4.1.8/UniFi Gateway 4.1.3 or newer.
  • Allow duplicate remote IP addresses when using different WANs on Route-Based IPsec Site-to-Site VPNs.
  • Improved the Threat System Log user experience.
  • Improved the System Logs searching resiliency.
  • Improved the Honeypot user experience.
  • Improved the Port Forwarding user experience.
  • Improved the Client page user experience on large setups.
  • Improved the WAN Packet Capture user experience.
  • Improved the Security Settings user experience.
  • Improved the Intrusion Prevention Active Detections Categories.
  • Improved the Radio Manager user experience.
  • Improved the Dashboard loading latency.
  • Improved the port warnings in Port Manager.
  • Improved filtering on the Devices page.
  • Improved Statistics accuracy for Internet Activity in the Dashboard and Traffic Statistics.
  • Improved the Airtime scanning user experience.
  • Improved the WiFi Connectivity page user experience.
  • Automatically turn off wireless meshing if a device is adopted via a wired connection.
  • Increased default channel width to 80MHz for the 5GHz radio.
  • Moved Firewall Connection Tracking settings to the NAT section.
  • Moved the Traffic and Device Identification settings to System > Advanced.
  • Renamed DNS Shield to Encrypted DNS.
  • Renamed Country Restrictions to Region Blocking.

Bugfixes

  • Fixed an issue where NAT rules sometimes didn’t work on the UXG-Lite.
  • Fixed incorrect timezone for Network Application Activity Logging to SIEM Servers.
  • Fixed invalid mixed speed warning on ECS-Aggregation switches.
  • Fixed an issue where the Network Application changelogs were missing on fresh Network Server installations.
  • Fixed an issue where the last known uplink could be missing if it was a mesh uplink.