Migrate Ubiquiti Unifi Security Gateway (USG) to Unifi Dream Machine Pro (UDM Pro)

Some of my customers using Ubiquiti components in there networks, because of the great price and performance ratio and the easy administration. On of my customers the Unifi Security Gateway had a defect shortly before christmas. We decided to renew the both components (Unifi Security Gateway and Unifi Cloud Key Gen 2 Plus) with the Unifi Dream Machine Pro. On my research for the best upgrade process I do not found a good article how is the best way to migrate the Ubiquiti environment from the USG to a UDM Pro. In this article I will explain this in a short way, because with the actual release of the UniFi OS, the upgrade process is smooth and simple.

Preperation

The preparation is not necessary, but I will recommend to do this for easy device management, when something go wrong.

  • upgrade all devices to the latest available firmware
  • Note all ssh logins for your existing Unifi devices
  • take a backup on a secure place (e.g. OneDrive)

Preparing the Unifi Cloud Key

Go to your Unifi Network Portal (Client or Unifi Cloud Key based) and upgrade the USG and all devices to the latest available firmware.

After the update process is successfully completed download a backup from your Cloud Key. Did you use a Cloud Key Gen 2 with Camera Protection also update it to the latest available version and download the configuration file for the protect software.

Install the UDM Pro

Firstly install the UDM Pro into your existing network. Use the UDM Pro WAN Port and connect it with the existing network and connect a notebook with the UDM over one of the existing switch ports. This helps to bring the UDM Pro online and does not affect the existing network, when you use the WAN Port. Open a browser from your notebook and go to 192.168.1.1. The UDM Pro setup website will be open and you can go trough the easy steps to setup and connect the UDM Pro with an existing Ubquiti account.

After you finished the setup process update the hole software

  • Unifi OS of UDM Pro
  • Network Application
  • Protect Application

to the latest available update (in my case 6.5.55)

Preparing the Unifi Cloud Key

On the Unifi Cloud Key Gen 2 it also necessary to update to the latest available update (in my case 6.5.55). After the firmware are up to date, take a backup from the Network and Protect application.

Replace the USG with the UDM

Disconnect the WAN Port and access the UDM Pro admin site 192.168.1.1 and configure the UDM Pro with the same IP as of the USG. Save the configuration and shutdown the UDM Pro in the admin portal.

Disconnect the USG and the Cloud Key (when exist) from the network and replace it with the UDM Pro and start the UDM Pro.

The UDM Pro will be available shortly under the same IP as the USG and you can enter the UDM Pro admin site. Login and go firstly to the Network application and import the backup file. After the import is successfully completed the UDM Pro will reboot. After the reboot the migration of the network part is complete and all devices are up and connected to the new UDM Pro.

Do the same for the Protect application, when you had available Unifi camera devices. After the import of the backup file is completed, the cameras are now report directly to the UDM Pro.

25 thoughts on “Migrate Ubiquiti Unifi Security Gateway (USG) to Unifi Dream Machine Pro (UDM Pro)”

  1. Worked like a charm! Migration done in under 30min.
    Thanks for that post!

    (Upgraded from USG / Cloud Key Gen 1)

    1. Can u point me how to remove a usg from a existing network which has 6 24 port switches and 20 aps my usg died and I have a opnsense firewall instead, I set the same ip ranges on the new firewall it works fine but when I update the controller to the latest version clients get connected and disconnected

      1. Hello Lone,
        it’s not that simple, do you have a cloud key set up?
        In the webgui you can go to the USG and enable “forget device”, but a USG is an essential part of a Unifi network, so it can cause the problems you mentioned.

        Greetings
        Gregor

  2. Hi,
    planning a migration myself. I just notice my existing USG had the IP address 192.168.1.1. So I assume the UDM will boot up with another one when connected to the existing network?
    Cheers,
    β€”Charlie

    1. Hi Charlie,
      when you connect the UDM Pro via the WAN Port (not the LAN port) is will get an IP-adress from the existing network via DHCP.
      Greetings
      Gregor

      1. Hi

        yesterday I finally pulled the trigger, and indeed, above step-by-step works as a charm.

        Things I did notice:

        – a couple of devices needed a reboot (often a physical ethernet cable disconnect would do the trick as well) for it to have internet again (MacBook, Synology, Apple TV, etc.)

        – after rebooting after the initial setup, the UDP Pro got a different IP address (before the backup restore). I think it was 192.168.0.1.

        Now I finally can use my 1Gb internet connection ;-).

        Enjoy!

  3. Thank you so much for this!

    I’d read caution about migrating (even reading someone say just rebuild from scratch), but followed your steps and it worked perfectly.

    Everything went smoothly, but after starting the Import into the UDM Pro I had to wait a while for anything to happen – no ‘please wait’ or anything. A few minutes later the Network application restarted by itself without a problem.

    (My fibre PPPoE connection didn’t connect first time, but a simple network cable unplug/replug sorted that out.)

    Great work πŸ™‚

    1. Thank you for your message and feedback. I’m glad that the article helped you. πŸ™‚

  4. This is great, I’ve done something similar, but your step about bringing the UDM Pro online in the existing network, this will not work in your existing network is also 192.168.1.x/24 as the UDP has an internal network of 192.168.1.x/24. You can’t have the same network on both sides unless you bridge.

    1. Hi Michael, thanks for your reply.
      I think you missed the point of using the WAN interface. The integration of the UDM Pro into your existing network is only possible by using the WAN interface, which I described in the second sentence πŸ˜‰

      1. When I connect my UDMP to my network through the WAN port, I do not get an internet connection and therefore cannot complete the setup.

        The network connection line from modem to computer is: modem – USG – switch – cable into UDMP WAN port – cable out of LAN port – laptop. The laptop cannot get an internet connection while connected to the UDMP, but if I connect it directly to the cable coming off the switch, it does. Any suggestions on what I am doing wrong? Thanks.

  5. Thanks!
    I migrated from a VM based Unifi Controller, and this worked like a charm, AFTER i powercycled all the devices. After the config restore on the UDM-Pro, all devices were reported as “disconnected”, even though the clients were connected correctly. A quick power cycle of all devices fixed it.

  6. Question: Same process for replacing a USG3 that is locally managed? I have no cloud key…

    Thanks.

    1. Hi Danny,
      I think you manage the devices over the Java-based Windows application?
      From my point of view, the solution should work analogously to the cloud key variant.

      Greetings
      Gregor

  7. Hi, I replied to a comment earlier today about the issue of duplicate 192.168.1.1 addresses. I had tried the solution proposed of power cycling my UDM but was not able to get an internet connection from my laptop connected to the UDM LAN port. Turns out the problem was with the ethernet adapter to the laptop. Plugging in a different laptop solved the problem and I was able to update the UDM on the network run by the USG with no problem. Than you for the article and follow up in the notes!

    1. Hi Paul,
      I answered your questions a few seconds ago and just saw your 2nd comment. I’m glad you found a solution and even more glad you left it as a comment here too!
      Many thanks for this and have fun with the UDM-Pro.

      Greetings
      Gregor

  8. Thanks, very useful. I couldn’t figure out how to change the IP address of the UDMPRO after disconnecting it, so restored the backup from my laptop, and it worked just fine when I swapped over the cables. Speedtest went up from ~200Mbits to 930Mbits.

    1. Hi Adrian,
      sounds good and performance looks awesome.
      Thanks for your feedback.
      Greetings
      Gregor

  9. Gregor, thank your for the great instructions. I followed them and I was able to migrate everything just fine.

    Only issue is when I go to the UDM SE Admin Site, the topology map is not accurate, it shows no APs plugged into the UDM Pro. Also when I go to the Network Application, the dashboard still shows the USG-3P as the gateway, and the topology map here, does not show the new UDM SE at all.

    Asside from this, everything works fine. Any idea how to get Unifi to refresh its Gateway and the topology map?

    1. Hi Adrian,
      do you try to restart the device? Sometimes after updates are installed or when in the migration there was a slightly issue it helps to restart the UDM Pro.

      Greetings
      Gregor

  10. I am about to migrate from USG to UDMP.
    I have read this article with great interest, the migration process is well documented. Thanks a lot for this.

    I do have one question though. Would it be wise to first ‘forget’ the USG before making a backup that will be used to update the UDMP?

    Best regards,
    Cor

    1. Hi,
      thanks for the feedback!
      I don`t think so, because the UDM contains a lot of information about the network, so from my point of view it must be included in the backup.
      After you import the backup, you can remove the USG from the network with the “forget” feature.

  11. Hi Gregor, Many thanks for this. Just went from USG3 to UDM Pro following your guidelines without a hitch. My only additional step was to restart the Primary WAN router to get everything running. Perfect – thanks!

Leave a Reply to Lukas Cancel reply

Your email address will not be published.