Migrate Ubiquiti Unifi Security Gateway (USG) to Unifi Dream Machine Pro (UDM Pro)

Some of my customers using Ubiquiti components in there networks, because of the great price and performance ratio and the easy administration. On of my customers the Unifi Security Gateway had a defect shortly before christmas. We decided to renew the both components (Unifi Security Gateway and Unifi Cloud Key Gen 2 Plus) with the Unifi Dream Machine Pro. On my research for the best upgrade process I do not found a good article how is the best way to migrate the Ubiquiti environment from the USG to a UDM Pro. In this article I will explain this in a short way, because with the actual release of the UniFi OS, the upgrade process is smooth and simple.

Contents

Preperation

The preparation is not necessary, but I will recommend to do this for easy device management, when something go wrong.

  • upgrade all devices to the latest available firmware
  • Note all ssh logins for your existing Unifi devices
  • take a backup on a secure place (e.g. OneDrive)

Preparing the Unifi Cloud Key

Go to your Unifi Network Portal (Client or Unifi Cloud Key based) and upgrade the USG and all devices to the latest available firmware.

After the update process is successfully completed download a backup from your Cloud Key. Did you use a Cloud Key Gen 2 with Camera Protection also update it to the latest available version and download the configuration file for the protect software.

Install the UDM Pro

Firstly install the UDM Pro into your existing network. Use the UDM Pro WAN Port and connect it with the existing network and connect a notebook with the UDM over one of the existing switch ports. This helps to bring the UDM Pro online and does not affect the existing network, when you use the WAN Port. Open a browser from your notebook and go to 192.168.1.1. The UDM Pro setup website will be open and you can go trough the easy steps to setup and connect the UDM Pro with an existing Ubquiti account.

After you finished the setup process update the hole software

  • Unifi OS of UDM Pro
  • Network Application
  • Protect Application

to the latest available update (in my case 6.5.55)

Preparing the Unifi Cloud Key

On the Unifi Cloud Key Gen 2 it also necessary to update to the latest available update (in my case 6.5.55). After the firmware are up to date, take a backup from the Network and Protect application.

Replace the USG with the UDM

Disconnect the WAN Port, connect through one of the switch ports and access the UDM Pro admin site 192.168.1.1 and configure the UDM Pro with the same IP as of the USG. Save the configuration and shutdown the UDM Pro in the admin portal.

Disconnect the USG and the Cloud Key (when exist) from the network and replace it with the UDM Pro and start the UDM Pro.

The UDM Pro will be available shortly under the same IP as the USG and you can enter the UDM Pro admin site. Login and go firstly to the Network application and import the backup file. After the import is successfully completed the UDM Pro will reboot. After the reboot the migration of the network part is complete and all devices are up and connected to the new UDM Pro.

Do the same for the Protect application, when you had available Unifi camera devices. After the import of the backup file is completed, the cameras are now report directly to the UDM Pro.

61 thoughts on “Migrate Ubiquiti Unifi Security Gateway (USG) to Unifi Dream Machine Pro (UDM Pro)”

  1. Worked like a charm! Migration done in under 30min.
    Thanks for that post!

    (Upgraded from USG / Cloud Key Gen 1)

    1. Can u point me how to remove a usg from a existing network which has 6 24 port switches and 20 aps my usg died and I have a opnsense firewall instead, I set the same ip ranges on the new firewall it works fine but when I update the controller to the latest version clients get connected and disconnected

      1. Hello Lone,
        it’s not that simple, do you have a cloud key set up?
        In the webgui you can go to the USG and enable “forget device”, but a USG is an essential part of a Unifi network, so it can cause the problems you mentioned.

        Greetings
        Gregor

    2. Hi I have my usg wan connected over PPPoE, so the plan is to connect my UDM wan-lan as you suggest, upgrade and set wan to PPPoE. This will disconnect UDM from the internet, but when I replace USG, it shoul get online again.

  2. Hi,
    planning a migration myself. I just notice my existing USG had the IP address 192.168.1.1. So I assume the UDM will boot up with another one when connected to the existing network?
    Cheers,
    β€”Charlie

    1. Hi Charlie,
      when you connect the UDM Pro via the WAN Port (not the LAN port) is will get an IP-adress from the existing network via DHCP.
      Greetings
      Gregor

      1. Hi

        yesterday I finally pulled the trigger, and indeed, above step-by-step works as a charm.

        Things I did notice:

        – a couple of devices needed a reboot (often a physical ethernet cable disconnect would do the trick as well) for it to have internet again (MacBook, Synology, Apple TV, etc.)

        – after rebooting after the initial setup, the UDP Pro got a different IP address (before the backup restore). I think it was 192.168.0.1.

        Now I finally can use my 1Gb internet connection ;-).

        Enjoy!

  3. Thank you so much for this!

    I’d read caution about migrating (even reading someone say just rebuild from scratch), but followed your steps and it worked perfectly.

    Everything went smoothly, but after starting the Import into the UDM Pro I had to wait a while for anything to happen – no ‘please wait’ or anything. A few minutes later the Network application restarted by itself without a problem.

    (My fibre PPPoE connection didn’t connect first time, but a simple network cable unplug/replug sorted that out.)

    Great work πŸ™‚

    1. Thank you for your message and feedback. I’m glad that the article helped you. πŸ™‚

  4. This is great, I’ve done something similar, but your step about bringing the UDM Pro online in the existing network, this will not work in your existing network is also 192.168.1.x/24 as the UDP has an internal network of 192.168.1.x/24. You can’t have the same network on both sides unless you bridge.

    1. Hi Michael, thanks for your reply.
      I think you missed the point of using the WAN interface. The integration of the UDM Pro into your existing network is only possible by using the WAN interface, which I described in the second sentence πŸ˜‰

      1. When I connect my UDMP to my network through the WAN port, I do not get an internet connection and therefore cannot complete the setup.

        The network connection line from modem to computer is: modem – USG – switch – cable into UDMP WAN port – cable out of LAN port – laptop. The laptop cannot get an internet connection while connected to the UDMP, but if I connect it directly to the cable coming off the switch, it does. Any suggestions on what I am doing wrong? Thanks.

        1. had the same situation migrating to my UDM PRO SE. I noticed that the port in the switch that I had the UDM PRO SE WAN plugged into was showing as spanning tree protocol (STP) blocked. I disabled STP on that port and then the UDM PRO SE could get internet and setup launched right away. Just remember to reenable STP when you are done with your migration

          1. Hi John,
            thanks for sharing your experience with the update process.

            Greetings
            Gregor

      2. But you have to connect to one of the existing Switchports of the UDM πŸ™‚
        Thats not 100% clear in your text πŸ™‚

        1. Hi Alex,
          thanks for the note, I have revised the text a bit and hope it is clearer now.

          Greetings
          Gregor

  5. Thanks!
    I migrated from a VM based Unifi Controller, and this worked like a charm, AFTER i powercycled all the devices. After the config restore on the UDM-Pro, all devices were reported as “disconnected”, even though the clients were connected correctly. A quick power cycle of all devices fixed it.

  6. Question: Same process for replacing a USG3 that is locally managed? I have no cloud key…

    Thanks.

    1. Hi Danny,
      I think you manage the devices over the Java-based Windows application?
      From my point of view, the solution should work analogously to the cloud key variant.

      Greetings
      Gregor

      1. Finally got around to doing it, and the restore failed. Odd, as both were updated.

        There was an error uploading the backup file. The backup file you are trying to load includes a newer version of the UniFi Network application that is incompatible with this UniFi OS Console.

        1. I’m glad you mentioned this. It seems sometimes UniFi has different “current” releases of the Network application depending on your platform. I have the latest 7.3.83 in my Azure cloud console, and the latest available in the UDM-SE was 7.2.x. However, after updating the base UniFi OS on the UDM to 3.0.18, the Network application updated to match 7.3.83, so hopefully that’ll work. Long story short: make sure the source Network version is less than or equal to the Network version on the UDM.

          1. Hello Mark,
            thank you very much for your comment. I absolutely agree with that, for a successful migration the versions should be the same.
            Greetings
            Gregor

        2. Just curious if you figured out the process to go from USG3P (no cloud key) to the UDMP? My USG3P is failing and I’m considering a UDMP to replace it. I use my Windows PC to run the controller and am on an old, old controller (5.14.23)

  7. Hi, I replied to a comment earlier today about the issue of duplicate 192.168.1.1 addresses. I had tried the solution proposed of power cycling my UDM but was not able to get an internet connection from my laptop connected to the UDM LAN port. Turns out the problem was with the ethernet adapter to the laptop. Plugging in a different laptop solved the problem and I was able to update the UDM on the network run by the USG with no problem. Than you for the article and follow up in the notes!

    1. Hi Paul,
      I answered your questions a few seconds ago and just saw your 2nd comment. I’m glad you found a solution and even more glad you left it as a comment here too!
      Many thanks for this and have fun with the UDM-Pro.

      Greetings
      Gregor

  8. Thanks, very useful. I couldn’t figure out how to change the IP address of the UDMPRO after disconnecting it, so restored the backup from my laptop, and it worked just fine when I swapped over the cables. Speedtest went up from ~200Mbits to 930Mbits.

    1. Hi Adrian,
      sounds good and performance looks awesome.
      Thanks for your feedback.
      Greetings
      Gregor

  9. Gregor, thank your for the great instructions. I followed them and I was able to migrate everything just fine.

    Only issue is when I go to the UDM SE Admin Site, the topology map is not accurate, it shows no APs plugged into the UDM Pro. Also when I go to the Network Application, the dashboard still shows the USG-3P as the gateway, and the topology map here, does not show the new UDM SE at all.

    Asside from this, everything works fine. Any idea how to get Unifi to refresh its Gateway and the topology map?

    1. Hi Adrian,
      do you try to restart the device? Sometimes after updates are installed or when in the migration there was a slightly issue it helps to restart the UDM Pro.

      Greetings
      Gregor

  10. I am about to migrate from USG to UDMP.
    I have read this article with great interest, the migration process is well documented. Thanks a lot for this.

    I do have one question though. Would it be wise to first ‘forget’ the USG before making a backup that will be used to update the UDMP?

    Best regards,
    Cor

    1. Hi,
      thanks for the feedback!
      I don`t think so, because the UDM contains a lot of information about the network, so from my point of view it must be included in the backup.
      After you import the backup, you can remove the USG from the network with the “forget” feature.

  11. Hi Gregor, Many thanks for this. Just went from USG3 to UDM Pro following your guidelines without a hitch. My only additional step was to restart the Primary WAN router to get everything running. Perfect – thanks!

  12. Thanks for this guide. Worked well also from USG3/UCK(G1) to UDR.
    One hint: Update the UniFi OS to 3.x at earliest after the restore of the UCK backup taken at its latest version 7.2.95 is done. UniFi OS will update Network Manager to 7.3.x. Update Network Manager to 7.2.95 on the UDR is possible via the GUI prior.

    1. Hi Gerrit,
      thanks for your insights and sharing the link to resolve this issue.

      Greetings
      Gregor

  13. I read your article with great interest. Anyway, the way don’t work for me πŸ™

    Let me describe:
    – I connected the UDM PRO SE with the existing switch by using WAN of UDM to Port 5 of the switch.
    — USG and Cloud Key gen. 2 still connected
    – The UDM git IP 192.168.1.200 while USG is still 192.168.1.1
    – The problem is, that I don’t get access to 192.168.1.200
    — By using Unifi app I get access ant the app tells I have to update the UDM ant of course I tried (click to update) but nothing happens.

    Do you have any suggestions or tipps?

    1. Hi Marco,
      the steps you are doing sound correct. You see that the UDM gets the 200 IP in your Unifi Portal? Then it must be possible to connect to the device. Which switch are you using?

      Greetings
      Gregor

  14. Hi Gregor,

    Thanks so much for documenting this.

    Did an upgrade from USG 3P/CloudKey Gen2 Plus to UDM Pro. With the prep you recommended, it took longer to rack mount the hardware, than it did to complete the final software upgrade.

    With the lack of useful documentation from UI, once again thank you for your clear and logical direction.

    1. Hello Richard,
      thanks for your feedback and I’m glad everything went well!
      Greetings
      Gregor

  15. Worked like a charm after I got an Early Release Network Application update to match my USG3 on my new UDM Pro. Thanks, and much appreciated

    1. Hi Danny,
      glad to read it was helpful, and thanks for your feedback.
      Greetings
      Gregor

  16. Thanks for this article.

    I’m a little surprised not to see the inform host mentioned, except I think this was Gerrit’s issue.

    My UniFi network app currently runs under Linux on Azure. The “Network application hostname” is set to unifi.mydomain.com and “Override inform host with the Network application hostname/IP” is checked. So each device looks to that cloud URL for management.

    When I switch to the UDM, the Network app will be running on 192.168.1.1 (by default). I’m wondering whether, _before_ migrating, I don’t need to update “Network application hostname” to 192.168.1.1, so the devices will be looking to that address when the UDM comes online?

    Does that sound right, or is it unnecessary? What are your settings for “Network application hostname” and “Override inform host with the Network application hostname/IP”?

    Thanks u. vielen Dank

    1. Hi Mark,
      from my perspective it is not needed to change the hostname, because every new UDM Pro/SE will boot first time with the IP 192.168.1.1. You connect the UDM Pro/SE with the WAN port to your existing network, which will secure your network from any trouble.
      After the successfully migration you can change the hostname to match your existing one.
      Please let me know, when you have additional questions.
      Greetings
      Gregor

      1. IMHO the “inform host” should be set as the last action on the old controller (could also be a Raspi). Then the old controller goes offline and the UDR can take over.
        Otherwise all devices still have the old controller as “inform host” and can be lost or have problems.
        I have USG 192.168.1.1 and controller 192.168.1.102 and would set the informhost on the controller via “override” to the 102.

        1. Hi Thomas,
          the backup and restore procedure migrates the existing devices from the old to the new controller, otherwise I agree with your recommendation.

          Greetings
          Gregor

  17. Excellent pointers. Quick and easy migration. Worked great from USG to UDMP. Thanks a million!

  18. This was extremely helpful. I was replacing my USG with a UDM-SE, both running Network 7.3.83. However there was one major issue I ran into that wasn’t mentioned here.

    When trying to restore my USG backup onto the UDM-SE, I kept getting the message:

    “You are attempting to restore a “Site Export”. We require you to upload a full Network Configuration backup instead”.

    I tried downloading all of my local backups and also my backups from the Unifi cloud.

    I also tried generating all sorts of USG backups and nothing worked. It turns out that you have to enable the LEGACY INTERFACE on the USG and generate a backup from there! Once I did this, the UDM-SE imported the configuration, no problem. (I was fortunate that my USG was still working. I can’t imagine how difficult this would be if your USG was dead and you didn’t have the appropriate backups.)

    It really is time for Ubiquiti to finish implementing their new GUI so that it can do everything the old LEGACY GUI can do!

  19. In the same boat of trying to upgrade from USG/Cloud Key Gen2. This process sounds very good but I did have a question. We seem to be using the same WAN IP from USG to UDM Pro/SE. But what happens to the ARP cache on the ISP side? The ISP ARP cache keeps the USG Mac mapped to that WAN IP and even if we assign that IP to a new MAC from UDM , the ARP cache has to expire before this can be usable. I have seen this with Verizon when I moved from Verizon router to USG. Any thoughts on this anyone ?

    1. Hi Amit,
      I have no suggestion or expirience with this case, our provides relies on IP-adress and you can change the device at anytime as it gets a new IP (or the same one) and the provider automatically updates the ARP-cache on its side.
      Anyone else have experience or suggestions?
      Greetings
      Gregor

      1. I have completed my new rack setup and going to try your method of upgrade very soon. Will update here how it goes. Thanks for the response !!

  20. As of 11/8/2023:
    Logging in to the interface at 192.168.1.1 does not work, at least not for me. I had to log into 192.168.0.1

    Firmware is at 2.4.15 out of the box.

    1. Hi Alan, thanks for the note. I will take a look at this, currently the default IP of the UDM-Pro and UDM-SE are 192.168.1.1.
      Greetings
      Gregor

Leave a Reply to Gregor Reimling Cancel reply

Your email address will not be published. Required fields are marked *