Skip to content

Unifi Cloud Gateway Max

Posted on:August 29, 2024 at 03:30 PM

I’ve been working with Ubiquiti gear for a long time. In general, I’m happy with all of the things I have. It’s true, not all of their products have been perfect, or even great. And they also run the risk of spreading themselves too thin with their recent product line expansions.

Without getting into a lot of the details, I’ve never run a cloud key product on my home network. Instead I’ve run a docker container version of their control software on my k8s cluster. At some point, through upgrade processes, this has left me with more than one ‘site’ defined in my database when I really only have the one to manage. I don’t really know how I got into this state, but my ‘Default’ site was not the one I normally use.

Enter my upgrade. I’ve been running with the network controller and a Unifi Security Gateway (USG) as the router. This little box was great when my network usage was a bit lower. But as with all things, over time our available speeds grew and (with kids) the usage as well. I had to disable features that limited speed, and also security a bit. With the recent announcement of the Cloud Gateway Max (CGM), I decided that I had found my replacement. It handles more than my current network speed with all features enabled. And there’s enough headroom to let me grow past the maximum available speed in my area. I bought the version with no additional storage (I don’t have an immediate need for the unifi NVR at this point) and waited.

Once it arrived, I went through some of the normal new device process of getting it plugged in upgraded. Now came the tricky part. The CGM can run the controller software (reducing some of the burden on my k8s cluster), but comes with a catch I didn’t know: it only supports a single ‘site.’ This shouldn’t be a problem. There is a defined process for migrating sites with a backup/restore process. When I tried to restore onto the CGM, a box prompted me to select which site should be imported from the backup. I picked the one that has all of my data and clicked ‘go.’

This is where things took a turn. After waiting for everything to apply, nothing appeared to change in the new UI. I thought “well, maybe I have some strange caching issue, let me go plug it in.” This did not have the desired effect. APs disconnected, devices stopped talking, time to revert. I opened up the standard Unifi UI instead of the direct access and discovered the issue. It seems that my site was imported, but was not created as the ‘default’ site.

My new problem is to figure out how to get my real ‘site’ also defined as the ‘default’ site in my current controller. Some googling landed me on this ubntwiki guide (archive) that layed out the process. It involved making changes to the mongoDB entries for the sites and adjusting some attributes. Fortunately it was pretty quick to do complete. One reboot of the old network controller later, and I could do a new backup of my single ‘default’ site.

Restoring this new backup went smoothly and everything showed up on the CGM as I expected. Time to plug it in at the ‘core’ again. This time everything looked good. I only needed to update some of my internal DNS to allow the device announce messages to get to the new controller on the CGM instead of the old controller on my k8s cluster. All of the devices showed up as connected shortly after that, and I turned off the old controller.

So far, things are nice with the CGM. I had forgotten that I can now use the WifiMan app to do some signal analysis through the house and area and get some real data. Some of the AP channel optimization functions seem to work a lot better on this setup compared to my previous one. We have a lot of noise and interference in the area, so this is a welcome change. I also get to set up Wireguard on the CGM, freeing another service running elsewhere1. And finally, I get to do a bit more in terms of rules for access to the internet for my kids’ devices.

I’m quite happy with this upgrade and hope it lasts me a good while!

Footnotes

  1. I need to figure out how to get metrics from the wireguard service before I make it my standard setup.