Unifi USG 3P migration to FWG SE in parallel -Tips/Tricks

Follow

Martin Fong

• October 18, 2023 18:34

ISP Modem/Router in Bridge Mode -> USG -> Unifi Network (3 switches, 2 APs, 5 VLANs)

I am just wondering if anyone has any tips to share how to migrate USG over to Firewalla Gold or Gold SE while maintaining the existing Unifi network up and running?  Is it possible?

Can I plug the FWG SE into the Unifi LAN port to get an IP and setup/configure all my configuration in parallel before replacing the USG as a pre-step?

I wish I had 2 ISPs to run them in parallel but that is not the case.  Uptime is very important in my case.

Please advise.

Martin.

0

• 

  Firewalla

  • October 18, 2023 19:57
  • Edited

  If you have simple configurations, you can just wire the FWG up, use the same LAN address, everything should work nicely.

  If you have a very complex network, and want to experiment, I do see people use the FWG in bridge mode first and move to router mode a bit after. (in bridge mode, you will be able to insert FWG between the USG and your access/switch)

  0

  Comment actions Permalink
• 

  Martin Fong

  • October 18, 2023 20:53

  My intention is to replace the existing USG (it is a sitting duck and EOL product).  I do have some VLAN/FW rules and UCK cloud key to manage my Unifi gears.   I could explore the docker version later.

  So using bridge mode would be the only way to pre-configure my FWG-SE with my old Unifi settings?

   

  0

  Comment actions Permalink
• 

  Firewalla

  • October 18, 2023 23:28

  If you just have VLAN's, the easiest way is to warn the family about a potential 10-minute network down and just implement your settings with the FWG-SE. If things don't go well, you can just plug back the USG. 

  0

  Comment actions Permalink
• 

  Michael Bierman

  • October 19, 2023 05:27

  I would put my FW behind another router and configure at least the big stuff like LANs, VLANs, IP reservations, etc play with any important rules, etc. you can then either swap with USG for tests (and swap out if needed). since presumably everything goes through a switch swapping should be a pretty minor thing if you have all the networks defined similarly with the same basic info. Very likely you can get things up and stable quickly and then refine as needed.

  1

  Comment actions Permalink
• 

  Martin Fong

  • October 21, 2023 22:52

  Michael,

  I did what you have suggested.  Luckily my cable modem in bridged mode had an extra LAN port and I plugged it in the FWG-SE and got an extra WAN IP.  That allowed me to copy-paste and create/transfer identical VLAN,etc over in parallel.  Once all saved, just flip the cable over and boom.  All done without any issues.   

  I will keep on monitoring for a few days and will play around to ensure VLAN don't talk to each other,etc.

  I see a lot of blocked attempts, amazing.  

  Day 1 using FWG-SE and loving it!

  Thanks all for the suggestion.

  0

  Comment actions Permalink
• 

  Michael Bierman

  • October 22, 2023 00:51

  Enjoy, Martin. Glad it was relatively painless.

  0

  Comment actions Permalink

Please sign in to leave a comment.