×

UniFi - Network Controller: Regenerating an IDS/IPS Token

 

Overview

After reading this article readers will understand how to regenerate a token used for IDS/IPS functionality. The instructions below will guide users on how to navigate the MongoDB for the UniFi Controller. These steps can be used when restoring from a backup and using a new UniFi Security Gateway (all USG models) or UniFi Dream Machine (UDM and UDM-Pro). In this scenario, the old token would potentially be used on two USGs/UDMs at the same time or report alerts on an incorrect site.

NOTES & REQUIREMENTS:
This article covers advanced configuration of the MongoDB on Debian-Based Linux/Cloud Key, UniFi Dream Machines and Windows, and should only be used by advanced users. Applicable to UniFi Network Controller v5.9+ and all UniFi Security Gateway and UniFi Dream Machine models.

Table of Contents

  1. Steps: How to Erase an Old Token and Generate a New One on Debian-Based Linux / UCK or UDM with UniFi-OS
  2. Steps: How to Erase an Old Token and Generate a New One on Windows
  3. Testing & Verification
  4. Related Articles

Steps: How to Erase an Old Token and Generate a New One on Debian-Based Linux / UCK or UDM with UniFi-OS

Back to Top

1. Disable IPS or IDS in the UniFi Network Controller UI, under (Classic) Settings > Threat Management.

2. SSH or open a console on the device hosting the UniFi Network Controller.

If using a Dream Machine running UniFi-OS, users might need to enter the shell by running the following command:

unifi-os shell

3. Open a MongoDB shell to the ace directory:

mongo localhost:27117/ace

4. Locate the site ID. The site name will be "default" if it's the first site, if another one has been created then there will be an ID number after site/ in the controller's URL. Site names are case sensitive when used in the command below.

A default site, named Default in the "Current Site" dropdown with an assigned site ID of default. Controller accessed over the Cloud:

DefaultSite.pngAn additional site, named Main Office in the "Current Site" dropdown with an assigned site ID of bsmcigc9. Controller accessed locally via IP:

SecondSite.png

The default value should be replaced with your site ID as it appears in the URL of your controller, immediately after site/. Site names are case sensitive. This command will provide an ObjectID which will be used in the following step.

db.site.find({"name":"default"})

5. Locate the correct IPS setting document. Substitute "OBJECTID" with the ObjectID that was in the output after running the command in the previous step. This command will provide a new ObjectID to be used in the following step. 

db.setting.find({"key":"ips","site_id":"OBJECTID"})

6. Remove the utm_token from the database. Substitute "OBJECTID" with the new ObjectID that was found after running the command in the previous step.

db.setting.update({"_id": ObjectId("OBJECTID")},{ $set: { "utm_token":""}})

7. Enable IPS or IDS in the UniFi Network Controller web UI under (Classic) Settings > Threat Management.

Steps: How to Erase an Old Token and Generate a New One on Windows

Back to Top

1. Disable IPS or IDS in the UniFi Network Controller UI, under (Classic) Settings > Threat Management.

2. The Windows UniFi installer does not include the mongo binary. Visit the MongoDB official download website, and download the .zip release that corresponds to your server's CPU architecture. Alternatively, download 2.4.14 here directly: 2.4.14.zip.

3. Extract \bin\mongo.exe to a working directory of your choice. In this example, we will use C:\ips\. You may ignore all other files included in the package.

4. Open the command prompt by pressing WINDOWS + R.  In the popup, type cmd and press ENTER.

5. In the command prompt, change to the working directory:

cd C:\ips\

6. Open a MongoDB shell to the ace directory:

mongo --port 27117
use ace

7. Locate the site ID. The site name will be "default" if it's the first site, if another one has been created then there will be an ID number after site/ in the controller's URL. Site names are case sensitive when used in the command below.

A default site, named Default in the "Current Site" dropdown with an assigned site ID of default. Controller accessed over the Cloud:

DefaultSite.pngAn additional site, named Main Office in the "Current Site" dropdown with an assigned site ID of bsmcigc9. Controller accessed locally via IP:

SecondSite.png

The default value should be replaced with your site ID as it appears in the URL of your controller, immediately after site/. Site names are case sensitive. This command will provide an ObjectID which will be used in the following step.

db.site.find({"name":"default"})

8. Locate the correct IPS setting document. Substitute "OBJECTID" with the ObjectID that was in the output after running the command in the previous step. This command will provide a new ObjectID to be used in the following step. 

db.setting.find({"key":"ips","site_id":"OBJECTID"})

9. Remove the utm_token from the database. Substitute "OBJECTID" with the new ObjectID that was found after running the command in the previous step.

db.setting.update({"_id": ObjectId("OBJECTID")},{ $set: { "utm_token":""}})

10. Enable IPS or IDS in the UniFi Network Controller web UI under (Classic) Settings > Threat Management.

Testing & Verification

Back to Top

Referencing the utm_token before and after this process should be enough to see that it either did or did not change. See here for quick ways to test IPS/IDS.

Related Articles

Back to Top

UniFi - USG: Configuring Intrusion Prevention/Detection System (IPS/IDS)

Was this article helpful?
0 out of 0 found this helpful
Can't find what you're looking for?
Visit our worldwide community of Ubiquiti experts for more answers
Visit the Ubiquiti Community