What access does Ubiquiti have to customer networks? (lemmy.zip)

submitted 2 weeks ago by stoy@lemmy.zip to c/sysadmin@lemmy.world

11 comments fedilink hide all child comments

We are looking at upgrading our network equipment from old HP switches and Aruba access points, we have a Fortinet firewall that we are happy with, so we'll probably keep using them there, but for the rest we are looking for new stuff.

And we are looking closely at Ubiquiti for switches and APs, but two things have appeared on our radar.

Ubiquiti does have a cloud admin UI, this means that Ubiquiti needs to have access to our network controller to access this feature.

But what if we don't use that, will Ubiquiti still be able to access the network controller?

I guess that what I am asking is how does the access control work?

Also, updates, I see that they seem to be very frequent and also see some scattered reports that they have required admins to reset their configs and loosing camera footage, can you set updates to be delayed for X days?

top 11 comments

sorted by: hot top controversial new old

[-] RelativeArea1@sh.itjust.works 0 points 2 weeks ago* (last edited 2 weeks ago)

most of their stuff are local, unless you have activated remote access on your unifi controller which will require an online account on unifi (ui.com)

i only have their aps and my unifi controller is hosted on a local machine, and so far i haven't found any suspicious queries from them, i havent done any packet trace or port checks because they seem ok for me

where the unifi controller hosted on a deb machine

one of the ap

as for access control, if your unifi controller is hosted on a local machine then it will just use specific ports that ubiquiti utilizes that im not familiar with (or too lazy to do a port scan). you may also host your controller online via hostifi or other providers or a diy cloud server (if you're onto that)

for updates, unifi controller will notify you if there are updates but its still up to the controller admin if they decided to do so.

as for janked device configs, i mostly experienced it on controller version 6.x.x and 7.x.x but not on most recent one (9.x.x) and yes it requires a unifi controller admin acct, you may also do scheduled backups of your configs so you can revert back just in case. and if you have no choice then you could locate device > poke reset > re provision on controller.

[-] stoy@lemmy.zip 1 points 2 weeks ago

Thank you very much for a very thorough run down of the system, we are based in the EU and are trying to make sure that we have as few mandatory ties to US manufacturers as possible while running a modern IT system.

We have thought about MikroTik and Extreme but our CTO wants us to investigate Ubiquiti as it has a nice web UI for all devices on the network which would be a big advantage for our small network.

I will push for a small POC network or demo so we can get a better understanding of it.

[-] RelativeArea1@sh.itjust.works 1 points 2 weeks ago* (last edited 2 weeks ago)

Thats understandable and fair, some US/publicly traded companies are kinda nutsy nowadays.

At first I was also drawn with Mikrotik but setting them up is a bit...yea, I'm not thrashing them, it just made me realize "do i really want to spend a lot of time setting this up?"

but don't get me wrong, they're amazing. I've seen my cousin doing his ISP business with 1000+ clients using their CCR line up and the cost to perf ratio is crazy.

[-] stoy@lemmy.zip 0 points 2 weeks ago

Yeah, I have a small Milrotik home router that I opened once, checked out Winbox for 15 min, realized I was WAY out of my depth and got an Asus router instead, this was about 8 years ago though, so things may have changed.

At this moment we are not really big enough to justify a dedicated network tech, which is why Ubiquiti have caught our eye.

[-] bacon_pdp@lemmy.world 0 points 2 weeks ago

If you don’t flash custom firmware images on them that you built yourself from source code; then you have a massive backdoor that you can’t turn off. (Same goes for all other networking vendors, especially Cisco)

[-] ramble81@lemmy.zip 0 points 2 weeks ago

Just note, this is the extreme interpretation of software in general (“if you don’t compile the compiler by hand it could insert a back door!”)

For the purpose of your question, as others have stated you can run things isolated on your network with local accounts and not use their remote services (incidentally that’s how I run it)

[-] bacon_pdp@lemmy.world 0 points 2 weeks ago

No, proprietary software by default is malware. Either currently active malware or will likely to turn into malware whenever they get the urge to increase their stock price by bricking your shit, extracting data from you or any other thing that they might choose to do to bump those numbers up.

[-] stoy@lemmy.zip 0 points 2 weeks ago

That is a very idealistic way of looking at the issue, and I am very impressed if you have the skill and time to maintain your computer systems completely free from proprietary software.

However, we do neither have the skill not the resources to follow that path, so while I agree with you on principle, reality does make those principles impossible for us to work under.

[-] bacon_pdp@lemmy.world -1 points 2 weeks ago

My husband buys hardware which has excellent Linux support and by investing in quality products, he maintains a source code only home environment that I quite enjoy.

[-] stoy@lemmy.zip 1 points 1 week ago

I am sorry but this is an argument on par with a 5 year old saying "my dad can beat up your dad!"

I am glad that you have an environment that works for you, but unless you yourself maintain it to the standard you set earlier, I find it difficult to take you seriously.

[-] bacon_pdp@lemmy.world 0 points 1 week ago

More like, I don’t discount the contributions of others who helped me. Having to expect everyone to be everything and do everything is such macho bullshit. When everyone works together and puts in the little help that they can, things you consider hard/impossible can be achieved in a rather short time frame.

this post was submitted on 19 Jul 2025

2 points (100.0% liked)

Sysadmin

10538 readers

2 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
!lemmy@lemmy.ml
!lemmyworld@lemmy.world
!lemmy_support@lemmy.ml
!support@lemmy.world

founded 2 years ago

MODERATORS

DarraignTheSane@lemmy.world

00Lemming@lemmy.world

L3s@lemmy.world