UniFi Network Application 9.0.92 adds Zone-Based Firewall, CyberSecure, Network Application API, and includes the improvements and bugfixes listed below.
Zone-Based Firewall settings
The new Zone-Based Firewall on UniFi Gateways categorizes different parts of your network into zones and allows for more granular and simplified policy management.
- Segment your network by using fewer, simpler policies, reducing complexity and increasing visibility.
- Configure specific policies to govern which traffic can pass between zones, based on Network Objects, IPs, ports, applications, and more.
- The migration to Zone-Based Firewall is irreversible unless you restore a backup prior to the migration.
- Existing policies that cannot be migrated to a single zone will be duplicated to multiple pairs.
- Requires UniFi (Cloud) Gateway firmware version 4.1 or newer.
- See the Zone-Based Firewall Help Center article for more information.
CyberSecure
CyberSecure is a per-site subscription that enhances the threat signature library used by the Intrusion Detection and Prevention System (IDS/IPS). It is available for all UniFi (Cloud) Gateways besides the Express and UXG-Lite.
- Requires UniFi Cloud Gateway 4.1.8/UniFi Gateway 4.1.3 and newer.
- See the CyberSecure Help Center article for more information.
Network Application API
The API provides powerful tools to manage Sites, Devices, and Clients, offering access to detailed configuration, real-time status, and live statistics. It supports insights for WiFi, Wired, and VPN clients, including connection details.
- Available through Control Plane > Integrations.
- Requires a Cloud Gateway with UniFi OS 4.1.9 or newer.
- Next versions will include more data, so leave comments on what you would like to see.
Improvements
- Added support for re-ordering the Dashboard widgets.
- Added the ability to Locate or Restart devices from the Device table when hovering.
- Added the ability to edit VLANs in the Port Manager > VLAN page.
- Added support for MongoDB 8.0 and Java 21 on Network Servers.
- Added Source name in Threat Detection email notifications.
- Added support for ed25519 SSH Keys for Device Authentication.
- Added WiFi Band column in the WiFi Settings table.
- Added support for third-party networks in IP and MAC ACLs.
- Added warning when configuring a Site-to-Site VPN with overlapping subnets.
- Added QoS in the Routing section within Settings.
- Requires the new Zone Based Firewall.
- Added support for Override WAN Monitors in the BGP Configuration.
- Requires UniFi Cloud Gateway 4.1.7/UniFi Gateway 4.1.3 or newer.
- Added support for Link Aggregation on the EFG and UXG-Enterprise.
- Requires UniFi Cloud Gateway 4.1.8/UniFi Gateway 4.1.3 or newer.
- Allow duplicate IP addresses for different WANs when configuring Site-to-Site VPNs.
- Improved the Threat System Log user experience.
- Improved the Honeypot user experience.
- Improved the Port Forwarding user experience.
- Improved the Client page user experience on large setups.
- Improved the WAN Packet Capture user experience.
- Improved the Security Settings user experience.
- Improved the Intrusion Prevention Active Detections Categories.
- Improved the Radio Manager user experience.
- Improved the Dashboard loading latency.
- Improved the port warnings in Port Manager.
- Improved filtering on the Devices page.
- Improved Statistics accuracy for Internet Activity in the Dashboard and Traffic Statistics.
- Improved the Airtime scanning user experience.
- Improved the WiFi Connectivity page user experience.
- Automatically turn off wireless meshing if a device is adopted via a wired connection.
- Increased default channel width to 80MHz for the 5GHz radio.
- Moved Firewall Connection Tracking settings to the NAT section.
- Moved the Traffic and Device Identification settings to System > Advanced.
- Renamed DNS Shield to Encrypted DNS.
- Renamed Country Restrictions to Region Blocking.
Bugfixes
- Fixed an issue where NAT rules sometimes didn't work on the UXG-Lite.
- Fixed incorrect timezone for Network Application Activity Logging to SIEM Servers.
- Fixed invalid mixed speed warning on ECS-Aggregation switches.
- Fixed an issue where the Network Application changelogs were missing on fresh Network Server installations.
- Fixed an issue where the last known uplink could be missing if it was a mesh uplink.