Firmware update: Ubiquiti USG 4.4.36




Ubiquiti has released new firmware for its wireless products that fall in the USG series. USG stands for UniFi Security Gateway and these products are intended to be used as a router. They include a powerful firewall, vlan options and vpn capabilities, and can be tuned with the UniFi Controller, which can also control access points and switches, for example. The version number of this firmware is fixed at 4.4.36 and provided with the following list of modifications:

[USG] Firmware v4.4.36 now available

Only one change since v4.4.34, but an important one for some use cases.
Do not clear IPs from DHCP WAN interface in PREINIT or a forced renewal. The primary problem symptom is when the system is provisioned by the controller when booting up.
In all firmware versions prior to this, that provisioning would remove the WAN IP then go through the DHCP lease process. This would leave a single WAN system with no Internet connectivity for a few seconds at least, and in multi-WAN cases, would cause a failover and fail back. In most cases, that was the only noticable symptom and it self-recovered without any problems, but in some things that require another reboot post-upgrade. In multi-WAN cases, it could cause WAN to stay in a state-of-the-art bootup post-upgrade. In normal operation of the system, there are no forced DHCP renewals (this is not relevant to the normal process or DHCP renewal).

* USG Pro
* USG-XG-8

[USG] Firmware v4.4.34 now available

Changes since 4.4.29 release:
Significant fixes in load-balance functionality (multi-WAN).
Fix circumstances where route metrics were not properly updated, primarily experienced upon fail back.
Fix problem that could cause one or both WANs to be marked and stuck in that state.
Fix crash in ubnt-util when a WAN is down for an extended period. Was not causing any noticeable problems since it was recovers on its own.
IDS / IPS fixes / improvements
utmdaemon high CPU usage fixed (cause of “heartbeat missed” a few reported). Note that can not prevent “heartbeat missed” in all possible circumstances. Where under extreme load for extended periods, it’s inevitable for user to be starved or resources enough to miss informs.
Added a couple of missing signatures to bundled in firmware so all are immediately available post-upgrade. Some noted spamhaus.rules was only available after signature update.
Suricata version string corrected to reflect specific version.
Patch for CVE-2018-18956 denial of service vulnerability in Suricata.
Reduce frequency or lookups to for cloud connectivity.
Adjust configuration for USG3 and USG Pro to decrease CPU and memory usage.
If no interface with “description WAN” is found (config.gateway.json overwriting the controller-generated config), assume the default interface for that hardware platform, so config_network_wan is included in the inform. That prevents INFORM_ERROR status on controller versions prior to 5.9.28. In 5.9.28 and newer controllers, there is also a change controller in this condition or whether this firmware-side change is available.
Speed ‚Äč‚Äčtest updates to not get stuck on a non-responsive server.
USG-XG-8 specific:
With UF-RJ45-1G SFPs, pass through the copper link to the SFP + port. Previously they always showed up in the OS when plugged in regardless of copper link status (was SFP module to SFP slot link), which is problematic if using one for a dynamic IP in some cases, as linkup actions are important.
Version number 4.4.36
Release status Final
Ubiquiti Networks Community
License type Freeware


In: A Technology & Gadgets Asked By: [23147 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »

Star Points Scale

Earn points for Asking and Answering Questions!

Grey Sta Levelr [1 - 25 Grey Star Level]
Green Star Level [26 - 50 Green Star Level]
Blue Star Level [51 - 500 Blue Star Level]
Orange Star Level [501 - 5000 Orange Star Level]
Red Star Level [5001 - 25000 Red Star Level]
Black Star Level [25001+ Black Star Level]