Client loginContact Us

Answers to the UniFi questions clients keep asking.

The questions clients keep bringing us — what a UniFi audit actually covers, who should hold admin access, what those unfamiliar MAC addresses on your controller really are, and how to bring a home network in line with current vendor guidance.

Is WiFi 7 wasted on your network?

WiFi 7's 46 Gbps headline is a lab ceiling you'll never see. The question that decides whether it's worth buying is narrower: can your uplink, switch, cabling and clients actually use any of it? A network engineer's decision framework — where it pays off, where it's idle capability, and how to tell — with the UniFi U7 lineup as the worked example.

Why App Store downloads crawl behind a UniFi gateway

Apple App Store downloads take all day while everything else is fast and cellular works fine — and the UniFi gateway gets blamed. The reframe that saves a wasted day: Apple-only slowness is almost never bandwidth. The two real causes are DNS-driven CDN edge-steering and Apple's privacy features (Limit IP Address Tracking / Private Relay) — with the diagnostic order, the ranked fixes, and why the answer is not always Cloudflare.

Hardening the UniFi management plane

A UniFi console is the router, firewall, recorder, and controller in one box — and in 2026 it became the target. Three Ubiquiti advisories in three months, several unauthenticated and CVSS 10.0, plus a rogue super-admin on unpatched consoles. The six-axis hardening posture we run on production sites: patch fast, no WAN exposure, segment, MFA, least privilege, and the admin audit.

Migrating a third-party camera fleet to UniFi Protect

UniFi Protect adopts your existing ONVIF cameras for live view and recording — but the AI doesn't follow for free. The honest map of what migrates, the AI Port math that decides large fleets, the NDAA driver behind the move, and the phased plan we run so nothing goes dark on site.

Migrating to the UniFi Zone-Based Firewall without breaking your network

The UniFi Zone-Based Firewall migration is a one-way door — no in-product revert, a handful of legacy rules become ~100 zone policies, and real networks lose site-to-site VPNs, Home Assistant and cross-VLAN smart-home discovery on the spot. The pre-migration checklist, what breaks and why, the test order, and the only rollback there is: a config backup you take first.

Migrating a multi-site UniFi controller to UniFi OS Server

The data move to UniFi OS Server is a backup-and-restore. The part nobody warns you about is per-site admin control — at scale it regresses, and Ubiquiti's durable fix is the Fabric model, not a better picker. The MSP decision: what changes, what regresses, the three hosting destinations, and how to move without stranding access to a fleet of client sites.

Can one UniFi Access reader unlock two doors?

In UniFi Access a reader is bound to one door, so one credential opens one door. What a two-door vestibule does natively — every intercom ringing, opening just the outer door or both when you answer, the G6 Entry working with the Intercom Viewer — and the two ways to open both doors from a single credential, with the egress rule that keeps it safe.

Ethernet cable color codes: the wires inside, the jackets outside

Two different color systems get confused for one. The eight wires inside a cable follow T568A/T568B — a real wiring standard. The jacket colors you see in a bundle — blue, red, yellow, green, purple — are a site convention, not a standard. What each actually means, why pairs matter more than sequence, and the one place color carries hard security meaning.

"John Sim" — the rogue UniFi super-admin and Security Advisory Bulletin 064

If a Super Admin called "John Sim" appeared on your UniFi console this week, you weren't picked — you were scanned. The five Bulletin-064 CVEs Ubiquiti disclosed on May 21, what's actually being exploited, how to tell whether you were hit, and the five-minute fix.

What to ask before hiring a low-voltage cabling contractor

License, certifications, insurance, standards, contract, deliverables — the six things to verify before signing, the state-by-state licensing reality, and the 22 questions to ask.

How to set up WireGuard in your UniFi controller

A clean, end-to-end WireGuard setup on the UniFi gateway you already own — homeowner-first prose with engineer-grade footnotes, exact menu paths, the four real-world breakage modes, and when to use Teleport instead.

VLAN segmentation for a home network

Five VLANs (Trusted, IoT, AV / Media, Cameras, Guest) is the usual answer. The structure is the easy part; the firewall rules and the multicast settings each VLAN needs are where most homes get it wrong.

What office cabling actually costs in NYC

The per-drop figure on a NYC cabling quote looks like the per-drop figure anywhere else. What makes NYC expensive is the layer of city-specific costs that sit outside the per-drop entirely — union labor, COI, ACP-5 asbestos, after-hours premiums, LPC review.

How much does office network cabling cost?

$150 to $300 per drop is the consensus range for Cat6 office retrofit work in 2026 — but the per-drop figure bundles five different line items, and each moves on its own axis. The rule-of-thumb, an 85-drop project itemized line by line, and what is not in the quote.

Sizing PoE on a UniFi residential network

Adding up the watts before you buy the switch. What 802.3af, 802.3at, and 802.3bt actually deliver, what UniFi APs and cameras actually draw, and why PoE injectors are a last-mile fix — not a strategy.

Cabling and patch hygiene on a residential UniFi install

The cable jacket has to enter the strain relief. The twist has to be preserved to the pin. The patch panel matters more than the category printed on the box. What good residential cabling looks like — and what the bad version costs you.

The case against port-forwarding Plex, Jellyfin, and Home Assistant

The most-documented residential UniFi compromise vector in 2024-2026 isn't the gateway — it's a self-hosted service exposed through a port-forward. The Reddit data, the published CVEs, and four honest alternatives with their trade-offs.

Why your UniFi LAN shouldn't be 192.168.1.0/24

The default subnet works perfectly — until you VPN home from a coffee shop on the same /24, your work laptop's corporate VPN uses 192.168.1.x, or you try to link two homes with Site Magic. The honest answer is to pick a different /24 on day one.

Disable 2.4 GHz on most UniFi access points

Three non-overlapping channels, dominated by the neighbours and 2003-era IoT, broadcast at full power from every AP. Keep 2.4 GHz on exactly one AP and turn it off everywhere else — and let 5 GHz and 6 GHz stop competing with themselves.

Smart Queues, bufferbloat, and the UniFi WAN

A gigabit-fiber speed test that comes back perfect alongside a Zoom call that sounds like a robot. Bufferbloat is queueing delay — what it is, when UniFi's Smart Queues fixes it, and the gateway throughput ceiling that quietly caps how high you can turn it up.

Where to put your UniFi access points in a house

Closet, ceiling, wall, corner, behind the TV — the physical location of a UniFi AP matters more than the model. The attenuation maths, the antenna patterns, and the heuristics for where to mount which AP in a real home.

When to update UniFi firmware, and when to wait

Auto-updating every release is the wrong default for a residential UniFi network. The release cadence, the bug-discovery curve, and the cadence we use on production homes — with the specific 2025-2026 firmware bugs that prove the point.

Why turning on UniFi Threat Management slows your internet

Threat Management on a UDM, UDM-Pro, or older Cloud Gateway runs deep packet inspection in software — silently capping your WAN at a fraction of line rate. Which models, which numbers, and what to do when gigabit fiber drops to a third of that.

Double-NAT on UniFi: ISP bridge mode, IP passthrough, and CGNAT

A UniFi gateway behind an ISP router does NAT twice. Site Magic, WireGuard, IPv6 prefix delegation, Xbox Live, and some VoIP break. Here is the diagnostic, the fix, and carrier-by-carrier bridge mode instructions for Verizon, Xfinity, AT&T, Spectrum, Optimum, Frontier, and T-Mobile.

Too many UniFi APs at too high power

When a multi-AP UniFi network underperforms — home or office — the most common cause we find is too many APs at too high a power. Fewer, quieter ones work better.

Why your UniFi VLANs aren't doing what you think they are

VLANs are easy to create on UniFi. Three specific traps trip up most homes — the L3 hairpin, firewall rule scope, and the rule-precedence change in Network 9. With the evidence and the fix for each.

WPA2 vs WPA3 transition mode — when to switch and what breaks

Transition mode is the right default on most residential SSIDs today — modern clients negotiate WPA3, older devices fall back to WPA2. The exceptions are specific: 6 GHz, Wi-Fi 7 MLO, UniFi PPSK, and a named list of legacy clients.

UniFi channel width: 20, 40, 80, 160, 320 MHz — what to set on 2.4, 5, and 6 GHz

20 MHz on 2.4 GHz, 80 MHz on 5 GHz, 160 or 320 MHz on 6 GHz. The reasons are specific — DFS rules, neighbour density, client capability — and most UniFi homes have at least one band set wrong.

Sonos, AirPlay, and Chromecast across VLANs on UniFi

Add a VLAN and your smart speakers, casting, and AirPlay all stop discovering each other. The protocol is mDNS, the fix is the UniFi Gateway's mDNS proxy plus three companion settings — explained.

Crestron, Control4, Savant, Lutron: remote access compared

How the four major residential AV-control platforms handle remote access in 2026 — cloud accounts, dealer involvement, subscription requirements, and what changes if the internet drops.

Should your AV integrator be the Owner of your network?

A common pattern in professionally installed homes — and a decision the homeowner usually didn't realize was a decision.

Disable wireless meshing on wired UniFi access points

UniFi's wireless meshing is on by default. On a fully wired install, a wired AP whose Ethernet hiccups silently flips to a half-throughput wireless uplink — with no obvious alert. Here is the fix.

Retire your Crestron port-forwards

Crestron's own current remote-access guidance is cloud relay plus VPN — not router port mapping. Field installations haven't all caught up.

The mystery MACs on your UniFi network

Apple's Private Wi-Fi Address feature generates a software-defined MAC for each network. Here's how to recognize it, why your controller still knows what the device is, and what to do about it.

UNIFI

Coming soon

What a residential UniFi audit actually covers

A read-only walkthrough of the 13 sections we look at on a home UniFi network — and what each section can quietly be wrong about.

FORMAT

Explainer

READ TIME

12 min

UNIFI

Coming soon

How to give a consultant read-only access to your UniFi console

The exact dropdowns to set, what each permission does, and how to revoke the access cleanly when the engagement ends.

FORMAT

How-to

READ TIME

6 min

UNIFI

Coming soon

Reading your UniFi admin list — who has access, what role, why it matters

A short walkthrough of the Control Plane Admins screen: roles, last-activity, MFA posture, and the questions to ask about each entry.

FORMAT

Instructional

READ TIME

8 min

GET IN TOUCH

A specific question we haven't written about yet?

If your UniFi network has a question that this list doesn't answer, send it to us. The good ones become the next article.

Send a question