What to do When the UniFi Security Gateway Refuses to Upgrade

I love Ubiquiti, even their security gateway. But there is a big even in there. While most UniFi equipment is a breeze to setup, the UniFi Security Gateway (USG, USG-PRO-4) can be a nightmare. One issue that arises is when a USG has an older version of the UniFi firmware and you need to upgrade it. Here are the steps I’ve learned to take when upgrading a UniFi Security Gateway.

  1. Download from Ubiquiti’s site the latest available firmware for the USG.
  2. Rename the file upgrade.tar.
  3. Run an ethernet cable between the LAN port on the USG and your workstation.
  4. Configure a static IP address in the same subnet as the USG – by default USG’s are configured with the IP 192.168.1.1 with a subnet of 255.255.0.0.
  5. Use WinSCP (or your favorite SCP client) to connect to the USG.
  6. Enter your username and password for the USG – by default the username and password are both ubnt.
  7. Upload the upgrade.tar into the home directory for the admin user (this, for me, has always been the default folder that opens when connecting via SSH/SCP).
  8. Exit your session in WinSCP.
  9. Use PuTTY (or your favorite SSH client) to connect to the USG.
  10. Again, enter your username and password.
  11. At the command line type: sudo syswrapper.sh upgrade upgrade.tar
  12. The system will spit out information about the install and then reboot itself.
  13. When the system comes back up (solid white or blue light) you can connect to the USG again to verify that the firmware took.
  14. Use the command info to view the current firmware from the USG command line.

At this juncture you should have a successfully updated USG.

Note: I didn’t come up with this on my own, see the Ubiquiti forum thread, “Can’t upgrade USG to newer firmware.” ilkevinli provides the meat of this solution, I’ve just added window dressing and taken away (what I sometimes find to be) the confusing conversation around the solution.

There is another discussion on this topic, “USG Cloud Controller Adoption – could it be more difficult???” but I recommend against using this thread as the accepted solution isn’t quite correct.