Keeping the Router Updated

Posted on 5 2026

The source material this page replaces covers the OpenWrt upgrade process: downloading firmware images, verifying GPG signatures, transferring via SCP, and running sysupgrade. For UniFi, the update process is handled through the web interface and requires significantly less ceremony. The discipline is not in the technical steps but in the habits around them: keeping backups current, reading release notes, and updating on a schedule rather than whenever prompted.

UniFi update channels

UniFi maintains two update channels:

Stable: production-ready releases that have gone through Ubiquiti’s full testing cycle. This is the correct channel for all three routers. Security patches, bug fixes, and feature updates arrive here once they are verified.

Release Candidate: pre-release builds for testing. Not appropriate for production infrastructure.

Verify each router is on the stable channel: UniFi OS > System > Updates > Update Channel > Official.

Checking for updates

Updates are visible in UniFi OS and in the Network application independently. Both need to be checked.

UniFi OS updates: affect the underlying operating system, security patches, and the integration layer. Navigate to UniFi OS > System > Updates.

Network application updates: affect routing, firewall, VPN, and network configuration features. Navigate to UniFi Network > Settings > System > Updates.

Both should be kept current. UniFi OS and the Network application version numbers are independent and update on separate schedules.

Update notifications

The routers send notifications when updates are available via the UniFi notification system configured in the Router Mail section. Ensure firmware update notifications are enabled so updates do not go unnoticed for extended periods.

From the desktop, check all three routers quickly:

for router in prevernal vernal estival; do
    echo "=== $router ==="
    ssh -o ConnectTimeout=5 "$router" \
        'ubnt-device-info summary 2>/dev/null | grep -i "version\|update"' \
        2>/dev/null || echo "Connection failed"
done

Pre-update procedure

Before updating any router, run through the following steps. The discipline of doing this consistently is what makes updates safe rather than stressful.

1. Take a manual backup

Navigate to Settings > System > Backups > Download Backup and save the .unf file. Store it in KeePassXC as a file attachment named with today’s date:

prevernal-backup-YYYY-MM-DD.unf

This is distinct from the automated daily backups. A manual pre-update backup captures the exact state immediately before the change.

2. Read the release notes

Ubiquiti publishes release notes for every update. Find them at:

https://community.ubnt.com/t5/UniFi-OS/ct-p/unifi-os

Or via the update notification in the web interface. Look specifically for:

  • Known issues that affect this hardware model
  • Changes to default configuration values
  • Breaking changes to features in use on this network

Updates that change firewall behaviour, VPN configuration, or VLAN handling deserve particular attention.

3. Check community reports

For significant version updates, search the UniFi community forums for early adopter reports before applying:

https://community.ui.com

The community surfaces hardware-specific issues that do not appear in official release notes. A quick search for the version number and the device model (UDM-SE) before updating is a worthwhile few minutes.

4. Note the current versions

Record the current UniFi OS and Network application versions before updating. If something goes wrong post-update, knowing the exact versions makes rollback and support requests easier.

ssh prevernal 'ubnt-device-info summary | grep -i version'

Applying updates

Via the web interface

Navigate to UniFi OS > System > Updates. If an update is available:

  1. Click Update
  2. Confirm the update prompt
  3. The device downloads the firmware, applies it, and reboots
  4. The process takes 3-5 minutes

The network is unavailable during the reboot. Time updates for a period of low activity.

Via SSH

For scripted updates or when the web interface is unresponsive:

ssh prevernal

# Check available updates
ubnt-update check

# Apply UniFi OS update
ubnt-update start

Updating all three routers

Update one router at a time rather than all three simultaneously. If an update has an issue, discovering it on Prevernal while Vernal and Estival remain functional preserves network access.

Recommended order:

  1. Prevernal first as the primary site. It is the most instrumented and easiest to monitor.
  2. Vernal once Prevernal is confirmed stable post-update.
  3. Estival once Vernal is confirmed stable.

Allow 24-48 hours between each update to observe whether any issues emerge in normal use before proceeding.

Post-update verification

After each router updates and reboots, verify the following:

# Confirm the router is reachable
ping -c3 10.1.0.1

# Confirm SSH access
ssh prevernal 'uptime'

# Confirm DNS resolution via the router
dig @10.1.0.1 google.com +short

# Confirm inter-site VPN is up
ping -c3 10.2.0.1
ping -c3 10.3.0.1

# Check WireGuard tunnel state
ssh prevernal 'wg show'

Check the UniFi dashboard for any device alerts or offline notifications. Confirm the Network application version in Settings > System > About.

Automatic updates

UniFi supports automatic updates: Settings > System > Updates > Automatically update devices.

The trade-off is predictability. Automatic updates apply during a configured maintenance window without manual review of release notes or pre-update backup. For a home network where convenience is prioritised, automatic updates are reasonable. For a network that needs controlled change management, manual updates on a regular schedule are the better approach.

A sensible middle ground: enable automatic minor updates (security patches and bug fixes) while requiring manual approval for major version updates. UniFi does not currently provide granular control over this in the standard interface, so the choice is binary.

This series recommends manual updates for the routers given the critical nature of the infrastructure. Set a reminder to check for and apply updates monthly.

Rollback

If an update causes a problem and the device remains accessible:

Navigate to UniFi OS > System > Updates > Previous Versions. UniFi keeps a previous version available for immediate rollback. Click Roll Back to restore the previous firmware version.

If the device is inaccessible after an update:

  1. Restore from the manual backup taken before the update: Settings > System > Backups > Restore
  2. If the web interface is not accessible, use the serial console (documented in the LEDs and Buttons page)
  3. As a last resort, factory reset and restore from backup

The factory reset hold time is documented in the LEDs and Buttons page. With a recent backup file available, a factory reset followed by restore is approximately a 30-minute recovery process.

Network application updates

The UniFi Network application updates independently of UniFi OS. On the UDM-SE, both run on the same device and update together via the unified update interface. There is no separate procedure.

On a setup where the Network application runs on a separate server (the February homelab server), the application updates are handled separately via the apt package manager. This is covered in the server section once that configuration is in place.

Read the release notes before every significant update. Ubiquiti’s update quality is generally good, but hardware-specific issues occasionally appear. Two minutes reading release notes and community reports before applying an update is a consistently worthwhile investment.