UniFi Network 10.4 Is Out. Here's What Your Colorado Business Should Care About

Ubiquiti dropped UniFi Network 10.4 in May. We run this software across construction yards, multi-site dental groups, manufacturers, and a fair number of homes around Pueblo and Colorado Springs, so a new release usually lands on our desk before most clients even notice. Their marketing post leads with eBGP and OSPF, which sounds impressive and which roughly 5% of small businesses will ever touch.

So here's the version of the release notes we'd send to a client over coffee. What changed, what's worth caring about, and what we're rolling out first.

Teleport on a Travel Router finally solves site-to-site over CG-NAT

Here's the wall we hit constantly. If you run a construction office, a remote yard, or any site that gets its internet from a 5G or 4G hotspot, your jobsite gateway is behind Carrier-Grade NAT. Verizon and T-Mobile keep most cellular customers there. No real public IP at the trailer means no inbound site-to-site VPN. You can dial out to the main office, but nothing reaches back into the camera DVR or the project trailer's printer.

Teleport VPN already solved part of this. The WiFiman app on a phone or laptop uses Ubiquiti's relay to punch through the NAT, so a person could get into the site. What was always missing was a way to park something at the remote end and have it stay connected like a real WAN link. Static IPs from the carrier cost extra and aren't always available. We've shipped Tailscale or ZeroTier as a sidecar on these sites for years just to bridge that gap.

10.4 makes the UniFi Travel Router a first-class Teleport endpoint. Drop one on the desk at the jobsite trailer, pair it to your main site, and it holds the relayed tunnel open continuously. Anything plugged into the Travel Router, or anything on its Wi-Fi, reaches back into the main site like it's on the LAN. No third-party VPN. No carrier static IP. No public IP at either end.

Roughly half the yards we run cellular failover on are behind CG-NAT. A small Travel Router that just works through it changes how we'll quote new jobsites.

5G telemetry is finally visible

If you have a U5G or any of the new UniFi cellular gateways, you'll now see the band, signal strength, and radio health inside the same interface as everything else. Before 10.4, you basically had to take the carrier's word that the cellular link was healthy, or SSH around and read modem AT commands like it's 2015.

For us this matters because the calls we hate getting are "the internet's slow, can you check." Slow on cellular usually means the tower handed you off to a worse band or the antenna got bumped. Now we can see that without sending a tech.

UPS battery thresholds you can actually configure

Front Range power is not as clean as people think. We see brownouts in Pueblo and Fountain every storm season, and over the last two winters a handful of clients lost a server SSD because their UPS ran flat without triggering a clean shutdown. The old UniFi behavior was binary. Battery low, send a notification. By the time you saw it, the database was already corrupted.

10.4 lets you set the percentage threshold that triggers a graceful shutdown, surfaced in the same dashboard as the rest of your gear. We're going to push a sensible default (around 20%) to every managed-services site that has a UPS plugged into a UniFi controller.

Blueprint sync across sites

This one's for clients with more than one location. If you've got a main office, a yard, and a satellite trailer, you've probably watched a tech spend two hours making the same VLAN and firewall change three times across three dashboards. The polite term is "configuration drift." The honest term is "this is how dumb mistakes happen."

Blueprint sync lets you configure one site, mark it as the template, and push changes to the others. VLANs, DNS policies, firewall groups, traffic rules. It's not as deep as a full multi-site controller like Mist or Meraki yet, but it covers most of what trips up multi-site SMBs.

For our managed clients with multiple locations, this is going to cut our change-window time roughly in half. We're testing it on an internal site this week and rolling it out to clients as part of the standard 10.4 push.

The boring but important stuff: eBGP and OSPF visibility

Most readers can skip this section. If you don't know what BGP is, you don't need to. Here's the short version for anyone who does.

UniFi gateways now speak eBGP natively, which means if you're peering with an ISP that hands off via BGP (rare for SMBs, common for anyone with multiple WAN connections and real failover needs), you no longer need a Mikrotik or pfSense in front of the UniFi gateway to do it. OSPF was already there, but you can now see the internal areas in the same topology view you use for everything else.

If you've been running a hybrid stack because UniFi couldn't do BGP, 10.4 may let you consolidate. We're going to test this on one of our larger multi-WAN clients before recommending it broadly. The instinct here is to wait one minor release for the rough edges to sand off.

What about resiliency and the time machine view?

10.3 introduced a time-machine view that lets you scrub back through historical state of the topology. 10.4 puts that directly inside the topology screen instead of as a separate tab, which sounds minor but actually changes how you troubleshoot. When a client calls and says "the cameras were down yesterday at 2pm," we can now drag the timeline back and see exactly which link flapped without leaving the page.

Smarter alerting on third-party appliance integration also lands here. If your camera NVR or access controller drops, you get a grouped alert instead of 14 separate notifications across every port it touches.

How we're rolling it out

Honestly, we don't push major UniFi releases to client sites the day they ship. We let it bake for two to three weeks on our own gear and a couple of friendly internal sites, then push to managed clients during their normal maintenance window. 10.3 had a couple of switch firmware quirks at launch and we'd rather find those on our test rack than yours.

If you self-manage your UniFi gear, our advice is the same. Wait two weeks. Read the community release thread for the bug reports that always surface in the first 72 hours. Back up your controller config before the upgrade, especially if you're on a self-hosted Network Application rather than a UniFi OS Console.

And if your stack is more than one site, or it's powering anything mission-critical (cameras, access control, point-of-sale), let somebody who deploys this weekly handle the rollout. The upgrade itself is easy. The thirty-minute outage you might cause because a switch needed a reboot during business hours is not.