IT Security Blog

UniFi Site Manager 5.0.0: Zero-Touch Provisioning for SD-WAN Gateways - Scale Faster, Standardize Cleanly

Written by Linus Espach | Jan 15, 2026 8:11:43 PM

Companies that operate multiple sites (or are growing rapidly) know the pattern: The actual bottleneck is rarely the hardware - it is time, processes and the susceptibility to errors during rollout. This is exactly where UniFi Site Manager 5.0.0 comes in: With the new "UniFi Fabrics" orientation, the Site Manager moves from a pure multi-site overview to a scalable control plane that places much more emphasis on standardization, automation and zero-touch provisioning (ZTP).

This is particularly relevant for SD-WAN scenarios because gateways at the WAN edge are typically the "critical first devices" of a new site: Bringing up the Internet, pulling policies, establishing VPN/SD-WAN - and preferably without on-site technicians and manual click paths.

Why this release is strategically important for companies

Ubiquiti is positioning the UniFi Site Manager as a centralized platform for remote administration of all deployments - especially for MSPs and larger enterprises with geographically dispersed locations. At the same time, the concept is designed to maintain local control and enable license-free remote management (i.e. without traditional cloud controller/hosting fee models).

With "UniFi Fabrics", this idea is further expanded: a uniform control plane model that not only makes multi-site operation "visible", but also standardizes it operationally - including orchestration of configurations, central policy control and ZTP as a growth driver.

Zero-touch provisioning in the UniFi context - briefly explained

Zero-touch provisioning means here: Devices are "registered" in advance in the Site Manager and assigned to a target site. All that then needs to be done on site is to connect the cables and switch them on - adoption and assignment happen automatically. This reduces manual steps and prevents typical rollout errors (wrong site, wrong device, wrong template, etc.).

Ubiquiti describes the process very pragmatically using ZTP codes on the packaging: scan the QR code or capture the code, store it in the Site Manager inventory, assign the site - and the device is automatically adopted when it is plugged in.

The crucial point: ZTP for SD-WAN gateways

SD-WAN stands and falls with reproducibility at the WAN edge. In practice, it is precisely these tasks that traditionally require "hands-on":

  • Initialize and adopt gateway
  • Integrate WAN uplinks (multi-WAN if necessary) cleanly
  • Apply segmentation (VLANs), security policies, NAT/PBR rules
  • Activate site-to-site coupling / SD-WAN topology
With Site Manager + UniFi Fabrics, the goal is clear: templates, policy assignments and orchestration so that new sites can be "pulled up" faster and more consistently - without ClickOps repetition.

And this is exactly where SD-WAN comes in: With "Site Magic SD-WAN", the Site Manager brings a function to build VPN couplings between UniFi Gateways in a scalable way - without the classic complexity of manual tunnels and time-consuming subnet coordination.

In combination, this means for many companies:
ZTP brings the gateway to the right site "without a technician" - and SD-WAN brings the site to the site coupling "without tinkering".

Practical workflow: How to make a new site truly "zero touch"

A practical procedure (especially for hub & spoke designs) typically looks like this:

  1. Prepare the site in the Site Manager
    Create site, define roles/administrators and basic policies.
  2. Add gateway to the inventory via ZTP
    Capture the ZTP code from the box (QR or manually) and assign it to the target site.
  3. On-site only "power + internet"
    Remote employees or a local service provider plug in the device - the gateway automatically adopts in the designated site.
  4. Activate SD-WAN and assign topology
    After adoption, the site is integrated into the desired SD-WAN structure (e.g. Site Magic SD-WAN, Hub/Spoke).
  5. Optional: Rollout hygiene via Update Manager & Monitoring
    Control updates centrally, evaluate WAN quality via ISP Viewer, standardize operation.
The result: Site onboarding becomes a reproducible process instead of a project with individual "manual device work".

Added value for companies: What improves operationally and financially

  1. Significantly shorter time-to-site (rollout speed)
    If the gateway no longer has to be initialized and "captured" manually, rollouts shrink from days to hours - especially with many branches, temporary locations or internationalization.
  2. Less travel costs, less on-site dependency
    ZTP reduces the need for IT staff on site to a minimum: just wire it up, switch it on and you're done. In practice, this is one of the biggest levers for reducing rollout costs.
  3. Consistent security baselines instead of "site variants"
    UniFi Fabrics emphasizes orchestration and central policy control: define the configuration once and roll it out in a controlled manner (immediately or planned). This is the difference between "we have 30 sites" and "we operate 30 clean, similar sites".
  4. Scaling without ClickOps
    Anyone who has ever "trailed" a dozen locations via UI knows that the risk increases linearly with the number of clicks. Fabrics explicitly addresses this by reducing repetitive configuration work and ClickOps.
  5. Better operation: central updates, central WAN transparency
    Update Manager and ISP Viewer are relevant components in Site Manager for ongoing operations - because they bundle updates across sites and make WAN quality (latency, packet loss, uptime) comparable.

Conclusion: Site Manager 5.0.0 makes SD-WAN rollouts "process-capable"

With Site Manager 5.0.0 (and the UniFi fabrics direction), it is clear that UniFi not only wants to "manage devices", but also operationalize multi-site operations - with orchestration, templates/policies and a ZTP approach that makes site growth plannable and repeatable.

This is a real lever for SD-WAN gateways:
No manual initial setup, no technician trips, fewer rollout errors, and a much faster integration of new sites into a standardized site coupling (Site Magic SD-WAN) - with simultaneous central transparency about updates and WAN quality.

If you want to set up the topic properly in your environment (blueprint/segmentation, hub & spoke design, rollout processes, security baselines and operation): Rheintec supports you from architecture to managed service - so that Zero Touch is not only "fast", but also "clean and secure".
View full post