Thanks for the great video. You actually use an example use-case scenario to make things easier to understand. One thing I've always had trouble understanding is the inter-vlan communications such as clients to printers, or client to say door bell camera. Your video not only showed me how to use the zones, but also helped me to solve this issue. Thank you!
Has anyone figured out how to change the default rule between to zones? e.g.: VPN to Internal is "Allow All" and there is no option to change that default rule to "Block All". The only way to make that happen is to create an additional rule, which results in a quite comic Block and Allow rule in the overview. Unfornately it also bypasses the overview matrix: it doesn't show "Block all", it shows "See policies". For me, it makes the overview matrix somewhat useless.
It looks like the ability to turn rules on and off (for testing or temporarily changing a restriction) is missing. Can you confirm this? If missing, seems like an oversight on Ubiquiti's part.
Great video. Can’t wait for this to be out of the beta phase. I don’t know about the USW issue, but ubiquiti is making some amazing moves as of the last year. I’m sure they’ll get this feature fixed for use with the USW.
Thanks for making the video - ZBF is awesome as long as all the VLANs are managed by the UDM. The moment you are using VLAN's routed by a Unifi L3 switch they are just thrown into the 'External' zone and there is no way to add them to a zone at all ...
This is a self-inflicted problem. If you're using UniFi L3 switches to route VLANs instead of the UDM, you're deliberately bypassing your security appliance. Of course those VLANs show up as "External" - from the UDM's perspective, that traffic isn't under its control anymore. Unless you can clearly articulate why you need L3 switching (with actual throughput numbers to back it up), you're likely overcomplicating your network and compromising your security posture for no real benefit. Let your gateway be a gateway and your switches be switches.
@@whiskerjones9662 Without going into all the details, simply a case of having a lot of 25Gb connected devices in my setup (30+). By having the UDM manage the VLAN routing vs my Aggregation Pro's, unless I put all 25Gb devices on the same VLAN, the inter vlan route will force all traffic up the 10Gb UDM pipe to be routed even between VLAN's on the same Agg pro, which would slam the UDM.
Its great for basic secure DNS..i used to use it but now use NextDNS DNS provider so needs to be disabled. Only reason i use the provider is so i have more granular control over my traffic coming in.
Certain devices have a different cadence. Im pretty sure that this will be available on all platforms and sooner than later it will become the new default
Hmm the rules you created for blocking traffic were completely unnecessary since the block all rule already take care of what you wanted to accomplish. On the other hand you created them as a demo on how to create rules without changing anything, that is what you did. It seems like the block all rule is automatically created when you create the zone.
Thanks for the great video. You actually use an example use-case scenario to make things easier to understand. One thing I've always had trouble understanding is the inter-vlan communications such as clients to printers, or client to say door bell camera. Your video not only showed me how to use the zones, but also helped me to solve this issue. Thank you!
Glas i was able to help
Glad Unifi has finally added this feature. Well delivered and easy to understand Avi.
Thanks for watching Tony! I hope you are doing well.
Has anyone figured out how to change the default rule between to zones? e.g.: VPN to Internal is "Allow All" and there is no option to change that default rule to "Block All". The only way to make that happen is to create an additional rule, which results in a quite comic Block and Allow rule in the overview. Unfornately it also bypasses the overview matrix: it doesn't show "Block all", it shows "See policies". For me, it makes the overview matrix somewhat useless.
Been using this for a little over a week with the RC update and it's awesome! Great video, Avi! Loved seeing another point of view on it.
Thank you so much! I am glad that you are enjoying the new features and thanks for watching buddy
It looks like the ability to turn rules on and off (for testing or temporarily changing a restriction) is missing. Can you confirm this? If missing, seems like an oversight on Ubiquiti's part.
It’s not missing, it is present in the zone based firewall
You can see the pause feature if you click manage and then tick the rule you want to alter state on
@@driver288 Great! Thank you.
@@marksamuels6293 Excellent. Thank you.
Great video. Can’t wait for this to be out of the beta phase. I don’t know about the USW issue, but ubiquiti is making some amazing moves as of the last year. I’m sure they’ll get this feature fixed for use with the USW.
Thanks for making the video - ZBF is awesome as long as all the VLANs are managed by the UDM. The moment you are using VLAN's routed by a Unifi L3 switch they are just thrown into the 'External' zone and there is no way to add them to a zone at all ...
This is a self-inflicted problem. If you're using UniFi L3 switches to route VLANs instead of the UDM, you're deliberately bypassing your security appliance. Of course those VLANs show up as "External" - from the UDM's perspective, that traffic isn't under its control anymore. Unless you can clearly articulate why you need L3 switching (with actual throughput numbers to back it up), you're likely overcomplicating your network and compromising your security posture for no real benefit. Let your gateway be a gateway and your switches be switches.
@@whiskerjones9662 Without going into all the details, simply a case of having a lot of 25Gb connected devices in my setup (30+). By having the UDM manage the VLAN routing vs my Aggregation Pro's, unless I put all 25Gb devices on the same VLAN, the inter vlan route will force all traffic up the 10Gb UDM pipe to be routed even between VLAN's on the same Agg pro, which would slam the UDM.
can you make a video about dns shield. i see nobody using it
Its great for basic secure DNS..i used to use it but now use NextDNS DNS provider so needs to be disabled. Only reason i use the provider is so i have more granular control over my traffic coming in.
It seems that this feature is not available on all UCG or UXG/UCK models. Are you aware of any specific limitations regarding this?
Certain devices have a different cadence. Im pretty sure that this will be available on all platforms and sooner than later it will become the new default
Could you make a video explain how pihole or adguard work in unifi?
Hi. To be honest, I'm failing to understand the question. Adguard and pihole are applications that filter dns queries. What's the connection to unifi?
Great explanation. Thanks!
Hmm the rules you created for blocking traffic were completely unnecessary since the block all rule already take care of what you wanted to accomplish. On the other hand you created them as a demo on how to create rules without changing anything, that is what you did. It seems like the block all rule is automatically created when you create the zone.
Hi. The main focus was the rule creation and how to use the matrix to help administer them. That was the main goal.
Not using dark mode should be a crime 😂
Welcome to the 20th century Ubiquiti with the ZoneBased firewalling! 🙂