Great video. What I love about your channel is you get straight to the point and you're very knowledgable about your subjects. I'll admit a lot of this is advanced for me but I've learned so much in the past few weeks by watching your content and learning as I go. You seem to always have a video to answer my question from another video lol. Great stuff man.
One thing to note with the Traffic Management. In a business environment if you have a network setup with an AD domain and DCs running DNS and you have a remote site to site VPN setup and you have your clients at the remote site going over the Site to site for DNS and domain related things and you flip on Traffic Management then PCs will not be able to reach the domain and no one will be able to login to their client device do the domain. I learned that from testing this at my day job where we have 3 remote sites using UDM SE's going back to a main site. Ubiquiti needs to do some refinement to the Traffic Management feature to better route/handle Domain traffic.
Interesting, thanks for sharing. I come from the pfsense world and was super surprised how easy this was on Unify, BUT, I was immediately wondering where is the granular/fine tuning control in this (if any?). I'm quite new to Unify networking.
Excellent, just what I need to set up my new home network. Your instruction videos that are short and efficient are much appreciated. Thanks for pointing out changes and new features of the new operating system.
Love the way you present it!! Keep up the good work. Personally, I find Ubiquiti's approach perhaps too simplified and at times very unintuitive to borderline silliness. Give me source, give me destination, give me the action and give me ports and I can reorder as I go along. The this network, target... its just my brain not calibrated for the simplicity I'm sure Ubiquiti is trying to convey... I will soldier on and keep trying!!
Are there any rules of thumb about when to use Traffic Management vs a Firewall rule? There are some seemingly obvious times, like when trying to block Social Media, or if you need to apply a schedule. But, for example, I've already used firewall rules to block inter-VLAN traffic, but allowing what is appropriate (your NAS example). Is there any value in using one over the other? Are there any differences in how they apply that would suggest one over the other in specific circumstances?
This is what I'm wondering as well. Traffic management right now seems like firewall rules for dummies.... So I wanna use it lol. But is there any reason (other than firmware version, etc) to stick with firewall rules instead of these new options?
Why you selecting "Traffic from all local networks" for IoT, not "Traffic to all local networks" I don't understand why Unifi uses names the other way around?
Wow that makes it a little bit more understandable. I implemented the firewall rules like you showed us in a video back then for guest and iot but this is a game changer and no hard logic is needed (i mean network certification ;-) ) - i used it only for blocking out china - a lot of the iot stuff likes to phone home...
If using traffic management to allow or block VLAN traffic is it necessary to block the gateway ports to prevent router page access like in the firewall rules?
How do we setup a kill switch for the VPNs? Ie, if you're sending a network through a privacy VPN and the VPN stops working, then it will block the traffic instead of sending it over the default WAN.
With blocking Inter VLAN Routing you chose "block 'from' all local networks" and you said that it'll block the IOT from reaching the other networks, but it sounds like it'll block the main network from reaching into the IOT network. What if I want to be able to reach into my IOT network from my main network, but I don't want my IOT reaching out? What is the "block to all local networks" for? It sounds like they do the opposite of what they say.
I would like to see Unifi come out with a Content management filter as well. The app filter is great, but having a content filter such as adult content without having to rely on another DNS is on my Christmas list. Thoughts?
When I block my cameras from the internet using traffic management. I lose access to NVR using my WireGuard VPN. I guess it’s obvious but I don’t see where I can create a rule to make this setup work. Where have I gone wrong? Thx
Great video - THANK YOU! I'm a fan ;-) Would be fantastic, if you make this video with the new Network 8.0.7 controller. It is very different (in settings).
One issue I have is that if you block inter-VLAN routing using the traffic rules feature, you're still able to access the gateway/console from every VLAN. E.g from 192.168.10.x I can access the UDM console on 192.168.20.1. Either I'm missing something obvious or this is yet another bug!
So if I wanted to allow my IoT network to access my Home Assistant (HA) on another vlan, to make them controllable on HA, I would then have to make a firewall rule that would allow the IoT network to a specific IP (The HA IP)? And still the IoT network doesn't have access to the rest of the networks.
Definitely a slick, easy way to setup some things that were a few more steps in the firewall rules, but how well doe the traffic management rules play with firewall rules? Can any traffic shaping rules be viewed and reordered from firewall rules?
How would a person block the ability for a person to say download the UniFi app on their phone, and even see the devices on the network? I think it has to do with port 10001 the discovery port but whenever I try to create a specific rule for that on the firewall it never blocks that. When I select the option to isolate a network, it will do what I want but then the network is entirely isolated from all of my other networks. I just want to be able to disable the ability for people on a specific network to not be able to see any of the UniFi devices from the UniFi app, reach the web/GUI interface for my UDM SE, without using the isolate network option
Thanks for the tutorial on this issue. However, I am trying to put some restrictions on my network. The problem for me is that I am dealing with route and not rules. I have not figured out how this works. I would highly appreciate you giving me some help with this. Thanks.
Does you have WAN Package loss problem on UDM-SE ? I have this problem. I try to check with ISP, But ISP uplink is norrmally. I can't to fix it. This topic in reddit does not have any answer from unifi.
How do we do this with the latest version Network 8.1.127? On security tab it says "Configurations will not be applied until you set up a gateway." pleas assist me.
This is not a new thing.... You need a gateway to do this and it appears either you do not have a gateway and have a self-hosted Controller or your gateway is not adopted to the network yet. You cannot implement these features without a UniFi gateway.
I just setup unifi thanks to your setup video...Great stuff btw! I am having 2 issues. I can't get to Reddit and when I open the YT Studio app and try to look at my YT channel comments I can't see anything. But if I go off the WiFi I can see them. I don't have traffic rules setup yet. and my WiFi content filtering is set to family. but I have tried work and none...it does the same thing. Any thoughts?
Very good, but I can't make it work on my USG4-PRO, I'm using the new 7.3.83 interface and I don't have these options that you showed in the video, can you help me?
Euhm... 😅 So what's the difference between the traffic management and firewall rules? Or do they do the same? Such a noob at this... I mean, if I do those allow/block any-any things in firewall; is this just the same, but more simple???!!! Greetings from Belgium 🎉
Why the rules option not showing in my Traffic management?! I'm using the USG-PRO-4. I could be wrong, but I guess it has to do with the network manager version. I'm using version 7.3.83 and the one in the video shows 7.4.144 (beta version?)
Your example for speed limit will limit the entire network, not individual devices. Usually the whole point of a speed limiter is to prevent some single device from hogging up the entire traffice. How can you do this with unifi? And please don't say create individual rules per device.
Thank you for this great video. I noticed that when blocking the app Facebook for all devices, the Apple iCloud Drive sync does not work anymore. Does anyone else has this same issue? Is there any reason why Apple requires Facebook for iCloud Drive syncing?
as Tom Lawrence says " its not a good solution for business as security fw". Where is log managment to see everything ;) ubi must grow up a little bit longer to be worth of sec fw ;)
Great video. What I love about your channel is you get straight to the point and you're very knowledgable about your subjects. I'll admit a lot of this is advanced for me but I've learned so much in the past few weeks by watching your content and learning as I go. You seem to always have a video to answer my question from another video lol. Great stuff man.
One thing to note with the Traffic Management. In a business environment if you have a network setup with an AD domain and DCs running DNS and you have a remote site to site VPN setup and you have your clients at the remote site going over the Site to site for DNS and domain related things and you flip on Traffic Management then PCs will not be able to reach the domain and no one will be able to login to their client device do the domain. I learned that from testing this at my day job where we have 3 remote sites using UDM SE's going back to a main site. Ubiquiti needs to do some refinement to the Traffic Management feature to better route/handle Domain traffic.
Interesting, thanks for sharing. I come from the pfsense world and was super surprised how easy this was on Unify, BUT, I was immediately wondering where is the granular/fine tuning control in this (if any?). I'm quite new to Unify networking.
Excellent, just what I need to set up my new home network. Your instruction videos that are short and efficient are much appreciated. Thanks for pointing out changes and new features of the new operating system.
Love the way you present it!! Keep up the good work.
Personally, I find Ubiquiti's approach perhaps too simplified and at times very unintuitive to borderline silliness. Give me source, give me destination, give me the action and give me ports and I can reorder as I go along. The this network, target... its just my brain not calibrated for the simplicity I'm sure Ubiquiti is trying to convey... I will soldier on and keep trying!!
Are there any rules of thumb about when to use Traffic Management vs a Firewall rule? There are some seemingly obvious times, like when trying to block Social Media, or if you need to apply a schedule. But, for example, I've already used firewall rules to block inter-VLAN traffic, but allowing what is appropriate (your NAS example). Is there any value in using one over the other? Are there any differences in how they apply that would suggest one over the other in specific circumstances?
This is what I'm wondering as well. Traffic management right now seems like firewall rules for dummies.... So I wanna use it lol. But is there any reason (other than firmware version, etc) to stick with firewall rules instead of these new options?
Same question. I use FW rules exclusively so wondering the where to use and why for these Traffic Management options ?
+1 would love to know the differences.
I was just going to ask the same.... Seems if you are just setting up a new UDM, etc, it may be easier to do it this way with rules vs firewall
@@zxcbvnm90 lol I’m dummy in IT who needs it 😊
Why you selecting "Traffic from all local networks" for IoT, not "Traffic to all local networks" I don't understand why Unifi uses names the other way around?
Wow that makes it a little bit more understandable. I implemented the firewall rules like you showed us in a video back then for guest and iot but this is a game changer and no hard logic is needed (i mean network certification ;-) ) - i used it only for blocking out china - a lot of the iot stuff likes to phone home...
Love this! Any chance you might do a video showing how one computer/device on the network can only talk out (internet) but not talk to anything else?
Very good, I don't know much English, but the class was very good. Thank you for helping Brazil!
Why the rules option not showing in my Traffic management?!
If using traffic management to allow or block VLAN traffic is it necessary to block the gateway ports to prevent router page access like in the firewall rules?
Looks hell of a lot easier than manually fixing each local host 😂
It is better to do it on Traffic Management or through the profiles section where you can create the bandwidth profiles and etc?
Yeah want to know this 2
When do you choose block from vs to vs to+from?
In the old ui there was a protocol category also. It's a shame it's not there in the new ui.
How do we setup a kill switch for the VPNs? Ie, if you're sending a network through a privacy VPN and the VPN stops working, then it will block the traffic instead of sending it over the default WAN.
With blocking Inter VLAN Routing you chose "block 'from' all local networks" and you said that it'll block the IOT from reaching the other networks, but it sounds like it'll block the main network from reaching into the IOT network. What if I want to be able to reach into my IOT network from my main network, but I don't want my IOT reaching out? What is the "block to all local networks" for? It sounds like they do the opposite of what they say.
this
I would like to see Unifi come out with a Content management filter as well. The app filter is great, but having a content filter such as adult content without having to rely on another DNS is on my Christmas list. Thoughts?
On device DNS filtering will always be best.
Can you please supplement this with how you created the networks and some good practices with doing that?
would u recommend doing the basic firewall rules (blocking vlans, rfc1918 etc) and then add some traffic rules to block specific devices?
When I block my cameras from the internet using traffic management. I lose access to NVR using my WireGuard VPN. I guess it’s obvious but I don’t see where I can create a rule to make this setup work. Where have I gone wrong? Thx
Excellent walk through thank you. So is it better to use blocking this way or via firewall rules?
For now im going to continue using firewall rules for the majority of things. But blocking social media etc ill use traffic management
@@MactelecomNetworks thanks for clarifying keep up great work
Great video - THANK YOU! I'm a fan ;-) Would be fantastic, if you make this video with the new Network 8.0.7 controller. It is very different (in settings).
One issue I have is that if you block inter-VLAN routing using the traffic rules feature, you're still able to access the gateway/console from every VLAN. E.g from 192.168.10.x I can access the UDM console on 192.168.20.1. Either I'm missing something obvious or this is yet another bug!
So if I wanted to allow my IoT network to access my Home Assistant (HA) on another vlan, to make them controllable on HA, I would then have to make a firewall rule that would allow the IoT network to a specific IP (The HA IP)? And still the IoT network doesn't have access to the rest of the networks.
to create a speed limit should i do it on bandwith profile or in traffic management?
Curious if you found an answer
Definitely a slick, easy way to setup some things that were a few more steps in the firewall rules, but how well doe the traffic management rules play with firewall rules? Can any traffic shaping rules be viewed and reordered from firewall rules?
can you make a video on how to make radius work on a ethernet port either on the UDM or a switch?
Some options are missing in the new UI from when this video was created just 11 months ago.
Another great tutorial
This is a great video, will the traffic rules to block inter vlan networks block the UDM Pro management console using a web browser
How would a person block the ability for a person to say download the UniFi app on their phone, and even see the devices on the network? I think it has to do with port 10001 the discovery port but whenever I try to create a specific rule for that on the firewall it never blocks that. When I select the option to isolate a network, it will do what I want but then the network is entirely isolated from all of my other networks.
I just want to be able to disable the ability for people on a specific network to not be able to see any of the UniFi devices from the UniFi app, reach the web/GUI interface for my UDM SE, without using the isolate network option
Thanks for the tutorial on this issue. However, I am trying to put some restrictions on my network. The problem for me is that I am dealing with route and not rules. I have not figured out how this works. I would highly appreciate you giving me some help with this. Thanks.
Just purchased a UDM SE and everything setup fine but I'm not seeing the "traffic management" option on the menu. What am I doing wrong? Thanks
Thanks for the amazing video. If I am required to bypass Streaming media only (ex Netflix,appletv, amazon prime) via WAN2, how can I do it?
What's not shown is the ability to throttle bandwidth for sites/apps. I'd like to use this for streaming services but hasn't worked so far for me.
Great Video! Can I display a message when accessing a blocked site? For example "contact your admin" or "this page is blocked"
anyone know if the ordering bug still exists? Debating migrating my legacy IoT inter v-lan rules to the new traffic management engine....
Does this method allow you to use mdns to speak with those devices
Hi, How can you make one of the VLAN has access to different traffic not allowed for the main network, like tor for example !
Does you have WAN Package loss problem on UDM-SE ? I have this problem. I try to check with ISP, But ISP uplink is norrmally. I can't to fix it. This topic in reddit does not have any answer from unifi.
How do we do this with the latest version Network 8.1.127? On security tab it says "Configurations will not be applied until you set up a gateway." pleas assist me.
This is not a new thing.... You need a gateway to do this and it appears either you do not have a gateway and have a self-hosted Controller or your gateway is not adopted to the network yet. You cannot implement these features without a UniFi gateway.
I just setup unifi thanks to your setup video...Great stuff btw! I am having 2 issues. I can't get to Reddit and when I open the YT Studio app and try to look at my YT channel comments I can't see anything. But if I go off the WiFi I can see them.
I don't have traffic rules setup yet. and my WiFi content filtering is set to family. but I have tried work and none...it does the same thing. Any thoughts?
Very good, but I can't make it work on my USG4-PRO, I'm using the new 7.3.83 interface and I don't have these options that you showed in the video, can you help me?
I’m pretty sure this only works with current consoles like the UDR, UDM, Pro or SE, running OS 2.5.x or 3.0.x, not the older USGs.
@@kimr9104 so the USG3 - no go
Euhm... 😅 So what's the difference between the traffic management and firewall rules? Or do they do the same? Such a noob at this... I mean, if I do those allow/block any-any things in firewall; is this just the same, but more simple???!!! Greetings from Belgium 🎉
How do I format the .txt file for the batch add feature to block a ton of domains at once?
This is so easy compared to Cisco or HP Aruba.
That’s good to hear
Why the rules option not showing in my Traffic management?! I'm using the USG-PRO-4.
I could be wrong, but I guess it has to do with the network manager version.
I'm using version 7.3.83 and the one in the video shows 7.4.144 (beta version?)
I'm not 100% sure if it works with a USG pro 4
Great video
Your example for speed limit will limit the entire network, not individual devices. Usually the whole point of a speed limiter is to prevent some single device from hogging up the entire traffice. How can you do this with unifi? And please don't say create individual rules per device.
Thank you for this great video. I noticed that when blocking the app Facebook for all devices, the Apple iCloud Drive sync does not work anymore. Does anyone else has this same issue? Is there any reason why Apple requires Facebook for iCloud Drive syncing?
I also noticed that blocking the app Periscope will prevent iCloud Drive from syncing.
Can I do traffic management PBR on USG3
Hello i using USG Pro4 and i can not do that like you on video why ?
i have 1000 clients, the udm die, how to fix this problem.
I think that ubiquiti are genius at ui, it have a lot of things, but don't have terrible interface like a router os
Ya they have done a really good job with the UI
I have unifi wifi on my mobile I buy it every month but I want to share it on my laptop if anyone know how can I share it please let me know.
Thanks
Can you do this set up on Omada please?
I'm not sure they have traffic management in the same way but its been a while since I looked. If they do I will 100%
as Tom Lawrence says " its not a good solution for business as security fw". Where is log managment to see everything ;) ubi must grow up a little bit longer to be worth of sec fw ;)
There is logging for the firewall rule triggers
Traffic rules are also logged in the "Triggers" tab, just like the firewall rules.
My kids hate me now blocking some apps. Haha
Seems that unifi has a long way to go in this part of their software.
what is the name of your cat?
Have two mocha and nilla
Why the rules option not showing in my Traffic management?!
I have the same problem! I'm using the USG-PRO-4
I could be wrong, but I guess it has to do with the network manager version. I'm using version 7.3.83 and the one in the video shows 7.4.144
What version of Unifi Network do you have to have to see those screens? I'm on Network 7.3.83 and it does not have any of those options.