05 - IoT Network Setup - UDM-Pro Complete Setup 2021

Поділитися
Вставка
  • Опубліковано 11 гру 2024

КОМЕНТАРІ • 563

  • @memyself6857
    @memyself6857 9 місяців тому +4

    This is soooooo helpful because you explain the rationale behind everything instead of just showing which rules to add! The information you put out on your channel is amazing!

  • @SeanDevonshire
    @SeanDevonshire 10 місяців тому +14

    Great video Chris cheers mate.
    ~ Caution: To those following and deploying Chris' method for your networks.
    Switching your UDM into the legacy user interface, In "Routing & Firewall" Tab, you will find there is no longer the selection bar for Traffic direction above your Rules table.
    (IN/OUT/LOCAL-LAN/WAN/GUEST)etc
    I found out the hard way, Post deployment (causing all sorts of problems) Due to some of my rules being incorrect. Beers++ didnt help*
    Work around: During all your Rule creations, Toggle them from Enabled to Disabled, after you have added all you need. Switch back to the New User interface, Revisit your new rules, define Lan IN/OUT/LOCAL etc and then enable.

    • @ElTorro9449
      @ElTorro9449 9 місяців тому +1

      Maybe @Chris should make light in this, most of us we already use udmSE and it's a nightmare to recover everything.

    • @NguyenCungHoaHien
      @NguyenCungHoaHien 9 місяців тому +1

      Thanks for the great tip, Sean. I followed exactly Chris's steps but didn't manage to get it work. I even watched back the previous parts to replicate the same configuration but didn't help until I saw your notes.

    • @ElTorro9449
      @ElTorro9449 8 місяців тому +1

      After an accurate attention at every detail, I managed to make it work. There are steps that are not so good explained but if you remain focused on settings, you eventually make it work. One problem that I encountered it was when I move Alexa devices on IoT and I cannot manage to register it until I temporarily disable group rule with deny gateway access.

    • @NguyenCungHoaHien
      @NguyenCungHoaHien 8 місяців тому +1

      @@ElTorro9449 Yeah, I get similar issue with my Smart TV, the TV remote app on my phone (connected to main Wifi) could't detect the TV on another network (IoT). Not sure if there is any solution to this, I think it's just caused by how the app search for devices on the very same network/subnet.

    • @sb86116
      @sb86116 8 місяців тому

      Thanks for the note. I was just about to have to fight through this too!

  • @lachlanhunt
    @lachlanhunt 3 роки тому +21

    For those with IPv6 available, be very careful enabling IPv6 on the IoT network. The rules discussed in this video only apply to IPv4 and if you enable IPv6 on the IoT network, you will need additional rules to fully block access to the UDM-Pro interfaces.
    My ISP gives me a single public IPv6 address for my router in a /64 range, and a prefix delegated /56 range for everything else to use within my network. Note that different ISPs may allocate IPv6 differently. if your ISP gives you a prefix delegated IPv6 range like: 2001:0DB8:1234:ABCD::/56 then the rules in the video would still allow to access the UDM-Pro interface on [2001:0DB8:1234:ABCD::1], as well as on the router's own public IPv6 address.
    I recommend keeping IPv6 off the IoT network to prevent this entirely, unless you're confident in writing rules to cover all possibilitirs. You may also have similar considerations for the guest network if you have one.

  • @LTZAK
    @LTZAK Рік тому +1

    Thanks Chris! I have been fighing vlan firewalls for almost 6 hours now. One 30 minute video from you resolved my issue.. Thank you very much sir.

  • @CoderMan
    @CoderMan Рік тому

    Most comprehensive guide i've found on the UDM! Also learned a bit more about firewall rules.

  • @davidwright6105
    @davidwright6105 3 роки тому +18

    Thanks Chris for breaking these vidoes down into sections. I used your hour long video to set up my UDMP. You do a great job.

  • @JokaJors
    @JokaJors 3 роки тому +72

    Great video. Can you please do a video on the Security Camera VLAN.

  • @johnm8693
    @johnm8693 20 днів тому +1

    Can I just say breakin' out the Voodoo Ranger on your YT channel while setting up the network is the coolest thing I've seen in a while?

  • @BergeSimonian
    @BergeSimonian 5 місяців тому +1

    I'm just getting my UI setup up and running this week and this is a life-saver video. Thanks for all that you do!

  • @regdrapeau4903
    @regdrapeau4903 9 місяців тому +1

    I want to say thank you for the 1 -5 videos. Even though my UDM-Pro is running the newer UniFi OS 3.2.12 I was able to follow along pretty good. The only thing that was really different was in the version 3.2.12 OS, when you go into the Firewall rules, it does not show the WAN IN, WAN OUT, WAN LOCAL, LAN IN, LAN OUT LAN LOCAL options at the top like you had. If you ever update your video because of the new OS changes that would probably be helpful to some. Much appreciated!

  • @DeepFriedLettuce
    @DeepFriedLettuce 2 роки тому +1

    I'm glad I watched this video. I just set up a new site on my controller and had forgotten to block the gateway!

  • @pensiveboogie
    @pensiveboogie 2 роки тому

    Hey Chris, I have a basic UDM but I found that most of the config provided in the tute worked for me, thanks. I’m not sure if you are monitoring comments for a post made a year ago, but if you are, here’s some info I discovered when following your tute. I have around 42 devices, and all but my core Apple devices (no pun intended) are on the IoT network and WiFi. When I set up just 2.4Ghz per your advice, my Speedtest, which is normally 100Mbps down, virtually halved. When I added 5Ghz my speed returned to 100 down. I checked the list of clients and only my Amazon devices (three Echo speakers, two Echo Shows and two Dots) were capable of using 5Ghz so I switched 5Ghz back on, and my top speed returned, so I have left it that way.
    Thanks for the great tutorials. I am working my way through those that are relevant to my setup. By the way I’m in Australia, mate. Fair Dinkum. G’day, how ya goin?

  • @ehrhardtgroothoff1467
    @ehrhardtgroothoff1467 2 місяці тому

    Chris, I can't thank you enough for this UDM-Pro Set-up series. Just got broadband fiber connection to the island I live on and invested in a UDM-Pro and accompanying switches. I'm a newbie to networking. Your series made this leap a great deal less stressful and everything worked out of the box following your steps. The newest firmware has some differences like no legacy mode, no Lan Local tab (its a drop down now) and Groups are now under Profile. But you made it so easy! I am particularly thankful for Session 5 on setting up firewall rules to lock down my ROKU and future IOT stuff. Thank you.

    • @connorblask
      @connorblask 2 місяці тому

      There is a legacy mode. Go to Settings > System > Advanced and change interface to Legacy.

  • @andysilvester4836
    @andysilvester4836 Рік тому

    Thanks! This series has been really helpful. I just added a Unifi UDR to my home network, set my existing router to 'modem' mode and set-up VLans to cover my main, guest and IoT needs. Of course the Unifi console (4/2023) looks a bit different to yours, but generally can be followed. My question now is about allocating physical ports on the UDR to a specific VLan. My home is cabled with several switches where I don't want ALL devices on (say) the IoT Vlan, so should I NOT set port allocation specifically (i.e. default to 'All') and then set firewall rules to isolate devices between VLans? Many thanks again!

  • @SeattleSandro
    @SeattleSandro 2 роки тому +7

    Chris, thanks so much for this series. I had to stumble a lot while setting up my network, but these series has been super helpful. So much so that as a weekend project, I'm going to redo my network, so it's more inline with best practices. I really appreciate your time in putting the series together.

  • @peterwellmann5150
    @peterwellmann5150 5 місяців тому

    Hi Chris, even today - 2 years later - running a Cloud Gateway Ultra with completely different user interface ... I succeeded setting up my 10 VLAN's. THANK YOU!

  • @GunMD
    @GunMD 2 роки тому +1

    Finally got around to implementing this type or ruleset on all of my vlans (IoT, Casting, Voice, Video Surveillance, and Guests). This video made it very easy. Thanks again for everything you contribute to the community. Keep 'em coming!

  • @willgaines1350
    @willgaines1350 3 роки тому +20

    This series was perfectly timed. I followed it to a T to install my UDM pro and access points. Thank you so much.
    Would love to see a video on optimizing multiple access points.
    Thanks again.

    • @willgaines5269
      @willgaines5269 2 роки тому +2

      I just did a real life double-take reading this comment because I had no recollection of posting it, but then I realized it wasn't me.
      What a crazy coincidence.

    • @XUltimatomX
      @XUltimatomX 2 роки тому +1

      @@willgaines5269 haha

  • @HiSk0L
    @HiSk0L 3 роки тому +52

    great video. if you could go through the pocess of adding rules for pi-hole and plex across iot and main lan networks that would be helpful.

    • @auToeXe
      @auToeXe 3 роки тому +1

      If you want to poke holes in the firewall, Chris actually has an example in one of his older videos: ua-cam.com/video/6ElI8QeYbZQ/v-deo.html

    • @jspace3423
      @jspace3423 3 роки тому +1

      @@auToeXe That's a great video - would be super cool if he would do an updated one though.

    • @BansheeBunny
      @BansheeBunny 3 роки тому

      @@auToeXe I was able to get Plex to work using that video but my PiHole was still unreachable after opening up port 53.

    • @tsembelk
      @tsembelk 3 роки тому

      Great video indeed, I followed the process this morning. I was thinking the same for pihole and Plex. 😂

    • @crazyjoezx
      @crazyjoezx 2 роки тому

      @@BansheeBunny Did you ever figure it out?

  • @bergePanzer581
    @bergePanzer581 8 місяців тому

    Just got my UDM-SE up and running today. You earned a subscriber here. Thank you for this!!

  • @bas8200
    @bas8200 2 роки тому +15

    Hi Chris, amazing video series and definitely my Go To for setting up and maintaining my UDM PRO network setup at home - including very recently with adding UniFi protect to my setup. The one thing I keep on struggling with, and which many has tried to tackle, is how to successfully access and control SONOS devices on the IoT VLAN from the main LAN (by iPhone or iPad for example). Would you like to consider making a dedicated video on this, as no other channel on UA-cam has successfully managed to do so. Many thanks for considering in advance and keep'm coming!!

    • @willh20
      @willh20 2 роки тому +1

      I second this idea

    • @nightlifeking
      @nightlifeking 2 роки тому +1

      I’m going to try this out and I could be wrong, but the first thought that comes to mind is that in this video he allowed private IP ranges when the SONOS uses broadcast and multicast non routable IP ranges. I’m assuming because the broad/multicast packets only stay within the switch domain, that you would need to setup snooping and forwarding of multicast/broadcasts from the IOT to the LAN or vice versa. Just a thought.

    • @twitch2021
      @twitch2021 Місяць тому

      Having the same issue with my Philips Hue setup. To access my HDMI Sync Box through the Hue app on my iPhone, I need to be on the IoT network I setup. Not sure what I need to do to get around this.

  • @_intrepid
    @_intrepid Рік тому

    This video is gold. I need to set up some cameras and was thinking about properly isolating them. This is awesome.

  • @minthos4045
    @minthos4045 Рік тому

    This guide is likely the best in the internet. Very well explained.

  • @bfranks77
    @bfranks77 2 роки тому +6

    Just wanted to comment that as of the current update (6.5.55), the firewall rule for the guest network no longer works as described. The firewall setup in the new UI has a section specifically for guest, so all of the firewall rules for the guest network had to be moved from the Local Lan section to the Guest section..

  • @MarkvanDeelen
    @MarkvanDeelen 9 місяців тому

    Thanks a lot Chris for this clear video. It really helped me to setup my IOT and guest network.
    Also well explained, not everyone has this skill.

  • @michapeliszko4907
    @michapeliszko4907 Рік тому

    Dziękujemy.

  • @typkrft
    @typkrft Рік тому

    I appreciate these videos so much, they've been a tremendous resource over the years to help me learn and grow as a homelabber. I wish you and yours all the best.

  • @trevinc
    @trevinc 7 місяців тому

    This is an incredible video, thanks so much! One thing to consider is a new video that talks about your POV and advice on using the new feature of "Preshared Keys" which allows you to have a single wifi network map different pwds to different VLANs. Very useful to simplify setups.

  • @AlbaTech
    @AlbaTech 3 роки тому +3

    This is one of the most useful UniFi videos I have come across, thanks.

  • @ehusband
    @ehusband 5 місяців тому +1

    This video series is fantastic, thank you!

  • @forsterdaniel
    @forsterdaniel 3 роки тому +4

    LOL had to watch it two times to fully understand. Thank you very much for this great detailed network setup, thumbs up !

  • @robdevlin2111
    @robdevlin2111 3 роки тому +4

    “Before we *hop* into this video” with a beer in your hand. #iseewhatyoudidthere
    Thanks for this whole series. I don’t have a UDM, but this was extremely helpful in getting my setup with the USG working properly, as well. Small changes and adaptations but the core steps were all there for anyone to follow. Cheers to that! 👍🏼

  • @sturgeda73
    @sturgeda73 3 роки тому +1

    Another great video. "Before we HOP in"....I see what you did there.

  • @gsethi2003
    @gsethi2003 2 роки тому

    Best explanations of UDM available on the Net, trust me I have looked!

  • @DwarDPT
    @DwarDPT Рік тому

    Thank you SO mutch for this video! Love how you explain the firewall rules and it made it ALOT easyer for me! Thanks!

  • @edgew001
    @edgew001 11 місяців тому

    Thanks! Enjoy a Voodoo Ranger beer on me! The Ubiquiti Dream Series was great!!!!

  • @mpwieland
    @mpwieland 3 роки тому

    I really love to watch your videos, even sometimes hard for me to understand, meaning viewing your videos several time again and again. GOOD STUFF !!!

  • @Mekillewe
    @Mekillewe 3 роки тому +10

    You can add firewall rules using the new interface mode. Under Security/Internet Threat Management/Firewall is the option to add firewall rules if I’m not mistaken.

    • @BansheeBunny
      @BansheeBunny 3 роки тому

      There is a reason the statement "Not seeing everything? Go to Classic Settings" exist at the top of Settings. It is not because they have been relocated, It is because some of the setting are not accessible in the new UI.

    • @Mekillewe
      @Mekillewe 3 роки тому

      I’m sure that is true. But all of the rules he added in the video can be added from the new interface.

    • @BansheeBunny
      @BansheeBunny 3 роки тому

      @@Mekillewe He created a network and applied firewall rules to it for people not familiar with the processes. The old UI has templates for network purposes and doesn't truncate menu items into pull down fields, so it is a better teaching tool. If you know all the rules are in the new UI, why did you ask your question in the first place?

    • @Mekillewe
      @Mekillewe 3 роки тому +2

      @@BansheeBunny because he stated that you have to use the old UI to add firewall rules be the new UI doesn’t have that option. I was just pointing out that the new UI also has the option to add firewall rules as well.

  • @thembones1895
    @thembones1895 11 місяців тому +1

    This was awesome, thanks. I did it in the native UI in my edgerouter, not this UI/appliance you are using - so just had to manually create LAN-in and LAN-local, but otherwise this worked great. Will have VMs on my isolated (setup like your IoT) network with some forwarded ports. Thanks again!

  • @Beelaim
    @Beelaim Рік тому +2

    would be really helpful with an updated video with the new interface, since Im doing this via the web I do not have the option to switch to the old one

  • @muellerworld
    @muellerworld 3 роки тому +11

    Thank you for all the great videos. Like other commenters, I'd love to see a video on setting up multiple printers that can be accessed from the main LAN, Guest Network, etc. Would you keep it on the main network, and allow other networks to see the IP address (static IP or DCHP?), or put the printer on it's own VLAN, and allow access from other VLANs? Thank you!

  • @patrick2799
    @patrick2799 Рік тому

    Thanks! Truly helpful!

  • @wwolfram33
    @wwolfram33 2 роки тому

    Great presentation. The intro. to the firewall rules was fantastic!

  • @Bogomir.
    @Bogomir. 2 роки тому +4

    Hi Chris, many thanks for this video. Everything works very well as described. In which network did you setup your HomePod and your Apple TV (AirPlay, Remote, HomeKit, etc.). Would love to see an update video. 👍

  • @jspearm1983
    @jspearm1983 2 роки тому +2

    This is a great video series and has really helped me. Like others in the comment section here, I still have a few questions around Apple-Airplay and Network printers. My incomplete solution is to just put those devices on the main LAN instead of the IoT vlan, but that doesn't seem like the true solution.

  • @roshinobi
    @roshinobi 2 роки тому

    Thanks - this was exactly what I needed and crystal clear. AT&T fiber passes through the public IP to my UDM-SE, but it also keeps open a management UI at its own IP in the RFC1918 space, so I added LAN IN rules to block IOT and Guest from that very similar to how you blocked the UDM's UI. Thanks for clarifying this murky topic.

  • @handlealreadytaken
    @handlealreadytaken 2 роки тому

    Just got my UDM-SE and this was really helpful to make sure I didn't miss all the ways to isolate my IoT devices. Now I just have a few dozen IoT devices left that I need to switch over which is probably the most time consuming part. So far Ring, Echo and Govee devices are easy to switch using the app, but the TP Link outlets require touching each one individually.

    • @bash6519
      @bash6519 2 роки тому

      where did you find the Classic Interface option, I dont see it anywhere on my network system settings

  • @bend386
    @bend386 2 роки тому

    I was following this video to setup my network and I had some thought. If you have more than 2 or 3 networks managing the LAN LOCAL rules by using Groups of other gateway IPs becomes difficult and unscalable. I think a better way to organize things is to have 1. Block subnet to subnet gateway console ports (so any attempt to access the console is blocked), 2. Allow subnet to subnet gateway IP (so you can still access the internet, DNS etc) 3. Block subnet to anywhere (block all access to other subnet's gateway).
    This way however many networks you add you can just add these 3 rules and not worry about maintaining address groups etc.

  • @stefanfroese2015
    @stefanfroese2015 Рік тому

    Like so many already commented here: THANK YOU so much for this series of how-to videos. I can't wait to set up my newly purchased UDM-Pro with the help of your guidelines. Oh, and that beer is one of my favorites - zum Wohl und Prost!!!! 🍻🍺🍻

  • @CharlieReeves-gb3sv
    @CharlieReeves-gb3sv Рік тому +1

    Great videos. Thank you so much. Two questions - 1) Why did you only want to block the IoT network from the UDM-Pro Access ports and not also the Guest network? Is it because the guest network by default is blocked? 2) what is the benefit/logic to the allow established/related connections rule? I am just learning and want to make sure I am not missing anything. Thanks.

  • @sml2238
    @sml2238 Рік тому

    excellent tutorial series this helped me more than any other video, post, etc.

  • @SimonAgricola
    @SimonAgricola 3 роки тому +13

    Hi Chris, great video! Love all the video's you make on the UDM-Pro. It is a perfect preparation for when I buy my own UDM-Pro. Could you explain why you didn't use devise isolation with IoT devices?

    • @MrGatlin98
      @MrGatlin98 3 роки тому +1

      I have this same question
      Edit: Maybe it's because IoT devices need to be able to see each other? Like a hub of some sort connect to devices

    • @karmaomg
      @karmaomg 3 роки тому

      I too have the same question. MrGatlin's theory may be the exact reason but I've no idea. Thanks for putting this series together. Very much appreciated for assisting in setting up my UDM!

    • @skywagonA185F
      @skywagonA185F 3 роки тому

      @@MrGatlin98 I'm pretty sure this is the case with Nest. When you add additional devices to a home it gets its configuration from peers.

    • @shredit_nyc
      @shredit_nyc 3 роки тому +1

      @@skywagonA185F Ah, I didn't think of that. This Nest requirement aside, it seems setting device isolation makes sense.

  • @MyClato
    @MyClato 2 роки тому

    Hi Chris! Well done with these clips. I used them when setting up my IoT network and installing UDP Pro. I will buy you a beer! Cheers!

  • @robdp8900
    @robdp8900 2 роки тому

    Just want to say I really appreciate the time you put into this video. I found it super helpful.

  • @5280Woodworking
    @5280Woodworking 3 роки тому

    I setup everything with the new UI, including my 5 VLANs, WiFi networks, firewall rules...everything and then I switched to classic because I realized the new UI is incomplete. Thanks for the tip blocking SSH, I had HTTP and HTTPS but forgot about the former! Great video, where was this 3 months ago!

  • @zencow
    @zencow 2 роки тому

    I am late to this discussion and didn't scroll thru most of the nearly 400 comments to see if someone else said this already: I think your security model is a little backwards.
    You should by-default BLOCK all traffic then have one or more rules defining each thing to ALLOW. Otherwise, whenever you add some new service to your network, you will have to make multiple edits to make sure things can't access them. That's like playing whack-a-mole. Whenever you add some new resource/service to your network, you should then only ALLOW access to what needs it. For example, I believe if you add a new network, then your IOT network will be able to access its gateway by default (at least through 24:44 of your video, which is where I paused to type this).

  • @andyfinney6825
    @andyfinney6825 3 роки тому

    Chris - Great job! I was looking for the "Secure IoT Netowrk" video that was UniFi based and 'Ta-Da!' here is it. I tried to follow along with the Edge Router version but kept getting tripped up. Thanks again and the next time you're near N. Idaho I'll 'buy' you one of my home brews!

  • @Maximusrex4575
    @Maximusrex4575 2 роки тому

    When making the choice to allow 5Ghz, I have had IoT devices choke on a network that offers both when it only supports 2.4 Ghz. That is what encouraged me to look into making an IoT network years ago. Now that I have a UDM Pro it was nice to revisit with a newer source of instruction.

  • @generalcohan4241
    @generalcohan4241 2 роки тому

    Now, ,this is a simple and important video to watch. Thanks

  • @skywalkernoscope1954
    @skywalkernoscope1954 3 роки тому +9

    Hi Chris, great video, learned a lot from it. I was just wondering, for a "surveillance/ camera" VLAN would you put your NVR on the main VLAN or on the surveillance VLAN? And what firewall settings would you use? I would love to see a future episode where you could go through that.

    • @leephcom
      @leephcom 3 роки тому +1

      In the case of Unifi Protect, the NVR really needs to be on the same subnet as the cameras, otherwise discovery & adoption doesn't work.

    • @gurban333
      @gurban333 2 роки тому

      @@leephcom if its a UDM PRO its on all the VLANS by default

  • @BrendanBellomo
    @BrendanBellomo 2 роки тому

    Your tutorials and reviews are great! Thank you for making these.

  • @mcgooinc3568
    @mcgooinc3568 2 роки тому

    I know this was made quite a while ago, but this episode and the last are absolutely brilliant!! I have setup and my network is now very secure and perfect, i have many IoT devices along with a large camera, security system at my property. everythings great! thank you for your time!

    • @deanantonakis9059
      @deanantonakis9059 2 роки тому

      Did you just create separate VLAN for the cameras like in the video for the IoT devices?.. I have my Sonos working on my main network, have not tried it on a VLAN. Been reading about people having a lot of issues with Sonos in general so I am hesitant to move it off of there. Do have your printer on the IoT VLAN?

    • @mcgooinc3568
      @mcgooinc3568 2 роки тому

      I created VLAN 30 for my Dahua CCTV and my home Alarm System basically mirror of the IOT setup. I don't have any IOT cameras but if I did I would just leave them on the IOT network on VLAN 20 so all my TUYA, Smartthings "IOT" devices etc all stay together... I have Sonos but haven't added it yet so I will add that to the IOT network and see if it functions ok?.. The only issue I had is that I have a large unraid server I don't want to take off the main network as it has all our media and mainly photos on it I don't want to lose, so as I have Google Chromecast TVs having them on the IOT network was playing against Plex saying it couldn't play things locally as it couldn't talk to the unraid server and would get it via the net so, lower resolution and that. So I put the Chromecast TVs back on the main network... (For now)...

    • @mcgooinc3568
      @mcgooinc3568 2 роки тому

      ... to add, with the printer I probably would add it to the IOT network as i don't need to use the screen on it to search the network... but just to receive data to then print from a device on the main network, so should function fine.

    • @deanantonakis9059
      @deanantonakis9059 2 роки тому

      @@mcgooinc3568 ok thanks for input. Do you have Apple TV? I've been reading people having issues with Apple Tv sending airplay to a TV

    • @mcgooinc3568
      @mcgooinc3568 2 роки тому

      Looks like my last comment got deleted, due to the link. But no I don't have any apple products, Google Chromecast TV worked perfectly fine on a VLAN though as it's a one way device where as apple airplay is 2 way and probably the problem.
      If you google: Airplay to Apple TV on VLAN - not working you should see a link to the ubnt forum which might help?!

  • @TJDowling
    @TJDowling 3 роки тому

    Chris, nice job. This one was easier to follow then the one you did prior. FYI.. I am still running the USG Pro 4 and once I put it in Classic mode, it worked like a charm.

  • @swytchnetworks4445
    @swytchnetworks4445 3 роки тому

    Extremely helpful! Thank you so much. I made some changes to my firewall rules and things are better than ever.

  • @nickwheeler6685
    @nickwheeler6685 3 роки тому +5

    Hi Chris, another great series of videos!! What are your thoughts on setting up a separate network for UniFi protect? and would you do a separate video on this? Keep up the good work!

  • @MichaelBesse-rf7wr
    @MichaelBesse-rf7wr 8 місяців тому

    Hi Chris, thanks for all the great videos. I have just purchased a UDM-Pro and tried to follow the instructions for IoT VLAN, I think there has been some updates to the interface since you did the video, as some of the selections didn't match what I am now seeing.
    It would be great to see an update on this topic, perhaps even using the new interface.
    I have many, many IoT devices, so I really need to get a IoT VLAN working. Never the less your videos have been a great help.

    • @twitch2021
      @twitch2021 Місяць тому

      Just wanted to say that I just recently set up my UDM-PRO and switch following this video series without much trouble. The interface has changed and even going back to the legacy interface didn’t always line up but with a bit of poking around, I was able to achieve everything he showed in his videos.

  • @supremealpha1
    @supremealpha1 2 роки тому

    Hello, today I was amazed with the great and detailed explanations. It helped me a bunch as the clarity of the information was very understantable. I just want to thank you for creating these videos. Please keep up the great work!

  • @Rosscoff2000
    @Rosscoff2000 3 роки тому +4

    Hi Chris, thanks for the video. Can you explain why an IoT network can't simply be set up as a guest network with client isolation selected, rather than ploughing through all those firewall rules?
    I guess it wouldn't be an option if you had guest portal in use, but hardly anyone seems to use that (and in my experience it's flaky and just annoys guests!).

    • @MPaulCezanne
      @MPaulCezanne 3 роки тому

      I tried this and it appears to have accomplished all the blocks the firewall rules in Episode 5 were designed for (e.g., simply switching on Device Iso on the "20" network blocked 20.xxx from pinging 10.xxx, 1.1. and 20.1) while maintaining Internet access. Interestingly, my UDM-Pro strangely didn't seem to do anything when I put the individual firewall rules in place and I followed the instructions and methods exactly. Not sure why except Device Isolation definitely redefines the network "type" as Guest and applies the restriction rules in the Guest section of the Firewall. Maybe that's got something to do with it.
      EDIT: all the blocks in the vid except the full RFC1918 to RFC 1918 general drop rule on LAN IN of course.

    • @MatthewMorseCA
      @MatthewMorseCA 3 роки тому +1

      @@MPaulCezanne @Rosscoff2000 If you had existing connections, say IoT devices already making persistent connections on your 20_net then they would either need to be restarted, disconnected for the timeout duration, or recycle the UniFi controller to establish clean blocking according the the sequential firewall rules in place. Many times it's often missed that a firewall restart is necessary for a global network to 'commit' the firewall changes during a live and persistent network update. Chris demonstrated this by breaking the ICMP ping, but it should be a footnote to either restart all your IoT devices to establish *new connections, or simply schedule a downtime to recycle your UDMP Network Controller. This is an IPSEC best practice and also validates your firewall rules stick and are persistent after a system restart/update, etc.
      If you have IoT devices like Amazon Echo where, for example, two Echo Dots are used for stereo playback of your music streams then those two devices technically need to "talk" to each other. Using the Guest network isolation capability will block that inter-device communication on the IoT VLAN if you set it up as Guest and not CORP type. If you really want to block device-to-device connections then yeah, Guest networks are great isolation solutions. But if you want an IoT device to communicate with a NAS for a service or data source like with a digital cam or music player then a Guest network type isn't the right choice. The firewall rules would be the correct path in that scenario.... #foodforthought

    • @MPaulCezanne
      @MPaulCezanne 3 роки тому

      @@MatthewMorseCA I actually had no devices connected. I was just plugging my laptop into ports that were assigned to specific networks. Restarted everything too. BTW - I submitted a support ticket to Ubiquiti and they were able to replicate the problem. Still waiting for a response on further action.

    • @Tom-ds8nb
      @Tom-ds8nb 2 роки тому

      same question here. is it possible to set up the iot network as guest network without the firewall rules?

  • @seanclester
    @seanclester Рік тому +1

    I followed right along with your setup here, now I've tried about every firewall I can think of to allow a phone from the Guest VLAN to be able to Print to a Printer on the Iot network. Any thoughts on how to accomplish this? After I tried every firewall rule I could think of, I turned to trying to figure out the Traffic Rules, since with the Network isolation turned on in the guest network, the documentation states that you can fine tune network isolation settings.

  • @louiskoh4364
    @louiskoh4364 3 роки тому +3

    Hi Chirs, your series of videos on UDM Pro guided me pretty much from the start to end in setting up my home network. Have 1 question though, if I need to print from a Computer connected to VLAN1 to the printer which is in VLAN2, is there a way to do so?

  • @daveagne3308
    @daveagne3308 3 роки тому

    Thank you for your quite informative lectures. I've had to watch #5 at least 3 times through in order to catch everything. I am trying to follow your steps, mostly with success. However, when it came to the point of setting the specific port on the switch to use the IoT network, I've run into trouble. I set the port option, and then within 10 seconds, the switch disconnects itself and everything else down stream, from the network. I am using a UDM Pro, a Unifiy 24-port PoE switch, and a 16-port PoE switch. This is taking down most of my network when it happens.
    I have "liked", "Subscribed", and even hit the "Bell" icon. Looking forward to more videos.
    Thank you

  • @richardhobbs4995
    @richardhobbs4995 2 роки тому

    You sir are amazing! followed this every step and it worked out perfeclly also followed your VPN video and also worked perfectlly thank you

  • @thetango8017
    @thetango8017 3 роки тому

    Great video - Explained and easily understood. Your videos are better that anyone's.

  • @patrick4003
    @patrick4003 2 роки тому

    Very good video again, It was recommended to me that the "LAN" network be for the MGMT for the peripherals (Router, switch, AP etc) and to create another "main" type network (Main PC, printer etc) is more secure.

  • @bitkahuna
    @bitkahuna 3 роки тому

    great videos by the way. my main need apparently beyond this video is to be able to access an IoT device from the LAN, such as a chromecast, or smart TV i might want to airplay to from my iPad on the LAN.

  • @JesseG2573
    @JesseG2573 3 роки тому

    Great video. My question is "can I get that in writing?"🤣 No, really very informative. My UDM pro and associated equipment will arrive tomorrow. I will have to play this in SLOMO to add some of these rules. 👀

  • @lycedium
    @lycedium Місяць тому

    Great video! Thanks so much for sharing these configurations.

  • @solaajewole2595
    @solaajewole2595 2 роки тому

    Love this video. You are always the best men. You should Teach men

  • @reinhardjurk
    @reinhardjurk 2 роки тому

    Hi, thanks for the great video - however, the Network/WLAN does not have internet access over the WAN when I've done everything until 07:20. Computer in IOT network gets correct DHCP address and everything, but no access to internet. Any ideas? Thanks a lot!

  • @BoricuaFez
    @BoricuaFez 2 роки тому

    Awesome video!, doing research to implement this feature to secure my network.

  • @WhatsUpWithSix
    @WhatsUpWithSix Рік тому

    Thanks!

  • @West_end_zone
    @West_end_zone 2 місяці тому +1

    How does with work with a network using Sonos sound devices? I’ve heard Sonos has some issues.

  • @kairetzlaff
    @kairetzlaff 3 роки тому

    Thank you so much for this!!!!! That's by far the most valuable video on the FW ruling basics for separating networks on a Unifi device. Helped me a lot! Thanks. P.S. this video, you can't delete it :-)

  • @pbear06
    @pbear06 Рік тому +1

    Hello, I hv a question: since the tab LAN **LOCAL** means the UDM itself (that's the purpose of this tab), why do we must define the destination ?
    I've created a rule DROP source NETWORK DMZ to destination ALL (in this LAN LOCAL tab)
    And it seems to do the job: DMZ devices cannot reach the UDM anymore (none interfaces of the UDM) and still can reach internet. Everything in one rule🤔
    The way you explain and create it would be if you create the rule in the LAN IN tab. Because there, yes you have to tell the destionation as the UDM interfaces ips). But in the LAN LOCAL it is implicit

  • @robertalexa8613
    @robertalexa8613 3 роки тому +1

    Hi Chris and thx for the content. Don't know if you check the replies but the firewall rules for the IoT network (in your example) are not as strong as they could be. You have created a group for the GW blocking HTTP, HTTPS and SSH only, across all your VLANS. Instead you should probably create a rules to block IoT to those ports only on that VLAN GW and ALL ports on all the other VLAN GW. Because technically your .10.20 device should not talk at all with .20.1, .30.1, 1.1 etc. It should only talk to .10.1 on everything but those 3 ports. Maybe this will help someone or maybe you will go back over this in a future video :)

    • @Unreal32822
      @Unreal32822 3 роки тому +1

      I believe the LAN IN rule to block all inter-VLAN traffic covers that already.

  • @mychaelhouck2404
    @mychaelhouck2404 3 роки тому +2

    Chris this is awesome, but I have some questions. 1) Does your G4 doorbell work on the IoT network? If so how would you give it access to the UDM? What about music streamers such as a Sonos Port? I'd like them to be able to hit local music on my main LAN.

  • @kearneyIT
    @kearneyIT 8 місяців тому

    Brilliant Video man. Love it, was killing myself moving from Cisco to UDM

  • @NYTechDoof
    @NYTechDoof 11 місяців тому

    Thank you again for an amazing video. Finally was able to take the time yesterday and set up my UDM-Pro with the IoT VLAN. Chris, have you considered doing an updated video on this, seeing that UniFi has removed a majority of items from the legacy side and added new features to the "new" side?

  • @davidolchewsky5365
    @davidolchewsky5365 3 роки тому

    WOW! This was a great video. I watched it once through, just to get the overall perspective. I'm going to have to watch it several more times as I pause/play/pause/play etc. to get things set. How in the world does one learn all this AND keep it straight?.? Watching Chris is certainly one way ... are there any good source materials for 'dummies' LOL.

    • @CrosstalkSolutions
      @CrosstalkSolutions  3 роки тому +1

      Thanks for the kind words! VLANs are really tough to dumb down...it's a more intermediate concept to wrap your head around...but I try to make it as simple as possible! Keep at it, and one day it'll just click.

    • @benzeiner
      @benzeiner 3 роки тому

      @@CrosstalkSolutions Complete rookie question. I haven't set this up live yet, but if I have printers on my main lan, can I give the guests the ability to see and print to them? I will have static IPs on each of the printers. Hopefully that makes sense.
      Totally appreciate your video series.

    • @peterblixt9318
      @peterblixt9318 3 роки тому

      @@benzeiner Sure, I use the same setup, in the new interface, under Settings->[Network]->Advanced and when you activate "Device isolation" if you want that, all the way down there is Allowed ips and restricted ips.

  • @JoeyD4rb
    @JoeyD4rb 2 роки тому +2

    So if I wanted to put my Apple TVs on the IOT network but wanted to use my phone to control the TV. Is that possible? My phone will be on the admin network.

  • @frankho7632
    @frankho7632 3 роки тому

    Great channel and video as always. Opening the beer reminds me of CraftComputing though 😀

  • @johnaguilera6897
    @johnaguilera6897 3 роки тому +1

    Chris - thanks for the great video tutorials, I used them to setup my UDMP. I used your firewall rules to segregate my networks and I would like to implement pihole. Can you add a video on how to implement with firewall rule setup steps?

  • @patison4ik5
    @patison4ik5 3 роки тому

    God! I started watching this video, got to the minute 2 where you poured that beer, and I figured that I can't setup my IoT network without having a beer! I'll resume watching tomorrow, need to go buy some beer first! :D

  • @markjhorsley
    @markjhorsley Рік тому

    Just what I was after, amazing video

  • @Mike_lombardo
    @Mike_lombardo 2 роки тому

    Truly an amazing series. Thank you for these videos!

  • @gift3rs
    @gift3rs 2 роки тому +1

    Did I miss the part in the series where port profiles are discussed? I went to enable an IOT network firewall rules and it eliminated my computer connected to a mini switch from logging in locally, I assume you have to assign ports to LAN from ANY

  • @deanantonakis9059
    @deanantonakis9059 2 роки тому

    Got my printer working now. I setup the IoT network and wireless per the video but could not find the printer from my main network. Someone on the UI community mentioned setting the mDns to on for the IoT network. I did this and can find print to it when on my main network. New user interface : Network > Advanced settings > Multicast DNS = Enabled
    When you hover over the heading the bubble help says: Recommend when using AirPlay or ChromeCast. I have SONOS and it was working without this, but I'm guessing my AppleTV would not have bene able to stream to my TV without it. Have not tested it yet with this setting to see if I can stream to my TV

  • @markc228
    @markc228 3 роки тому +2

    Chris, great tutorial. Now I've separated out my IoT devices, I cannot see the IoT clients in the 'Client' tab on both old and new GUI. Am I missing a trick?

  • @crazychatting
    @crazychatting 3 роки тому +1

    thank you for using the dark mode and that you care about your audiences eyes watching your videos at night :)

  • @FelipeLoyo
    @FelipeLoyo 2 роки тому

    Hi Cris, you could make a video specific to camera's VLAN, how to continue recording on a separate network.