If you're planning on buying any Ubiquiti gear and want to support me use the affiliate links below :) ▶Ubiquiti USA Affiliate Link: store.ui.com?a_aid=MacTelecom ▶Ubiquiti EU Affiliate Link: eu.store.ui.com/?a_aid=MacTelecom
Haha wow! Just finished my first pre install of my UDM SE. Wanted to dive into the advanced setup today with your older videos, what are the odds you would upload a new guide today. Thank you! :)
Most of my firewall experience is in pfsense but i recently did a full ubiquiti deployment and needed some help understanding firewall rules. Unifi is basically inverted from how pf does this, ie all blocked vs all allowed. This video was the perfect resource to make sure I had a good understanding of how to configure things properly! Thanks for the great video, cheers!
Thanks a lot for this video. You clearly have a much better understanding of the ubiquiti firewall than I do. When I get home I'm going to see if I can make mine work. Attempting to block all traffic except RDP and File Sharing between my webserver VLAN and the Main LAN has been challenging for me. We'll see how it goes!
@@MactelecomNetworks it worked! In just a few minutes with your video I have the webserver isolated from the rest of the LAN. I can RDP into it from the default LAN and browse it's shared files but I cannot ping anything from the server itself so I think I'm in good shape now. To me their firewall is strange to use. In my mind one should block everything at the start and then start punching holes through it as needed. Anyway, thanks again, I really appreciate it!
Thanks for taking the time to make this video! Great resource! Its so much better when the video is as long as it needs to cover the subject, as opposed to trying to fit it into a certain predetermined time.
I have an issue with my UDM Pro with the blocking IoT stuff. Its been setup exactly as you've had it for awhile, but from my default network accessing cameras thats on my IoT network it takes SEVERAL tries to actually get access to the cameras. even in my logs it shows this "Reolink Parents Front 2K was blocked from accessing 192.168.1.3 by firewall rule: Block inter VLAN Traffic ." But 192.168.1.x should not be blocked. Its even always pingable. This may be a reolink issue since its showing the camera was blocked and not my PC thats trying to access it.
Great explanation of setup and how to isolate vlans and I like the added trick of blocking local gateway access. Able to do all the firewall rules I need following your logic.
I don't understand why you need to create this group of gateways 24:30 since the LAN local (and you say it yourself) is for the UDM (= the UDM's gateways). I mean, you just have to create your rule (25:03) with destination any. No ? I tried and it works, I cannot ping any gateway's ip of the UDM.
I'm curious if the the caution explained at 23:39 by Cody still applies in 2024?? I'm currently setting up my UDM Pro SE, but I will use a different subnet for my the UniFi camera's + Protect if I get some eventually. For my future IOT subnet I will user another subnet and did the same steps as described in this video.
I love all of your videos, they are very informative and I appreciate all the great content that you make. ...that being said for demo videos like this where I'm assuming a lot of folks are following along with the video step-by-step with the management console open on one side of the screen and the video on the other side...you go CRAZY fast. I'm constantly having to pause and rewind. Might just be me, and maybe I'm a noob, in which case feel free to ignore.
Thank you Cody for producing an excellent resource for Unifi Network versions setup each year! Questions: 1. 2:56 - What is the drawing program you use for network diagrams? 2. Is there a way to document/print out (old school) the network/firewall setup settings so that you can "see" if you have missed anything for each new setup? Thanks again for all that you do!😊
Another question, sorry English isn't my first language, at 23:39 you mention something that protect users shouldn't be doing but I'm not sure what you are referring to, protect users shouldn't block the vlan x to access other vlan gateways? That would kinda defeat the whole segmentation point wouldn't it?
I like the way you explain. I have a project, which I am going to use Ubiquiti system, except cameras. I will use your link to buy products, and most probably will contact you to help setting up the firewall. Anyway thank you for the videos, I learn a lot.
Hey cody.. love your vids. Started planning my network for the new house with unifi bc of ur vids. I'm new in networking and your vids helped me alot. Thanks for that!! Can you please do a vid. On how to setup a nas ( in my case DS224+ ) with firewall and rules?
Thanks for the video. You really are a networking expert. Congratulations! You can tell me where I'm wrong: I own a UDM Pro and a USW Enterprise 24 PoE switch. I have configured 5 VLANs and OpenVPN server on the UDM Pro. As an OpenVPN client I can access all VLANs if I don't have L3 enabled on the switch. When I enable the L3 function on the switch for a specific VLAN, I can no longer access that VLAN from OpenVPN. From the local network I can access all VLANs.
So I have watched multiple videos from multiple people and yours are always spot on and the best. I am having an issue with having an IoT network be accessible by other networks. Some devices work others do not. I really am struggling with Apple AirPlay. I have Apple TVs as well as TCL TVs in our building that have AirPlay 2. I can see all IoT devices from my staff, childcare, and guest networks but when I go to actually connect it errors out. I've been trying to nail this down for about a month now and am tearing my hair out. Would you be willing to do a video showing firewall rule setup for these types of applications?
Great presentation to the Network setup, quick notes here, I had created the block inter-VLAN rule before but that created some issues with the mDNS traffic like Apple AirPlay, AirPrint, and so on, I ended up blocking inter-VLAN traffic per VLAN basis, but thank you very much and keep up the good work.
I just went into the mDNS settings under Global Network Settings and added all of the appropriate VLANS to this list. No issues with with AirPlay or AppleTVs being accessed outside the VLANs they are in.
Thanks for another thorough and professionally done video. We can always count on you to do things right!!!! One question I have for your firewall rules concerns the "Drop invalid state" rule. Under the "Rule Applied" options you left it at "Before predefined rules" shouldn't that be changed to "After predefined rules"? Shouldn't "Drop, All" rules be at the end of the operation orders? Thanks again for all your hard work and professionalism.
Thank you so so much, and you increased to nearly an hour, a big thank you for this, you speak so fast, I'm happy this time around you spread it out longer..... for myself, I actually slow the video down by 25% 😅
Love the video thank you - great introduction to Setting up UniFi One question - you didn't setup your own home wifi network - you have one for IoT, Cameras, Guests - what do you use for your own devices ? just curious
I use Aggregation for my OS2 fiber links to remote building switches, it works really well. I currently have a OS2 fiber going across the side of the house, then ariel to a woodshed followed by going ariel to a guest building until I can get some conduit out there and power. The power I'll be using is low voltage, the guest building is manly just a small room, upstairs storage and Internet access. Hopefully the ariel fiber is ok until I get the conduit next spring, it's not even armored fiber just standard LC to LC OS2 indoor / outdoor use fiber I got off amazon.
So I just spent almost 2k on Unify devices. Pray for me because I'm diving into something I've always wanted to get into but know nothing about. A home network such is this is way overkill for me, but I really want to learn about this stuff and I find the best way to learn is hands on. I purchased the dream machine special addition, switch pro max 24, Unifi cable internet modem, and the U6 enterprise access point. I do plan on buying the network video recorder and cameras to integrate into the system, but I decided to wait on that until I get this initial setup up and running. Like I said I don't know what I'm doing and don't want to do to much at once and overwhelm my good ole thinking machine (brain). So please pray I don't destroy a couple grand worth of networking equipment. I'm fairly tech savvy, but know nothing about this stuff.
Hi Cody, Thank you for your time to put together this tutorial. I saw you used Network version 7.5.162 and not 7.5.176, at least I thought I was this. The WiFi meshing setting has been moved to the 'systems' page from the WiFi settings page. Just to let you know. I might need to redo my setup here....
16:33 that didn't work for me when I did this (trying to use my Adguard Home docker), I kept getting (on my wifi devices) " Connected without internet". I had to do this in the network section for each vlan. My devices are udmpro (v3.1.16) with network version 7.4.162 (I JUST got the prompt to update to 7.5.176) 31:03 any way known to be able to use a url for server address, say my DuckDNS link since I don't believe I have a static wan? 36:45 sweet wanted to look into this. Would like more detailed info though, for example do I look for a tcp or udp config file? Note for people reading: You can't use your normal login for nord, you have to go into the nord account and get the jumbled login credentials, then it'll work. With all your testing, how would I do that if I have 2 lan adapters on my pc connected, 1 main lan and 1 routed through vpn?
The equipment seems nice and their visual are great, but the way to configure them is a real nightmare, especially the firewall rules which must have been designed by someone who doesn't understand how access control works. And network security is the big thing for anyone now, that's the reason I replace Unifi networks for Fortinet since the last 4 years... The fact that the UDM "firewall" allows inter-vlan routing by default is not good - that tells me that this firewall is more a pimped layer-3 switch with a fancy interface than a real firewall that block everything by default, and thus secure your network without you having to go through all segment and block them. Great video still.
Hi, I'm just starting with Unifi equipment and your video was very helpful. I noticed that you created three Wi-Fi networks. Which network do you and your family connect to on a regular basis? The Guest network? Or is it possible you did not include your own WIFI network in this video? Would you create a WIFI network for the Default network or do you only access the Default network on a wired computer? Thanks.
Thank you Cody , verry much appreciate your lessons. But I ran into an issue, could you make a vid that explains how to share a printer between a few vlans or mayby point to were I can get instructions. My UDM is pretty much configure as you instructed but only Default vlan ca see and talk to the printer. I need to be able to share between three vlans including the Guest accouts. Any help would be great.
I would also be interesting in this. I'm having the same issue. I have to switch to my IoT network in order to print. I want my main network to detect my printer in my IoT network.
What about IPTV and VLAN taging special for IPTV ? :) I would like to connect TV BOX to my network gear instead of ISP provider modem (in bridge mode atm). What WIFI do you use for your home use ? On Default ?
With the new implementation of the traffic rules, I'm a little confused about when we need to use a firewall rule or a traffic rule. Could you make a video explaining this?
I have my wireguard VPN and rules set up exactly the same as you did but I can still ping my cameras, and my wifi and all its devices. I can ping my nas fortunately, but the only thing it blocked was my two PC's. I'd like to lock it down a bit more. Any suggestions?
Thanks for this. The only thing that I couldn't get working is denying VPN remote subnets access to the Unifi Gateway Console (HTTP,HTTPS,SSH) but I noticed your post on Reddit mentions it isn't currently possible to block this on the Unifi. This seems to be a multi-year problem but I have raised a support call with Unifi to ask if there is an expected fix soon or a work-a-round.
I'm very thankful for your updated video and did subscribe and like. You did an awesome job of showing the newer interface. VLAN ? ... I have 2 U6 Pros and an Amplifi Gaming Mesh System. I turned the gaming system into an IOT system and want to use VLAN since the Ampifi is VLAN aware. How do I get the Amplifi on a separate VLAN and use the DHCP from the UDMSE, not the Amplifi? 😱
I have a question unrelated to this video but if you could help I would appreciate it. My question is On this Monday 1-15-2024 I am installing a new sliding glass doors and was wondering if there is a Unifi automatic door lock that I could install? If yes then what would you recommend? I will also run network cable to the new door while it is being installed and buy the Unifi lock setup after. Thank you
23:30 You mention that if you're using Protect to not add the rules and profiles to restrict access to the gateways. How would you recommend restricting this access without creating the slow connection issues in Protect?
I just did this and the performance is better with the can streams. In a general office with no shares or anything I did device isolation and it also blocked the web page for the unifi gateway left the cams alone. I made it so they couldn't hit each vlan and have the cam connections locked via Mac address to their respective ports.
Thanks for the great video. I have the Unifi Dream Machine Pro I got awhile ago. I thought there was a build in firewall/IDS/IPS? It's been running fine, but today I had an issue and it seems that I was backlogged on the updates and it shut down some functions that needed to be updated and restarted. I can't find firewall or DHCP server options for wired networks. Is this something I still need to reinstall or was it a subscription that expired? One other thing, why doesn't the DM Pro pick up a Cisco switch connected to it? The SG-200 doesn't show up in any of the options in the DM.
This is a great video as a beginner to Unifi. But I haven’t seen any videos deal with game consoles like the Xbox. They need multiplayer access to the Internet but also need remote streaming access from phones, tablets etc
Great guide, just got my first Unifi setup this past weekend and new to follow this guide. Of course they just pushed out a new update! haha. Also, was getting an error on the RFC1918 part. any clues?
Is your IoT Wi-Fi your main Wi-Fi you use for all your devices? Say, smartphone, thermostat, smart switch, etc? Im trying to figure this out by setting a Wi-Fi network for my main network, guest, and camera while comparing your video. Thanks!
Yes, even I found it confusing. Its similar to what is done in Azure cloud and called as NSG rules. But they were understandable but these arn't. I couldn't figure out the direction of the trafic and got confused.
Hi Mac thx for your walk thourg of needed settings. could you do a extended versioner where set up firewall setting for PLex, HomeAssistent, google home devices?
This is an Awesome Video... Thanks so much for all your hard work on this Video. I have followed all the steps and now have a fully set up network. My only proble for now is SONOS. I think I have to be on the same WiFi Network as the Sonos products (currently moved to my IoT VLAN but my iPhone id connecting to a different VLAN/WiFi network. Any suggestions?
HI Got a question for you CODY. I just got the UDM Pro and i have Bell Giga Hub 3 GB up and 3 GB down. How can I get the UDM Pro to work with the Giga Hub at the full 3GB? What I found was to use the 10GB from the UDM Pro to the 10 GB of the Giga hub but what other connections do I need to do. Maybe that can be a show for you since there seems to be a lot of people asking the same question. Please let me know if I should Return the UDM PRO and get the UDM Pro SE instead to make it work or if the UDM Pro will work fine and do the job.
Hey thanks for watching. I didn’t do any WIFI 6E configuration in this video. I do have some video on the inwall and enterprise ap though . I currently don’t even use the 6ghz
GREATTTT video ! Thanks a million! Quick question, I have both G4 and Wyze cams. Would you assign all cameras to your Cam network or IoT ? Just curious...
Question for you: We both use Bell fibre, I currently have 1GbE. I noticed you have moved to 3GbE/3GbE, which means you're now on the "GigaHub" from Bell which doesn't allow for the SFP+ port to be removed. How do you like the Gigahub, were you able to move it to bypass mode easily? I can't stand having mandatory ISP hardware on my connection which is why I'm still on the 1GbE connection.
How would I go about offloading some of the firewall inter-vlan / subnet routing rules to a L3 UI switch (like a switch pro PoE)? If I remember correctly, these switches allowed access across subnets even though firewall rules were setup to block the traffic (i.e. the switch allowed the traffic prior to it hitting the rule located on the UDM SE). This was a problem for me in the past when hanging an AP off of a switch pro. The port profile needed to allow connections on that port to all networks / SSIDs, and the switch allowed the traffic across those subnets even though the UDM-SE blocked it (when the AP was connected to the UDM-SE, the firewall rules worked correctly). I think that in the past these rules needed to be applied to ACLs, which needed to be implemented via the SSH command line? Is this still the case or is there an easier approach? I'd love to see an updated video on that, specifically addressing these common IoT / NoT / Camera network routing rules. Unless I'm trying to go about this the wrong way lol.
Update: Apparently they no longer use the wildcard mask - the netmask (non-inverse) worked! Now if only I could make it persist through a reboot... I tried to use your older video as reference when trying this, and it isn't working for me: ua-cam.com/video/QtVCyL1o260/v-deo.html I've come across a few older posts saying they can't get the ACLs to work in the Unifi Forum (I'm running Network version 7.5.176). I'm using a UDM-SE and USW-Pro-24-PoE. The only way I can successfully block inter-vlan traffic when connecting to my USW is by setting the router for the network as my UDM SE and setting the firewall rules there. I cannot get the ACL to block inter-vlan traffic. This is driving me absolutely nuts. Any help or insight would be greatly appreciated!
1. All web-links I have tried to the calculator seem dead 2. My Internet settings don't show any Auto/Manual and thus don't allow me to make DNS changes like you stated at the 16:35 mark of the video (This is on a UDM PRO on Network 7.5.176
I saw that you have your mom's house connected via cameras. What is equipment is needed for that? This is something that I've been intrigued by but dont know the minimum requirements other then the cameras. Please help and thank you.
Great video it really covers 80% of major setup requirements. I'm struggeling with the network settings for the individual ports vs Firewall rules... If a Port is set for CAMera Network only , can IOTnetwork pass thru it because of FW rule ?? ... could you do a video on how to setup these ports vs FW rules?
Like always, great video! Thank you for all of them. The PING block out of a VLAN to the VLAN sec. gateway does not work on my end. It makes no sense that it's not working. Any idea? Maybe I try the old interface and see if I can get it to work there.
What Network would all of your personal devices be on? I understand separating the IOT, Cameras, and guest network but what about devices such as your phone and tvs?
Any advices for homekit usage with unifi network? I got everyday since i use the UDM SE disconnects from my netatmo and eve cameras.... Before that I had no problems
Hello, your video is amazing! Any chance you could help me out with getting Chromecast working with inter vlaning? i see the devices to cast too but it fails to connect
Hi , I saw that you are with Bell like me , did you keep the 3000-4000 modem/all in one router that bell provide or not ? I didn’t built my network yet but I’m curious how can you bypass their modem with their spf+ fiber.
If you're planning on buying any Ubiquiti gear and want to support me use the affiliate links below :)
▶Ubiquiti USA Affiliate Link:
store.ui.com?a_aid=MacTelecom
▶Ubiquiti EU Affiliate Link:
eu.store.ui.com/?a_aid=MacTelecom
Hi Cody, I am in need of Unifi Express for my home network. Could you assist? Thanks
:)
Haha wow! Just finished my first pre install of my UDM SE. Wanted to dive into the advanced setup today with your older videos, what are the odds you would upload a new guide today. Thank you! :)
Most of my firewall experience is in pfsense but i recently did a full ubiquiti deployment and needed some help understanding firewall rules. Unifi is basically inverted from how pf does this, ie all blocked vs all allowed. This video was the perfect resource to make sure I had a good understanding of how to configure things properly!
Thanks for the great video, cheers!
Thanks for the step by step instructions on firewall rules for the VLANs, it was exactly what I was hoping to learn.
Thanks! Great guide and keep rockin'🤟
Thank you so much for the super chat :)
Thanks a lot for this video. You clearly have a much better understanding of the ubiquiti firewall than I do. When I get home I'm going to see if I can make mine work. Attempting to block all traffic except RDP and File Sharing between my webserver VLAN and the Main LAN has been challenging for me. We'll see how it goes!
Wow thanks so much that was very kind. Let me know how your config goes :)
@@MactelecomNetworks it worked! In just a few minutes with your video I have the webserver isolated from the rest of the LAN. I can RDP into it from the default LAN and browse it's shared files but I cannot ping anything from the server itself so I think I'm in good shape now. To me their firewall is strange to use. In my mind one should block everything at the start and then start punching holes through it as needed. Anyway, thanks again, I really appreciate it!
it's still annoying that design center doesn't accommodate multiple floors since signal travels, you know, in all directions =_=
Hopefully one day ☝️
You saved hours of research and thanks to you I could set up my home network. Great job! Greetings from Poland
Thanks for taking the time to make this video! Great resource! Its so much better when the video is as long as it needs to cover the subject, as opposed to trying to fit it into a certain predetermined time.
I have an issue with my UDM Pro with the blocking IoT stuff. Its been setup exactly as you've had it for awhile, but from my default network accessing cameras thats on my IoT network it takes SEVERAL tries to actually get access to the cameras.
even in my logs it shows this "Reolink Parents Front 2K
was blocked from accessing 192.168.1.3 by firewall rule:
Block inter VLAN Traffic
." But 192.168.1.x should not be blocked. Its even always pingable. This may be a reolink issue since its showing the camera was blocked and not my PC thats trying to access it.
Great explanation of setup and how to isolate vlans and I like the added trick of blocking local gateway access. Able to do all the firewall rules I need following your logic.
thanks for your work. Just tweaked my uds-se for the second time using your videos. Keep up the good work
I don't understand why you need to create this group of gateways 24:30 since the LAN local (and you say it yourself) is for the UDM (= the UDM's gateways).
I mean, you just have to create your rule (25:03) with destination any. No ? I tried and it works, I cannot ping any gateway's ip of the UDM.
I'm curious if the the caution explained at 23:39 by Cody still applies in 2024??
I'm currently setting up my UDM Pro SE, but I will use a different subnet for my the UniFi camera's + Protect if I get some eventually.
For my future IOT subnet I will user another subnet and did the same steps as described in this video.
Thanks!
Thanks so much for the super chat :)
I love all of your videos, they are very informative and I appreciate all the great content that you make.
...that being said for demo videos like this where I'm assuming a lot of folks are following along with the video step-by-step with the management console open on one side of the screen and the video on the other side...you go CRAZY fast. I'm constantly having to pause and rewind.
Might just be me, and maybe I'm a noob, in which case feel free to ignore.
No some of us are slow! Just click the settings button in the video window, then you can change playback speed.
Thank you Cody for producing an excellent resource for Unifi Network versions setup each year! Questions: 1. 2:56 - What is the drawing program you use for network diagrams? 2. Is there a way to document/print out (old school) the network/firewall setup settings so that you can "see" if you have missed anything for each new setup? Thanks again for all that you do!😊
Draw io
Thanks, wanted to ask the same.
@@ezekialsa its lucidchart
Thanks Cody for this tutorial. I am waiting for the new one for this year :) Greetings from Romania !
Another question, sorry English isn't my first language, at 23:39 you mention something that protect users shouldn't be doing but I'm not sure what you are referring to, protect users shouldn't block the vlan x to access other vlan gateways? That would kinda defeat the whole segmentation point wouldn't it?
I like the way you explain. I have a project, which I am going to use Ubiquiti system, except cameras. I will use your link to buy products, and most probably will contact you to help setting up the firewall. Anyway thank you for the videos, I learn a lot.
Hey cody.. love your vids. Started planning my network for the new house with unifi bc of ur vids.
I'm new in networking and your vids helped me alot. Thanks for that!!
Can you please do a vid. On how to setup a nas ( in my case DS224+ ) with firewall and rules?
Thanks for the video. You really are a networking expert. Congratulations!
You can tell me where I'm wrong:
I own a UDM Pro and a USW Enterprise 24 PoE switch.
I have configured 5 VLANs and OpenVPN server on the UDM Pro.
As an OpenVPN client I can access all VLANs if I don't have L3 enabled on the switch.
When I enable the L3 function on the switch for a specific VLAN, I can no longer access that VLAN from OpenVPN.
From the local network I can access all VLANs.
So I have watched multiple videos from multiple people and yours are always spot on and the best. I am having an issue with having an IoT network be accessible by other networks. Some devices work others do not. I really am struggling with Apple AirPlay. I have Apple TVs as well as TCL TVs in our building that have AirPlay 2. I can see all IoT devices from my staff, childcare, and guest networks but when I go to actually connect it errors out. I've been trying to nail this down for about a month now and am tearing my hair out. Would you be willing to do a video showing firewall rule setup for these types of applications?
Amazing video; thank you, thank you, thank you!!! Just got my UDM Pro up & running as a result!
Great presentation to the Network setup, quick notes here, I had created the block inter-VLAN rule before but that created some issues with the mDNS traffic like Apple AirPlay, AirPrint, and so on, I ended up blocking inter-VLAN traffic per VLAN basis, but thank you very much and keep up the good work.
Does mDNS Traffic traverse VLANS without an mDNS relay on each VLAN?
Can you explain more what you did? I got the same issue.
I just went into the mDNS settings under Global Network Settings and added all of the appropriate VLANS to this list. No issues with with AirPlay or AppleTVs being accessed outside the VLANs they are in.
Thanks for another thorough and professionally done video. We can always count on you to do things right!!!! One question I have for your firewall rules concerns the "Drop invalid state" rule. Under the "Rule Applied" options you left it at "Before predefined rules" shouldn't that be changed to "After predefined rules"? Shouldn't "Drop, All" rules be at the end of the operation orders? Thanks again for all your hard work and professionalism.
Thank you so so much, and you increased to nearly an hour, a big thank you for this, you speak so fast, I'm happy this time around you spread it out longer..... for myself, I actually slow the video down by 25% 😅
I try and slow my speaking but always forget sorry 😂 thanks for watching
Great insight on how to configure a Unifi network. I finally got my cameras on a separate network for security purposes.
Love the video thank you - great introduction to Setting up UniFi
One question - you didn't setup your own home wifi network - you have one for IoT, Cameras, Guests - what do you use for your own devices ? just curious
I use Aggregation for my OS2 fiber links to remote building switches, it works really well.
I currently have a OS2 fiber going across the side of the house, then ariel to a woodshed followed by going ariel to a guest building until I can get some conduit out there and power.
The power I'll be using is low voltage, the guest building is manly just a small room, upstairs storage and Internet access.
Hopefully the ariel fiber is ok until I get the conduit next spring, it's not even armored fiber just standard LC to LC OS2 indoor / outdoor use fiber I got off amazon.
Really great guide. I used it for adding a new vlan for IOT and it works great
I’ve been patiently waiting for your update! Thank you soo much, learn a lot from you!
Bedankt
Albert! Thank you for the super chat you are always to generous really appreciate you :)
@@MactelecomNetworks can you make a video about bebug hou to update a app and more
Thank you! I was waiting for this to drop! Woo!
Great video, helped me setup a vlan for my cameras!
So I just spent almost 2k on Unify devices. Pray for me because I'm diving into something I've always wanted to get into but know nothing about. A home network such is this is way overkill for me, but I really want to learn about this stuff and I find the best way to learn is hands on. I purchased the dream machine special addition, switch pro max 24, Unifi cable internet modem, and the U6 enterprise access point. I do plan on buying the network video recorder and cameras to integrate into the system, but I decided to wait on that until I get this initial setup up and running. Like I said I don't know what I'm doing and don't want to do to much at once and overwhelm my good ole thinking machine (brain). So please pray I don't destroy a couple grand worth of networking equipment. I'm fairly tech savvy, but know nothing about this stuff.
I wish you the best luck lol have a fun time learning
Hi Cody,
Thank you for your time to put together this tutorial.
I saw you used Network version 7.5.162 and not 7.5.176, at least I thought I was this.
The WiFi meshing setting has been moved to the 'systems' page from the WiFi settings page.
Just to let you know. I might need to redo my setup here....
16:33 that didn't work for me when I did this (trying to use my Adguard Home docker), I kept getting (on my wifi devices) " Connected without internet". I had to do this in the network section for each vlan. My devices are udmpro (v3.1.16) with network version 7.4.162 (I JUST got the prompt to update to 7.5.176)
31:03 any way known to be able to use a url for server address, say my DuckDNS link since I don't believe I have a static wan?
36:45 sweet wanted to look into this. Would like more detailed info though, for example do I look for a tcp or udp config file? Note for people reading: You can't use your normal login for nord, you have to go into the nord account and get the jumbled login credentials, then it'll work. With all your testing, how would I do that if I have 2 lan adapters on my pc connected, 1 main lan and 1 routed through vpn?
The equipment seems nice and their visual are great, but the way to configure them is a real nightmare, especially the firewall rules which must have been designed by someone who doesn't understand how access control works. And network security is the big thing for anyone now, that's the reason I replace Unifi networks for Fortinet since the last 4 years... The fact that the UDM "firewall" allows inter-vlan routing by default is not good - that tells me that this firewall is more a pimped layer-3 switch with a fancy interface than a real firewall that block everything by default, and thus secure your network without you having to go through all segment and block them.
Great video still.
17:30 Why all these firewall rules are not functioning on my UDM Pro SE?
Thanks!
Thanks so much for the super chat much appreciated :)
Hi, I'm just starting with Unifi equipment and your video was very helpful. I noticed that you created three Wi-Fi networks. Which network do you and your family connect to on a regular basis? The Guest network? Or is it possible you did not include your own WIFI network in this video? Would you create a WIFI network for the Default network or do you only access the Default network on a wired computer? Thanks.
Thank you Cody , verry much appreciate your lessons. But I ran into an issue, could you make a vid that explains how to share a printer between a few vlans or mayby point to were I can get instructions. My UDM is pretty much configure as you instructed but only Default vlan ca see and talk to the printer. I need to be able to share between three vlans including the Guest accouts. Any help would be great.
I would also be interesting in this. I'm having the same issue. I have to switch to my IoT network in order to print. I want my main network to detect my printer in my IoT network.
HI !!!! Looking forward for a 2024 update. Many many changes since this excelent-at-the-date video . Thanks
We need a 2024, the way to set up ports and vlans is way different, please 😢
20:56 What would happen if you left the destination here at any instead of the defined private addresses?
What about IPTV and VLAN taging special for IPTV ? :) I would like to connect TV BOX to my network gear instead of ISP provider modem (in bridge mode atm).
What WIFI do you use for your home use ? On Default ?
With the new implementation of the traffic rules, I'm a little confused about when we need to use a firewall rule or a traffic rule. Could you make a video explaining this?
Why does the UI changed on the video when viewing the firewall at 22:52?
Awesome Video Cody !! I see some light at this tunnel !
Why did the UI change in the video at 22:52? Shows from an earlier version to the latest version.
I have my wireguard VPN and rules set up exactly the same as you did but I can still ping my cameras, and my wifi and all its devices. I can ping my nas fortunately, but the only thing it blocked was my two PC's. I'd like to lock it down a bit more. Any suggestions?
Great video! Im currently setting up a UDM SE and a UDR, this video will help me a lot
Thank you Cody, I look forward to the follow up on firewall rules and vlan part!
Would you recommend the SE over the Pro for a home network with U6e x2 install? Does the SE warrant the extra cost?
I learned allot from your video. Thanks allot!
Thanks for this. The only thing that I couldn't get working is denying VPN remote subnets access to the Unifi Gateway Console (HTTP,HTTPS,SSH) but I noticed your post on Reddit mentions it isn't currently possible to block this on the Unifi. This seems to be a multi-year problem but I have raised a support call with Unifi to ask if there is an expected fix soon or a work-a-round.
I'm very thankful for your updated video and did subscribe and like. You did an awesome job of showing the newer interface. VLAN ? ... I have 2 U6 Pros and an Amplifi Gaming Mesh System. I turned the gaming system into an IOT system and want to use VLAN since the Ampifi is VLAN aware. How do I get the Amplifi on a separate VLAN and use the DHCP from the UDMSE, not the Amplifi? 😱
You absolutely nailed it, good job man!
I have a question unrelated to this video but if you could help I would appreciate it. My question is On this Monday 1-15-2024 I am installing a new sliding glass doors and was wondering if there is a Unifi automatic door lock that I could install? If yes then what would you recommend? I will also run network cable to the new door while it is being installed and buy the Unifi lock setup after. Thank you
Amy news when a upgraded UDM will arrive? Looks like UDM is a great unit, but it is 4yrs old. Se is 2yrs old now.
23:30 You mention that if you're using Protect to not add the rules and profiles to restrict access to the gateways. How would you recommend restricting this access without creating the slow connection issues in Protect?
did you find a resolution to this?
No. In my case it is a home network so this isn't a significant security concern.
I just did this and the performance is better with the can streams. In a general office with no shares or anything I did device isolation and it also blocked the web page for the unifi gateway left the cams alone. I made it so they couldn't hit each vlan and have the cam connections locked via Mac address to their respective ports.
@mactelecomnetworks can you do an updated video of this in the new UI as well as talk about allowing WireGuard vpn server traffic to other subnets
Thanks for the great video. I have the Unifi Dream Machine Pro I got awhile ago. I thought there was a build in firewall/IDS/IPS? It's been running fine, but today I had an issue and it seems that I was backlogged on the updates and it shut down some functions that needed to be updated and restarted.
I can't find firewall or DHCP server options for wired networks. Is this something I still need to reinstall or was it a subscription that expired?
One other thing, why doesn't the DM Pro pick up a Cisco switch connected to it? The SG-200 doesn't show up in any of the options in the DM.
This is a great video as a beginner to Unifi. But I haven’t seen any videos deal with game consoles like the Xbox. They need multiplayer access to the Internet but also need remote streaming access from phones, tablets etc
Great guide, just got my first Unifi setup this past weekend and new to follow this guide. Of course they just pushed out a new update! haha. Also, was getting an error on the RFC1918 part. any clues?
Is your IoT Wi-Fi your main Wi-Fi you use for all your devices? Say, smartphone, thermostat, smart switch, etc? Im trying to figure this out by setting a Wi-Fi network for my main network, guest, and camera while comparing your video. Thanks!
Thank you for sharing this video.
Thank you so much bro for this. Really appreciated it. This going to help for my summer house build. Love you bro. ❤️🙏🏽
Can you link to that page at 17:53, I am one of those that struggle with firewall rules on UniFi gear. Thanks.
Has much changed with the UIs since this video was put out? I just got a UDM SE and was looking for a guide to help set it up.
Please do a video with diagrams outlining In/Out/Local! It's hard to grasp and seems counter intuitive! :)
Yes, even I found it confusing. Its similar to what is done in Azure cloud and called as NSG rules. But they were understandable but these arn't. I couldn't figure out the direction of the trafic and got confused.
Perfect timing just what i need!
Great stuff!
Mac - can you do a video with a full factory reset of the OS Console and then setting everything back up. This would be very helpful. Thanks!
Perfect Timing! 😃
Hi Mac
thx for your walk thourg of needed settings. could you do a extended versioner where set up firewall setting for PLex, HomeAssistent, google home devices?
This is an Awesome Video... Thanks so much for all your hard work on this Video. I have followed all the steps and now have a fully set up network. My only proble for now is SONOS. I think I have to be on the same WiFi Network as the Sonos products (currently moved to my IoT VLAN but my iPhone id connecting to a different VLAN/WiFi network. Any suggestions?
Nice work as always!
G3 Flex cameras are 1GbE max. Why do your G3 Flex cameras show up as 10GbE at 7:30?
HI Got a question for you CODY. I just got the UDM Pro and i have Bell Giga Hub 3 GB up and 3 GB down. How can I get the UDM Pro to work with the Giga Hub at the full 3GB? What I found was to use the 10GB from the UDM Pro to the 10 GB of the Giga hub but what other connections do I need to do. Maybe that can be a show for you since there seems to be a lot of people asking the same question. Please let me know if I should Return the UDM PRO and get the UDM Pro SE instead to make it work or if the UDM Pro will work fine and do the job.
Great and complete from the ground UP. I did not see the detailed setup in your AP's that support 6E like your 6E IW.
Hey thanks for watching. I didn’t do any WIFI 6E configuration in this video. I do have some video on the inwall and enterprise ap though . I currently don’t even use the 6ghz
GREATTTT video ! Thanks a million! Quick question, I have both G4 and Wyze cams. Would you assign all cameras to your Cam network or IoT ? Just curious...
Yes. Been waiting this.
Excellent explanation. Does anyone know what program they use for the simulation environment?
Is Unifi proprietary software?
Question for you: We both use Bell fibre, I currently have 1GbE. I noticed you have moved to 3GbE/3GbE, which means you're now on the "GigaHub" from Bell which doesn't allow for the SFP+ port to be removed. How do you like the Gigahub, were you able to move it to bypass mode easily? I can't stand having mandatory ISP hardware on my connection which is why I'm still on the 1GbE connection.
You do PPPoE passthrough.
@@Nabroloi tried the pppoe passthorugh and saw a 1gbps hit in speed. So to keep the speed I didn't use the spf port
How would I go about offloading some of the firewall inter-vlan / subnet routing rules to a L3 UI switch (like a switch pro PoE)? If I remember correctly, these switches allowed access across subnets even though firewall rules were setup to block the traffic (i.e. the switch allowed the traffic prior to it hitting the rule located on the UDM SE). This was a problem for me in the past when hanging an AP off of a switch pro. The port profile needed to allow connections on that port to all networks / SSIDs, and the switch allowed the traffic across those subnets even though the UDM-SE blocked it (when the AP was connected to the UDM-SE, the firewall rules worked correctly).
I think that in the past these rules needed to be applied to ACLs, which needed to be implemented via the SSH command line? Is this still the case or is there an easier approach? I'd love to see an updated video on that, specifically addressing these common IoT / NoT / Camera network routing rules. Unless I'm trying to go about this the wrong way lol.
Update: Apparently they no longer use the wildcard mask - the netmask (non-inverse) worked! Now if only I could make it persist through a reboot...
I tried to use your older video as reference when trying this, and it isn't working for me: ua-cam.com/video/QtVCyL1o260/v-deo.html
I've come across a few older posts saying they can't get the ACLs to work in the Unifi Forum (I'm running Network version 7.5.176). I'm using a UDM-SE and USW-Pro-24-PoE. The only way I can successfully block inter-vlan traffic when connecting to my USW is by setting the router for the network as my UDM SE and setting the firewall rules there. I cannot get the ACL to block inter-vlan traffic.
This is driving me absolutely nuts. Any help or insight would be greatly appreciated!
1. All web-links I have tried to the calculator seem dead
2. My Internet settings don't show any Auto/Manual and thus don't allow me to make DNS changes like you stated at the 16:35 mark of the video (This is on a UDM PRO on Network 7.5.176
Hi There, can you perhaps make a video on how to replicate an DMZ network on a UDM SE if possible?
Could you share your Ubiquiti "Shapes" Library for Lucid Chart? (Even if it's just a bank of images that would be super helpful)
I saw that you have your mom's house connected via cameras. What is equipment is needed for that? This is something that I've been intrigued by but dont know the minimum requirements other then the cameras. Please help and thank you.
For devices such as cell phones. Do you join those to the IoT network so Chromecast and airplay will function or is there a better way to do this?
Great video it really covers 80% of major setup requirements. I'm struggeling with the network settings for the individual ports vs Firewall rules... If a Port is set for CAMera Network only , can IOTnetwork pass thru it because of FW rule ?? ... could you do a video on how to setup these ports vs FW rules?
Like always, great video! Thank you for all of them. The PING block out of a VLAN to the VLAN sec. gateway does not work on my end. It makes no sense that it's not working. Any idea? Maybe I try the old interface and see if I can get it to work there.
What Network would all of your personal devices be on? I understand separating the IOT, Cameras, and guest network but what about devices such as your phone and tvs?
Same question I have.
Can you provide the link to post you mentioned during the firewall rules section. Timestamp 18:02
I cam here expecting to find it in the video notes..
Any advices for homekit usage with unifi network? I got everyday since i use the UDM SE disconnects from my netatmo and eve cameras.... Before that I had no problems
Thanks for the new video!!
Hello, your video is amazing! Any chance you could help me out with getting Chromecast working with inter vlaning? i see the devices to cast too but it fails to connect
Hi , I saw that you are with Bell like me , did you keep the 3000-4000 modem/all in one router that bell provide or not ? I didn’t built my network yet but I’m curious how can you bypass their modem with their spf+ fiber.
Awesome video lots to digest 👍