Hi Willie, I realize this video is from a while back. But, it's obviously still very relevant! I've configured my ER-4 a few different ways, based on various schools of thought. But, I must tell you, this configuration, you've presented here, is by FAR my favorite!!! Way less complicated than other videos I've viewed. And, thanks for posting a link to the configuration. Much appreciated!
Been searching for some information on segregating VLANs in my EdgeRouter X for a while now. Came across this video, and this is exactly what I was looking for! Thank you for making this so clear and easy to understand, as well as showing the process and documenting it! Two thumbs up and 3 cheers to you!
Seriously, man, you saved me. Still took 4 hours out of my day to figure out the nightmare of a network situation I got myself into, but your video saved me a year ago, and it just saved me again. Thank you!
FINALLY... A straightforward, clear way to set up a guest lan. I applied these to a vlan that is then untaged after the ER4 connects through a Cisco Switch and finally an USW-24-G1. It all WORKS! THANKS
Your videos are invaluable when setting up anything Unifi/Edge-related. I was having tons if issues setting this up and this video saved me a few hours of headache. Easiest sub of my life.
Great demonstration of the segmentation. I did NOT want to VLAN my network and this breakdown on how it’s done on the EdgeRouter was just what I need to throw my pfsense behind it for my private network and keep my guests, VoIP, BluRay and everything else outside of it. Much appreciated the breakdown of the CLI methods to firewall.
Hi Willie, thanks for the the very practical no-nonsense tutorial. For me it was very helpful isolating my VLAN (Guest & IOT) traffic from the default network but still being able to reach the IOT main controller (Rapsberry) from the default network. I do understand the basics of networking and firewalls. However once setup your home network you don't touch it anymore for weeks/months. A big thank you from the Netherlands. Regards, Ron
This is great, it is exactly what i need. I have divided the network into one network for devices not needing internal access and one for everything else but currently they can reach each other both ways, this will be fixed now with this video.
Thank you for leaving the config in google. It worked a charm. I have ports 2,3,4 as their own separate networks. Port 1 is my main network which gets no blocking. I just need to figure out the firewall rule so my main network and the incoming VPN cannot see ports 2-4. I just watched your unifi UDM video on firewalls and think i have a idea how to tackle it. :)
Hey Willie, thanks for the video and for sharing your networking knowledge with us. Got my Edgerouter X months ago and your videos got me setup and running. I was trying to isolate my IoT network and your channel came up again, couldn't help but subscribe! My entire home network is now a lot more secure. Keep up the great work!
Good job on video Willie. I simply wanted to set up a vlan on one of the eth ports on Edge X and your video was the only one that explained it well. None of the other video explained about the DNS forwarding setting, which was my issue making the connection successful. Good examples and keeping steps simple.
Thanks for the great info... I've always been tech savy... but your guided help is pushing me into a more serious network admin role and making money with real businesses setting up networks!
Willie, thank you very much for another great video. You have the best channel for learning howto setup Unifi devices. Period. Will you explain how to achieve the same IoT isolation with USG? Would be great to learn howto do that. Keep up with the great work!
Hi Willie, Thanks for the great videos and content! I'm just starting with the EdgeRouter and I'm confused on where you came up with the IP addresses you list in your Google doc.
Very useful . thank you. Looking fast at this, I have 2 subnets i want to seperate from homesubnet. I can add interfaces in the firewall rules you showed here because rules should be the same on these? And then, if i want to further seperate the 2 "toxic" subnets from eachother i need Another set of rules for these 2 subnets?
The networks he blocked are the 3 possible private network IPs. All private network that are possible are the 10.* the 192.168.* and the 172.16.* . Every IP outside those scopes is external.
Thank you so much for this video!!! I was struggling trying to figure out how to block my IoT network now that I actually have a device (thermostat) and this helped tremendously!
Hi Willie thank you for doing what you do you are a wealth of knowledge. My question is I set up everything as you have (using my interfaces), but this did not isolate my network until I swapped the order of the BLOCK_IN ruleset then seems to be working fine. Will this cause a potential problem for me in the future? I know just enough to be dangerous if you know what I mean.
Thank you for a great video. I've got my edge router humming along, but now I am looking at a NAS, what do I need to do so I can see it on both networks?
A little over my head for the moment, but bookmarked for future reference. Wondering if I need a separate physical AP for the IoT-DHCP network if done this way. Off to research Physical LAN vs VLAN.
Does the BLOCK_IN rule also block other zones in 192.168.x.x. from accessing the network on eth1? Assume that I want to set up that IoT devices (my case: eth4 and 192.168.3.x/24) cannot access anything but the internet while the devices on my home (on eth1-3 and 192.168.1.x/24) can access the IoT gateway - wow would such a configuration differ?
Hi Willie, I found the video very informative. What i'm trying to get to work is having the guest network setup and isolated like you've shown but from the main vlan or interface to be able to access any pc or device connected to the guest network. Like a one-way door. I added allow related/est on the guest_in but it doesn't seem to work properly.. any suggestions? or better ways of doing it?
Willie, If I wanted to allow connection from Internal to a device on the IOT network (i.e. Chromecast) How can I do that? I followed these steps and my chromecast and google Home's say not available. Thanks for the Wonderful video
This is a great vid, thank you. It helped exactly as intended! Since isolating my smart devices I setup pihole in docker container on my Unraid server as well as a speedtest server. Added rules to "BLOCK IN" before "Drop Protected Networks" for TCP to the specific IP and port for the webserver(HTML5 speedtest) and UDP for 53 for the PiHole container. Is there a better/safer way of doing this? Also, would adding the rules there negate the need for the "BLOCK LOCAL" or am I creating any risk by doing this?
Hi I have a edge router X I am trying to use the basic wizard set up one LAN Internet connection on Vlan . How do I get the Internet just one one of my port with the Vlan?
Willie, first of all I love your videos, but I still have some questions, I added a EdgeRouter to my network and created two VLan networks, one for my OnHub wireless router and other for my VoIP phone, before I added the EdgeRouter I was able to see my security cameras, but now I can't and they are on the OnHub router, How do I manage to be able to see them on my mobile app?
Thank you so much for posting this and other informative videos? They are a huge help and I'm rediscovering my love of the command line from computer school in 1997, back then I was almost 40 years old! I just can't see the video clearly enough on my ten year old laptop to use it next to the computer I'm using to setup the edge router x. Any pointers or suggestions? Thanks D.
Every time I run through this I end up with a second independent lan (I use eth4 but I have also tried eth3) that generates the correct IP, displays as being connected through ethernet but STILL no internet. Firewall is disabled on the client computer and there are no pertinent firewall rules set up on the router (that I can see). Recently did a factory reset and started over, same thing. What am I missing here?
Hi Willie, I have aa few VLANS setup and have firewalled them off from my main network as per your video. Everything seems to be blocked back to the main network with the exception of my cloudkey, why would that be? As noted I setup everything the same way you did on this video. Do I need to make a specific rule to block access to the CK? Thanks. in advance. PS: I setup a rule to specifically block the CK ip and it worked. Still wondering why it was accessible when the default rule was to drop in the "Block_Local" rule.
Great Tutorial, Thank you! Can more than one port be isolated? Say for instance I would like to isolate ETH3 as its own network in addition to the IoT network port, Do I add ETH3 interface to DNS forwarding and to the BLOCK_IN and BLOCK_LOCAL firewall policies?
New sub here...love your channel. I'm just starting my Ubiquiti home network. How would I expand what you did here to make my NVR the only device that can see the internet? I want to keep my ip cameras inside this network and only talk to the NVR which is also inside the isolated network. Thanks!
Yes, Sorry... the interface switch settings are only available in the ERX. You would think it would be there but I spent two days searching for settings that are not there. Im testing and trying to decide between the ER8 or Unifi Pro. Cant seem to get a solid solution on either one. Something seems to be missing from one or the other.
Hey Willie, have you tried fing app after implementing this? will the hostname and mac address still visible on fing sweep? it was always my problem with edgerouter + unifi ap guest setup. Smart guys change their mac addr by copying the mac address that is authorize from fing app scan for free internet.
So we would not change the lan ip address in the protect network group to match what we have on your lan? If I had 192.168.0.1/24, would I still use 192.168.0.0/16 in the protect network group?
Say you want to isolate the new network on eth1 but allow computers and the internet to be able to access an device on the new network like for remotely monitoring security cameras
I've been looking for a solution to isolate guest devices. For example, guests can't get to other devices on the guest network. Any suggestions on how to accomplish this?
Willie, these videos have been very helpful, thanks! i tried the block_local rule without the exceptions. i wanted to see my device NOT get an IP from the DHCP server but it did anyway. has anyone seen this??
So I used this firewall to set up VLANs and it works great, but I'm having trouble with port forwarding my Home Assistant with this setup...Anyone know what might be happening? I love this setup - it works extremely smoothly outside of that.
Hello Willie Great video and easy to follow/do with the Edge/Unifi devices. If you like puzzles: One issue I had with a single device is that it stops communicating with the IoT service provider. Specifically, it is the Genie Aladdin garage door opener. All other devices (light switches, water heater, irrigation controller) work fine. Do you have a guess what the heck it might be using that the isolated IoT setup you described would block. It has no reason/business communicating with any of my PCs on the main LAN. I'm not sure Why it would be unable to communicate with the Genie server on the Internet. The default FW IN rule on the eth port is accept... When I connect it back to the main WIFI/LAN, it works. Any ideas?
Hey Willie, Thanks so much for the walkthrough! How would we go about blocking traffic completely between subnets. I have the following config: eth0: WAN, eth1-3: LAN/SWITCH, eth4: separate subnet. I need for eth4 to be able to connect to internet only as it is for processing credit cards. After following this walkthrough, I can ping from eth1-3 to eth4. I cannot ping from eth4 to anything on the "switch". What is method to completely block the traffic between subnets. Thanks so much!
Willie, Just recently found your channel, and have been going through your videos. You have a great channel and really solid information. In this one, I noticed that you created a rule for DNS, but had it set to UDP... Depending on the query, DNS may require TCP as-well. Any DNS query or response that exceeds 512bytes will require TCP, and Zone Transfers are always done using TCP... in this use case (IoT), it is highly unlikely that you would be performing Zone Transfers.
As usual great video too the point ! Devil's advocate (sorry have to). Lets say the client has but ONE printer on network 192.x.x.x and the guests are on 10.x.x.x How can one share the printer ?
You should also make it clear that the features you discuss only appear to be available on the ERX. So If you have a ERLite, or ER8 these dont apply. May also not be available on the ERPro.
CAN you show how to have 2 isolated network. I have one i want to create another one. i tried but i do mistake some where so i lose internet for both network.
Thanks for all your effort. Everything works fine but when I enable Hotspot on guest policies on guest VLAN I cannot access Unifi controller to authenticate the guest by using a vouchers i.e. the authentication page does not open. Unifi controller is not on the guest network. Can someone please help me with a firewall policy to overcome this issue? Thanks.
Thanks so much for the great video! Can I use this template to restrict on the other VLANs as well? Say I have VLAN10 (office) VLAN20(family) VLAN30 (guest) and VLAN30(printer). Could I adapt this ruleset to block access of all vlan - vlan traffic to ALL VLANs while able to access printer from each as well as full internet access? Again, Great Video!
how could i make an specific vlan accesible form the other vlans, but, from that vlan to the rest, no access, and also make it unaccesible to and from the internet?? pls help, i hace a vlan for my ipcams and i dont want then to talk to anybody else, but be able to see the rtsp stream from any machine,
Hi Willie Thank's for a great video. I have struggled with this a long time before I found this video. It works great with som modification for my needs. There is one thing though I use several differens VLAN so instead of Eth1 I have Switch.0 and Switch0.99 etc. How do I assign the roules to VLAN interfaces? The command "set interfaces ethernet eth1 firewall in name BLOCK_IN" and "set interfaces ethernet eth1 firewall local name BLOCK_LOCAL" does not work Thank's in advance.
Home Office with two small business on front (Laundry, ComputerShop) , Family is 17 persons with kids (ipads... cellphones everysunday). I have PFSense and a Unify AP-PRO.. Ubuntu computer and planning on having Kodi
This is good video to show HOW to do something but not WHY or WHAT it is doing. I would find this video way more useful if you actually explained why you set specific firewall rules, etc. instead of forcing me to watch you copy-paste stuff. Thanks!
Hi Willie, I realize this video is from a while back. But, it's obviously still very relevant! I've configured my ER-4 a few different ways, based on various schools of thought. But, I must tell you, this configuration, you've presented here, is by FAR my favorite!!! Way less complicated than other videos I've viewed. And, thanks for posting a link to the configuration. Much appreciated!
Been searching for some information on segregating VLANs in my EdgeRouter X for a while now. Came across this video, and this is exactly what I was looking for! Thank you for making this so clear and easy to understand, as well as showing the process and documenting it! Two thumbs up and 3 cheers to you!
Seriously, man, you saved me. Still took 4 hours out of my day to figure out the nightmare of a network situation I got myself into, but your video saved me a year ago, and it just saved me again. Thank you!
FINALLY... A straightforward, clear way to set up a guest lan. I applied these to a vlan that is then untaged after the ER4 connects through a Cisco Switch and finally an USW-24-G1. It all WORKS! THANKS
Your videos are invaluable when setting up anything Unifi/Edge-related. I was having tons if issues setting this up and this video saved me a few hours of headache. Easiest sub of my life.
Great demonstration of the segmentation. I did NOT want to VLAN my network and this breakdown on how it’s done on the EdgeRouter was just what I need to throw my pfsense behind it for my private network and keep my guests, VoIP, BluRay and everything else outside of it. Much appreciated the breakdown of the CLI methods to firewall.
Hi Willie, thanks for the the very practical no-nonsense tutorial. For me it was very helpful isolating my VLAN (Guest & IOT) traffic from the default network but still being able to reach the IOT main controller (Rapsberry) from the default network. I do understand the basics of networking and firewalls. However once setup your home network you don't touch it anymore for weeks/months. A big thank you from the Netherlands. Regards, Ron
Willie, thank you so much, I'm not a network guy but finding your channel will sure help me get started!!!
This is great, it is exactly what i need. I have divided the network into one network for devices not needing internal access and one for everything else but currently they can reach each other both ways, this will be fixed now with this video.
Thank you for leaving the config in google. It worked a charm. I have ports 2,3,4 as their own separate networks. Port 1 is my main network which gets no blocking. I just need to figure out the firewall rule so my main network and the incoming VPN cannot see ports 2-4. I just watched your unifi UDM video on firewalls and think i have a idea how to tackle it. :)
Hey Willie, thanks for the video and for sharing your networking knowledge with us. Got my Edgerouter X months ago and your videos got me setup and running. I was trying to isolate my IoT network and your channel came up again, couldn't help but subscribe! My entire home network is now a lot more secure. Keep up the great work!
This is EXACTLY what I've been looking for. Thanks!
perfectly straight to the point and exactly what i needed. thank you!
Thanks for the thorough walk-through. I can see my Raspberry Pi cluster but it can't see me. Perfect.
Good job on video Willie. I simply wanted to set up a vlan on one of the eth ports on Edge X and your video was the only one that explained it well. None of the other video explained about the DNS forwarding setting, which was my issue making the connection successful. Good examples and keeping steps simple.
Thanks for the great info... I've always been tech savy... but your guided help is pushing me into a more serious network admin role and making money with real businesses setting up networks!
Appreciate the video. Really like seeing the CLI config, makes things a lot easier to understand than just the GUI. Sub!
im still loving your oldies
9k to 75.9k! heading to 100k! 🤞
This setup works oh-so-well! Thank you Willie Howe.
Willie, thank you very much for another great video. You have the best channel for learning howto setup Unifi devices. Period.
Will you explain how to achieve the same IoT isolation with USG? Would be great to learn howto do that.
Keep up with the great work!
+1 for this request
Congrats on 9,000 subscribers subnets are extremely important on a large network
Hi Willie, Thanks for the great videos and content! I'm just starting with the EdgeRouter and I'm confused on where you came up with the IP addresses you list in your Google doc.
Fantastic, this enabled me to use a spare AP i had laying around for a secure guest WiFi. Great job!
Thank you for this!
Very useful . thank you.
Looking fast at this, I have 2 subnets i want to seperate from homesubnet. I can add interfaces in the firewall rules you showed here because rules should be the same on these?
And then, if i want to further seperate the 2 "toxic" subnets from eachother i need Another set of rules for these 2 subnets?
You are the man!! Thank you!!! Great work, keep making these videos.
Could you possibly explain why you are adding the 3 separate network IP address blocks? Especially the 10.10.10 one?
The networks he blocked are the 3 possible private network IPs. All private network that are possible are the 10.* the 192.168.* and the 172.16.* . Every IP outside those scopes is external.
Thank you so much for this video!!! I was struggling trying to figure out how to block my IoT network now that I actually have a device (thermostat) and this helped tremendously!
Hi Willie thank you for doing what you do you are a wealth of knowledge. My question is I set up everything as you have (using my interfaces), but this did not isolate my network until I swapped the order of the BLOCK_IN ruleset then seems to be working fine. Will this cause a potential problem for me in the future? I know just enough to be dangerous if you know what I mean.
Thanks for this video. It was really really really helpful. Saved me a ton of time researching what settings to use.
Thanks for this, needed it to get my network split up for some dev work, really handy!
Thanks for this video. Extremely easy to follow.
This is exactly what I was looking for. Works like a charm! Thanks!
With a setup like this why would you ever bother setting up a VLAN? Genuinely curious as I can't see why. Thanks.
Thank you for a great video. I've got my edge router humming along, but now I am looking at a NAS, what do I need to do so I can see it on both networks?
A little over my head for the moment, but bookmarked for future reference. Wondering if I need a separate physical AP for the IoT-DHCP network if done this way. Off to research Physical LAN vs VLAN.
Does the BLOCK_IN rule also block other zones in 192.168.x.x. from accessing the network on eth1?
Assume that I want to set up that IoT devices (my case: eth4 and 192.168.3.x/24) cannot access anything but the internet while the devices on my home (on eth1-3 and 192.168.1.x/24) can access the IoT gateway - wow would such a configuration differ?
Thanks. I can sleep at night knowing my Minecraft server even if it gets hacked to bitz will just be chilling on its own little private network.
Hi Willie, I found the video very informative. What i'm trying to get to work is having the guest network setup and isolated like you've shown but from the main vlan or interface to be able to access any pc or device connected to the guest network. Like a one-way door. I added allow related/est on the guest_in but it doesn't seem to work properly.. any suggestions? or better ways of doing it?
Fun fact: You can put Notepadd++ as always on top ! would have made it a bit easier :)
Willie, If I wanted to allow connection from Internal to a device on the IOT network (i.e. Chromecast) How can I do that? I followed these steps and my chromecast and google Home's say not available. Thanks for the Wonderful video
Hi sir! thanks alot! this is what I really need thanks alot!
you are great, you saved me, thank you thank you thank you from Italy
This is a great vid, thank you. It helped exactly as intended! Since isolating my smart devices I setup pihole in docker container on my Unraid server as well as a speedtest server. Added rules to "BLOCK IN" before "Drop Protected Networks" for TCP to the specific IP and port for the webserver(HTML5 speedtest) and UDP for 53 for the PiHole container. Is there a better/safer way of doing this? Also, would adding the rules there negate the need for the "BLOCK LOCAL" or am I creating any risk by doing this?
Hi I have a edge router X I am trying to use the basic wizard set up one LAN Internet connection on Vlan . How do I get the Internet just one one of my port with the Vlan?
Willie, first of all I love your videos, but I still have some questions, I added a EdgeRouter to my network and created two VLan networks, one for my OnHub wireless router and other for my VoIP phone, before I added the EdgeRouter I was able to see my security cameras, but now I can't and they are on the OnHub router, How do I manage to be able to see them on my mobile app?
Thank you so much for posting this and other informative videos? They are a huge help and I'm rediscovering my love of the command line from computer school in 1997, back then I was almost 40 years old! I just can't see the video clearly enough on my ten year old laptop to use it next to the computer I'm using to setup the edge router x. Any pointers or suggestions? Thanks D.
but how would you connect this to your home network? surely they are both VLAN1, so how would that work with a UniFi AP or through a switch even?
Every time I run through this I end up with a second independent lan (I use eth4 but I have also tried eth3) that generates the correct IP, displays as being connected through ethernet but STILL no internet. Firewall is disabled on the client computer and there are no pertinent firewall rules set up on the router (that I can see). Recently did a factory reset and started over, same thing. What am I missing here?
Hi Willie, I have aa few VLANS setup and have firewalled them off from my main network as per your video. Everything seems to be blocked back to the main network with the exception of my cloudkey, why would that be? As noted I setup everything the same way you did on this video. Do I need to make a specific rule to block access to the CK? Thanks. in advance. PS: I setup a rule to specifically block the CK ip and it worked. Still wondering why it was accessible when the default rule was to drop in the "Block_Local" rule.
Great Tutorial, Thank you! Can more than one port be isolated? Say for instance I would like to isolate ETH3 as its own network in addition to the IoT network port, Do I add ETH3 interface to DNS forwarding and to the BLOCK_IN and BLOCK_LOCAL firewall policies?
New sub here...love your channel. I'm just starting my Ubiquiti home network. How would I expand what you did here to make my NVR the only device that can see the internet? I want to keep my ip cameras inside this network and only talk to the NVR which is also inside the isolated network. Thanks!
Yes, Sorry... the interface switch settings are only available in the ERX. You would think it would be there but I spent two days searching for settings that are not there. Im testing and trying to decide between the ER8 or Unifi Pro. Cant seem to get a solid solution on either one. Something seems to be missing from one or the other.
Just pumping out the videos :)
Willie Howe 👍👍
Hey Willie, have you tried fing app after implementing this? will the hostname and mac address still visible on fing sweep? it was always my problem with edgerouter + unifi ap guest setup. Smart guys change their mac addr by copying the mac address that is authorize from fing app scan for free internet.
So we would not change the lan ip address in the protect network group to match what we have on your lan? If I had 192.168.0.1/24, would I still use 192.168.0.0/16 in the protect network group?
Thanks for your videos. Very informative, specially for beginners like me.
So at this point, you could/would plug a UniFi AP into eth1 and set it up as the IoT wireless access point?
Can I now entering the IoT Network From the LAN Network?
Say you want to isolate the new network on eth1 but allow computers and the internet to be able to access an device on the new network like for remotely monitoring security cameras
I've been looking for a solution to isolate guest devices. For example, guests can't get to other devices on the guest network. Any suggestions on how to accomplish this?
Willie, these videos have been very helpful, thanks! i tried the block_local rule without the exceptions. i wanted to see my device NOT get an IP from the DHCP server but it did anyway. has anyone seen this??
So I used this firewall to set up VLANs and it works great, but I'm having trouble with port forwarding my Home Assistant with this setup...Anyone know what might be happening? I love this setup - it works extremely smoothly outside of that.
Do you have a good template for drawing firewall rules in Visio etc. I understand these better when they are drawn out.
Hello Willie
Great video and easy to follow/do with the Edge/Unifi devices.
If you like puzzles: One issue I had with a single device is that it stops communicating with the IoT service provider. Specifically, it is the Genie Aladdin garage door opener. All other devices (light switches, water heater, irrigation controller) work fine.
Do you have a guess what the heck it might be using that the isolated IoT setup you described would block. It has no reason/business communicating with any of my PCs on the main LAN. I'm not sure Why it would be unable to communicate with the Genie server on the Internet. The default FW IN rule on the eth port is accept...
When I connect it back to the main WIFI/LAN, it works.
Any ideas?
how do you setup wol (wake on lan) for edge router to use magicpacket from external to internal computer?
Great vid more knowledge for myself from you on edge os cheers willie
Hi there edgerouter is very similar to the microtik router, why we have to use edgerouter??
Hey Willie,
Thanks so much for the walkthrough! How would we go about blocking traffic completely between subnets. I have the following config: eth0: WAN, eth1-3: LAN/SWITCH, eth4: separate subnet. I need for eth4 to be able to connect to internet only as it is for processing credit cards. After following this walkthrough, I can ping from eth1-3 to eth4. I cannot ping from eth4 to anything on the "switch". What is method to completely block the traffic between subnets. Thanks so much!
Willie, Just recently found your channel, and have been going through your videos. You have a great channel and really solid information. In this one, I noticed that you created a rule for DNS, but had it set to UDP... Depending on the query, DNS may require TCP as-well. Any DNS query or response that exceeds 512bytes will require TCP, and Zone Transfers are always done using TCP... in this use case (IoT), it is highly unlikely that you would be performing Zone Transfers.
As usual great video too the point !
Devil's advocate (sorry have to).
Lets say the client has but ONE printer on network 192.x.x.x and the guests are on 10.x.x.x
How can one share the printer ?
You should also make it clear that the features you discuss only appear to be available on the ERX. So If you have a ERLite, or ER8 these dont apply. May also not be available on the ERPro.
Is the info in this video still valid today with the latest FW?
CAN you show how to have 2 isolated network. I have one i want to create another one. i tried but i do mistake some where so i lose internet for both network.
Thanks for all your effort. Everything works fine but when I enable Hotspot on guest policies on guest VLAN I cannot access Unifi controller to authenticate the guest by using a vouchers i.e. the authentication page does not open. Unifi controller is not on the guest network. Can someone please help me with a firewall policy to overcome this issue? Thanks.
Willie how do you feel about Ubiquiti locking out ssh in their latest release hotfix 3
Wouldn't it be a good idea to add an accept Established/Related to the Block_Local?
On my EdgeRouter Pro, can I use this template to activate the other physical interfaces (eth2 thru eth5) and not isolate anything on my network?
Thanks so much for the great video! Can I use this template to restrict on the other VLANs as well? Say I have VLAN10 (office) VLAN20(family) VLAN30 (guest) and VLAN30(printer). Could I adapt this ruleset to block access of all vlan - vlan traffic to ALL VLANs while able to access printer from each as well as full internet access? Again, Great Video!
how could i make an specific vlan accesible form the other vlans, but, from that vlan to the rest, no access, and also make it unaccesible to and from the internet?? pls help, i hace a vlan for my ipcams and i dont want then to talk to anybody else, but be able to see the rtsp stream from any machine,
What if I don't block the Eth1 from getting to the protected Networks?
Works great, thanks very much.
does this carry over to the Unifi system as well?
When is the livestream with Chris? Congrats on 9K Subs
Hi Willie
Thank's for a great video.
I have struggled with this a long time before I found this video.
It works great with som modification for my needs.
There is one thing though
I use several differens VLAN so instead of Eth1 I have Switch.0 and Switch0.99 etc.
How do I assign the roules to VLAN interfaces?
The command "set interfaces ethernet eth1 firewall in name BLOCK_IN" and "set interfaces ethernet eth1 firewall local name BLOCK_LOCAL" does not work
Thank's in advance.
Sir, i really like all your videos. Sir can you help me on how to create multiple UNIFI AP with only one SSID?
Wow.....this looks awfully.....familiar!?! Hah! Anyway, thanks for the help, and for doing this video explaining the topic.
This will block all networks from each other on the router, what if you only wanted to block a single VLAN ID
Excellently helpful!
You should do a video with a whole home Unifi network
Thanks so much for this
Is there any diffrense in doing this on EdgeRouter Pro v1.9.7+hotfix.2 becuse there is no switch0 on it
yes but the poblem is that iam trying to set it up on a pro.
Maybe add UDP and TCP for DNS (sec) related queries
Can you do a video for unifi?
I set this up on Eth4, however DHCP is not working
Reboot did the trick
so, USG or edgerouter?... I need to make a choice...
Home Office with two small business on front (Laundry, ComputerShop) , Family is 17 persons with kids (ipads... cellphones everysunday). I have PFSense and a Unify AP-PRO.. Ubuntu computer and planning on having Kodi
This is good video to show HOW to do something but not WHY or WHAT it is doing. I would find this video way more useful if you actually explained why you set specific firewall rules, etc. instead of forcing me to watch you copy-paste stuff. Thanks!
Thank you - plain English!
Great contents, but I can’t see anything. Can you zoom on what you’re working on
How to change mtu ppoe
Services, PPPoE, MTU.
If your WAN connection is direct PPPOE Or Under Dashboard switch the MTU for the assigned ETH WAN port.