I can't get over how much more logical the firewall section is!! As an enterprise network security admin I found that section abysmally dysfunctional prior to this change. It's passable now with this zone conversion!
The API has already existed forever, except there weren’t any official documentation. The API can do a lot more than what the official documentation says, in fact, the web UI uses the API for everything - so if there is something that you want that isn’t documented then you can use your browser’s network debug tools.
Is it possible to implement a MAC-based approach to assign VLAN tags to devices? There are too many IoT or surveillance devices that may not necessarily be connected to a UniFi switch, so port-based VLAN tagging is not feasible. I’d like to know if such a solution exists.
Really excited about the zone-based firewall. As someone considering moving from OPNSense to Unifi for their SOHO network, that entire interface looks a lot easier to understand (especially while I'm learning) than what I'm working with now. OPNSense isn't impossible to use, but I'd be lost without well written tutorials and don't really feel like I'm learning it holistically. The new Unifi interface you showed off looks like it'd be a lot easier to learn and use for someone who doesn't really need the awesome power of OPNSense.
Thanks Willie for another great video. I have just recently moved off of TP-Link stuff and went all in on Unifi. Even before this update I was up and running for a week. I love the "single-pane of glass" that Unifi has for there network. I am looking forward to watching the upcoming Unifi videos.
Some great updates. I'm looking forward to using the API to be able to semi-automate the statistics collection for my day job. Still investigating a potential move to GS, but this update certainly makes Unifi a more competitive option.
Appears Ubiquiti hasn't released 4.1 firmware for the UXG line of gateways yet. I'm running network server 9 and a UXG Pro Gateway but don't have the new firewall option yet.
Hey, thanks for covering the updates and yes, I would like to see a video covering the certificates. If I could request another video idea it will be about Dynamic DNS and how to setup, especially using Cloudflare, there are written resources on the internet but I do not understand them and I couldn't find any video about it.
I would like to see some IPv6 videos and how to best implement it into my network for better performance. I have played with it in the past but have found that not many VPN providers support IPv6. I am glad I decided to purchase the UDM Pro Max because that means I get access to all the new features and improvements. Nothing cut short here.
Thanks for this video. There is quite a lot of new stuff in these updates. Could you run through the packet capture feature, please? Is it only possible on the gateway ports (UDM-SE in my case) or also on any Unifi switch port?
Checkpoint: I want to know if I can isolate a single computer that bypasses these controls? Even if I have to place that computer on a different subnet - I can’t risk the false positives or overzealous controls for one device that I use and currently have isolated on its own network.
We are currently using EdgeRouter Infinity's as our firewall and site to site vpn's and then unifi for our network controllers. Hopefully over summer, we will switch to the zone based firewall and standardize to just the unifi platform.
I upgraded my UCG-Nax yesterday. I didn't think to record the numbers. But, I saw inter-vlan file transfer speed jump up quite a bit. It went from ~70 MBps to ~100, between an i9 workstation, and a Synology 1817+ NAS, both with 1gig ports, over a 2.5 gig multi-switch path.
I already have a Unifi Express and planning to purchase a Cloud Gateway Max for my home. It seems Ubiquiti is getting closer to offering firewall capabilities comparable to Fortigate.
I dont see it called out in this video but in site to site tunnels, the update adds Policy Based routing too over those tunnels. I believe this is new.
For those of us that are very new to this or are not professional IT people could you go through the upgrade steps? I haven’t found a very good one, but I’m sure they are out there.
Interesting. UCG-Ultra auto upgraded last night, but no sign of the new zone feature. It’s a family members that’s just left tbh. I’ll have a look more as an option over pfsense at my folks. I’m using Sophos XG, but IPsec S2S VPNs
Its just me or the Zone Firewall is "identical" to a Sonicwall? Using the two platforms I can agree that this Zone is a more easy approach! Nice Ubiquiti!
Would like IPv6 video to include how to shut off all, IPv6 traffic. As far as I’m concerned, home LANs don’t need IPv6. IPv6 seems like a must for ISPs and large companies. I could very well be wrong, let me know how/why. I have res’d IPv4 IPs for 67 wifi devices, but cannot remember 67 IPv6 addresses.
without the ability to see inside the traffic via ssl inspection this is only a blacklist...and that's always lagging. it's better than nothing but without tls interception it's effectiveness is limited.
That’s some nice changes , I wish they would get some better access switches. I need at least dual hot swappable psus Edit: looks like they have that now. Can they stack now?
For those of us that are very due to this or are not professional IT people could you go through the upgrade steps? I haven’t found a very good one, but I’m sure they are out there.
Please run through the cert. That would be cool !
More Unifi IPv6 videos would be terrific.
I agree :) IPv6 is still a lot of mystery, even for ubiquiti users :)
More on TLS - SSl Certs would be great
Willy, could you create a video on “high isp latency detected” notices? Why it happens, and how to fix?
It’s related to speed tests I have found. Nothing to worry about.
that will be nice
It happens when ISP has their refresh cycle, it is normal.
You can clear it in the log page
I’m curious about a “best practices” approach for implementing an IoT VLAN using the new zone based firewall method.
Yes please. I finally have everything working with the old firewall.
Please run through cert purchase and upload!
Maybe add Lets Encrypt registration and auto-renewal if thats possible?
I would love an explainer on the Certificate installation. Especially if you can explain the hairpinning.
Happy for the API. That's going to be very useful for some stuff.
I can't get over how much more logical the firewall section is!! As an enterprise network security admin I found that section abysmally dysfunctional prior to this change. It's passable now with this zone conversion!
Hi, willing to see more on the BGP as OSPF is not available with site-magic using redundant hub - spoke deploys for announce the routes internally.
I'd love to see you do a certificate purchase and implementation.
The API has already existed forever, except there weren’t any official documentation.
The API can do a lot more than what the official documentation says, in fact, the web UI uses the API for everything - so if there is something that you want that isn’t documented then you can use your browser’s network debug tools.
Is it possible to implement a MAC-based approach to assign VLAN tags to devices? There are too many IoT or surveillance devices that may not necessarily be connected to a UniFi switch, so port-based VLAN tagging is not feasible. I’d like to know if such a solution exists.
Why no letsencrypt integration or even rund a lightweight k8s on the UDM?
It would be nice to learn about Ip6 and what I need or can use it for
So how does one patch a machine in the new DMZ architecture
yes a SSL/TLS certificate and upload would be good. any free cert sites would be good as well.
I would like to see you purchase or download a certificate from an existing domain and install it in Unify Network! Thanks!
Really excited about the zone-based firewall. As someone considering moving from OPNSense to Unifi for their SOHO network, that entire interface looks a lot easier to understand (especially while I'm learning) than what I'm working with now. OPNSense isn't impossible to use, but I'd be lost without well written tutorials and don't really feel like I'm learning it holistically.
The new Unifi interface you showed off looks like it'd be a lot easier to learn and use for someone who doesn't really need the awesome power of OPNSense.
More on TLS - SSI Certs, please. I really would like to learn more about this.
Please do the cert and BGP ....much appreciated!
Thanks Willie for another great video. I have just recently moved off of TP-Link stuff and went all in on Unifi. Even before this update I was up and running for a week. I love the "single-pane of glass" that Unifi has for there network. I am looking forward to watching the upcoming Unifi videos.
I am interested in your upcoming close up on the Zone-Based Firewall abilities.
Please do some videos on BGP, Certs and IPv6. Many thanks 👍
Some great updates. I'm looking forward to using the API to be able to semi-automate the statistics collection for my day job. Still investigating a potential move to GS, but this update certainly makes Unifi a more competitive option.
Can you make a video on how to properly delete a unifi site and reset everything to factory?
Appears Ubiquiti hasn't released 4.1 firmware for the UXG line of gateways yet. I'm running network server 9 and a UXG Pro Gateway but don't have the new firewall option yet.
I'm from Portugal and in my UDW the CyberSecure dont apear. Is it only avaiable in th US?
it take some time but now I get the link to but the Cybersecure
Hey, thanks for covering the updates and yes, I would like to see a video covering the certificates. If I could request another video idea it will be about Dynamic DNS and how to setup, especially using Cloudflare, there are written resources on the internet but I do not understand them and I couldn't find any video about it.
Agreed that would be good, especially in the context of Cloudflare. On a side note it would be nice to have native support!
I would like to see some IPv6 videos and how to best implement it into my network for better performance. I have played with it in the past but have found that not many VPN providers support IPv6. I am glad I decided to purchase the UDM Pro Max because that means I get access to all the new features and improvements. Nothing cut short here.
In Network 9; the network checkbox setting "Isolate Network" seems redundant to putting the specific network into a custom zone. Or is it just me?
Thanks for this video. There is quite a lot of new stuff in these updates.
Could you run through the packet capture feature, please? Is it only possible on the gateway ports (UDM-SE in my case) or also on any Unifi switch port?
Checkpoint: I want to know if I can isolate a single computer that bypasses these controls? Even if I have to place that computer on a different subnet - I can’t risk the false positives or overzealous controls for one device that I use and currently have isolated on its own network.
We are currently using EdgeRouter Infinity's as our firewall and site to site vpn's and then unifi for our network controllers. Hopefully over summer, we will switch to the zone based firewall and standardize to just the unifi platform.
I upgraded my UCG-Nax yesterday. I didn't think to record the numbers. But, I saw inter-vlan file transfer speed jump up quite a bit. It went from ~70 MBps to ~100, between an i9 workstation, and a Synology 1817+ NAS, both with 1gig ports, over a 2.5 gig multi-switch path.
Yes, please do all of those you mentioned.
That is a lot of improvements!
Another great video like always!
Please include iot when you do a video on the firewall upgrades.
I already have a Unifi Express and planning to purchase a Cloud Gateway Max for my home. It seems Ubiquiti is getting closer to offering firewall capabilities comparable to Fortigate.
These upgrades were needed. No granular firewall rules made me feel they were trash in the past.
Network 9 looks awesome, I just upgraded.
I dont see it called out in this video but in site to site tunnels, the update adds Policy Based routing too over those tunnels. I believe this is new.
For those of us that are very new to this or are not professional IT people could you go through the upgrade steps? I haven’t found a very good one, but I’m sure they are out there.
More info on IPv6? Yes please!
Good video,
Sure, but when will the topology start working?
well the storage reformat process on the DreamWall was horrible, automatically reboot the whole system
I’m really looking forward to seeing how the API works and what people do with it…..
A video on zone based firewall would be very much appreciated. WTF are those zones for?
IPv6 please !
personaly I like new firewall - that make my work with vlans more easy - I recomanded to swich to that new zones firewall
Interesting. UCG-Ultra auto upgraded last night, but no sign of the new zone feature. It’s a family members that’s just left tbh.
I’ll have a look more as an option over pfsense at my folks. I’m using Sophos XG, but IPsec S2S VPNs
Hope the API drives towards maybe an app store..
Its just me or the Zone Firewall is "identical" to a Sonicwall?
Using the two platforms I can agree that this Zone is a more easy approach!
Nice Ubiquiti!
Zone based firewalls are nothing new, IIRC it was introduced with Cisco ASA and is in every NGFW
Would like IPv6 video to include how to shut off all, IPv6 traffic. As far as I’m concerned, home LANs don’t need IPv6. IPv6 seems like a must for ISPs and large companies. I could very well be wrong, let me know how/why. I have res’d IPv4 IPs for 67 wifi devices, but cannot remember 67 IPv6 addresses.
without the ability to see inside the traffic via ssl inspection this is only a blacklist...and that's always lagging. it's better than nothing but without tls interception it's effectiveness is limited.
That’s some nice changes , I wish they would get some better access switches. I need at least dual hot swappable psus
Edit: looks like they have that now. Can they stack now?
For those of us that are very due to this or are not professional IT people could you go through the upgrade steps? I haven’t found a very good one, but I’m sure they are out there.
There is an “Updates” page in the “Control Plane” or the main UniFi OS page. You should probably enable automatic updates.
Also, you said something about being able to have someone help me with checking my system out. Do I just go on the website and contact you that way?
@@nmfireman yes
I need more ETHERLIGHTING. It should have its own Channel!
EdgeRouter.... no new FW. ((
BGP is an enterprise feature. Awesome, especially for Kubernetes with MetalLB. So KeepaliveD and ARP/VRRP is dead with this feature
Howdy :-)
Dark mode would be great
It already exists
@@samuelhulme8347i wish OP would have used dark mode.
they need to start bundling these machines with more ram...