Multi-site management is in the site manager page. I under stand why they are doing it like this. The UDM is meant to manage that site alone and other sites will get there own gateway that connects to the site manager.
OSPF is currently half-baked (and you can’t run it on the same interface used for WAN!) so seeing how complex BGP can get I would have thought there first try will be quite lackluster but time will tell…
Could you go into detail of how you set up dns for your domain dns? Currently have everything going to the DC dns but would like to see what you’re doing.
I use all Unifi networking gear, but when it comes to firewall rules, I don't understand how to use them for my home use, so I just leave them out. I'm still pushing to learn all of this, so when the time comes for me to understand it, I will. Why would you want to have a local DNS? I want to use SNMP, but I don't know how.
For home use, local DNS can just be something "nice to have" especially, if you like to host your own services. For example, if you have a NAS on your network you can setup a local DNS entry for files.myhouse.local so you don't have to type in the IP address every time. Just makes things a bit cleaner, but isn't "necessary" for most people. In a more business-type environment, local DNS becomes much more important when you start dealing with Active Directory and other services. Local DNS is almost expected at a certain point. SNMP can be.... confusing, but once you've set it up a few times you pretty much understand it.
Not that I'm aware of. I've only seen the workaround for this issue by reducing the MSS, but I don't run Surfshark VPN so I can't say one way or the other.
@ i have a support ticket open at the moment but tried the ea firmware today…no go. tried the mss trick via ssh as well. doesn’t fix it for me. sad times as i just started a 2 yr contract with surfshark 😂
Supports BGP to what extent? Can you setup AS path prepend? There is a LARGE amount of configuration associated with BGP. There is a massive amount of adjustments that can be made to influence the path selection of BGP. Also can this take a full v4 AND v6 routing table? or only accept a default / filtered table.
Thought I'd chime in here and say I'd be very surprised if it can support the full routing tables... I've yet to see a "firewall" that can and still work "well".
@@ToastyAnswers mainly enterprise kit in my experience. Palo Alto’s and fortigates depending on SKU can take a full table. But again separation of duties is important and should be kept in mind. All firewalls are routers to an extent but that doesn’t mean they should be acting as your primary router.
I really hope we can fix firewall rule management, the current way is just awful
9.0?
I’d love to see a vid on traffic rules, profiles and firewall rules.
Multi-site management is in the site manager page. I under stand why they are doing it like this. The UDM is meant to manage that site alone and other sites will get there own gateway that connects to the site manager.
Release the directors cut!! :).. All jokes aside I am interested on your thoughts on the FW rules.
I have a lot of thoughts on the FW rules... lol
I've moved my rant into a new video that's basically going to just cover Firewall Rules in General.
OSPF is currently half-baked (and you can’t run it on the same interface used for WAN!) so seeing how complex BGP can get I would have thought there first try will be quite lackluster but time will tell…
Curious about revisiting this after the latest update with firewall zones and multi-site management.
Definitely on my list. I got unreasonably excited when I saw Zone-based firewall as an option to enable.
I've been able to see my OSPF neighbors just fine. Even before 8.6.9
Where are you finding that information?
Could you go into detail of how you set up dns for your domain dns? Currently have everything going to the DC dns but would like to see what you’re doing.
I've added that to my list of planned videos.
I use all Unifi networking gear, but when it comes to firewall rules, I don't understand how to use them for my home use, so I just leave them out. I'm still pushing to learn all of this, so when the time comes for me to understand it, I will.
Why would you want to have a local DNS?
I want to use SNMP, but I don't know how.
For home use, local DNS can just be something "nice to have" especially, if you like to host your own services. For example, if you have a NAS on your network you can setup a local DNS entry for files.myhouse.local so you don't have to type in the IP address every time. Just makes things a bit cleaner, but isn't "necessary" for most people.
In a more business-type environment, local DNS becomes much more important when you start dealing with Active Directory and other services. Local DNS is almost expected at a certain point.
SNMP can be.... confusing, but once you've set it up a few times you pretty much understand it.
Follow up for UniFi Network 9.0?
Coming Soon.
have they fixed the issue where Surfshark wireguard doesn’t work with Unifi?
Not that I'm aware of. I've only seen the workaround for this issue by reducing the MSS, but I don't run Surfshark VPN so I can't say one way or the other.
@ i have a support ticket open at the moment but tried the ea firmware today…no go. tried the mss trick via ssh as well. doesn’t fix it for me. sad times as i just started a 2 yr contract with surfshark 😂
Guarani
Supports BGP now though.
Supports BGP to what extent? Can you setup AS path prepend? There is a LARGE amount of configuration associated with BGP. There is a massive amount of adjustments that can be made to influence the path selection of BGP.
Also can this take a full v4 AND v6 routing table? or only accept a default / filtered table.
Thought I'd chime in here and say I'd be very surprised if it can support the full routing tables... I've yet to see a "firewall" that can and still work "well".
@@ToastyAnswers mainly enterprise kit in my experience. Palo Alto’s and fortigates depending on SKU can take a full table. But again separation of duties is important and should be kept in mind. All firewalls are routers to an extent but that doesn’t mean they should be acting as your primary router.
mDNS. Still a mess.