50:28 if you use vlans for example iot, then just set also to 'block all' in tagged vlan. Because when someone clone the mac address of any device of default network it can be accessed by this port as you did not block other traffic -security risk
38:52 the Wifi Schedule is for times you want to PAUSE the WiFi, not enable it. Your example basically stops the guest wifi from working during business hours 7am to 6pm.
@@ApexOneTech i think that's how it worked with the classic interface (select the times you want it to be active) but for some reason they changed it for the new interface.
The very first thing I always do after creating my VLANs is to block traffic between VLANs: by default, Unifi Network allows traffic to pass between VLANs (except for Guest VLAN) which is imho very dangerous from a security perspective.
I'm using Apple's Freeform app. Unfortunately, it's only available on Apple devices as of now. If you know a better app, let me know. Everything else so far has been worse to use.
Hi. It is a very useful instruction. But could you film an instruction further regarding VLAN - Security (surveillance cameras, sensors...) with setting the rules for the firewall, for this network to be secured?
I would if this was from scratch. But since it's just an upgrade, their modem is fine and even has a 2.5 port. They're not even anywhere close to capacity so not need to change that.
I’m not sure if you mentioned or if i missed it, you didn’t talk about inter-VLAN routing, is it enabled by default or do you have to enable it manually.
Great Video... I never considered 10.1.*.* for the networks. Way easier to manage. Can you change them all after inittially setting them up and if so do you re configure all together in one go or do them one by one ?
Change your gateway IP address scheme. Your devices attached to the network will automatically get the new 10.1** range within 24 hours or you can also power cycle devices.
what should I do if I want a vLan for example "The main network" to enter the "Security" Vlan but the "Security" vLan cannot enter "The main network" Vlan
Very useful thank you ! It would be interesting to see how to deploy a hotspot with SSL, as I don't find any complete, up-to-date documentation on the matter (I tried with a Unifi Express)
@10:30 UBNT are pricks for removing manual adoption. Go to Legacy Interface and you can manually adopt devices. Your deployment here is easy, when you get to a site where you have hundreds of WAP's installed along with switching and need to do this bullsh!#, yeah, another reason UBNT gets pulled out of sites. @15:35 rename default in Legacy Interface. Turn off mDNS unless needed, UniFi known to struggle with lots mDNS traffic. DHCP Guarding also wise. @23:25 UniFi Protect cameras on to the UDM are forced to stay on the DEFAULT VLAN, can not seperate. This is one of the reasons the UDM's are for small offices only, not bigger setups. @27:30 Be careful, this feature (Guest Network) either forces Captive portal despite it being off and also blocks internet access, welcome to UniFi bugs and half-baked firmwares. @33:35 NO, default settings are NOT fine. Turn of band steering, it is extemely well known for connectivity issues. Multicast and Broadcast control highly advised on busy networks.
Takes for your input. Trying to keep it simple and not go into work arounds. I haven't yet ran into the issues you mention but I also haven't configured such large sites: maybe it's a matter of time for me lol or they've patched it in an update.
15:31 timestamp, I updated the name from "default" to "Management." First, I navigated to Settings (gear icon) > System > Advanced > Interface and switched to "Legacy." In the Legacy UI, I went to "Networks," edited the default name to "Management," and saved the changes. Then, I returned to the new user interface by selecting User Interface > New User Interface.
Always a tradeoff for every device. U6 Pro is "better" but it comes at a cost. You can always have the "best" setup with buying the most advanced gear. The trick is to pick the correct devices with some overhead so that it doesn't cost more than it should.
Freeform. I try to stay in one suite for work (Microsoft) but their Whiteboard app is difficult to use. Freeform works much nicer. Apple really needs a better way to share Freeform pages though.
Might want consider the UCG-Max instead that was released after I made this video: ua-cam.com/video/e7VWdddMamw/v-deo.html
50:28 if you use vlans for example iot, then just set also to 'block all' in tagged vlan. Because when someone clone the mac address of any device of default network it can be accessed by this port as you did not block other traffic -security risk
Good call. That is a security risk a lot of people miss.
38:52 the Wifi Schedule is for times you want to PAUSE the WiFi, not enable it. Your example basically stops the guest wifi from working during business hours 7am to 6pm.
ah yeah, thanks for the correction! It would want it to work the way I showed it lol seems more intuitive.
@@ApexOneTech i think that's how it worked with the classic interface (select the times you want it to be active) but for some reason they changed it for the new interface.
Any reason you're not using Private Pre-Shared Keys seeing as though you're not using the 6GHz band?
The very first thing I always do after creating my VLANs is to block traffic between VLANs: by default, Unifi Network allows traffic to pass between VLANs (except for Guest VLAN) which is imho very dangerous from a security perspective.
Excellent video. Really helpful
Thank you!
Hie, thanks for this informative video.
Keep it up
what network design tool are you using?
I'm using Apple's Freeform app. Unfortunately, it's only available on Apple devices as of now. If you know a better app, let me know. Everything else so far has been worse to use.
Hi Bogdan, thank you for sharing your knowledge. Thanks to you, my network is now working great.
Awesome! That's my goal!
Hi. It is a very useful instruction.
But could you film an instruction further regarding VLAN - Security (surveillance cameras, sensors...) with setting the rules for the firewall, for this network to be secured?
Yes, I need to do that. In the meantime, @ethernetBlueprint has good video ua-cam.com/video/B_0dXLNCGp8/v-deo.html
Was there a reason you didn't use the Ubiquiti Cable Modem?
I would if this was from scratch. But since it's just an upgrade, their modem is fine and even has a 2.5 port. They're not even anywhere close to capacity so not need to change that.
Would you be able to share the network devices and IP schemas?
By far, the most comprehensive and easiest (All-in-one) setup guide I ever seen. Good job, liked and subbed! 👏
I’m not sure if you mentioned or if i missed it, you didn’t talk about inter-VLAN routing, is it enabled by default or do you have to enable it manually.
It is enabled by default. You would have to create traffic firewall rules to block inter VLAN communication. I didn’t go into that in this one.
Great Video... I never considered 10.1.*.* for the networks. Way easier to manage. Can you change them all after inittially setting them up and if so do you re configure all together in one go or do them one by one ?
Change your gateway IP address scheme. Your devices attached to the network will automatically get the new 10.1** range within 24 hours or you can also power cycle devices.
@@ApexOneTech I meant to say all my VLANS :)
what should I do if I want a vLan for example "The main network" to enter the "Security" Vlan but the "Security" vLan cannot enter "The main network" Vlan
can you do a video where you use a windows server as the AD, DHCP, DNS and still use the UDMSE as your core network.
Very useful thank you ! It would be interesting to see how to deploy a hotspot with SSL, as I don't find any complete, up-to-date documentation on the matter (I tried with a Unifi Express)
@10:30 UBNT are pricks for removing manual adoption. Go to Legacy Interface and you can manually adopt devices. Your deployment here is easy, when you get to a site where you have hundreds of WAP's installed along with switching and need to do this bullsh!#, yeah, another reason UBNT gets pulled out of sites.
@15:35 rename default in Legacy Interface. Turn off mDNS unless needed, UniFi known to struggle with lots mDNS traffic. DHCP Guarding also wise.
@23:25 UniFi Protect cameras on to the UDM are forced to stay on the DEFAULT VLAN, can not seperate. This is one of the reasons the UDM's are for small offices only, not bigger setups.
@27:30 Be careful, this feature (Guest Network) either forces Captive portal despite it being off and also blocks internet access, welcome to UniFi bugs and half-baked firmwares.
@33:35 NO, default settings are NOT fine. Turn of band steering, it is extemely well known for connectivity issues. Multicast and Broadcast control highly advised on busy networks.
Takes for your input. Trying to keep it simple and not go into work arounds. I haven't yet ran into the issues you mention but I also haven't configured such large sites: maybe it's a matter of time for me lol or they've patched it in an update.
Awesome Video!
15:31 timestamp, I updated the name from "default" to "Management." First, I navigated to Settings (gear icon) > System > Advanced > Interface and switched to "Legacy." In the Legacy UI, I went to "Networks," edited the default name to "Management," and saved the changes. Then, I returned to the new user interface by selecting User Interface > New User Interface.
Totally right! you can do that... I just wanted to keep it simple and in the latest interface.
I'm very interested in what the VoIP profile was. Didn't see in the video. Great Video!!!
Thanks! Video was getting so long that I cut it out. I'm planning to release a separate video on it.
By blocking printers from the internet they will not receive any firmware updates
Correct. As it should be. I hate printers lol. Can always pause the rule once a year to check for an update.
How do you ensure the sound effects match the visuals so well?
I don't know lol. My editor does a good job!
Awesome video. Would love to see a followup on the advanced firewall setup tips.
Noted!
Many thanks! You let me understand a lot of things that before was not so clear.
Glad it was helpful!
Is the AP u6-plus better than the u6-pro?
Always a tradeoff for every device. U6 Pro is "better" but it comes at a cost. You can always have the "best" setup with buying the most advanced gear. The trick is to pick the correct devices with some overhead so that it doesn't cost more than it should.
what ios program you use to make those diagrams?
Freeform. I try to stay in one suite for work (Microsoft) but their Whiteboard app is difficult to use. Freeform works much nicer. Apple really needs a better way to share Freeform pages though.
@@ApexOneTech Enjoyed your video! Thanks!