Awesome video. No one is doing Unifi and HomeKit setup tutorials. I installed Unifi in my home and then ripped it out because I couldn’t get the IoT devices to communicate with HomeKit. Plus when I get home from work last thing I wanna do is screw around with all these settings 😂. Please keep up the Unifi content.
Terry I have to say I have wanted to do this for years! You made it so simple and now my HomeKit finally is safe and working! Keep up the great videos!
Great video. I have had unifi running for a few months now and had lingering questions that you answered perfectly with this video. I didn’t know about changing the ports to be IoT from trusted. I have some reconfiguration to do when I have some down time. Keep up the great video later!
Great video. Best one I have found for Unifi VLAN and HomeKit users. Do you use HomeBridge for your non HomeKit native devices? Which VLAN would you be running HomeBridge on? Any suggestions for HomeBridge users? Thanks!
Thanks for the video Terry. Just got into the UniFi ecosystem and am really impressed with everything. Just so happens that most of the content regarding anything previous to 9.0 is pretty dated, so I appreciate you providing some fast helpful content.
As I mentioned earlier, great video, and thank you! Just to clarify, for those already using zones, When creating the Guest Network, the "Guest Network" option with the checkbox won’t appear. Instead, you'll see a "Zone" dropdown right below the "Router" dropdown. From there, select "Hotspot," which serves the same purpose as checking the "Guest Network" box.
Great video as usual Terry, I currently have 10 Vlans. IoT is a big one for sure, anything that has to dial home, gets put on this netwel, I almost feel now I want to give Apple it’s own VLAN. Love the new Zone Firewall, as a none IT person has helped a lot in simplifying things. Getting ready to update all switches to 2.5 around the house, also laying down some fiber runs. Also, upgrading to FIOS 2GIG.
Great video. Just set up my U6 Mesh with an IoT VLAN but wondered whether that was secure enough. Followed your firewall rules to make things even more secure. Thank you for the timely video, especially with the new zone firewall update.
Thank you for putting this video out so quick! This was super helpful with Zones in mind, and really helped me wrap my head around creating and REORDERING policies. I have a blended HomeKit / Google Home / Home Assistant / Sonos home, and even a starling home hub to get a few google devices to show up in HK. In your video, you recommend adding in a specific port object to help move HK traffic along, but I didn't do that step. I also didn't include those specific rules… In fact, the only 3 rules that I added are: 1. Allow Trusted to IoT, 2. Established and Related IoT to Trusted, and 3. Block IoT to Trusted (in that order) … HomeKit and Sonos seem to work without lag regardless of the missing rules. Am I missing out on something?
This is good. I came here to see how to do content filtering for a kids VLAN. There used to be a "Content Filtering" in the earlier versions and looks like they moved..
Hi Terry, thanks for the tutorials! What about using Virtual Network Override when you select your IoT devices from the topology view in order to move your previously set up devices from your trusted network to the IoT network ? You wouldn't need to reset every device?
So we did things a little different, the main point was the same thing I did. The only thing I would add is if you have your trusted 2.4 and 5 WiFi separate, then block the Apple TV, HomePod MAC address from the 2.4. Most times the 2.4 will come up first (especially if you’re using a DFS channel) and the hub will join that first. Unfortunately Apple does not give an auto join selector on the hubs.
My gosh you make the information that we need so accessible and just what we need. Speaking as someone who understands the networking ideas you’re expressing, you do such an excellent job walking thru some challenging concepts simple to understand. Great Job and I now have a video to share with others who are interested in making their home network more secure and why they should do so. Thank You!😎
Hay Terry Great video. The only issue is the IoT Network and Homekit should be on different VLANS. You may not want non homekit devices to have the same policies. By default trusted network or default has access to all vlans / networks. I can say more but my recommendation is creating a homekit vlan just for homekit devices only.
Hey Terry, thanks for the video. Two quick questions. Kinda new to Unifi (about 6 months). In addition to Apple Home Kit devices, I do have Amazon/Alexa devices. I don't think I'm alone with having a mix. I did a quick search for what ports Alexa devices communicate on and came up with this: For Alexa Smart Devices to work, ports 443, 4070, 5353, and 33434 need to be open. I guess I would add those in addition to that one Apple port? And second question, are we leaving these ports open ALL the time by creating these rules or do they open and close via UPnP?
Hi Terry thank you for making this video make everything works for me bro. Tahnk again great job explaining it. I have 23 home pod and 8 apple tv need someone that have the same vision for the homekit like you. Great job love it
great manual sir. Few questions: - why you need "POLICY no2" ? You already did allow the access to the internet in the network setting. - why do you have home kit devices in the Trusted and not IoT network ? - isnt it a good idea to create a "devices" firewall zone and put there "IoT network" and "cameras network" ?
@@wannabemultitool either you are going to put the hubs in the trusted VLAN so that they are not attacked by rouge iot devices or your going to put them in their own vlan. Either way you’ll need to communicate with them. You certainly elaborate on anything I’ve done like creating new zones and other VLANs as you need/want.
Hi Thanks for this segment. You should do a full unifi setup vid. i cant seem to get my Phillips hue lights to work properly with this setup even though they are connected to the homekit app on iPhone. phillips hue hub connected to the iot network. I have a Apple TV 4k as a Home Hub for system also do my phones have to be connected to same network as my apple tv.
Not sure if you are using Home Assistant. If you are wondering if you would put that in the IoT network versus trusted where the apple devices are? BTW, great video.
Best practice is to have it not on the IoT network so you can control what is seen by the devices. You want to avoid the IoT device being able to get control of home assistant, if the IoT device becomes compromised. You then explicitly give only those ports you want the IoT device to access in the Firewall.
Just the video I was looking for. Looking into SDN for when I move into my new place with all my HomeKit devices, and I’ve seen everyone talk about VLANs. Until now I wasn’t gonna mess with that, seemed a lot of hassle and a source of problems. But this video makes all the sense I needed it to and answered all my questions, thanks! Only have to choose between Omada and Unifi. Any experience with Omada by chance and whether it works comparably? It should, but probably in slightly different way right?
I never made it to Omada, but hear good things about it. I went with all Unifi so that I knew it would work together and I wouldn't have to think about it.
Did they top the VLAN tagging from the Topology in the update? I could tag devices to VLANs. Now my leases are all blended I had one SSID and IOT was just on a different VLAN.
I been searching for a Unifi/Homekit video. Might get the UDM pro SE. Only holding out because i hope they might upgrade it as it’s been out a while. lol Dope video! 🙏🏾
Thanks for watching! Actually they don't really update, they some out with new models. The UDM SE was an upgrade from the UDM Pro and the UDM Pro Max is the upgrade from the UDM SE.
@ i was hoping for a UDM SE with a 2.5 gbe Poe + port. Seen as tho it seems like everything is going to 2.5gbe now. Wishful thinking 😂 Keep up the good work. 👍🏾
Great video, but what are the 2 Rules/Policies that say "(Return)", nothing in your video describes these 2 rules, but appear to be part of the rule set for the IoT HomeKit controls.
Would this technically work for Home Assistant as well? I followed your same steps but just used HomeAssistant instead of HomeKits ports. I also have my HomeAssistant Running on a Truenas server thats connected to my trusted network, im struggling getting HomeAssistant to see my devices automatically. I can manually add devices via IPs but it wont discover anuything. Could this be because Home Assistant is on the Truenas server thats connected to trusted and not IoT? Im hoping this helps! I will test on my lunch break.
Hey Terry Thanks for the video, I need help I'm in v9.0.108 I have a UDM Pro when I create my Vlan Guest network I dont see the option to select Guest Network can be that the version that I have they remove it?
Have you had any experiences with Nest Protect smoke detectors??? Mine have been giving me connectivity fits lately after running smoothly for over a year on an IoT vlan . Very well produced video!
Am I confused or should the port object be selected on the destination network instead of the source network? Also, I would suggest not selecting a specific network for the Block action rule but leave it for the whole Internal Zone so that any new networks within the Internal Zone created later are automatically protected from the IoT network by default
I put my AppleTV on my IoT network as it is acting as the Home Hub. I put my all of our iPhones, Apple Watches, HomePod Minis, Apple Laptops, and Apple Desktops on my Staff network (as HomePods complain whenever they are not on the same network as the iPhones). I give my Staff Network full access to my IoT network so my iPhones can control my Apple Home. The Established and Related Rule allows the IoT network devices to then reply back to any devices on the Staff network that has initiated traffic, but it does not allow the IoT devices to initiate traffic to the Staff Network. Hence the other reason the Apple Home bubs (my AppleTVs) are on my IoT network. The other IoT devices can initiate traffic to the AppleTV devices as they reside on the IoT network.
This is the perfect solution. I have the same, I put my AppleTV in IoT and HomePods in “trusted” and use the AppleTV for HomeKit controller and all IoT devices work including Hue and Sonos…
I’m done with the setup and migration of all the TP-Link Switches/Dimmers into the new IoT network, but unfortunately the majority of them go randomly into “No Response” mode, the only rules I have in my UDM firewalls are the ones from this video.
@@qbaqban what is your HomeKit hub? Randomly going no response is not a firewall issue. Firewalls allow/block traffic. This means if they were not working the switches would never work. Going no response randomly is another issue.
@@TerryLeeWhite Thanks for taking your time to help me with this, my hub should be an Ethernet wired Apple TV 4K that is located on the Trusted Network, I don’t have HomePods or any other Apple TV
Terry we need erect statues in your honor for figuring this out and explaining it in such a great way. A new subscriber to your channel now. Thanks again for your help.
Hi, may I ask what I did wrong when I configured IoT because I can't access the Internet at all. I haven't done firewall rules yet and I can't access the Internet with my IoT devices, for example Apple TV. Thank you and greetings from Austria (Europe)
For some reason my phone won’t connect to the IoT network. It will show connected in UniFi but in the WiFi settings it just sits there and spins. Any idea why?
Good video... But why wait until minute 42 to get to your most meaningful/important suggestion for those migrating from a monolithic LAN configuration.... Since it's such a PITA to migrate IOT devices to a new network, it might be much easier to create a new SECURE network and just convert the primary/default network to the IOT network! Hmmm... far easier!
***** Just curious about your position on which network to connect to based on your "trust" level, if it doesn't matter, why NOT go with the more secure option since we're making firewall rules for that very purpose? It reminds me of people saying that they don't have to lock their doors where they live, that's simply psychological. Danger doesn't know what YOU are thinking, it's all a crime of opportunity. If you have locks on your home, using them, has to be better than not right?......
@@TerryLeeWhite do you have this setup only for your IoT network or for your trusted network as well? Asking because I still find it risky to have ipv6 active in my trusted network.
Awesome video. No one is doing Unifi and HomeKit setup tutorials. I installed Unifi in my home and then ripped it out because I couldn’t get the IoT devices to communicate with HomeKit. Plus when I get home from work last thing I wanna do is screw around with all these settings 😂. Please keep up the Unifi content.
You are legendary, Terry!
@@phelpsomatic thank you! Much appreciated 🙏🏾
Terry I have to say I have wanted to do this for years! You made it so simple and now my HomeKit finally is safe and working! Keep up the great videos!
@@jcast2833 thanks! I appreciate it.
@@TerryLeeWhite Please do a video on Unifi protect cameras running on a vlan for cameras and firewall settings with the new zone!
@ I’m not really sure if that’s necessary since the Unifi NVR is already protected.
Thanks!
Thanks! I appreciate it.
Terry, PERFECT TIMING! Thank you for breaking this down into layman's term. Now I can confidently set my unifi networks being a noob
Great video. I have had unifi running for a few months now and had lingering questions that you answered perfectly with this video. I didn’t know about changing the ports to be IoT from trusted. I have some reconfiguration to do when I have some down time. Keep up the great video later!
This video came at a perfect time! I’m about to setup my very first IoT network. You have a new subscriber thanks a lot!
Thanks and welcome!
Great video. Best one I have found for Unifi VLAN and HomeKit users. Do you use HomeBridge for your non HomeKit native devices? Which VLAN would you be running HomeBridge on? Any suggestions for HomeBridge users? Thanks!
Thanks for the video Terry. Just got into the UniFi ecosystem and am really impressed with everything. Just so happens that most of the content regarding anything previous to 9.0 is pretty dated, so I appreciate you providing some fast helpful content.
While I was looking for videos on how to set this up, I faced the same issue in that most of the videos were older showing the older interfaces.
As I mentioned earlier, great video, and thank you! Just to clarify, for those already using zones, When creating the Guest Network, the "Guest Network" option with the checkbox won’t appear. Instead, you'll see a "Zone" dropdown right below the "Router" dropdown. From there, select "Hotspot," which serves the same purpose as checking the "Guest Network" box.
Great video as usual Terry, I currently have 10 Vlans. IoT is a big one for sure, anything that has to dial home, gets put on this netwel, I almost feel now I want to give Apple it’s own VLAN.
Love the new Zone Firewall, as a none IT person has helped a lot in simplifying things.
Getting ready to update all switches to 2.5 around the house, also laying down some fiber runs. Also, upgrading to FIOS 2GIG.
Sounds like what I did too. I had a couple of fiber cables run to give me a 10GB backbone to all my switches and work areas.
Awesome video, thank you so much! This was the first one I could find using 9.0 and I kept getting stuck watching older videos.
Great video. Just set up my U6 Mesh with an IoT VLAN but wondered whether that was secure enough. Followed your firewall rules to make things even more secure. Thank you for the timely video, especially with the new zone firewall update.
Congrats on your new U6! Thanks!
Thank you for putting this video out so quick! This was super helpful with Zones in mind, and really helped me wrap my head around creating and REORDERING policies.
I have a blended HomeKit / Google Home / Home Assistant / Sonos home, and even a starling home hub to get a few google devices to show up in HK. In your video, you recommend adding in a specific port object to help move HK traffic along, but I didn't do that step. I also didn't include those specific rules… In fact, the only 3 rules that I added are: 1. Allow Trusted to IoT, 2. Established and Related IoT to Trusted, and 3. Block IoT to Trusted (in that order) … HomeKit and Sonos seem to work without lag regardless of the missing rules. Am I missing out on something?
This is good. I came here to see how to do content filtering for a kids VLAN. There used to be a "Content Filtering" in the earlier versions and looks like they moved..
Hi Terry, thanks for the tutorials! What about using Virtual Network Override when you select your IoT devices from the topology view in order to move your previously set up devices from your trusted network to the IoT network ? You wouldn't need to reset every device?
Great video...thanks!
So we did things a little different, the main point was the same thing I did. The only thing I would add is if you have your trusted 2.4 and 5 WiFi separate, then block the Apple TV, HomePod MAC address from the 2.4. Most times the 2.4 will come up first (especially if you’re using a DFS channel) and the hub will join that first. Unfortunately Apple does not give an auto join selector on the hubs.
My gosh you make the information that we need so accessible and just what we need. Speaking as someone who understands the networking ideas you’re expressing, you do such an excellent job walking thru some challenging concepts simple to understand. Great Job and I now have a video to share with others who are interested in making their home network more secure and why they should do so. Thank You!😎
@@timrobertson8242 thanks! I appreciate it.
Exactly what I was looking for. Subscribed and thankful!
Thank you for your service!
Hay Terry Great video. The only issue is the IoT Network and Homekit should be on different VLANS. You may not want non homekit devices to have the same policies. By default trusted network or default has access to all vlans / networks. I can say more but my recommendation is creating a homekit vlan just for homekit devices only.
Sounds good. Thanks!
This was amazing, thank you so much!
@@jimapple7123 thanks!
Great video.
Hey Terry, thanks for the video. Two quick questions. Kinda new to Unifi (about 6 months). In addition to Apple Home Kit devices, I do have Amazon/Alexa devices. I don't think I'm alone with having a mix. I did a quick search for what ports Alexa devices communicate on and came up with this: For Alexa Smart Devices to work, ports 443, 4070, 5353, and 33434 need to be open. I guess I would add those in addition to that one Apple port? And second question, are we leaving these ports open ALL the time by creating these rules or do they open and close via UPnP?
Yes, if there are ports you want to work between VLANS, you would add them. It's my understanding that they open and close as needed.
Your video is very useful, thank you!
Thanks! Glad I could help.
Hi Terry thank you for making this video make everything works for me bro. Tahnk again great job explaining it. I have 23 home pod and 8 apple tv need someone that have the same vision for the homekit like you. Great job love it
Thanks! That's a lot of HomePods. LOL
Great videos and very clear to understand the procedures and instructions...thank you!!
Thanks!
great manual sir. Few questions:
- why you need "POLICY no2" ? You already did allow the access to the internet in the network setting.
- why do you have home kit devices in the Trusted and not IoT network ?
- isnt it a good idea to create a "devices" firewall zone and put there "IoT network" and "cameras network" ?
@@wannabemultitool either you are going to put the hubs in the trusted VLAN so that they are not attacked by rouge iot devices or your going to put them in their own vlan. Either way you’ll need to communicate with them. You certainly elaborate on anything I’ve done like creating new zones and other VLANs as you need/want.
Hi Thanks for this segment. You should do a full unifi setup vid. i cant seem to get my Phillips hue lights to work properly with this setup even though they are connected to the homekit app on iPhone. phillips hue hub connected to the iot network. I have a Apple TV 4k as a Home Hub for system also do my phones have to be connected to same network as my apple tv.
@@furioust99 I would put the Apple TV, Hue Hub and phones on the trusted network. I remember Hue was fussy about IGMP being on.
@@TerryLeeWhite thanks will try this
Not sure if you are using Home Assistant. If you are wondering if you would put that in the IoT network versus trusted where the apple devices are? BTW, great video.
I do. I still have it on the trusted network for now.
Best practice is to have it not on the IoT network so you can control what is seen by the devices. You want to avoid the IoT device being able to get control of home assistant, if the IoT device becomes compromised. You then explicitly give only those ports you want the IoT device to access in the Firewall.
@ good advice.
Awesome video
@@JairusJ 🙏🏾 I appreciate it!
Tk U, thinking very hard about going back to Unifi
Just the video I was looking for. Looking into SDN for when I move into my new place with all my HomeKit devices, and I’ve seen everyone talk about VLANs. Until now I wasn’t gonna mess with that, seemed a lot of hassle and a source of problems. But this video makes all the sense I needed it to and answered all my questions, thanks! Only have to choose between Omada and Unifi. Any experience with Omada by chance and whether it works comparably? It should, but probably in slightly different way right?
I never made it to Omada, but hear good things about it. I went with all Unifi so that I knew it would work together and I wouldn't have to think about it.
Did they top the VLAN tagging from the Topology in the update? I could tag devices to VLANs. Now my leases are all blended I had one SSID and IOT was just on a different VLAN.
Good stuff and well said - Firewire aside. I do the same thing to with various tech terms.
I keep saying Firewire instead of Firewall all the time. I spent years talking about Firewire. So I guess it's muscle memory.
I been searching for a Unifi/Homekit video.
Might get the UDM pro SE. Only holding out because i hope they might upgrade it as it’s been out a while. lol
Dope video! 🙏🏾
Thanks for watching! Actually they don't really update, they some out with new models. The UDM SE was an upgrade from the UDM Pro and the UDM Pro Max is the upgrade from the UDM SE.
@ i was hoping for a UDM SE with a 2.5 gbe Poe + port. Seen as tho it seems like everything is going to 2.5gbe now.
Wishful thinking 😂
Keep up the good work. 👍🏾
Great video, but what are the 2 Rules/Policies that say "(Return)", nothing in your video describes these 2 rules, but appear to be part of the rule set for the IoT HomeKit controls.
Those are automatically created when you choose "allow return traffic" for any rule. This enables two way communication.
Would this technically work for Home Assistant as well? I followed your same steps but just used HomeAssistant instead of HomeKits ports. I also have my HomeAssistant Running on a Truenas server thats connected to my trusted network, im struggling getting HomeAssistant to see my devices automatically. I can manually add devices via IPs but it wont discover anuything. Could this be because Home Assistant is on the Truenas server thats connected to trusted and not IoT? Im hoping this helps! I will test on my lunch break.
Hey Terry Thanks for the video, I need help I'm in v9.0.108 I have a UDM Pro when I create my Vlan Guest network I dont see the option to select Guest Network can be that the version that I have they remove it?
Have you had any experiences with Nest Protect smoke detectors??? Mine have been giving me connectivity fits lately after running smoothly for over a year on an IoT vlan .
Very well produced video!
Thanks, no I've never used those detectors.
Am I confused or should the port object be selected on the destination network instead of the source network? Also, I would suggest not selecting a specific network for the Block action rule but leave it for the whole Internal Zone so that any new networks within the Internal Zone created later are automatically protected from the IoT network by default
I put my AppleTV on my IoT network as it is acting as the Home Hub. I put my all of our iPhones, Apple Watches, HomePod Minis, Apple Laptops, and Apple Desktops on my Staff network (as HomePods complain whenever they are not on the same network as the iPhones). I give my Staff Network full access to my IoT network so my iPhones can control my Apple Home. The Established and Related Rule allows the IoT network devices to then reply back to any devices on the Staff network that has initiated traffic, but it does not allow the IoT devices to initiate traffic to the Staff Network. Hence the other reason the Apple Home bubs (my AppleTVs) are on my IoT network. The other IoT devices can initiate traffic to the AppleTV devices as they reside on the IoT network.
@@Polkster13 great strategy
This is the perfect solution. I have the same, I put my AppleTV in IoT and HomePods in “trusted” and use the AppleTV for HomeKit controller and all IoT devices work including Hue and Sonos…
I’m done with the setup and migration of all the TP-Link Switches/Dimmers into the new IoT network, but unfortunately the majority of them go randomly into “No Response” mode, the only rules I have in my UDM firewalls are the ones from this video.
@@qbaqban what is your HomeKit hub? Randomly going no response is not a firewall issue. Firewalls allow/block traffic. This means if they were not working the switches would never work. Going no response randomly is another issue.
@@TerryLeeWhite Thanks for taking your time to help me with this, my hub should be an Ethernet wired Apple TV 4K that is located on the Trusted Network, I don’t have HomePods or any other Apple TV
Terry we need erect statues in your honor for figuring this out and explaining it in such a great way. A new subscriber to your channel now. Thanks again for your help.
@@shaneben thank you! Appreciate it.
Hi, may I ask what I did wrong when I configured IoT because I can't access the Internet at all. I haven't done firewall rules yet and I can't access the Internet with my IoT devices, for example Apple TV. Thank you and greetings from Austria (Europe)
@@danmaier2077 sounds like your IoT VLAN doesn’t have a firewall rule in place that allows it to access the internet.
@ Ooo, OK. Can I configure it like in your video?? I'm not that familiar with the firewall rules yet.
Thank you for your quick reply!
What’s your Leaderboard name?
@terryleewhite everywhere
@@TerryLeeWhite just added you! Love your channel especially as I start to dive into the Unifi rabbit whole!
For some reason my phone won’t connect to the IoT network. It will show connected in UniFi but in the WiFi settings it just sits there and spins. Any idea why?
Good video... But why wait until minute 42 to get to your most meaningful/important suggestion for those migrating from a monolithic LAN configuration.... Since it's such a PITA to migrate IOT devices to a new network, it might be much easier to create a new SECURE network and just convert the primary/default network to the IOT network! Hmmm... far easier!
***** Just curious about your position on which network to connect to based on your "trust" level, if it doesn't matter, why NOT go with the more secure option since we're making firewall rules for that very purpose? It reminds me of people saying that they don't have to lock their doors where they live, that's simply psychological. Danger doesn't know what YOU are thinking, it's all a crime of opportunity. If you have locks on your home, using them, has to be better than not right?......
I'm not opposed to putthing everything behind protected VLANS, it's just that it will take more testing. Thanks for the reminder though.
@@TerryLeeWhite Thanks for the reply. I'm new to unifi and my fear is not knowing that I've left a vulnerabilty in my network.
Do you have Thread/Matter devices on your network? How do you configure Unifi to support these?
@@SanGioSports I do. Turn on IGMP and IPv6 if your ISP supports it.
@@TerryLeeWhite do you have this setup only for your IoT network or for your trusted network as well? Asking because I still find it risky to have ipv6 active in my trusted network.
@@SanGioSports I don't have it on and my matter devices work fine.
It has to talk to its controller or smart home hub and if not you have a dumb home. Duh it has to talk to your smart device.