Would love to see Site Magic deep dive. Especially locking down access to specific parts of another Unifi network - or even routing specific devices only through it if possible.
Just an old tech addict getting crazy with my home. I recently added the UDM-SE. I started using Ubiquiti APs about 8 years ago .. now getting crazy and learning. Thanks for these great videos.
I really enjoyed this walkthrough, I'd like to see more videos going in-depth on specific use-cases, such as secure ways to setup VPN server and allow my smart phone to remotely access Protect cameras via the app. Something like that. Is there already such a video?
Awesome, thanks for the information. I'm currently building the Ethernet and wireless network at my 5 acre property; watching your videos has been instrumental in learning how to configure things properly. Keep it up!
Love your videos man. Glad that you are going over VPN. I’ve been doing some VPN set up in the last year and an overview would be fantastic. Keep up the great work!
Your videos are so awesome. Very well presented, very easy to follow. You explain things in layman's terms, too, so a newbie like me can understand and follow.
I'd be interested to know if "Site Magic" is totally within your control or if you are entrusting UniFi Cloud, a bit like in a typical ZeroTier setup where you generally still entrust their servers for adding nodes to the network etc.
Late to the party, but this was one of the most informative & useful content-per-minute videos I’ve watched in a while. Subscription earned for sure! Also loved the router stand & looking for it online. Thanks!
"So remember, the Site-to-Site VPN functionality that's in a specific UniFi network controller is for connecting a Site-to-Site VPN with different types of equipment on each site. Site Magic is for connecting two different sites that are both UniFi gateways." Probably misspoke, but site-to-site VPN also works with two UniFi controllers. I have had this running for about a year or more.
I have seen a few videos which focus on the LAN IN rules to manage inter-vlan traffic ... my question is ... should you use LAN OUT rules too? I'd love to see a video which talks about typical use cases for LAN-IN, LAN-LOCAL, LAN-OUT, etc.
Question on the firewall rules for Teleport VPN. Current when I use Teleport VPN on my iPhone and it can ping device on any vlan. I have the rule the block traffic between vlan. Above this rule I have rule for allow established and related and allow default lan to anywhere (setup following one of your guides). I have to pause both of these rules to stop pings from the Teleport VPN device. Any idea why?
Thank you! I love your videos, since a few years ago I've been playing a lot with networking as I find this topic fascinating. I used to have a pfSense box in which I created a few VLANs to split my devices using different VPNs and a direct connection to the Internet. Now I replaced my pfSense for an Ubiquiti Dream Router, and I'm working towards getting everything set up again, including my VPN, so a tutorial about the topic would be great!!
Please do make a video on how to connect multiple sites using Site Manager, and in that video, please cover how a device at one site can talk to devices at the other site. I'm expecting that they will not be able to see each other without doing something. (Would you need to set different IP address ranges for each site to avoid having duplicates?)
Awesome content. Can you do a video showing the setup on udm for an iptv please? IPTV works on the UDM but some specific movies/series do not. When UDM is bypassed these then work. This is some sort of setting which I am not aware of.
Would definitely be interested in a video on UNIFI Site Magic VPN setup as I could be very useful for certain electronic security / access control network scenarios. Thank you
I like those improvements in the latest Unifi Controller , but still no solutions for multiples UDMs behind NAT , so I did a multi-sites VPN using wireguard on all my UDMs with DynDNS pointing on each one of them and setup the VPN through CLI and it works great , I just need to run a simple "wg quick down wg0 && sleep 20 && wq quick up wg0" every 3-4 days .If I don't do it the transfer rate between sites drop to 1 Mbps .I don't know why.
I had a similar situation and problems. I wound up using Raspi4's at each site to do the tunnels and they've been 100% rock solid. By the time Unifi puts WG client support into the network app these UDM's will be dead and buried.
Great video, but I have 3 sites using Site Magic. Is there anything more I need to do on the Firewall Rules/Policies in order for me to map a shared folder across Site Magic to other PCs at other locations?
Any chance you can do a video about the Auto IPSec VTI? I'm not sure if this is deprecated but my USG Pro 4 are still showing it but my UXG does not. It would be nice to know exactly how it works... we have about 25 sites but we do manual IPSec for site to site because the Auto VTI seems to screw up routing when you have more than 2 sites.
Hi, I have a a question: is teleport VPN working over double NAT? My telco provider modem does not allow my UDM Pro to have public IP (modem has the public IP)?
which type of VPN would you recommend for controlling home assistant from the internet? i tried the duckdns method but that stopped working last week :-(
Thank you Chris for your excellent tutorial on VPN’s. Question, can I setup a site to site between my UDM and an AT&T DSL modem router that has a static ip?
Thanks for the brilliant tutorial. After you download the wireguard config file, how do you use it with windows operating system - didn't see how you implemented.
I don't understand, this rule doesn't work for me, I already have it blocking traffic between subnets, but it doesn't block VPN traffic to any subnet. I was only able to make it work by applying the rule to lan out
I was going to ask this same question. I've always had to put a special rule in Lan Out to block teleport or now wireguard. I wonder if it had to do with the way he was connected to the VPN. (Cellular or another VLAN)
I as well have the same problem I have to use the LAN Out and not the LAN In. I think the LAN In worked for him because he was on another network in his house (LAN IP) and not come from a WAN IP.
Exactly the same here and I just found out by a comment above here, that this is because of the 'Accept Established & Related' rule that most of us have as first Lan In rule. I paused it and pings from Teleport to other VLAN`s started dropping as they should ! Now I don`t have the solution yet, but at least know where to start looking. I think the Established and Related rule needs to narrowed down somehow. I have it from source LAN group (all my VLAN`s) -> target Any
So I have iptv and I need to set up a VPN for it so what would be the best to use or can I configure it on my UniFi network with my UniFi USG? Thank you.
Could setting up VPN help a friend of mine run his Unifi Voice (UDMPro) even though his ISP uses CGNAT? I've not been able to help him get anything working.
I would love to see a site magic video. I have 3 sites, 1 dream router and 2 UDM pros, all of which have cameras. It would be awesome if this could be used to create some redundancy between video storage across sites.
A follow up question on VPNs. Is it possible to configure an in-bound VPN connection on a Dream Machine SE where the primary WAN is a Starlink connection? ADSL connectivity is also available, so I can have that connected to WAN2 if in-bound through Starlink isn't possible. The remote clients in this case would be Windows PCs, not mobile devices.
Hi. Thanks for the video. I do not see Wireguard, Teleport or Open VPN as choices. I have the name network version. For VPN, I only get L2TP and PPTP. Is there something I'm missing?
Have there been issues with Wireguard clients dropping or connecting? I am always resetting the l2tp and ipsec manually from the command line, and constant microsoft updates that break everything drives me crazy!
I have been hesitant to adopt the UniFi router into my network simply because I see the rules as being a bit clunky right now. I am a die hard pfsense fan. I own a UDMSE but it is still in the box currently.
Have a problem with WireGuard on iOS. iPhone 15 v17.6.1. WG config file works on Windows and can access local resources and internet. When same config file is loaded onto iPhone’ WG app- it connects but cannot ping anything on the network nor can access the internet. Created the firewall rules as described in the video. Also tried importing config via the QR code- same problem I read on forums that many are experiencing same issues. Wonder if you can make a video on how to setup WireGuard on iOS and test it?
double nat is often a problem here in germany. many internet providers still dont know they have to open there services to my router i want to use. please make a extra video. would be helpful
Im really dumb on this topic so I apologize. But if you set lets say one device in its own VLAN would you need to do firewall rules since its not connecting with anyone?
I have just managed to connect from my Raspberry Pi (Ubuntu) Workstation. I'm guessing that WireGuard on the UDM creates all four certificates (Public & Private for the UDM; Public & Private for the "Client"). Then, puts its own Public Key and the "Client's" Private Key into the Configuration File? If so, does it then discard the "Clients' Private Key?
Thanks for the video. I setup openvpn on a Pi years ago because the VPN options on USG was un usable. Now have a UDM and have not looked into these options until now. I am playing with Wireguard, and am unclear how to utilize dynamic DNS. Is that an option? I'm using a dynamic DNS account so that when my WAN ip address changes I do not have to update every device's open VPN config.
Great video! Also, it seems that using Wireguard and OpenVPN will skip the LAN IN, probably because they are not defined as Unifi-networks but instead are entering "on the side", so you must use LAN OUT in order to block access to other networks but I can't stop VPN-users from accessing non-VPN-GW. Also, as VPN-users come in on a "non-unifi-defined" network so they can't be assigned a VLAN and hence not be set a bandwith limit either.
And for some reason, Wireguard-traffic is going via Management-lan (non-VLAN one) i.e. via another network. It doesn't reach the LAN OUT-rule to block inter-RFC1918-traffic. LAN LOCAL-rule to block non-VPN-GW works either..
Regarding create 1 rule for each direction, since I guess the firewall is Statefull, I beleive there's no need, if you only want to do the ping from the phone to the Network 2. If you do not need to ping from Network 2 to the Phone, there's no need to create the oposite rule.
I am still getting to grips with all this VPN stuff... So al present I have a VPN service on my iPhone which means I can browse the web privately but my Smart TV has no VPN. Would option 3, Private Internet Access be the type of service I need? I am currently using Proto VPN could this run on my Dream Machine?
I know its abit of topic can please make an guide on SIP especially how to read packet captures 😅 there is no clear tutorial for it would greatly help some of just starting out in voip
If there are traffic routes configure for certain vlan/devices via a VPN Client. What would happen when that VPN Client disconnects? Can you have two VPN Client connection up at the same time? Tried it, one connected and the other one just "connecting".
Wireguard shows me the internal IP of the UniFi gateway 'cause its behind NAT. The client trys to connect to the 192er IP from the outside. How i have to configure the ISP router or wireguard so the connection is possible ?
Is blocking VLAN to VLAN traffic better using the Traffic Rules or Firewall Rules? I've been using Traffic Rules for my last few UDM setup and seems to work, and it is easier to set up. Anyone know of any issued with that?
Would love to see Site Magic deep dive. Especially locking down access to specific parts of another Unifi network - or even routing specific devices only through it if possible.
If like to specifically see how we can have one device at one site be routed through and out to the internet at a different site using Site Magic.
Just an old tech addict getting crazy with my home. I recently added the UDM-SE. I started using Ubiquiti APs about 8 years ago .. now getting crazy and learning. Thanks for these great videos.
I really enjoyed this walkthrough, I'd like to see more videos going in-depth on specific use-cases, such as secure ways to setup VPN server and allow my smart phone to remotely access Protect cameras via the app. Something like that. Is there already such a video?
Awesome, thanks for the information. I'm currently building the Ethernet and wireless network at my 5 acre property; watching your videos has been instrumental in learning how to configure things properly. Keep it up!
Love your videos man. Glad that you are going over VPN. I’ve been doing some VPN set up in the last year and an overview would be fantastic.
Keep up the great work!
R2-D2 UDR STAND!!!!!! SHUT UP AND TAKE MY MONEY!!!!!
Yes, would love the Site Magic video!
Your videos are so awesome. Very well presented, very easy to follow. You explain things in layman's terms, too, so a newbie like me can understand and follow.
A site magic video on how to make multiple locations all appear to be one location, for services like Netflix, would be amazing.
I'd be interested to know if "Site Magic" is totally within your control or if you are entrusting UniFi Cloud, a bit like in a typical ZeroTier setup where you generally still entrust their servers for adding nodes to the network etc.
Thanks for this video! I went through my settings and saw I didn't have the same options as you and realized my Unifi dream machine wasn't updating!
This was excellent. Thank you! I certainly hope you will do the site magic version too!
Yes, please do some Site Magic videos! Thanks!
What Chris forgot to mention is not all the VPN options are available on a USG
Which work on the Edge Router?
Yep, I only have VPN Server & Site-to-Site options for USG Pro-4.
Late to the party, but this was one of the most informative & useful content-per-minute videos I’ve watched in a while. Subscription earned for sure! Also loved the router stand & looking for it online. Thanks!
"So remember, the Site-to-Site VPN functionality that's in a specific UniFi network controller is for connecting a Site-to-Site VPN with different types of equipment on each site. Site Magic is for connecting two different sites that are both UniFi gateways."
Probably misspoke, but site-to-site VPN also works with two UniFi controllers. I have had this running for about a year or more.
I have seen a few videos which focus on the LAN IN rules to manage inter-vlan traffic ... my question is ... should you use LAN OUT rules too? I'd love to see a video which talks about typical use cases for LAN-IN, LAN-LOCAL, LAN-OUT, etc.
Nice walkthrough. I like the cadence of your tutorials.
Yes please on a site magic video. I have a UDM-PRO at home and planning on getting a SE at my business. Controlling it from home would be ideal.
This video emphasizes the importance of online security. How does VPNHouse ensure user data protection?
VPNHouse uses strong encryption methods and doesn't keep logs. Plus, their open-source nature allows for community vetting.
That's reassuring. How's the setup process?
Quite straightforward. VPNHouse provides clear instructions, and the setup is quick
Question on the firewall rules for Teleport VPN. Current when I use Teleport VPN on my iPhone and it can ping device on any vlan. I have the rule the block traffic between vlan. Above this rule I have rule for allow established and related and allow default lan to anywhere (setup following one of your guides). I have to pause both of these rules to stop pings from the Teleport VPN device. Any idea why?
Thank you! I love your videos, since a few years ago I've been playing a lot with networking as I find this topic fascinating. I used to have a pfSense box in which I created a few VLANs to split my devices using different VPNs and a direct connection to the Internet. Now I replaced my pfSense for an Ubiquiti Dream Router, and I'm working towards getting everything set up again, including my VPN, so a tutorial about the topic would be great!!
i know i am very late here, but did you know that you can click that image and make it larger so it can actually be scanned a lot easier :)
Teleport should have a pc client app.
I'm just seeing the Starwars stand for the DreamMachine... Any chance you would share a link for where it came from? :)
You can click on the QR Code and than its display larger.
Good tip - I'll have to try that! It's pretty useless when it's so tiny.
I was looking for this comment, i was setting up my VPN today and had that issue and then realized you could click on it 🤦♂
Do you have to turn on port boarding for the native VPN servers? i.e. you have to go to Port forwarding and turn on 51820 to the UDM server IP.
Please do make a video on how to connect multiple sites using Site Manager, and in that video, please cover how a device at one site can talk to devices at the other site. I'm expecting that they will not be able to see each other without doing something. (Would you need to set different IP address ranges for each site to avoid having duplicates?)
Awesome content. Can you do a video showing the setup on udm for an iptv please? IPTV works on the UDM but some specific movies/series do not. When UDM is bypassed these then work. This is some sort of setting which I am not aware of.
I'd be very interested in Site Magic. Great video as always. Thanks
Please do a vide on Site Magic :)
Thanks for a very good video on Unifi VPN!
Great walkthrough, many thanks!
I assume this update will cover wire guard config since I believe they somewhat recently added that as an option in the VPN server config.
You assume correctly.
@@CrosstalkSolutions would really like to see a video implementing Wireguard VPN client into Unifi with PIA
Would definitely be interested in a video on UNIFI Site Magic VPN setup as I could be very useful for certain electronic security / access control network scenarios.
Thank you
Great vid, looking froward to the PIA dedicated vid, thanks
Currently watching this video over my UniFi WireGuard VPN whilst on holiday 😅
Hi!! What a great video but.. i have a question. I need to change the IP segment of My teleport. How can i do? Thanks
Hi! Many thx! I expect a magic VPN... It's all a new level! I like that... I check the other videos. There is a true business here!
Would love to see some site magic content!
I like those improvements in the latest Unifi Controller , but still no solutions for multiples UDMs behind NAT , so I did a multi-sites VPN using wireguard on all my UDMs with DynDNS pointing on each one of them and setup the VPN through CLI and it works great , I just need to run a simple "wg quick down wg0 && sleep 20 && wq quick up wg0" every 3-4 days .If I don't do it the transfer rate between sites drop to 1 Mbps .I don't know why.
I had a similar situation and problems. I wound up using Raspi4's at each site to do the tunnels and they've been 100% rock solid. By the time Unifi puts WG client support into the network app these UDM's will be dead and buried.
Great video, but I have 3 sites using Site Magic. Is there anything more I need to do on the Firewall Rules/Policies in order for me to map a shared folder across Site Magic to other PCs at other locations?
Any chance you can do a video about the Auto IPSec VTI? I'm not sure if this is deprecated but my USG Pro 4 are still showing it but my UXG does not. It would be nice to know exactly how it works... we have about 25 sites but we do manual IPSec for site to site because the Auto VTI seems to screw up routing when you have more than 2 sites.
Hi, I have a a question: is teleport VPN working over double NAT? My telco provider modem does not allow my UDM Pro to have public IP (modem has the public IP)?
which type of VPN would you recommend for controlling home assistant from the internet? i tried the duckdns method but that stopped working last week :-(
With regards to the WireGuard QR code - zoom the browser to something like 180-200%. The phones have no issue reading the code then.
Thank you Chris for your excellent tutorial on VPN’s.
Question, can I setup a site to site between my UDM and an AT&T DSL modem router that has a static ip?
Would I be able to access the AT&T router settings?
Thanks for the brilliant tutorial. After you download the wireguard config file, how do you use it with windows operating system - didn't see how you implemented.
I don't understand, this rule doesn't work for me, I already have it blocking traffic between subnets, but it doesn't block VPN traffic to any subnet. I was only able to make it work by applying the rule to lan out
I was going to ask this same question. I've always had to put a special rule in Lan Out to block teleport or now wireguard. I wonder if it had to do with the way he was connected to the VPN. (Cellular or another VLAN)
I as well have the same problem I have to use the LAN Out and not the LAN In. I think the LAN In worked for him because he was on another network in his house (LAN IP) and not come from a WAN IP.
Also, I have not found out a way to block me from pinging the gateways or honeypots on my separate vLANs when I am connected via WireGuard.
Exactly the same here and I just found out by a comment above here, that this is because of the 'Accept Established & Related' rule that most of us have as first Lan In rule. I paused it and pings from Teleport to other VLAN`s started dropping as they should ! Now I don`t have the solution yet, but at least know where to start looking. I think the Established and Related rule needs to narrowed down somehow. I have it from source LAN group (all my VLAN`s) -> target Any
Looking forward to that PIA video :)
So I have iptv and I need to set up a VPN for it so what would be the best to use or can I configure it on my UniFi network with my UniFi USG? Thank you.
Could setting up VPN help a friend of mine run his Unifi Voice (UDMPro) even though his ISP uses CGNAT? I've not been able to help him get anything working.
could you help on what setup is required if I need to have TV casting or Airplay working using VPN on unifi?
Will this work with Starlink? I read that it uses CGNAT for home users so thinking it might not work.
i have a situation with 2 Starlink CGNAT connections. any chance for a VPN between these two sites?
I have an off-topic question: Can the tp_link archer ax55 router accommodate 24 clients?
I would love a Site Magic video. Does the Ubiquiti Express support it? If so, that would be awesome.
epic content, adopted both solutions.
Please make a video on the site-site magic
I would love to see a site magic video. I have 3 sites, 1 dream router and 2 UDM pros, all of which have cameras. It would be awesome if this could be used to create some redundancy between video storage across sites.
I want the R2D2 for my UDR please
Available on Etsy
A follow up question on VPNs. Is it possible to configure an in-bound VPN connection on a Dream Machine SE where the primary WAN is a Starlink connection? ADSL connectivity is also available, so I can have that connected to WAN2 if in-bound through Starlink isn't possible. The remote clients in this case would be Windows PCs, not mobile devices.
How do you determine whether the Wireguard VPN connection is full or split tunneled?
Hi. Thanks for the video. I do not see Wireguard, Teleport or Open VPN as choices. I have the name network version. For VPN, I only get L2TP and PPTP. Is there something I'm missing?
I want to see a site magic video especially if the new unify express is supporting this.
Have there been issues with Wireguard clients dropping or connecting? I am always resetting the l2tp and ipsec manually from the command line, and constant microsoft updates that break everything drives me crazy!
I have been hesitant to adopt the UniFi router into my network simply because I see the rules as being a bit clunky right now. I am a die hard pfsense fan. I own a UDMSE but it is still in the box currently.
Have a problem with WireGuard on iOS. iPhone 15 v17.6.1. WG config file works on Windows and can access local resources and internet. When same config file is loaded onto iPhone’ WG app- it connects but cannot ping anything on the network nor can access the internet. Created the firewall rules as described in the video. Also tried importing config via the QR code- same problem
I read on forums that many are experiencing same issues. Wonder if you can make a video on how to setup WireGuard on iOS and test it?
I would love a video on site magic
Is Ubiquiti VPN as good as, for example, ExpressVPN? Is Ubiquiti VPN different in different Ubiquiti devices?
double nat is often a problem here in germany. many internet providers still dont know they have to open there services to my router i want to use. please make a extra video. would be helpful
I have the double Nat issue at home, tried port forwarding with no success haha. So yes video would be great.
Please do a video for people than me in Argentina, that have to deal with double nat
Oh my god the R2D2 stand for UDR!
Can I use teleport on my iPhone and then use hotspot on my iPhone to share that vpn connection to my wifi only ipad?
Im really dumb on this topic so I apologize. But if you set lets say one device in its own VLAN would you need to do firewall rules since its not connecting with anyone?
I have just managed to connect from my Raspberry Pi (Ubuntu) Workstation. I'm guessing that WireGuard on the UDM creates all four certificates (Public & Private for the UDM; Public & Private for the "Client"). Then, puts its own Public Key and the "Client's" Private Key into the Configuration File? If so, does it then discard the "Clients' Private Key?
Thanks for the video. I setup openvpn on a Pi years ago because the VPN options on USG was un usable. Now have a UDM and have not looked into these options until now. I am playing with Wireguard, and am unclear how to utilize dynamic DNS. Is that an option? I'm using a dynamic DNS account so that when my WAN ip address changes I do not have to update every device's open VPN config.
have you solved this problem?
Great video! Also, it seems that using Wireguard and OpenVPN will skip the LAN IN, probably because they are not defined as Unifi-networks but instead are entering "on the side", so you must use LAN OUT in order to block access to other networks but I can't stop VPN-users from accessing non-VPN-GW. Also, as VPN-users come in on a "non-unifi-defined" network so they can't be assigned a VLAN and hence not be set a bandwith limit either.
And for some reason, Wireguard-traffic is going via Management-lan (non-VLAN one) i.e. via another network. It doesn't reach the LAN OUT-rule to block inter-RFC1918-traffic. LAN LOCAL-rule to block non-VPN-GW works either..
i have a USG-3P is wiregurad not available for this model ?
No. Only newer models like the Gateway Ultra I just bought.
i have a question wthy my teleport is Generate guest new link
Could you do a video site-to-site VPN between two USGs ? If one is behind NAT(mobile/cellurar connection). Thank you,
Regarding create 1 rule for each direction, since I guess the firewall is Statefull, I beleive there's no need, if you only want to do the ping from the phone to the Network 2. If you do not need to ping from Network 2 to the Phone, there's no need to create the oposite rule.
Wifiman is availible on MacOS too for teleport
you just have to use "open with" on the .webloc file
I am still getting to grips with all this VPN stuff... So al present I have a VPN service on my iPhone which means I can browse the web privately but my Smart TV has no VPN. Would option 3, Private Internet Access be the type of service I need? I am currently using Proto VPN could this run on my Dream Machine?
I can only see L2TP or PPTP for the VPN protocol options on my USG PRO 4
I know its abit of topic can please make an guide on SIP especially how to read packet captures 😅 there is no clear tutorial for it would greatly help some of just starting out in voip
Thanks, but one question,, what to do if I need to use an allready created Vlan ??
If there are traffic routes configure for certain vlan/devices via a VPN Client. What would happen when that VPN Client disconnects?
Can you have two VPN Client connection up at the same time? Tried it, one connected and the other one just "connecting".
Does this all work on DreamMachine SE?
How do you configure VPN clients to access devices on the network, but not route all their local Internet activity through the VPN?
Wireguard shows me the internal IP of the UniFi gateway 'cause its behind NAT. The client trys to connect to the 192er IP from the outside. How i have to configure the ISP router or wireguard so the connection is possible ?
would love a site magic vpn video
I’m interested in site magic too.
Hi what router can use to start a wisp and to limit customer speed?
Can you do a video on site magic Setup Chris? Thanks
Can I setup a ubiquiti mesh with the option of using a vpn without having to pay for a subscribtion?
what is your NETWORK 2 used for?
So ok how would you allow Wireguard VLAN and OpenVLAN VLAN to talk to each other?
hey can i use alien router vpn to change country usa europe asia and so on or is it only paid vpn service that can change countrys
Hi, Chris. I'm not an expert. I lost my self on RFC1918 config. Am I supposed to list all networks I have configured on that group?
Does the Teleport and Wireguard work with the USG router, or does it require a newer router?
Requires a newer one.
@@Yggdrasil42 Thanks
My QR has a click to enlarge. Maybe they added since the video?
Is blocking VLAN to VLAN traffic better using the Traffic Rules or Firewall Rules? I've been using Traffic Rules for my last few UDM setup and seems to work, and it is easier to set up. Anyone know of any issued with that?