If you're planning on buying any Ubiquiti gear and want to support me use the affiliate links below :) ▶Ubiquiti USA Affiliate Link: store.ui.com?a_aid=MacTelecom ▶Ubiquiti EU Affiliate Link: eu.store.ui.com/?a_aid=MacTelecom
Haha wow! Just finished my first pre install of my UDM SE. Wanted to dive into the advanced setup today with your older videos, what are the odds you would upload a new guide today. Thank you! :)
Most of my firewall experience is in pfsense but i recently did a full ubiquiti deployment and needed some help understanding firewall rules. Unifi is basically inverted from how pf does this, ie all blocked vs all allowed. This video was the perfect resource to make sure I had a good understanding of how to configure things properly! Thanks for the great video, cheers!
The equipment seems nice and their visual are great, but the way to configure them is a real nightmare, especially the firewall rules which must have been designed by someone who doesn't understand how access control works. And network security is the big thing for anyone now, that's the reason I replace Unifi networks for Fortinet since the last 4 years... The fact that the UDM "firewall" allows inter-vlan routing by default is not good - that tells me that this firewall is more a pimped layer-3 switch with a fancy interface than a real firewall that block everything by default, and thus secure your network without you having to go through all segment and block them. Great video still.
I love all of your videos, they are very informative and I appreciate all the great content that you make. ...that being said for demo videos like this where I'm assuming a lot of folks are following along with the video step-by-step with the management console open on one side of the screen and the video on the other side...you go CRAZY fast. I'm constantly having to pause and rewind. Might just be me, and maybe I'm a noob, in which case feel free to ignore.
Hey cody.. love your vids. Started planning my network for the new house with unifi bc of ur vids. I'm new in networking and your vids helped me alot. Thanks for that!! Can you please do a vid. On how to setup a nas ( in my case DS224+ ) with firewall and rules?
Thanks for the video. You really are a networking expert. Congratulations! You can tell me where I'm wrong: I own a UDM Pro and a USW Enterprise 24 PoE switch. I have configured 5 VLANs and OpenVPN server on the UDM Pro. As an OpenVPN client I can access all VLANs if I don't have L3 enabled on the switch. When I enable the L3 function on the switch for a specific VLAN, I can no longer access that VLAN from OpenVPN. From the local network I can access all VLANs.
Great presentation to the Network setup, quick notes here, I had created the block inter-VLAN rule before but that created some issues with the mDNS traffic like Apple AirPlay, AirPrint, and so on, I ended up blocking inter-VLAN traffic per VLAN basis, but thank you very much and keep up the good work.
I just went into the mDNS settings under Global Network Settings and added all of the appropriate VLANS to this list. No issues with with AirPlay or AppleTVs being accessed outside the VLANs they are in.
Thank you so so much, and you increased to nearly an hour, a big thank you for this, you speak so fast, I'm happy this time around you spread it out longer..... for myself, I actually slow the video down by 25% 😅
Thanks for taking the time to make this video! Great resource! Its so much better when the video is as long as it needs to cover the subject, as opposed to trying to fit it into a certain predetermined time.
Great explanation of setup and how to isolate vlans and I like the added trick of blocking local gateway access. Able to do all the firewall rules I need following your logic.
So I just spent almost 2k on Unify devices. Pray for me because I'm diving into something I've always wanted to get into but know nothing about. A home network such is this is way overkill for me, but I really want to learn about this stuff and I find the best way to learn is hands on. I purchased the dream machine special addition, switch pro max 24, Unifi cable internet modem, and the U6 enterprise access point. I do plan on buying the network video recorder and cameras to integrate into the system, but I decided to wait on that until I get this initial setup up and running. Like I said I don't know what I'm doing and don't want to do to much at once and overwhelm my good ole thinking machine (brain). So please pray I don't destroy a couple grand worth of networking equipment. I'm fairly tech savvy, but know nothing about this stuff.
I like the way you explain. I have a project, which I am going to use Ubiquiti system, except cameras. I will use your link to buy products, and most probably will contact you to help setting up the firewall. Anyway thank you for the videos, I learn a lot.
Thank you Cody for producing an excellent resource for Unifi Network versions setup each year! Questions: 1. 2:56 - What is the drawing program you use for network diagrams? 2. Is there a way to document/print out (old school) the network/firewall setup settings so that you can "see" if you have missed anything for each new setup? Thanks again for all that you do!😊
I use Aggregation for my OS2 fiber links to remote building switches, it works really well. I currently have a OS2 fiber going across the side of the house, then ariel to a woodshed followed by going ariel to a guest building until I can get some conduit out there and power. The power I'll be using is low voltage, the guest building is manly just a small room, upstairs storage and Internet access. Hopefully the ariel fiber is ok until I get the conduit next spring, it's not even armored fiber just standard LC to LC OS2 indoor / outdoor use fiber I got off amazon.
Thanks a lot for this video. You clearly have a much better understanding of the ubiquiti firewall than I do. When I get home I'm going to see if I can make mine work. Attempting to block all traffic except RDP and File Sharing between my webserver VLAN and the Main LAN has been challenging for me. We'll see how it goes!
@@MactelecomNetworks it worked! In just a few minutes with your video I have the webserver isolated from the rest of the LAN. I can RDP into it from the default LAN and browse it's shared files but I cannot ping anything from the server itself so I think I'm in good shape now. To me their firewall is strange to use. In my mind one should block everything at the start and then start punching holes through it as needed. Anyway, thanks again, I really appreciate it!
Hi Cody, Thank you for your time to put together this tutorial. I saw you used Network version 7.5.162 and not 7.5.176, at least I thought I was this. The WiFi meshing setting has been moved to the 'systems' page from the WiFi settings page. Just to let you know. I might need to redo my setup here....
So I have watched multiple videos from multiple people and yours are always spot on and the best. I am having an issue with having an IoT network be accessible by other networks. Some devices work others do not. I really am struggling with Apple AirPlay. I have Apple TVs as well as TCL TVs in our building that have AirPlay 2. I can see all IoT devices from my staff, childcare, and guest networks but when I go to actually connect it errors out. I've been trying to nail this down for about a month now and am tearing my hair out. Would you be willing to do a video showing firewall rule setup for these types of applications?
Thanks for another thorough and professionally done video. We can always count on you to do things right!!!! One question I have for your firewall rules concerns the "Drop invalid state" rule. Under the "Rule Applied" options you left it at "Before predefined rules" shouldn't that be changed to "After predefined rules"? Shouldn't "Drop, All" rules be at the end of the operation orders? Thanks again for all your hard work and professionalism.
I don't understand why you need to create this group of gateways 24:30 since the LAN local (and you say it yourself) is for the UDM (= the UDM's gateways). I mean, you just have to create your rule (25:03) with destination any. No ? I tried and it works, I cannot ping any gateway's ip of the UDM.
Yes, even I found it confusing. Its similar to what is done in Azure cloud and called as NSG rules. But they were understandable but these arn't. I couldn't figure out the direction of the trafic and got confused.
Hi, I'm just starting with Unifi equipment and your video was very helpful. I noticed that you created three Wi-Fi networks. Which network do you and your family connect to on a regular basis? The Guest network? Or is it possible you did not include your own WIFI network in this video? Would you create a WIFI network for the Default network or do you only access the Default network on a wired computer? Thanks.
I have an issue with my UDM Pro with the blocking IoT stuff. Its been setup exactly as you've had it for awhile, but from my default network accessing cameras thats on my IoT network it takes SEVERAL tries to actually get access to the cameras. even in my logs it shows this "Reolink Parents Front 2K was blocked from accessing 192.168.1.3 by firewall rule: Block inter VLAN Traffic ." But 192.168.1.x should not be blocked. Its even always pingable. This may be a reolink issue since its showing the camera was blocked and not my PC thats trying to access it.
With the new implementation of the traffic rules, I'm a little confused about when we need to use a firewall rule or a traffic rule. Could you make a video explaining this?
This is a great video as a beginner to Unifi. But I haven’t seen any videos deal with game consoles like the Xbox. They need multiplayer access to the Internet but also need remote streaming access from phones, tablets etc
I'm very thankful for your updated video and did subscribe and like. You did an awesome job of showing the newer interface. VLAN ? ... I have 2 U6 Pros and an Amplifi Gaming Mesh System. I turned the gaming system into an IOT system and want to use VLAN since the Ampifi is VLAN aware. How do I get the Amplifi on a separate VLAN and use the DHCP from the UDMSE, not the Amplifi? 😱
I still come back to this video to review Ubiquiti config. Hopefully you have a 2024 video coming that includes some of the UI changes in the newer version.
Thanks for this. The only thing that I couldn't get working is denying VPN remote subnets access to the Unifi Gateway Console (HTTP,HTTPS,SSH) but I noticed your post on Reddit mentions it isn't currently possible to block this on the Unifi. This seems to be a multi-year problem but I have raised a support call with Unifi to ask if there is an expected fix soon or a work-a-round.
Thank you Cody , verry much appreciate your lessons. But I ran into an issue, could you make a vid that explains how to share a printer between a few vlans or mayby point to were I can get instructions. My UDM is pretty much configure as you instructed but only Default vlan ca see and talk to the printer. I need to be able to share between three vlans including the Guest accouts. Any help would be great.
I would also be interesting in this. I'm having the same issue. I have to switch to my IoT network in order to print. I want my main network to detect my printer in my IoT network.
Hey thanks for watching. I didn’t do any WIFI 6E configuration in this video. I do have some video on the inwall and enterprise ap though . I currently don’t even use the 6ghz
What about IPTV and VLAN taging special for IPTV ? :) I would like to connect TV BOX to my network gear instead of ISP provider modem (in bridge mode atm). What WIFI do you use for your home use ? On Default ?
Great guide, just got my first Unifi setup this past weekend and new to follow this guide. Of course they just pushed out a new update! haha. Also, was getting an error on the RFC1918 part. any clues?
Great video it really covers 80% of major setup requirements. I'm struggeling with the network settings for the individual ports vs Firewall rules... If a Port is set for CAMera Network only , can IOTnetwork pass thru it because of FW rule ?? ... could you do a video on how to setup these ports vs FW rules?
Hello, thx for your work, it could be nice not to do like all others 'youtube it guys" and going much more deeper in the config of the firewall rules !
I have my wireguard VPN and rules set up exactly the same as you did but I can still ping my cameras, and my wifi and all its devices. I can ping my nas fortunately, but the only thing it blocked was my two PC's. I'd like to lock it down a bit more. Any suggestions?
@mactelecomnetworks Amazing video and content. Been waiting for this UniFi walkthrough. Thanks for posting. Curious have you done a video on the kit you use to make videos? Camera, mic, lighting, software?
Thanks for watching. This would be the closest video I have to what you’re looking for Office and Network Rack Tour 2023 ruclips.net/video/qwqPQx6Npbs/видео.html
I'm curious if the the caution explained at 23:39 by Cody still applies in 2024?? I'm currently setting up my UDM Pro SE, but I will use a different subnet for my the UniFi camera's + Protect if I get some eventually. For my future IOT subnet I will user another subnet and did the same steps as described in this video.
GREATTTT video ! Thanks a million! Quick question, I have both G4 and Wyze cams. Would you assign all cameras to your Cam network or IoT ? Just curious...
Another question, sorry English isn't my first language, at 23:39 you mention something that protect users shouldn't be doing but I'm not sure what you are referring to, protect users shouldn't block the vlan x to access other vlan gateways? That would kinda defeat the whole segmentation point wouldn't it?
This is an Awesome Video... Thanks so much for all your hard work on this Video. I have followed all the steps and now have a fully set up network. My only proble for now is SONOS. I think I have to be on the same WiFi Network as the Sonos products (currently moved to my IoT VLAN but my iPhone id connecting to a different VLAN/WiFi network. Any suggestions?
Is your IoT Wi-Fi your main Wi-Fi you use for all your devices? Say, smartphone, thermostat, smart switch, etc? Im trying to figure this out by setting a Wi-Fi network for my main network, guest, and camera while comparing your video. Thanks!
Question for you: We both use Bell fibre, I currently have 1GbE. I noticed you have moved to 3GbE/3GbE, which means you're now on the "GigaHub" from Bell which doesn't allow for the SFP+ port to be removed. How do you like the Gigahub, were you able to move it to bypass mode easily? I can't stand having mandatory ISP hardware on my connection which is why I'm still on the 1GbE connection.
Hi Mac thx for your walk thourg of needed settings. could you do a extended versioner where set up firewall setting for PLex, HomeAssistent, google home devices?
What Network would all of your personal devices be on? I understand separating the IOT, Cameras, and guest network but what about devices such as your phone and tvs?
Thank you for a fantastic video 🤩 So annoying that the UDM does not support multiple sites administration/setup. How to handle this with an UDM, when having clients (on different locations/sites) without USGs (or UDMs)?
I have a question unrelated to this video but if you could help I would appreciate it. My question is On this Monday 1-15-2024 I am installing a new sliding glass doors and was wondering if there is a Unifi automatic door lock that I could install? If yes then what would you recommend? I will also run network cable to the new door while it is being installed and buy the Unifi lock setup after. Thank you
I saw that you have your mom's house connected via cameras. What is equipment is needed for that? This is something that I've been intrigued by but dont know the minimum requirements other then the cameras. Please help and thank you.
Nice Tutorial (at 3/4 speed). Skipping a lot that will impact operation. And a bit painful to watch when switching from the UI to the bright white boards.
Thanks for the great video. I have the Unifi Dream Machine Pro I got awhile ago. I thought there was a build in firewall/IDS/IPS? It's been running fine, but today I had an issue and it seems that I was backlogged on the updates and it shut down some functions that needed to be updated and restarted. I can't find firewall or DHCP server options for wired networks. Is this something I still need to reinstall or was it a subscription that expired? One other thing, why doesn't the DM Pro pick up a Cisco switch connected to it? The SG-200 doesn't show up in any of the options in the DM.
Like always, great video! Thank you for all of them. The PING block out of a VLAN to the VLAN sec. gateway does not work on my end. It makes no sense that it's not working. Any idea? Maybe I try the old interface and see if I can get it to work there.
@MactelecomNetworks I realize this is a year old'ish, but I am hoping someone can shed some light on why the Block inter-vlan routing rule is blocking traffic I have allowed above the Block inter-vlan routing rule. Specifically, I have a port group defined, and a host group defined. The host group has 2 hosts in it that live on different networks. The firewall rule is a LAN In rule that allows all protocols from source host group / port group to destination host group /port group. This works great until I create the Block inter-vlan routing rule as shown. even though this rule is below the one I just described. I am probably doing something wrong lol
Solved this one lol - It was a huge DUH! moment today. One host could not resolve the other hosts IP address. I created an IP mapping in the application I was trying to access each host with, and it started working. It's amazing how computerized equipment only does explicitly what we tell it too 😂
Hello, your video is amazing! Any chance you could help me out with getting Chromecast working with inter vlaning? i see the devices to cast too but it fails to connect
How would I go about offloading some of the firewall inter-vlan / subnet routing rules to a L3 UI switch (like a switch pro PoE)? If I remember correctly, these switches allowed access across subnets even though firewall rules were setup to block the traffic (i.e. the switch allowed the traffic prior to it hitting the rule located on the UDM SE). This was a problem for me in the past when hanging an AP off of a switch pro. The port profile needed to allow connections on that port to all networks / SSIDs, and the switch allowed the traffic across those subnets even though the UDM-SE blocked it (when the AP was connected to the UDM-SE, the firewall rules worked correctly). I think that in the past these rules needed to be applied to ACLs, which needed to be implemented via the SSH command line? Is this still the case or is there an easier approach? I'd love to see an updated video on that, specifically addressing these common IoT / NoT / Camera network routing rules. Unless I'm trying to go about this the wrong way lol.
Update: Apparently they no longer use the wildcard mask - the netmask (non-inverse) worked! Now if only I could make it persist through a reboot... I tried to use your older video as reference when trying this, and it isn't working for me: ruclips.net/video/QtVCyL1o260/видео.html I've come across a few older posts saying they can't get the ACLs to work in the Unifi Forum (I'm running Network version 7.5.176). I'm using a UDM-SE and USW-Pro-24-PoE. The only way I can successfully block inter-vlan traffic when connecting to my USW is by setting the router for the network as my UDM SE and setting the firewall rules there. I cannot get the ACL to block inter-vlan traffic. This is driving me absolutely nuts. Any help or insight would be greatly appreciated!
Hey Cody. Do you put all your client devices, including your wired desktops etc on the IoT network? Why do they belong on IoT rather than Default? Thanks so much!
If you're planning on buying any Ubiquiti gear and want to support me use the affiliate links below :)
▶Ubiquiti USA Affiliate Link:
store.ui.com?a_aid=MacTelecom
▶Ubiquiti EU Affiliate Link:
eu.store.ui.com/?a_aid=MacTelecom
Hi Cody, I am in need of Unifi Express for my home network. Could you assist? Thanks
:)
Haha wow! Just finished my first pre install of my UDM SE. Wanted to dive into the advanced setup today with your older videos, what are the odds you would upload a new guide today. Thank you! :)
Most of my firewall experience is in pfsense but i recently did a full ubiquiti deployment and needed some help understanding firewall rules. Unifi is basically inverted from how pf does this, ie all blocked vs all allowed. This video was the perfect resource to make sure I had a good understanding of how to configure things properly!
Thanks for the great video, cheers!
it's still annoying that design center doesn't accommodate multiple floors since signal travels, you know, in all directions =_=
Hopefully one day ☝️
Thanks for the step by step instructions on firewall rules for the VLANs, it was exactly what I was hoping to learn.
The equipment seems nice and their visual are great, but the way to configure them is a real nightmare, especially the firewall rules which must have been designed by someone who doesn't understand how access control works. And network security is the big thing for anyone now, that's the reason I replace Unifi networks for Fortinet since the last 4 years... The fact that the UDM "firewall" allows inter-vlan routing by default is not good - that tells me that this firewall is more a pimped layer-3 switch with a fancy interface than a real firewall that block everything by default, and thus secure your network without you having to go through all segment and block them.
Great video still.
You saved hours of research and thanks to you I could set up my home network. Great job! Greetings from Poland
We need a 2024, the way to set up ports and vlans is way different, please 😢
I love all of your videos, they are very informative and I appreciate all the great content that you make.
...that being said for demo videos like this where I'm assuming a lot of folks are following along with the video step-by-step with the management console open on one side of the screen and the video on the other side...you go CRAZY fast. I'm constantly having to pause and rewind.
Might just be me, and maybe I'm a noob, in which case feel free to ignore.
No some of us are slow! Just click the settings button in the video window, then you can change playback speed.
Hey cody.. love your vids. Started planning my network for the new house with unifi bc of ur vids.
I'm new in networking and your vids helped me alot. Thanks for that!!
Can you please do a vid. On how to setup a nas ( in my case DS224+ ) with firewall and rules?
Thanks for the video. You really are a networking expert. Congratulations!
You can tell me where I'm wrong:
I own a UDM Pro and a USW Enterprise 24 PoE switch.
I have configured 5 VLANs and OpenVPN server on the UDM Pro.
As an OpenVPN client I can access all VLANs if I don't have L3 enabled on the switch.
When I enable the L3 function on the switch for a specific VLAN, I can no longer access that VLAN from OpenVPN.
From the local network I can access all VLANs.
Great presentation to the Network setup, quick notes here, I had created the block inter-VLAN rule before but that created some issues with the mDNS traffic like Apple AirPlay, AirPrint, and so on, I ended up blocking inter-VLAN traffic per VLAN basis, but thank you very much and keep up the good work.
Does mDNS Traffic traverse VLANS without an mDNS relay on each VLAN?
Can you explain more what you did? I got the same issue.
I just went into the mDNS settings under Global Network Settings and added all of the appropriate VLANS to this list. No issues with with AirPlay or AppleTVs being accessed outside the VLANs they are in.
thanks for your work. Just tweaked my uds-se for the second time using your videos. Keep up the good work
Thank you so so much, and you increased to nearly an hour, a big thank you for this, you speak so fast, I'm happy this time around you spread it out longer..... for myself, I actually slow the video down by 25% 😅
I try and slow my speaking but always forget sorry 😂 thanks for watching
Thanks for taking the time to make this video! Great resource! Its so much better when the video is as long as it needs to cover the subject, as opposed to trying to fit it into a certain predetermined time.
Great explanation of setup and how to isolate vlans and I like the added trick of blocking local gateway access. Able to do all the firewall rules I need following your logic.
So I just spent almost 2k on Unify devices. Pray for me because I'm diving into something I've always wanted to get into but know nothing about. A home network such is this is way overkill for me, but I really want to learn about this stuff and I find the best way to learn is hands on. I purchased the dream machine special addition, switch pro max 24, Unifi cable internet modem, and the U6 enterprise access point. I do plan on buying the network video recorder and cameras to integrate into the system, but I decided to wait on that until I get this initial setup up and running. Like I said I don't know what I'm doing and don't want to do to much at once and overwhelm my good ole thinking machine (brain). So please pray I don't destroy a couple grand worth of networking equipment. I'm fairly tech savvy, but know nothing about this stuff.
I wish you the best luck lol have a fun time learning
I like the way you explain. I have a project, which I am going to use Ubiquiti system, except cameras. I will use your link to buy products, and most probably will contact you to help setting up the firewall. Anyway thank you for the videos, I learn a lot.
HI !!!! Looking forward for a 2024 update. Many many changes since this excelent-at-the-date video . Thanks
Thank you Cody for producing an excellent resource for Unifi Network versions setup each year! Questions: 1. 2:56 - What is the drawing program you use for network diagrams? 2. Is there a way to document/print out (old school) the network/firewall setup settings so that you can "see" if you have missed anything for each new setup? Thanks again for all that you do!😊
Draw io
Thanks, wanted to ask the same.
@@ezekialsa its lucidchart
Thanks Cody for this tutorial. I am waiting for the new one for this year :) Greetings from Romania !
I use Aggregation for my OS2 fiber links to remote building switches, it works really well.
I currently have a OS2 fiber going across the side of the house, then ariel to a woodshed followed by going ariel to a guest building until I can get some conduit out there and power.
The power I'll be using is low voltage, the guest building is manly just a small room, upstairs storage and Internet access.
Hopefully the ariel fiber is ok until I get the conduit next spring, it's not even armored fiber just standard LC to LC OS2 indoor / outdoor use fiber I got off amazon.
Thanks a lot for this video. You clearly have a much better understanding of the ubiquiti firewall than I do. When I get home I'm going to see if I can make mine work. Attempting to block all traffic except RDP and File Sharing between my webserver VLAN and the Main LAN has been challenging for me. We'll see how it goes!
Wow thanks so much that was very kind. Let me know how your config goes :)
@@MactelecomNetworks it worked! In just a few minutes with your video I have the webserver isolated from the rest of the LAN. I can RDP into it from the default LAN and browse it's shared files but I cannot ping anything from the server itself so I think I'm in good shape now. To me their firewall is strange to use. In my mind one should block everything at the start and then start punching holes through it as needed. Anyway, thanks again, I really appreciate it!
Hi Cody,
Thank you for your time to put together this tutorial.
I saw you used Network version 7.5.162 and not 7.5.176, at least I thought I was this.
The WiFi meshing setting has been moved to the 'systems' page from the WiFi settings page.
Just to let you know. I might need to redo my setup here....
So I have watched multiple videos from multiple people and yours are always spot on and the best. I am having an issue with having an IoT network be accessible by other networks. Some devices work others do not. I really am struggling with Apple AirPlay. I have Apple TVs as well as TCL TVs in our building that have AirPlay 2. I can see all IoT devices from my staff, childcare, and guest networks but when I go to actually connect it errors out. I've been trying to nail this down for about a month now and am tearing my hair out. Would you be willing to do a video showing firewall rule setup for these types of applications?
Thanks for another thorough and professionally done video. We can always count on you to do things right!!!! One question I have for your firewall rules concerns the "Drop invalid state" rule. Under the "Rule Applied" options you left it at "Before predefined rules" shouldn't that be changed to "After predefined rules"? Shouldn't "Drop, All" rules be at the end of the operation orders? Thanks again for all your hard work and professionalism.
Really great guide. I used it for adding a new vlan for IOT and it works great
Great insight on how to configure a Unifi network. I finally got my cameras on a separate network for security purposes.
Amazing video; thank you, thank you, thank you!!! Just got my UDM Pro up & running as a result!
Great video, helped me setup a vlan for my cameras!
I don't understand why you need to create this group of gateways 24:30 since the LAN local (and you say it yourself) is for the UDM (= the UDM's gateways).
I mean, you just have to create your rule (25:03) with destination any. No ? I tried and it works, I cannot ping any gateway's ip of the UDM.
Please do a video with diagrams outlining In/Out/Local! It's hard to grasp and seems counter intuitive! :)
Yes, even I found it confusing. Its similar to what is done in Azure cloud and called as NSG rules. But they were understandable but these arn't. I couldn't figure out the direction of the trafic and got confused.
Hi, I'm just starting with Unifi equipment and your video was very helpful. I noticed that you created three Wi-Fi networks. Which network do you and your family connect to on a regular basis? The Guest network? Or is it possible you did not include your own WIFI network in this video? Would you create a WIFI network for the Default network or do you only access the Default network on a wired computer? Thanks.
Mac - can you do a video with a full factory reset of the OS Console and then setting everything back up. This would be very helpful. Thanks!
I have an issue with my UDM Pro with the blocking IoT stuff. Its been setup exactly as you've had it for awhile, but from my default network accessing cameras thats on my IoT network it takes SEVERAL tries to actually get access to the cameras.
even in my logs it shows this "Reolink Parents Front 2K
was blocked from accessing 192.168.1.3 by firewall rule:
Block inter VLAN Traffic
." But 192.168.1.x should not be blocked. Its even always pingable. This may be a reolink issue since its showing the camera was blocked and not my PC thats trying to access it.
With the new implementation of the traffic rules, I'm a little confused about when we need to use a firewall rule or a traffic rule. Could you make a video explaining this?
This is a great video as a beginner to Unifi. But I haven’t seen any videos deal with game consoles like the Xbox. They need multiplayer access to the Internet but also need remote streaming access from phones, tablets etc
Great video! Im currently setting up a UDM SE and a UDR, this video will help me a lot
Perfect Timing! 😃
I'm very thankful for your updated video and did subscribe and like. You did an awesome job of showing the newer interface. VLAN ? ... I have 2 U6 Pros and an Amplifi Gaming Mesh System. I turned the gaming system into an IOT system and want to use VLAN since the Ampifi is VLAN aware. How do I get the Amplifi on a separate VLAN and use the DHCP from the UDMSE, not the Amplifi? 😱
I’ve been patiently waiting for your update! Thank you soo much, learn a lot from you!
Thank you so much bro for this. Really appreciated it. This going to help for my summer house build. Love you bro. ❤️🙏🏽
Thank you Cody, I look forward to the follow up on firewall rules and vlan part!
I still come back to this video to review Ubiquiti config. Hopefully you have a 2024 video coming that includes some of the UI changes in the newer version.
There’s going to be a new video in a week or two
Thanks for this. The only thing that I couldn't get working is denying VPN remote subnets access to the Unifi Gateway Console (HTTP,HTTPS,SSH) but I noticed your post on Reddit mentions it isn't currently possible to block this on the Unifi. This seems to be a multi-year problem but I have raised a support call with Unifi to ask if there is an expected fix soon or a work-a-round.
I learned allot from your video. Thanks allot!
Thank you Cody , verry much appreciate your lessons. But I ran into an issue, could you make a vid that explains how to share a printer between a few vlans or mayby point to were I can get instructions. My UDM is pretty much configure as you instructed but only Default vlan ca see and talk to the printer. I need to be able to share between three vlans including the Guest accouts. Any help would be great.
I would also be interesting in this. I'm having the same issue. I have to switch to my IoT network in order to print. I want my main network to detect my printer in my IoT network.
Great and complete from the ground UP. I did not see the detailed setup in your AP's that support 6E like your 6E IW.
Hey thanks for watching. I didn’t do any WIFI 6E configuration in this video. I do have some video on the inwall and enterprise ap though . I currently don’t even use the 6ghz
Thank you! I was waiting for this to drop! Woo!
Great Video, exactly what I needed!!!
Am I the only one who finds Ubiquiti's way of understanding firewall rules TERRIBLE? 🤯🤢🤮
What about IPTV and VLAN taging special for IPTV ? :) I would like to connect TV BOX to my network gear instead of ISP provider modem (in bridge mode atm).
What WIFI do you use for your home use ? On Default ?
Awesome Video Cody !! I see some light at this tunnel !
Great guide, just got my first Unifi setup this past weekend and new to follow this guide. Of course they just pushed out a new update! haha. Also, was getting an error on the RFC1918 part. any clues?
Thank you for sharing this video.
You absolutely nailed it, good job man!
Great video it really covers 80% of major setup requirements. I'm struggeling with the network settings for the individual ports vs Firewall rules... If a Port is set for CAMera Network only , can IOTnetwork pass thru it because of FW rule ?? ... could you do a video on how to setup these ports vs FW rules?
Hello, thx for your work, it could be nice not to do like all others 'youtube it guys" and going much more deeper in the config of the firewall rules !
I have my wireguard VPN and rules set up exactly the same as you did but I can still ping my cameras, and my wifi and all its devices. I can ping my nas fortunately, but the only thing it blocked was my two PC's. I'd like to lock it down a bit more. Any suggestions?
Why does the UI changed on the video when viewing the firewall at 22:52?
Can't wait for 2024!
Would you recommend the SE over the Pro for a home network with U6e x2 install? Does the SE warrant the extra cost?
@mactelecomnetworks Amazing video and content. Been waiting for this UniFi walkthrough. Thanks for posting. Curious have you done a video on the kit you use to make videos? Camera, mic, lighting, software?
Thanks for watching. This would be the closest video I have to what you’re looking for
Office and Network Rack Tour 2023
ruclips.net/video/qwqPQx6Npbs/видео.html
I'm curious if the the caution explained at 23:39 by Cody still applies in 2024??
I'm currently setting up my UDM Pro SE, but I will use a different subnet for my the UniFi camera's + Protect if I get some eventually.
For my future IOT subnet I will user another subnet and did the same steps as described in this video.
GREATTTT video ! Thanks a million! Quick question, I have both G4 and Wyze cams. Would you assign all cameras to your Cam network or IoT ? Just curious...
Another question, sorry English isn't my first language, at 23:39 you mention something that protect users shouldn't be doing but I'm not sure what you are referring to, protect users shouldn't block the vlan x to access other vlan gateways? That would kinda defeat the whole segmentation point wouldn't it?
@mactelecomnetworks can you do an updated video of this in the new UI as well as talk about allowing WireGuard vpn server traffic to other subnets
This is an Awesome Video... Thanks so much for all your hard work on this Video. I have followed all the steps and now have a fully set up network. My only proble for now is SONOS. I think I have to be on the same WiFi Network as the Sonos products (currently moved to my IoT VLAN but my iPhone id connecting to a different VLAN/WiFi network. Any suggestions?
Perfect timing just what i need!
Is your IoT Wi-Fi your main Wi-Fi you use for all your devices? Say, smartphone, thermostat, smart switch, etc? Im trying to figure this out by setting a Wi-Fi network for my main network, guest, and camera while comparing your video. Thanks!
Question for you: We both use Bell fibre, I currently have 1GbE. I noticed you have moved to 3GbE/3GbE, which means you're now on the "GigaHub" from Bell which doesn't allow for the SFP+ port to be removed. How do you like the Gigahub, were you able to move it to bypass mode easily? I can't stand having mandatory ISP hardware on my connection which is why I'm still on the 1GbE connection.
You do PPPoE passthrough.
@@Nabroloi tried the pppoe passthorugh and saw a 1gbps hit in speed. So to keep the speed I didn't use the spf port
Hi Mac
thx for your walk thourg of needed settings. could you do a extended versioner where set up firewall setting for PLex, HomeAssistent, google home devices?
What Network would all of your personal devices be on? I understand separating the IOT, Cameras, and guest network but what about devices such as your phone and tvs?
Same question I have.
Hi There, can you perhaps make a video on how to replicate an DMZ network on a UDM SE if possible?
Great stuff!
Excellent explanation. Does anyone know what program they use for the simulation environment?
Is Unifi proprietary software?
Amy news when a upgraded UDM will arrive? Looks like UDM is a great unit, but it is 4yrs old. Se is 2yrs old now.
Thank you for a fantastic video 🤩 So annoying that the UDM does not support multiple sites administration/setup. How to handle this with an UDM, when having clients (on different locations/sites) without USGs (or UDMs)?
I have a question unrelated to this video but if you could help I would appreciate it. My question is On this Monday 1-15-2024 I am installing a new sliding glass doors and was wondering if there is a Unifi automatic door lock that I could install? If yes then what would you recommend? I will also run network cable to the new door while it is being installed and buy the Unifi lock setup after. Thank you
I saw that you have your mom's house connected via cameras. What is equipment is needed for that? This is something that I've been intrigued by but dont know the minimum requirements other then the cameras. Please help and thank you.
Awesome video lots to digest 👍
Could you share your Ubiquiti "Shapes" Library for Lucid Chart? (Even if it's just a bank of images that would be super helpful)
Nice content! I still use the legacy interface to change the default LAN name. You can't do it in the new one.
Has much changed with the UIs since this video was put out? I just got a UDM SE and was looking for a guide to help set it up.
Thanks for the new video!!
Nice Tutorial (at 3/4 speed). Skipping a lot that will impact operation. And a bit painful to watch when switching from the UI to the bright white boards.
Cody, can you do one with the best way/ways (with explanations on why) to configure UniFi to use PiHole DNS?
Such a helpful video! Can I tip you something with Paypal?
Appreciate you watching, you don’t need to tip anything. If you really feel inclined you can do a super chat on RUclips :) but not mandatory at all
Thanks for the great video. I have the Unifi Dream Machine Pro I got awhile ago. I thought there was a build in firewall/IDS/IPS? It's been running fine, but today I had an issue and it seems that I was backlogged on the updates and it shut down some functions that needed to be updated and restarted.
I can't find firewall or DHCP server options for wired networks. Is this something I still need to reinstall or was it a subscription that expired?
One other thing, why doesn't the DM Pro pick up a Cisco switch connected to it? The SG-200 doesn't show up in any of the options in the DM.
just a heads up make sure your trunk links allow all connections or you will have a hard time getting the correct assigned vlan to your ports :)
Thats correct. The default all ports are trunks and allow all traffic
Like always, great video! Thank you for all of them. The PING block out of a VLAN to the VLAN sec. gateway does not work on my end. It makes no sense that it's not working. Any idea? Maybe I try the old interface and see if I can get it to work there.
Yes. Been waiting this.
Thanks.
Nice work as always!
G3 Flex cameras are 1GbE max. Why do your G3 Flex cameras show up as 10GbE at 7:30?
@MactelecomNetworks I realize this is a year old'ish, but I am hoping someone can shed some light on why the Block inter-vlan routing rule is blocking traffic I have allowed above the Block inter-vlan routing rule.
Specifically, I have a port group defined, and a host group defined. The host group has 2 hosts in it that live on different networks. The firewall rule is a LAN In rule that allows all protocols from source host group / port group to destination host group /port group.
This works great until I create the Block inter-vlan routing rule as shown. even though this rule is below the one I just described. I am probably doing something wrong lol
Solved this one lol - It was a huge DUH! moment today. One host could not resolve the other hosts IP address. I created an IP mapping in the application I was trying to access each host with, and it started working.
It's amazing how computerized equipment only does explicitly what we tell it too 😂
Hello, your video is amazing! Any chance you could help me out with getting Chromecast working with inter vlaning? i see the devices to cast too but it fails to connect
How would I go about offloading some of the firewall inter-vlan / subnet routing rules to a L3 UI switch (like a switch pro PoE)? If I remember correctly, these switches allowed access across subnets even though firewall rules were setup to block the traffic (i.e. the switch allowed the traffic prior to it hitting the rule located on the UDM SE). This was a problem for me in the past when hanging an AP off of a switch pro. The port profile needed to allow connections on that port to all networks / SSIDs, and the switch allowed the traffic across those subnets even though the UDM-SE blocked it (when the AP was connected to the UDM-SE, the firewall rules worked correctly).
I think that in the past these rules needed to be applied to ACLs, which needed to be implemented via the SSH command line? Is this still the case or is there an easier approach? I'd love to see an updated video on that, specifically addressing these common IoT / NoT / Camera network routing rules. Unless I'm trying to go about this the wrong way lol.
Update: Apparently they no longer use the wildcard mask - the netmask (non-inverse) worked! Now if only I could make it persist through a reboot...
I tried to use your older video as reference when trying this, and it isn't working for me: ruclips.net/video/QtVCyL1o260/видео.html
I've come across a few older posts saying they can't get the ACLs to work in the Unifi Forum (I'm running Network version 7.5.176). I'm using a UDM-SE and USW-Pro-24-PoE. The only way I can successfully block inter-vlan traffic when connecting to my USW is by setting the router for the network as my UDM SE and setting the firewall rules there. I cannot get the ACL to block inter-vlan traffic.
This is driving me absolutely nuts. Any help or insight would be greatly appreciated!
Hey Cody. Do you put all your client devices, including your wired desktops etc on the IoT network? Why do they belong on IoT rather than Default? Thanks so much!
What’s the difference between the DROP and REJECT actions?
Can you provide the link to post you mentioned during the firewall rules section. Timestamp 18:02
I cam here expecting to find it in the video notes..
Thank you a lot