Maybe @Chris should make light in this, most of us we already use udmSE and it's a nightmare to recover everything.

Thanks for the great tip, Sean. I followed exactly Chris's steps but didn't manage to get it work. I even watched back the previous parts to replicate the same configuration but didn't help until I saw your notes.

After an accurate attention at every detail, I managed to make it work. There are steps that are not so good explained but if you remain focused on settings, you eventually make it work. One problem that I encountered it was when I move Alexa devices on IoT and I cannot manage to register it until I temporarily disable group rule with deny gateway access.

@@ElTorro9449 Yeah, I get similar issue with my Smart TV, the TV remote app on my phone (connected to main Wifi) could't detect the TV on another network (IoT). Not sure if there is any solution to this, I think it's just caused by how the app search for devices on the very same network/subnet.

Thanks for the note. I was just about to have to fight through this too!

Waiting for that setup part as well

Same!

+1 for that video

Same here.

same here,

I just did a real life double-take reading this comment because I had no recollection of posting it, but then I realized it wasn't me. What a crazy coincidence.

@@willgaines5269 haha

If you want to poke holes in the firewall, Chris actually has an example in one of his older videos: kzbin.info/www/bejne/bHbPemuHmr6VkLM

@@auToeXe That's a great video - would be super cool if he would do an updated one though.

@@auToeXe I was able to get Plex to work using that video but my PiHole was still unreachable after opening up port 53.

Great video indeed, I followed the process this morning. I was thinking the same for pihole and Plex. 😂

@@BansheeBunny Did you ever figure it out?

I second this idea

I’m going to try this out and I could be wrong, but the first thought that comes to mind is that in this video he allowed private IP ranges when the SONOS uses broadcast and multicast non routable IP ranges. I’m assuming because the broad/multicast packets only stay within the switch domain, that you would need to setup snooping and forwarding of multicast/broadcasts from the IOT to the LAN or vice versa. Just a thought.

Having the same issue with my Philips Hue setup. To access my HDMI Sync Box through the Hue app on my iPhone, I need to be on the IoT network I setup. Not sure what I need to do to get around this.

Great Question!

There is a legacy mode. Go to Settings > System > Advanced and change interface to Legacy.

I have this same question Edit: Maybe it's because IoT devices need to be able to see each other? Like a hub of some sort connect to devices

I too have the same question. MrGatlin's theory may be the exact reason but I've no idea. Thanks for putting this series together. Very much appreciated for assisting in setting up my UDM!

@@MrGatlin98 I'm pretty sure this is the case with Nest. When you add additional devices to a home it gets its configuration from peers.

@@skywagonA185F Ah, I didn't think of that. This Nest requirement aside, it seems setting device isolation makes sense.

In the case of Unifi Protect, the NVR really needs to be on the same subnet as the cameras, otherwise discovery & adoption doesn't work.

@@leephcom if its a UDM PRO its on all the VLANS by default

There is a reason the statement "Not seeing everything? Go to Classic Settings" exist at the top of Settings. It is not because they have been relocated, It is because some of the setting are not accessible in the new UI.

I’m sure that is true. But all of the rules he added in the video can be added from the new interface.

@@Mekillewe He created a network and applied firewall rules to it for people not familiar with the processes. The old UI has templates for network purposes and doesn't truncate menu items into pull down fields, so it is a better teaching tool. If you know all the rules are in the new UI, why did you ask your question in the first place?

@@BansheeBunny because he stated that you have to use the old UI to add firewall rules be the new UI doesn’t have that option. I was just pointing out that the new UI also has the option to add firewall rules as well.

where did you find the Classic Interface option, I dont see it anywhere on my network system settings

Just wanted to say that I just recently set up my UDM-PRO and switch following this video series without much trouble. The interface has changed and even going back to the legacy interface didn’t always line up but with a bit of poking around, I was able to achieve everything he showed in his videos.

I tried this and it appears to have accomplished all the blocks the firewall rules in Episode 5 were designed for (e.g., simply switching on Device Iso on the "20" network blocked 20.xxx from pinging 10.xxx, 1.1. and 20.1) while maintaining Internet access. Interestingly, my UDM-Pro strangely didn't seem to do anything when I put the individual firewall rules in place and I followed the instructions and methods exactly. Not sure why except Device Isolation definitely redefines the network "type" as Guest and applies the restriction rules in the Guest section of the Firewall. Maybe that's got something to do with it. EDIT: all the blocks in the vid except the full RFC1918 to RFC 1918 general drop rule on LAN IN of course.

@@MPaulCezanne @Rosscoff2000 If you had existing connections, say IoT devices already making persistent connections on your 20_net then they would either need to be restarted, disconnected for the timeout duration, or recycle the UniFi controller to establish clean blocking according the the sequential firewall rules in place. Many times it's often missed that a firewall restart is necessary for a global network to 'commit' the firewall changes during a live and persistent network update. Chris demonstrated this by breaking the ICMP ping, but it should be a footnote to either restart all your IoT devices to establish *new connections, or simply schedule a downtime to recycle your UDMP Network Controller. This is an IPSEC best practice and also validates your firewall rules stick and are persistent after a system restart/update, etc. If you have IoT devices like Amazon Echo where, for example, two Echo Dots are used for stereo playback of your music streams then those two devices technically need to "talk" to each other. Using the Guest network isolation capability will block that inter-device communication on the IoT VLAN if you set it up as Guest and not CORP type. If you really want to block device-to-device connections then yeah, Guest networks are great isolation solutions. But if you want an IoT device to communicate with a NAS for a service or data source like with a digital cam or music player then a Guest network type isn't the right choice. The firewall rules would be the correct path in that scenario.... #foodforthought

@@MatthewMorseCA I actually had no devices connected. I was just plugging my laptop into ports that were assigned to specific networks. Restarted everything too. BTW - I submitted a support ticket to Ubiquiti and they were able to replicate the problem. Still waiting for a response on further action.

same question here. is it possible to set up the iot network as guest network without the firewall rules?

Did you just create separate VLAN for the cameras like in the video for the IoT devices?.. I have my Sonos working on my main network, have not tried it on a VLAN. Been reading about people having a lot of issues with Sonos in general so I am hesitant to move it off of there. Do have your printer on the IoT VLAN?

I created VLAN 30 for my Dahua CCTV and my home Alarm System basically mirror of the IOT setup. I don't have any IOT cameras but if I did I would just leave them on the IOT network on VLAN 20 so all my TUYA, Smartthings "IOT" devices etc all stay together... I have Sonos but haven't added it yet so I will add that to the IOT network and see if it functions ok?.. The only issue I had is that I have a large unraid server I don't want to take off the main network as it has all our media and mainly photos on it I don't want to lose, so as I have Google Chromecast TVs having them on the IOT network was playing against Plex saying it couldn't play things locally as it couldn't talk to the unraid server and would get it via the net so, lower resolution and that. So I put the Chromecast TVs back on the main network... (For now)...

... to add, with the printer I probably would add it to the IOT network as i don't need to use the screen on it to search the network... but just to receive data to then print from a device on the main network, so should function fine.

@@mcgooinc3568 ok thanks for input. Do you have Apple TV? I've been reading people having issues with Apple Tv sending airplay to a TV

Looks like my last comment got deleted, due to the link. But no I don't have any apple products, Google Chromecast TV worked perfectly fine on a VLAN though as it's a one way device where as apple airplay is 2 way and probably the problem. If you google: Airplay to Apple TV on VLAN - not working you should see a link to the ubnt forum which might help?!