Configuring UniFi Firewall Rules to Secure Your Network (Complete Guide)
Рет қаралды 4,858
Күн бұрын
@FatherJoeMcCorny 10 күн бұрын
Finally understood when LAN Out is being used!!! 🎉🎉🎉 Thank you Frank ❤️
@TechMeOut5 9 күн бұрын
WOW that's by far the best unifi firewall video to date! amazing job Frank! I especially liked how you make everything so easy to understand like the lan in, out and local which are always a bit tricky to understand if you are new to unifi firewalls
@WunderTechTutorials 9 күн бұрын
Thanks, Avi! Appreciate you watching!
@Huberdoggy 9 күн бұрын
easily the best explanation to date regarding edge cases for LAN OUT, why it’s the only effective solution for blocking Wireguard to Vlans, etc. These videos are gold. I’ve had my server rack running since August and some things you dive into I’d have realized quicker if these vids had been available (i.e, Unfi’s terminology for setting a port to access and restricting all other Vlans on that port)
@WunderTechTutorials 8 күн бұрын
Thank you very much! Appreciate the kind words!
@Justintime631 9 күн бұрын
Another great video. Thanks for the information, much appreciated 👍🏻
@gswhite 10 күн бұрын
Excellent video and very well explained. Thanks
@Zedris 6 күн бұрын
this is a really cool concept firewalls using unifi. i think a really great video idea would also be an explanation of saffing portmaster software for windows especially when it comes to the selfhosting angle. what needs to be allowed what doesn't how to block requests not needed etc. along with your videos of firewall unifi, adguard dns a portmaster windows explainer video firewall would give great coverage overall.
@quinntunharris 10 күн бұрын
Thanks that was well needed we just moved from a meraki to unfi network and was having issues with blocking my vpn to access the unwanted part of the network
@michaelpier5272 7 сағат бұрын
Would I be correct to say I can use an Internet out rule to allow site to site VPN traffic to access mobile fleet L2TP? E.G. Internet out -> allow/accept -> Protocol= UDP -> Source : Type= IP Address -> IPv4= Static WAN address for UDM SE (configured on site to site) -> Destination: type= IP Address -> IPv4= Mobile unit VPN connection (L2TP). Edit: Using Unifi hosted VPN servers.
@kevinoconnor6570 10 күн бұрын
Thanks for a very clear and well explained video. In the Internet In traffic rule section did you actually need the DROP RDP rule? I only ask this as there is a BLOCK rule further on down Block All Other Traffic that appears to be doing the same thing.
@WunderTechTutorials 10 күн бұрын
Thanks! I have to check the order later, but from what I remember, those are the default rules Ubiquiti applies - meaning the port forward created a default "allow" rule for the whole world, and without the deny rule I created, that would be the next rule to apply, so everyone in the world would be able to access it before the other ports get blocked.
@WunderTechTutorials 10 күн бұрын
Yes, that's why. The "Allow Port Forward" rule is above the "Block All Other Traffic" rule, so the "DROP RDP" rule blocks all the traffic before it can get to that. If you were doing this for real (I just did this as a demo for the firewall), you'd limit the actual traffic down on the port forwarding rule (if it was only one IP like this example).
@gernermajlandt 10 күн бұрын
thanks for a really good video
@WunderTechTutorials 10 күн бұрын
Thank you very much!
@ryanbuster4626 4 күн бұрын
@wundertech wouldn't it just be easier to call LAN local traffic - WAN facing traffic? Its destined for WAN? Or am I missing something? Not too familiar with Unifi.
@WunderTechTutorials 3 күн бұрын
Not exactly. It's traffic that originates from a LAN device, trying to get to something running on the UniFi firewall. Like a DNS server, or VPN server, etc
@ryanbuster4626 3 күн бұрын
@@WunderTechTutorials Ahh gotcha
@MacGyver0 10 күн бұрын
I like to add a rule to drop all lan-lan communication and add specific allow rules above.
@homenlok 3 күн бұрын
Funny enough, after I clicked the box to isolate a vlan, it blocks traffic from both directions.
@WunderTechTutorials 2 күн бұрын
That's very strange. Any other firewall rules added?
@homenlok 2 күн бұрын
@@WunderTechTutorials nope, just the one block traffic from iot to other networks. I had to put an any established and related above in order to connect to my nas, which is in iot network.
@PhElias 10 күн бұрын
its missing IPv6 :(
@WunderTechTutorials 10 күн бұрын
Same principals apply, just different IPs!
@ArturFronczekPL 9 күн бұрын
IPv6 was future, is future and will be future ;-)
@ArturFronczekPL 10 күн бұрын
Why you're saying "Unifi doesnt block by default"? How about rule "Block all other traffic"? Rule 20001 seems to be redundant to rule with ID "Final rule for this type"...
@WunderTechTutorials 10 күн бұрын
With a default setup, all traffic is allowed and must be narrowed down (blocked).
@ArturFronczekPL 10 күн бұрын
@@WunderTechTutorials Rule 6 from top in 19:00 of video: "Block All Other Traffic"... Drop | Internet In | from Any/Any | to Any/Any. Or you refer "all traffic" to "LAN only" traffic? Or am I missing something?
@WunderTechTutorials 10 күн бұрын
Sorry, I thought you meant on the LAN. For the Internet (Internet in), all traffic is blocked by default and allowed in through port forwarding.
Family Games Media
Рет қаралды 69 МЛН
Marusya Outdoors
Рет қаралды 112 МЛН
Mactelecom Networks
Рет қаралды 14 М.
Crosstalk Solutions
Рет қаралды 17 М.
KTZ Systems
Рет қаралды 94 М.