Don't Get Hacked! 10 Essential UniFi Security Settings You Need to Change!

Рет қаралды 19,028

InsideWire

Күн бұрын

Пікірлер: 22

@InsideWire 3 ай бұрын

What other settings would you configure on your Ubiquiti set up?

@1stGruhn 19 күн бұрын

I typically write firewall rules to prevent SSH or just general login access to the Unifi gateway from all vlans that don't need it. I make sure trunk ports have only the vlan access they need (Unifi defaults to all ports be full trunks - thus if you know the vlan and are able to set the tagging up on your device, you could gain access to any vlan via any port). I also tend to disable inter-vlan communication in general. Though, I typically enable inter-vlan communication that originates from the primary network only.

@robj5780 17 күн бұрын

I have a guest and IoT network. I would love to access the IoT devices from the main network but it currently doesn't allow it and I am not sure how to configure that. The network rules seem backwards to me (I will get used to it at some point 😀 )

@Crazy--Clown 2 ай бұрын

Good vids dude

@InsideWire 2 ай бұрын

Appreciate it

@norcobf 3 ай бұрын

Can 2 separate guest networks within one Unifi network be created? I have a new need to do this and I don't want to cause myself problems in the future.

@0wnage718 3 ай бұрын

I created a fw rule to stop http access to the udm pro on the iot/guest/camera networks just to be safe

@InsideWire 3 ай бұрын

from the network to the gateway?

@0wnage718 3 ай бұрын

Yes that’s correct

@vikylin 3 ай бұрын

Keep up the awesome work! 👏

@InsideWire 3 ай бұрын

Thank you! Will do!

@aklem001 3 ай бұрын

Great video

@Polkster13 27 күн бұрын

I just do an "Established and Related" rule for all networks, which includes my IoT network. I do not do this rule for each and every network. Cuts down on the number of rules I have.

@no1warr1or 3 ай бұрын

Would the "isolate network" tick box under your IOT network essentially do the same thing? Wondering why you wouldn't use that over manually creating a firewall rule

@InsideWire 3 ай бұрын

It depends on whether you are going to be using the guest portal, hope to do a video on it soon.

@MrSunDevil23 3 ай бұрын

It would. That is how I isolate my IoT network without having firewall rules for that specific network. As all of my IoT devices talk directly to the internet and I have to use apps on my phone or tablet, there is no reason for any of my other networks to have to speak directly to the IoT network.

@no1warr1or 3 ай бұрын

@@MrSunDevil23 that's what I thought. I have one of my VLANs configured this way and it seemed to work.

@danmaier2077 3 ай бұрын

Thanks for your video, very helpful! I have a Denon Reciver and the AirPlay doesn't work anymore! I did a network reset on the Denon and then AirPlay worked again. After two days it doesn't work anymore! Can there be a setting somewhere in the UNIFI that I have to turn off or activate??? Greetings from Austria 🇦🇹

@1stGruhn 19 күн бұрын

according to Denon's support page their system uses the following ports: 3813, 443, 80, 8080, 5020 If you've made any firewall rules that permit only 443 or 80 (HTTPS or HTTP respectively) then you'll need to permit the other ports potentially. This would be for outbound traffic, don't port forward those ports to the Denon device. As for airplay, some have found success enabling 'Multicast Enhancement' on the WiFi SSID their Denon is attached to. And make sure your iOS device is on the same SSID. Also make sure isolation or Guest is NOT on as that would prevent device to device communication. Other things people have found that helped: disabling multicast and broadcast filtering. Denon also recommends enabling UPNP with some routers but not all (some it says specifically to disable it), so you might try that but recognize that UPNP is a vulnerability.

@danmaier2077 19 күн бұрын

@ it’s working now! It was the UNFI , one setting in the UNFI Controller! Thanks 🙏

@1stGruhn 18 күн бұрын

@@danmaier2077 Glad to hear you got it working!