100% agree

I was going to show it in this video but feel I would have rushed through it, so separate video will be coming soon

Looking forward to seeing it

It’s simple, just be in the frame of mind of “from Zone A to zone B”. You put interfaces in different zones, and any in the same zone is the “same security level” which generally is a “allow all from Zone A to Zone A” You create rules just allowing or denying traffic sourced from a zone and destined to another zone. That’s it

100% I have basic network with iot, wifi ,lan ,camera vlans

THIS :)

That would be really useful to see how it would apply to a real-world network

YES! I don't really feel like clicking a button and just seeing what it does to my network... Making sure everything is still the way I want it seems like a major task that I'm not looking forward to. I'm not interested in a breaking change, Ubiquiti!

@@Timi7007 You don't need to worry about that. The logic will be kept even after you click that upgrade. It's just that I feel the rules after the migration are a bit all over the place and can be simplified in the new zones logic, but the existing setup won't be affected. At least mine wasn't ;)

Amazing have fun with it!

I understand why they want to add services, what I do not like is it being forced to me and replacing an existing working feature, also if my udm is “license-free” i do not want annoying trial pop-ups…

Wasnt this provided by the Traffic rules already?

Probably but later on in the year

Bro we need it now!​@@MactelecomNetworks

With the full setup I'd like to see it done with something like a Pro Max 24 PoE . . . Does the Zone Based Firewall make dealing with ACL rules in the switch easier or is it that nothing changes there (ie: if data doesn't transition VLAN's then the firewall rules never come into play)?

Thats strange, on my UCG Ultra and UDM SE both options are available. Interesting thing on the UniFi EFG the Proofpoint protection costs 449€/y and has 95k+ signatures Also BR from Austria

@@Zaim-S Maybe because you told your system to update with OS release candidates too? So your console already has 4.1.9?

You have to update your gatewayt to version 4.1 or greater. Currently, that version isn't released for any non-cloud gateways. Right now, it's only on EFG, UCG-Max&Ultra and the Dream-series devices

@ OKAY, thank you! I have the UCG Ultra!

@@u1f98a Where can I find the official version 4.1 for UCG MAX? Sorry for the request, but I have recently got this device. Thanks

Thanks for the feed back

There is no UI hardware yet that can support up to 1000 S2S tunnel at the same time. And I‘m pretty sure with an 18ARM, 16GB EFG you can not even handle 500 stable S2S tunnel.

Correct and that's fine we film here all the time and will have a case study about it soon :)

This is very normal. Pfsense and most other firewalls have this aswell

@djvincon Its more of the reality these companies can not sustain themselves on just equipment sales. Sooner or later, they'll have to push for more subscription based services just to maintain income growth

Going to see them In the summer with SOAD. 😁 also have the TOD10

@@MactelecomNetworks Heck ya!

Not sure I don’t use Sophos

Oh yeah, I would definitely like a more in-depth video about the zone based firewall. Blocking gateways and RFC1918 etc..

That’ll probably come out next week. Already have other videos waiting to be released :)

Thanks for the super sticker much appreciated:)

Try changing your channel width to 80MHz on the 5GHz band on both AP’s if you haven’t already! I believe it’s the default for new setups now in 9.0 and is long overdue.

yes

That I’m not sure of

Looks like I can activate it from Site Manager but I'm still curious why I'm not being considered as "owner" if I'm logged in with the user designated as the owner. Any tips would be highly appreciated 🙏🙏

@@51av0sh Look on your dashboard in the bottom left, that is where I have the option to activate CyberSecure

You need a FW update on the UXG Max (UniFi Gateway 4.1.3) that is not out yet.

Gotta wait for UniFi OS 4.1.9 to be released to the official channel first

@@MikeBraedel I see it now... Zone-Based Firewall settings "Requires UniFi (Cloud) Gateway firmware version 4.1 or newer." and CyberSecure by ProofPoint "Requires UniFi Cloud Gateway 4.1.8/UniFi Gateway 4.1.3 and newer.". Oh well...

UniFi OS 4.1.13 is already out as official, so just wait a little bit,

@@filipkudlac237 same here

make sure your gateway is up to date, but the update hasn't rolled out to all gateway models just yet

Yup this was a pro max

I would think of those as funny numbers that dont matter. If they keep up to date everyday is the most important I would say.

my firewall has 100,001 signatures for free. they might all be checking for compliance with RFC 3514, but still, bigger number better right?

So you don’t need cyber secure this is an add on for people who want more threat signatures.

@nrocobc581 - I am with you there. Unifi APs have been my go to for years now because of the subscription costs of the big brands. I primarily install Sonicwalls and Fortigates for most of my clients who have Servers/Data sitting behind the firewall (with security subscriptions); but lately we have been rolling out UDMs for clients that are purely cloud based and just have data living in the cloud; so Unifi Firewalls have been a good alternative for them. This new introduction to subscription based security leads me to believe in order to play with the big boy space with Sonicwall/Fortinet/Meraki, they need to give the option to MSPs to provide the enhanced security features offered by the other brands. think "Gartner Magic Quadrant"; as it were. the financial decision makers are more technical these days and they want assurance, this "New Kid on the Block" (Ubiquiti) can play ball with the established brands.

@@MactelecomNetworksyou’re sponsored by them aren’t you? I get the conflict of interest but realistically this is a slow but steady descent into them testing the waters for charging for other things. If you’re denying that….I think you might be denying reality

Seems they’re just like other businesses who have investors that want to milk and dime their customers. Shocker. At least hopefully we can stop seeing those absolutely stupid Jack Quaid ads now 😂

@@TechTails I’m not sponsored by Ubiquiti. I have an affiliate link yes but that doesn’t mean sponsor. Also the affiliate link doesn’t work towards cyber secure. The ids/ips system is exactly the same as it’s been for years before this launch today and that won’t change you still get roughly 20,000 signatures

We’re both right. EA was 2024 GA 2025 :)

No lol what do I gain from it