NEW to UNIFI VLANs?? START HERE!!!
Рет қаралды 57,103
Күн бұрынVLANs VLANs VLANs. Adding a basic VLAN and Firewall configuration in your UDM Pro or UDM Pro SE is a great way to secure your network. In this video, I show you how to create VLANs, Associate them to your Wi-Fi Networks and how to add a basic Firewall configuration so your network is more secure. I also show you how to create a Wi-Fi network using Unifi's new Private Pre-Shared Keys, although this setup will work if you prefer to use multipe SSIDs.
Don't forget to like the video, subscribe to our channel, and hit the notification bell, so you never miss any future content. Thanks for tuning in, and let's get started!
Chapters:
0:00 Intro to VLANs Video
1:31 Topics Covered in Video
5:06 Network Diagram
7:07 Firewall Rules List
9:20 Pre VLAN Setup
11:48 Create New VLANs
15:30 Create Wi-Fi Network w/Preshared Key
17:23 Turn off Guest Portal Landing Page
19:32 Pre-VLAN Testing
22:21 Creating Firewall Rules
----------------------------------------------------------------------------------------------------------------------------------------------------------
Want personalized consulting on your build? Go to www.ethernetblueprint.com/con... and let me personally help you with your planning.
For more information about my courses and self-help options, head over to: www.ethernetblueprint.com.
Learn how to properly plan your home network!
- FREE PLANNING GUIDE: www.ethernetblueprint.com/fre...
- ($27) MORE INDEPTH PLANNING GUIDE: www.ethernetblueprint.com/3fd...
- ($47) WI-FI HEAT MAPPING COURSE: www.ethernetblueprint.com/3d1...
- ($97) FULL PLANNING COURSE: www.ethernetblueprint.com/750... (includes full planning guide and the Wi-Fi Course)
@markhokanson2401 4 ай бұрын
There are a lot of version of this walkthrough out there on KZbin, but (for me at least) this is the only one that took the appropriate time and amount of hand-holding that I need to not just implement the FW rules, but also to help me understand the WHY. That is huge! Thanks a ton!
@ethernetblueprint 4 ай бұрын
Thanks for watching. I'm so glad it helped you out.
@mzkx67 4 ай бұрын
I am new to the Unifi dream router and loving the custom settings. I agree this is an excellent video that explains the settings very well.
@shyamkasundra675 5 ай бұрын
I am finally considering a Unifi setup now that their OS is more well-baked, and you had the most recent Unifi OS VLAN video, so I decided to stop by and see how things have improved over the last few years. However, I must say that this video is probably one for the best for anyone new to VLANs in general, not just VLANs on Unifi. You, sir, are the only one that “teaches one how to fish instead of just giving one a fish” by explaining the logic behind firewall rules, thus giving one the ability to not just copy your foundational firewall rules (which were spot on as the bare minimum starting point), but also gain the confidence to start coming up with their own firewall rules unique to their situation. Looking forward to joining you on this journey to learn from each other!
@ethernetblueprint 5 ай бұрын
Wow. Thanks so much. I am very heppy to hear that it helped you!
@BopperNoStopper 3 ай бұрын
I agree, this was extremely clear with no fluff@@ethernetblueprint
@jasoncherry2508 11 күн бұрын
I had no idea about the "new" Wifi Pre-shared Key assignments to different networks, that's cool. Thank you for explaining and showing that.
@ethernetblueprint 8 күн бұрын
Its my pleasure...
@genxl86 4 ай бұрын
Finally one of those vlan guide that I can follow and understand easily. VLANS are not that scary after all. Cheers man!
@ethernetblueprint 4 ай бұрын
Thanks for the comment. I am super happy to hear that it helped.
@SS-kg6ns 5 ай бұрын
Probably the only video with the new interface. Thanks for creating and being very detailed with background info for noobz.
@ethernetblueprint 5 ай бұрын
I'm so glad it helped you out!!!
@chrismhaase 2 ай бұрын
Thanks! Great tutorial. I set it up and it works perfectly. A dual screen setup to watch the video and work on the other is the way to do it!!!
@ethernetblueprint 2 ай бұрын
I’m happy to hear it got you set up. Thanks for the super tip.
@juhatalimaki6664 3 ай бұрын
I am a Unifi virgin. I have watched many videos to try to understan the world of Unifi, this video is gold! You explain it well. Thank you!
@ethernetblueprint 3 ай бұрын
Thanks. Hope you subscribed. Next week I’m going to cover the switching aspect of VLANs.
@ayalgersh2005 4 ай бұрын
This is AWESOME !! I just got my UDM SE and bunch more Unifi equipment and was looking for a video just like yours. Helped lots !! Thank you.
@ethernetblueprint 4 ай бұрын
Awesome man. Thanks so much. I have more UDM videos coming soon. Is there anything you’d like to see?
@photosbykehinde 4 ай бұрын
Thank you for this walkthrough. I've struggled trying to configure the UDMP and you made it simple and straightforward.
@ethernetblueprint 4 ай бұрын
Glad it helped!
@user-si8br5bc2l 5 ай бұрын
Perfect tutorial! Not that I can only get what you set up but I got some understanding so I can adapt to my own rules using your video. Keep up the good work!
@ethernetblueprint 5 ай бұрын
Awesome! I wish you well!
@santiagodelbono1 4 ай бұрын
Wow, huge work here!, honestly the best vlan class on KZbin. Congrats and thank you
@ethernetblueprint 4 ай бұрын
Wow, thank you for your kind words. Glad it helped.
@drewpecka 3 ай бұрын
Top notch. Thank you!
@ethernetblueprint 3 ай бұрын
Holy crap. Thank you so much. That is overly kind of you. So glad it helped.
@sptexas58 4 ай бұрын
Glad you are using the new UI. Aside from that, what a great job of providing the list of items to change, their order and a great explanation as to why. I've watched other videos that assume way to much of the audience.
@ethernetblueprint 4 ай бұрын
I'm glad it helped you. Unifi has been busy changing the UI. I think it has changed again a little since I did this video...
@EuroPC4711 3 ай бұрын
Thank you! You’re the first, explaining vlans so that I understand it.
@ethernetblueprint 3 ай бұрын
Glad it was helpful! Truly!
@lee_brooks 4 ай бұрын
This is an awesome video and great that is has the new interface included - thank you so much for taking the time to create it, I've watched loads of others and it just wasn't as clear as this. I've now setup the basics of my DM Pro and all is working well. I hadn't seen anything on the pre-shared keys so have set that up as well, seems much better to me to just have the one SSID and the password dictates which VLAN - have subscribed so please keep stuff coming : )
@ethernetblueprint 4 ай бұрын
I love hearing this!! So glad it helped!
@danielmontanez7029 5 ай бұрын
Amazing tutorial! Thank you!
@ethernetblueprint 5 ай бұрын
Glad it was helpful! Thanks!
@Ducksnuget 4 ай бұрын
Thank you for this video. It was so much clearer and personable than others. You say you're not a teacher, but I'm not convinced.
@ethernetblueprint 4 ай бұрын
Thats very kind of you.
@CarlGolden 4 ай бұрын
I am finally getting fiber. Getting a new home network setup. Going to a dream machine. Love the idea of just one said for multiple v Lans. Goimg to save me a lot of time setting up. Thanks for the walk through.
@ethernetblueprint 4 ай бұрын
Happy to do it. Is there anything else you'd like to see a video on that could help you out?
@mattschoular8844 5 ай бұрын
Thanks, that's a great tutorial. I am in the process of setting up my UDM Pro. VLANs and Firewall are next...
@ethernetblueprint 5 ай бұрын
Awesome... best of luck to you!
@michaelvpham Ай бұрын
You're a good instructor! You saved me tons of headaches and time. Very much appreciate what you're doing.
@ethernetblueprint Ай бұрын
Wow. Thank you very much. I’m so pleased that it helped you out. Sincerely.
@keifer39 18 күн бұрын
You easily earned a sub for this. I'm very new to unifi gateways after using pfsense for years and firewalla for a few months this was just what I needed after getting my UDM Pro SE up and running yesterday. I had my pfsense dialed in for years, but I wanted to get a more user-friendly network solution for my home just in case something happens to me. This tutorial is solid and I'll be employing much of this ruleset to my network to start as my basic setup is very similar to your example. Great job and Thanks!
@ethernetblueprint 16 күн бұрын
Wow. Thank you very much. I am very pleased to hear that it helped you! Thanks for the sub!
@patrickbaune5377 4 ай бұрын
This is brilliant. Easy to follow and understand. Thanks
@ethernetblueprint 4 ай бұрын
Thank you. So happy it helped!
@grosboute Ай бұрын
This is exactly what i was looking for! I applied your IOT logic to a Vland for crypto mining. This way i don't compromise my default network with some shady new crypto mining software and wallets. 😂😁 Thanks you!
@ethernetblueprint Ай бұрын
That’s awesome. I hope the mining is going well.
@derekteetv 3 ай бұрын
Yessir, you explained it well. It's easier to understand the more advanced parts once a baseline has been understood and configured. Just what I needed as there are more and more IOTs and guests in my house these days.
@ethernetblueprint 3 ай бұрын
Awesome. My next video will be on the switching portion of VLANs so I hope to see you back!
@bigeyesbeats1838 4 ай бұрын
thank you for this structred yet simple to understand and setup tutorial, appreciate it and now its time to check your other videos 😉
@ethernetblueprint 4 ай бұрын
I am really glad it was helpful to you. Anything else you'd like to see a video on that could help you out?
@davidjohns4556 9 күн бұрын
Great video, Tim. Thank you so much!
@ethernetblueprint 8 күн бұрын
Glad you liked it!
@deesr.4335 2 ай бұрын
Thanks you! This was so very helpful to assisting me in my basic setup. Great!
@ethernetblueprint 2 ай бұрын
Glad it helped!
@TimPaddy 2 ай бұрын
Great great video. You are a terrific teacher.
@ethernetblueprint 2 ай бұрын
Wow, thank you!
@parexcellence8222 24 күн бұрын
Many videos in KZbin this is the only video that explained firewalls rules in UniFi that I can understand. Thank you for the video.
@ethernetblueprint 23 күн бұрын
Thanks so much. Happy it helped.
@thomasovendale1437 3 ай бұрын
Beautiful explanation! Thank you 🙏
@ethernetblueprint 3 ай бұрын
Glad it was helpful! Sincerely
@packawackajoe5271 2 ай бұрын
Just setup my home network using this video ! Thank you so much of the help ! Would love to know now how to improve WIFI and get the best experience
@ethernetblueprint 2 ай бұрын
Glad it helped! You are welcome!
@trajanparker 14 күн бұрын
Outstanding! Thank you!
@ethernetblueprint 13 күн бұрын
You're very welcome!
@erichubbard7754 5 ай бұрын
Great job of teaching/explaining vlans, watched another video that didn't explain much and hurried through everything Didn't work and certainly didn't learn anything about what I was doing from other videos Thank you for teaching subbed & liked!
@ethernetblueprint 5 ай бұрын
I appreciate the feedback. Glad it was helpful!
@johnringo2884 4 ай бұрын
This is the best tutorial I have seen describing the UniFi setup I was looking for. Thanks a lot for this easy to use tutorial 👍 You got a new subscriber. Can’t wait for more of this stuff!!
@ethernetblueprint 4 ай бұрын
Super nice of you to say. Thank you. Is there anything you'd like to see a video on?
@johnringo2884 4 ай бұрын
@@ethernetblueprint An extension/tutorial on how to setup a VLAN for UniFi cameras together with firewall rules would be very interesting to watch 👍
@johnringo2884 4 ай бұрын
@@ethernetblueprint Perhaps also implementing a Synology NAS into this setup. Not sure if that needs to be on its own VLAN and how the firewall rules would look like if it needs to reachable from the outside. I guess the safest setup would be to use some sort of VPN solution to be able to safely reach the NAS from the internet. But is there a way to set it up in a safe way without VPN?
@aroundtheshop 2 ай бұрын
Great Video..... Will use a bunch of this when my Gear arrives
@ethernetblueprint 2 ай бұрын
That’s great to hear.
@nispen 4 ай бұрын
Thanks. Tons of info, really useful
@ethernetblueprint 4 ай бұрын
Awesome... I'm super happy that I could help in any way!
@paulandrews6701 3 ай бұрын
Great content. Made it easy for me to understand VLANS
@ethernetblueprint 3 ай бұрын
I am glad it helped you out!
@jrabbott34 5 ай бұрын
Yeah, super handy on the guest landing page. I appreciate the re-accepting of the Guest EULA after a period of time for a business. So you don't saturate the DHCP range. But for home use I very much like disabling so users at my house don't have to re-accept to "logon".
@ethernetblueprint 5 ай бұрын
That is a good point about the reauthentication for your guests!
@HiAcerrr 4 ай бұрын
VERY helpful - thank you!!!
@ethernetblueprint 4 ай бұрын
Glad it was helpful! Thank you for the comment.
@TomWhi 3 ай бұрын
As a seasoned firewall admin I thought I knew what I was doing as I started throwing random firewall rules into my new UDM, and it wasn’t working! This makes loads of sense and I’m excited to try it… Also these states look like iptable states, so that’ll be the next thing I start researching! Thanks for the great breakdown 🎉
@ethernetblueprint 3 ай бұрын
I hope it is helpful to you. Thanks for sharing!
@TommieRC 5 ай бұрын
Great tutorial, thanks! I love all the details! I just followed your previous tutorial to setup my vLan protections on my UDM SE, your earlier tutorial was super helpful!! I think you were on 7.x in that tutorial. Glad to see this updated tutorial, on 8.0.26! I saw you had a Guest firewall rule for "Allow DNS Packets to External Name Servers". It would be great to see a tutorial on this topic. I am looking to block all DNS (Port 53) queries out (on my various vLans), unless they come from my DNS (PiHole or other DNS like ControlD or NextDNS) server, if someone on my network tries to change their DNS, my goal is that they will not connect to another DNS server and their Name Resolution will fail. It would be good to see options, but wanted to share an idea (I'm sure you have considered this topic too! Great Job! Thanks!
@ethernetblueprint 5 ай бұрын
You will most likely have to do that with Firewall rules on a standard VLAN and not by clicking the guest portal policy checkbox... The guest rules in this video were automatically generated by the system and can't be updated... I am confident you could create a VLAN like I did the IOT network in this video and then add rules to control the DNS servers...
@Mouratidis 18 күн бұрын
Congratulations!Great tutorial and learling point
@ethernetblueprint 18 күн бұрын
Glad it helped.
@jonathanmartin2360 4 ай бұрын
Thanks for the help!!
@ethernetblueprint 3 ай бұрын
Happy to help! Sincerely.
@markyoung4165 4 ай бұрын
excellent video. thank you!!!!
@ethernetblueprint 4 ай бұрын
I enjoyed making it! Glad it helped!
@hanvandewal917 4 ай бұрын
Hi Tim, excellent step-by-step tutorial, followed you along in setting it up. Thank you, concise and also sufficient details. One small thing you already mentioned: Unibuiti changes things and I am running version 8.0.28 In this version there is no upper tab / bookmark line anymore with items like LAN-IN, LAN-Out etc. Greetings from Amsterdam.
@ethernetblueprint 4 ай бұрын
Maybe I am looking in the wrong place from where you are talking about?? I don't see any changes in 8.0.28 from what I showed on the video. Can you help me find what is missing now?
@commonwealth6 8 күн бұрын
Thanks. I learn something new today.
@ethernetblueprint 6 күн бұрын
Glad to hear it!
@iqaznili 2 ай бұрын
Thank you for the guide!
@ethernetblueprint 2 ай бұрын
You are quite welcome. I hope it helped!
@iqaznili 2 ай бұрын
@ethernetblueprint Oh did it. I used it to setup my UDM Pro a week ago. :)
@SurfThomasVD 4 ай бұрын
Thank you for the help💪
@ethernetblueprint 4 ай бұрын
Happy to help!
@subukai Ай бұрын
Very helpful. Thank you.
@ethernetblueprint Ай бұрын
Glad it was helpful! Cheers.
@EmiNetworks 4 ай бұрын
Good job 👍. Everything you showed is very simple, but it may be useful for beginners.
@ethernetblueprint 4 ай бұрын
Thanks so much!
@greghansen7616 3 ай бұрын
It might be simple to you… I’m a UniFi newbie and brand new to VLANs and configuring firewall rules. Thank you, Tim, for opening the door for me!
@swisspeedy 3 ай бұрын
Thanks Buddy!
@ethernetblueprint 3 ай бұрын
Wow. I can’t thank you enough. That is super kind of you.
@davidweiner3365 3 ай бұрын
Outstanding Video..... I have a USG and 3 access points, and want to keep Guests, IOT, and my default all separate, so your video hit a sweet spot for me. I've very concerned about getting hacked thru IOT (like Wyze) and this helped to show how to block the IOT to the gateways. I'll probably have to watch it a few more times to get it right, but thank you.
@ethernetblueprint 3 ай бұрын
You are quite welcome. I am happy that it helped!
@sviviano1066 4 ай бұрын
Love your video I would love to see you corporate a cameras into that that’s gonna be figured in my mind and I’m really new at this so you did it really well love love to see it. Nice job.
@ethernetblueprint 4 ай бұрын
In my home, I do have my cameras on their own VLAN and isolated from the other VLANS.
@debashishchoudhuri1023 Ай бұрын
amazing content one so far
@ethernetblueprint Ай бұрын
Thanks for watching.
@texican3574 5 ай бұрын
Really useful tutorial. I'm new to Unifi and I'm sure I'll be configuring, resetting and reconfiguring things for awhile. I am updating my little home network mainly because my WAP is EoL and hasn't had an update in 2 years. I have been using an ERL for several years, which is a great little router, but I am using the WAP as an excuse to build an easier to manage network . I guess it's like Apple once you get into the Unifi ecosystem you're better off staying there. I bought an UDR and Lite 16 port switch to replace my existing switch, AP and router. I have the UDR and switch kinda hanging off my current setup so I can practice with it and not worry about getting my "users" upset. I plan on eventually adding APs to connect a shop and would be interested in ways to connect between buildings. The VLAN stuff is very timely. I have stayed away from IoT devices because of security concerns. I'm hoping to get a good understanding how to control and secure things both internal and external. What I would like to see is a tutorial on best practices for setting up and securing the Ubiquiti VPN. I also would like to add a NAS to do my own cloud storage as well as local file, media and backup. Thinking about why, where and how to put a NAS on the network while being able to restrict access based on who and where the access is coming from all turns into a confusing mess quick. Keep up the tutorials. I'm looking forward learning more. 👍
@ethernetblueprint 5 ай бұрын
Thank you for tuning in. I think you will like the Unifi echosystem once you get used to it. But don't get me wrong, it definately has its painful moments. I haven't gone too deep into the VPN realm yet, but full intend on doing some videos on that. I know it is a hot topic. Unifi has been making some changes in that area as well. As far as a NAS goes, it really depends on what needs the most access. For me, my default network uses the NAS the most, so that is where I put it. I don't really have a need in my home to have any external devices talk to it so it works well for me there. But that is me. Hope your new direction goes well!
@ethernetblueprint 5 ай бұрын
Also, as far as connecting to your shop, check out my Nanobeam point to point video. I plan on doing an update to that since that was made specifically for my brother in law, but that may push you in the right direction. Look at the Nanobeam 5AC from Ubiquiti for creating a wireless bridge to your outbuilding. They work awesome...
@ianrobson9612 2 ай бұрын
Thanks Great Video. I had had trouble finding some of the settings and this helped immensley. I followed your instructions and thought i had a problem as i refreshed the gateway page and could still get to it then a light bulb went off. As i had an established connection it remained. Closed the connection and went again and no access. Thought i would mention it in case others thought the same thing. Thanks again
@ethernetblueprint 2 ай бұрын
Thank you for commenting and helping my followers!
@brianbuell975 2 ай бұрын
Really great stuff. Love that you used the latest version. FYI - WiFi Private Pre-Shared Key is not supported on 6 Ghz WiFi
@ethernetblueprint 2 ай бұрын
Thanks so much. And that’s good to know about the pre-shared key and 6Ghz. I wasn’t aware of that.
@buzzzz1252 5 ай бұрын
Great tutorial! I have recently setup two additional VLANs (Family and IOT). I did this because I liked your "kids" network in your prior video. I have not set any rules yet, just been busy getting devices on the correct VLAN/Wifi. Will be playing with firewall rules soon. My question is... The first thing that came to mind when you were creating rules, especially the port rules, was what are the chances that one mistake could potentially lock you out of the gateway from ALL networks. It just made me think I should be VERY careful!
@ethernetblueprint 5 ай бұрын
It is possible however there are fail safes in place that warn you about it. If you look through the comments here, I talke about that with another viewer because he got a warning on his and it wouldnt allow him to set that rule. However, just know that is possible. Be Careful.
@Montymc1 Ай бұрын
Thanks!
@ethernetblueprint Ай бұрын
THANK YOU!!! I appreciate your generousity!
@brianhampton9138 5 ай бұрын
You don't understand how helpful this has been!! No-one else that I watch has broken what rules to make down so well. I wanted to ask what if I need devices on my IOT to talk to each other? I have a lot of devices that would need inter-vlan communication. Would I just not do the drop all private ip addresses traffic or some other allow rule? Thanks
@ethernetblueprint 5 ай бұрын
I am so pleased to hear that my video helped you out. I can't thank you enough for that. As for your questions, just to be clear, the firewall rules only apply when one VLAN is talking to another one. This is called Inter-VLAN communication. If IOT devices are talking to each other, they would most likely be in the same IOT VLAN and would not be affected by the firewall rules. Unless I am not understanding what you are asking here...
@brianhampton9138 5 ай бұрын
Well I don't know if I'm asking it right myself...I just assume that when you enter the firewall rule to Block all private IPs for the Iot vlan that that would prevent anything on the IOT from talking to anything but the internet including other Iot devices on the same vlan@@ethernetblueprint
@AC-sc1pc 5 ай бұрын
Really good walkthrough!!! Suggest doing a VPN network walkthrough.
@ethernetblueprint 5 ай бұрын
Copy that. I will have to do a video on that...
@RyanJones989 5 ай бұрын
Hey Tim! Just found your channel, I have a bunch of UniFi gear and have been running it for years, but you have taught me quite a bit and this video right here has helped me figure a bunch of stuff out! As a thanks, I noticed that your audio is being done from a laptop/phone mic, which works, but, I have a set of lavaliers that I would love to send you as a thanks. But I couldn't DM you, Drop me a line back and I'll find a way to get them to you! Thank you for the great information!
@ethernetblueprint 5 ай бұрын
Wow... Thanks... I actually use my earbuds, but I wouldn't mind trying out yours... email me at tim@ethernetblueprint.com if you like...
@ninjmnky 5 ай бұрын
Great guide, from zero to hero with everything needed, just one comment - please consider using dark mode ui when recording these, cheers!
@ethernetblueprint 5 ай бұрын
Good tip... I will have to do that.
@chrisccs2112 12 күн бұрын
One of the best, if not, the best unifi firewall tutorial on youtube. You explain it so well!! Question for you: I didn't need to block the ssh,http,https ports on my vlan gateways, i just blocked the gateway ips. Did you block the ports just for that extra security? Thanks!
@ethernetblueprint 11 күн бұрын
Thanks for the watch and compliment. The local rules are there just to block assess to the gateway when on the restricted VLANs. If the rule you created does the same thing, then you don't need them. I would double check though that you can't access the gateway from your restricted VLANs. I have never just blocked the gateway as I don't know what that will do.... But I have had so many people ask me that I think I am going to test it and see what happens. Thanks again for the comment!
@chrisccs2112 11 күн бұрын
@@ethernetblueprint Thanks for the quick reply. So I blocked the IOT vlan from accessing the IOT gateway by just blocking the IOT gateway IP. I never blocked the ports. It works perfectly. Should I block the ports as extra security?
@ethernetblueprint 8 күн бұрын
If you can't access the device via its local IP address, then I would say problem solved...
@rlainez 5 ай бұрын
Tim, this was helpful to understand the importance of VLAN’s. I really want to do something similar but your comment about Sonos makes me not want to proceed. I am not qualified to troubleshoot any networking and I would just end up resetting everything back to default!
@ethernetblueprint 5 ай бұрын
Sonos will work great if you put it in your default network with your phones... Typically that is what I recommend even though it is less secure.
@davidbacon4963 Ай бұрын
Thank you! This is the bomb-diddly!!!! I have attempted this in 3 prior efforts with compromised results. After testing, I am now convinced that my IoT is configured as I had hoped. Not being a Net Admin type, the explanations were matched nicely with the recipes. A fantastic balance! An excellent time investment. Thank you again!! One small suggestion that would have completed my setup .... the recipe to expose the printer on the default vlan to those connected to the Guest vlan. BUT, I have enough knowledge now (from the camera examples?) to try to pull that off. Did I learn to fish??? ;-)
@davidbacon4963 Ай бұрын
Rel 8.1.127 Tried configuring the printer. Let it be used from the Guest vlan. Created the rule. It can't be moved above the "Drop All Private IP Communication" rule, as you stressed. LAN Local, Accept, Source = Guest, Destination = Default, IPv4 for both, Match state = New, Established Connect an iPad to Guest. Apps don't find a printer. Thoughts? Suggestions?
@ethernetblueprint Ай бұрын
Printing depends on a couple factors, but there are a couple of things you can try... However, I will warn you that not all printers play well with VLANs though... 1) make sure mDNS is enabled and is allowing the VLANs that need to talk to each other. Some printers use this to communicate with their devices 2) I would edit your rule and try the following... put the printer IP in an IP group by itself... then try the rule 'LAN Local, Accept, Source =Guest, Destination Port/IP Group and choose your printer... don't add the new, established... just leave that out... Also make sure that your new printer rule is above the 'Drop all private IP' rules that you created earlier... They run in order and you don't want that the traffic blocked before it hits your rule.
@TorbjornOrnstig 15 күн бұрын
Thanks so much for a great video. I have tried for a while but now I finally have got my VLANs to work. I even used my knowledge from the video to figure out how to get all my Denon/HEOS stuff to work on the IoT! Much obliged! Just two small question if you don’t mind though. Should I not block access to the gateway from the guest network? I have tried to understand the rules ubiquity has given me but I don’t seem to find that? Next a more general question. In the firewall rules from ubiquity there are 4 “accept” at the end. What good are they if no “drop” after them? Maybe I have misunderstood something?
@ethernetblueprint 13 күн бұрын
I would make sure you block access to the gateway from your guest network.. (either with your own rules or the built in ones) If you hit the guest checkbox for that VLAN and let it do it for you, I believe it will block access to the gateway for you without you putting in any FW rules. It isolates that network and only allows guest to get the internet. Hope that helps!
@adampozek 4 ай бұрын
I just discovered your channel and have been watching all your UniFi related videos. This is one of your best! Thank you for taking the time to make all of them. Possibly stupid question...do these firewall rules with respect to the IoT network interfere with my ability to control those devices remotely from my smartphone? I know that the default network can communicate with the IoT network, but my phone would not be on the default network if I am away. So for example, would I be able to use Apple Home to remotely lock my front door while I am on vacation, or adjust the thermostat, etc.? Or would the firewall rules prevent that?
@ethernetblueprint 4 ай бұрын
Glad I’ve been able to help. To answer your question about HomeKit, yes you can still control things when you’re away from home even if the devices are on the IOT network. I don’t have a ton of experience with this yet, but I’m in the process of setting up Home Assistant with Apple HomeKit and will have to do more testing. So far I have Phillips Hue lights hub on my IOT network running in HomeKit and it works great remotely using these exact firewall rules. More to come though.
@clnred Ай бұрын
Thanks
@ethernetblueprint Ай бұрын
Wow. Thank you. Very kind of you.
@freelance-darkspear1495 2 ай бұрын
Nice walk through. Still following it and slowly setting things up but it is helping a lot. My only so far is I have the Cloud Gateway Ultra and in it the options are Guest Network and Isolate Network compared to your "Isolation" when setting up the guest vlan. Do I check both of these or just guest or just isolation ?
@ethernetblueprint 2 ай бұрын
Unifi loves to change their own wording... For a guest network you can check either one... but you don't need to check both. If you check the Guest Network box, you will be able to setup a guest Portal page for your guests to use in the Hotspot manager... If you check Isolate Network box, then it will just lock it down and not give any additional guest portal features... Hope that makes sense!
@freelance-darkspear1495 Ай бұрын
@@ethernetblueprint Ha ha, thanks for the reply. I did end up checking both at the time I think. Another new thing ive recently discovered is that when it comes to vLan if your using a switch other than a ubiquiti one there is no way to have some devices on vlan 1 and others on vlan 2 as they are all tagged on the vlan set in the port for untagged traffic. Which is mildly annoying as I then need to pick up more of their kit, just to put something on a particular vlan instead of getting it and building in time. Unless.... you happen to know of a way ? :D
@1d9d5k6 4 ай бұрын
Outstanding presentation with the new interface. I would like to have a private wireless for my wife, because of her job. Could I use a shared key for default, IOT, Wife's Wifi and use the Guest 99 network with the standard isolation with it's own password? I am going to check out your VLAN video. Maybe I can come up with other ideas. Also, one of the things that gets frustrating is when videos are not updated when there is a noticeable OS change. I look forward to you continuing to do so.
@ethernetblueprint 4 ай бұрын
If I understand correctly, you are asking if you can setup muliple password (Private Pre-shared keys) for the default, IOT and Wife (all connecting to the same SSID) and then setup a separate WiFi name for guest and still make all this work in the Firewall... If so, the answer is yes. The firewall rules are based on the VLANs, not how the WiFi networks are setup. You could create a shared SSID for all of your "main" networks and then create a Guest VLAN and choose the isolation check box... Then create a separate Guest SSID for that network. As a matter of fact, I think that is a better way to do that anyways. It is nice for the guests to be able to connect to a separate SSID so they know they are on the guest network...
@kevinjackson5191 5 ай бұрын
Thanks, great video. Question, most network engineers suggest best practice is to have the default network as a “management” VLAN and create a new VLAN for your main/corporate/internal network. You haven’t done that in this case, just wondered what your thoughts are on separating management from main networks.
@ethernetblueprint 5 ай бұрын
I agree with you whole heartedly when it comes to a small business network and that is how I typically set those up. As a matter of fact, that is how my home network is setup. All of my equipment is on the default and my home devices are on a homeVLAN. However, from a typical home network perspective, I don't know that it is 100% necessary if you have the VLAN locked down. Either way, it is a great call out!
@InstantsOrdinaires 3 ай бұрын
Very good explanation. It also nice to have a video with the last versions of Unifi console & network application. Overall explanations is very good & your testing labs is good example as a starting point. To be more specific with UniFi, I believe that you should have address how to setup Unifi PoE+ camera on a specific VLAN for videosurveillance as many unify customer will have Unifi Protect and Unifi cameras. In this case would you keep the Protect UNVR in the default or in the speficic cameras VLAN ?
@ethernetblueprint 3 ай бұрын
Great point. I have that video in the hopper. I agree 100%.
@MenoClause Ай бұрын
Absolutely incredible video! I have a question on how you set up your pinters specifically. I read that putting them on their own VLAN is the way to go, and someone who is learning I would love to try and do that but I was having issues getting it to communicate with my other devices on my other VLANS. Do you have any recommendations on firewall rules or should I just throw it on the IOT VLAN?
@ethernetblueprint Ай бұрын
Follow up question, with the rules I put in that video, if you did have them in the IOT VLAN, are you able to communicate with them from the main VLANs?
@kosielemmer 4 ай бұрын
Nice! Went away from unifi. Going back
@ethernetblueprint 4 ай бұрын
Awesome!
@IzangsVlog Ай бұрын
Thank you sir count me in to your subscriber.
@ethernetblueprint Ай бұрын
Welcome aboard! Thanks
@LordSaliss 3 ай бұрын
Thanks for the best video about VLANs on current UniFi interface layout Unifi is about to release (eta 1-2 months) a new EA firmware version that will bring a lot of options for ACL rules to L3 switches. If you have an L3 switch around could you do a detailed video on those rules and the setup once the new firmware releases?
@ethernetblueprint 3 ай бұрын
First off, thanks for your tremendous generosity. I will have to look into the Layer 3 switch though as I don't use them much. Appreciate the awareness though. More to come.
@Mido-qr6bw 2 ай бұрын
I'm a total newbie in the world of home networking. Recently, I made a jump from Asus eco system to Unifi and can't seem to wrap my head around all new concepts like Vlan, traffic/firewall rules and stuff. Your video is so easy to understand and following with, absolutely one of the best for Unifi's new customers to learn from. Thank you for taking your time and effort to share with us your knowledge, cheers !!!!
@ethernetblueprint 2 ай бұрын
I am so happy to... This is one that I will be redoing as Unifi Upgrades their interface too...
@jamessapp4679 4 ай бұрын
On the portion of the video (about 333.) where you set up group Block IOT from other gateways, you set up a group that included 192.168.1.1 and 192.168.3.1. There is no 192.168.3.1 but there is a x.x.99.1. Perhaps you meant to use 99 instead of 3?
@ethernetblueprint 4 ай бұрын
nice catch... I have done many variations of my test setup and have a VLAN 3 a lot of the time. Sorry if that created any confusion.
@TheDouklias 4 ай бұрын
Great and amazing video. Q: do you have a rule that disables a specific VLAN from getting to the internet?
@ethernetblueprint 4 ай бұрын
I haven't tested this, but I would start by creating an Internet Out rule and make the source the VLAN you want to block access out to the internet on... and the destination to ANY...
@rzak1920 5 ай бұрын
Thank you! I followed your last tutorial to setup my UDR and just updated my settings (I like the one ssid suggestion) with this updated tutorial. I do have a question: I have pihole setup on a rp3b+, should I configure it in any particular way given the parameters you have set out?
@ethernetblueprint 5 ай бұрын
I didn't really dive into a 3rd party DNS in this... You may need to setup some specific port 53 rules on your "secure" networks to allow your devices on all VLANs to communicate with that. I don't think you need to change how the piehole is setup though... Maybe check out this guy on YT. I follow his channel too... lots of good Unifi stuff on here... This video is about securing your network with Piehole and Unifi... kzbin.info/www/bejne/oGesq4x9dq5qf6csi=SlJis0dZT0E854C6
@rzak1920 5 ай бұрын
@@ethernetblueprint appreciate the reply! Coincidentally, I used Crosstalk Solutions’ tutorial on the raspberry pi to set up Pihole :)
@shyamkasundra675 5 ай бұрын
I am also interested in learning more about setting up a 3rd party DNS server and possibly using a “transparent firewall” with UDM as the main router. I’m thinking about doing something similar to you with AdGuardHome (free) run on a different gateway (GL-iNET Brume 2) by setting it up as a LAN DNS server in router mode (but with all other router functions disabled on it). I think with this device you can just connect its lan port to one of the lan ports of the UDM, initiate AdGuardHome server in its webapp, and then tell the UDM to use its IP as the DNS server. Obviously, getting the firewall rules tweaked correctly will be critical when you decide which VLANs you want to use that DNS server. I’m not well-versed with port rules, so will definitely be taking a look at that video. If you are able to get it to work, I would love to hear what tweaks you made to these basic firewall rules to accommodate the PiHole.
@stanbaldwin7993 5 ай бұрын
Great video!!! I followed all your steps. My one question is I went onto my IOT vlan and tried printing to my printer which is on the Default vlan. I was able to see the printer from the IOT vlan and I'm not wanting to be able to see that. I was trying to figure out a rule but I am stumped. So, if you can help me please.
@ethernetblueprint 5 ай бұрын
So your printer was on default and your computer was on the IOT with these rules set and you were able to print to the printer? When you say "see the printer" what does that mean? Ping it? Print to it?
@d1antz 5 ай бұрын
Tim - thank you for the fantastic video! I found it very helpful. I have a specific use case I'm hoping you (or someone on this channel) might be able to help me with - I have Default, Main (for trusted devices, including my phones), IoT, Camera, and Guest VLANs - and have implemented the firewall rules and IP groups similarly to the recommendations you provided. I do have a Home Assistant server on my IoT network (wired) and was wondering if you would be able to provide any recommendations for additional firewall rules that would allow that device to work more seamlessly with phones and laptops on my Main vlan? Should I make it a static IP and allow it to access the Main vlan? (I trust and update the Home Assistant server.) Thanks again!
@ethernetblueprint 5 ай бұрын
I am honestly not 100% sure because I don't know what Home Assistant requires for communication. I would ventury a guess and say, yes. Give it a static IP address and allow communication from your main network to that IP. I think you also need to look into turning on multicast DNS for the VLANs that need to communicate to your server. After a quick google search, it appears that Home Assistant uses that to discover devices. You can find that setting in the Networks area under settings. I am hoping someone who knows more will chime in to help though...
@dropzero 5 ай бұрын
@@ethernetblueprint I'm thinking with the "Established and Related" rule the Default network should be able to communicate with the IoT network without a problem no? That coupled with activating mDNS should allow it to work. This is how I had it setup and Homekit worked fine, which also uses mDNS. My only concern was devices initiating the communication (i.e. when a camera sees motion turn on a light). I tested that and it worked as well. As a note, my Hikvision cameras are in Homekit via a Raspberry Pi running Scrypted and the Pi is hardwired to my Dream Machine Pro on a port that is mapped to my IoT network.
@GreatYTShark Ай бұрын
I've watched a ton of these firewall setup videos but this one is probably the best at explaining what each setting does so thanks. The reason I keep watching them is I can't for the life of me get my macbook on VLAN 1 to talk to a Pi server on VLAN 2. It wont ping, it wont shh. But it will if I connect the wifi on the mac to the VLAN 2 wifi network. If followed every little detail in this video (which is almost identical to many others) and put in an allow rule for pi ip to talk to the mac ip. I've also tried it as a all VLAN 2 to all VLAN 1 rule. Still won't work. Hope that makes sense but is there any other gotchya that could be preventing this in unifi?
@ethernetblueprint Ай бұрын
Do you have another device (non Mac) on VLAN 1, that you can’t try pinging the Pi server? Can your Mac ping other devices on VLAN2? If this is a “server” make sure the local firewall isn’t blocking the pings. I have seen that cause issues like this and people are troubleshooting the wrong device. If you want to email me at tim@ethernetblueprint.com, we can have a convo about some options.
@vizerdown 4 ай бұрын
I have 5 VLANS this helped me eliminate a lot of rules, appreciate it. Nothing to nothing and I do port based policies. I tried the wireless Pre Share key it was acting wonky and handing out wrong IP's. Maybe it needs an update will try again later.
@ethernetblueprint 4 ай бұрын
Hmmm... I haven't played with the pre-shared key too much, other than that video... It is weird that its handing out the wrong IPs though... Keep us posted!
@vizerdown 4 ай бұрын
I have had a few wonky things going. May need to wipe it and start over, its one of the first releases. I have had ubiquiti forever. Had the USG pro before this but the SSD failed like days after Dream Machine came out, timing...
@anttisalminen1916 5 ай бұрын
Thanks for a great walk trough. Followed it today when migrated my trusty old DDWRT to new Dream Router setup. One question. As we only make firewall rules for IPv4, should IPv6 be disabled? Or how should be treated? Google doesn't really give definite answer.
@ethernetblueprint 5 ай бұрын
Everyones setup is different, but I have the IPv6 setting set to 'None' on my LAN network and 'Disabled' on the WAN interface. Some ISPs are using IPv6 now, so you may need to find out what yours does...
@anttisalminen1916 5 ай бұрын
Seems network setting defaults to "none." Took me while to find where the setting was, as it was hidden behind a toggle/tab on each network. Reason I started wondering initially, cause there was still ipv6 firewall rules set. But guess those are very basic ones. Thanks for the reply.
@ethernetblueprint 5 ай бұрын
Yes, those are built in and part of the basic setup. Keep us posted on your journey!
@zackberg1070 4 ай бұрын
How are you putting things like apple tv, Roku etc on a separate vlan? I want to make an AV vlan for apple tvs, our smart tv, xbox and other things. If you could help that would be great.. Also I love your video. It helps a lot for network dummies like me. It was very easy to follow.. One suggestion for you, please include kids network in your future videos like you did in your previous video. It really helped..
@ethernetblueprint 4 ай бұрын
Thanks for the reply... Let me dive into this a little bit for you. Once the VLAN is created, there are two ways you can get your devices to use it. 1) Create a new IOT Wifi network (or IOT Passphrase like I talk about in this video), and connect those devices to that WiFi network... or 2) if they are hardlined, you would need to click on that port in the switchport settings and click the dropdown for Native VLAN / Network in the port settings. You should see the IOT Vlan listed in that list. They should pull an IP address from the IOT Vlan and follow the rules you setup. As far as your suggestion goes for a kids network, I have some videos coming down the pipe that covers this very subject. Thanks for watching!
@wishbone1138 2 ай бұрын
PPSK is really cool, but only supports WPA2, so no 6ghz networks, which is a huge bummer. I'm guessing for your home network, other video shots 6ghz, you're just using multiple SSIDs instead? great video, thanks.
@ethernetblueprint 2 ай бұрын
I assume that 6Ghz is coming. When I did this video originally, I didn't have my U7 Pro yet, so I honestly didn't know about that. In this case, I did this, just to show viewers that it could be done. My home network has multiple SSIDs and that is how I typically set up my networks.
@z_378 4 ай бұрын
sir.❤❤..
@ethernetblueprint 4 ай бұрын
Thanks.
@jamessapp4679 4 ай бұрын
Do you recommend using fixed IP addresses for devices and clients when setting up firewall rules and groups, especially if there will be a rule allow a specific IOT client to talk to specific device in the trusted network? Currently, I have a few fixed IP addresses for some of my Unifi devices but I let DHCP hand out IPs to other devices and all clients.
@ethernetblueprint 4 ай бұрын
I do use some static IPs (or IP Reservations) in my setups. Cameras, NAS, Printers... If I have a 1:1 rule that allows a device to communicate with another device in a different VLAN, I will usually reserve those IPs so it doesn't change and break my rule. But for the most part, I let DHCP run most of my IP addressing.
@dropzero 5 ай бұрын
Awesome in depth explanation and showing it on the latest update is a huge plus! Got a couple questions for you, I was wondering if you use Homekit and how this would work if I wanted to make an IoT VLAN and a Main VLAN. I know my phone has to be on the same VLAN as the Homekit Hubs (this is why I would put all Homekit hubs on the Main VLAN) but how would I make sure the Homekit Hubs communicate with the IoT VLAN since the hubs will be on my Main VLAN? I believe one of your firewall rules may cover this as the Main VLAN can communicate with the IoT but not the other way around, but wanted to maek sure i understood correctly. I also think mDNS may solve this too? Additionally, something a but more complicated i think, in some instances I would need the traffic to originate in the IoT VLAN and go to the Main VLAN as some of the IoT devices would need to communicate with Homekit Hubs due to an automation (i.e. if a camera detects motion turn on exterior lights). I assume this might be able to be done via a Firewall rule? I had a thought of giving all the Homekit hubs static IPs and allowing the IoT VLAN to communicate back to the Main VLAN only to those IP addresses but I'm not sure if that is how you go about it. Anyway if you read all this thank you for taking the time, I appreciate any help!
@ethernetblueprint 5 ай бұрын
For your question about HomeKit, I am not 100% sure since I am not familiar with using HomeKit or what it requires... I plan on doing some smart home type videos down the road, but have to learn about it first.. and I have to buy all these things, my channel isn't big enough for the vendors to send me free stuff yet...LOL. However, I think you are on the right track with mDNS and the main VLAN being able to communicate with the IOT network... That would be a good starting point. You may have to play with it a bit... and please report your progress. I'd like to know. As far as your IOT devices communicating with the Homekit hubs, yes, you can create rules to allow that traffic to take place. Just make sure you order them correctly so the traffic doesn't get dropped before it gets to that rule in line... You could assign static addresses to your home kits hubs and then put all of those IP addresses in an IP group... then allow your IOT VLAN to communicate with that group... That way it can all be done with one rule... And if you add a home kit or something, you just need to add it to the group and all the rules will apply. That still ensure security, but doesn't give the IOT full access to the main VLAN. Make sense?
@dropzero 5 ай бұрын
@@ethernetblueprint so took the weekend to set everything up and its all working with the rules you show in the video. I didn't need to add any rules to target specific Homekit hubs (homepod, apple tv, etc) it worked just fine. I believe the first rule allowing established and related makes this possible. Also, mDNS is enabled on both VLANs (Main and IoT). To test an automation, I set up a light to turn on when a camera detected motion, when I walked by to trigger the motion sensor in the camera it successfully turned on the light. So no need for the firewall rule where devices in IoT target the Homkit hub IPs which was great. My next mission here is to allow airplay/casting from the Guest network. I have the network setup on its own VLAN with UniFi's Guest Isolation checked. I have tried to setup rules targeting my Apple TV in the living room but have had no luck. I am unable to ping it from the guest network nor Airplay from my phone. Any ideas?? if you have any question about the other homekit setup let me know!
@ethernetblueprint 5 ай бұрын
You may have to treat your guest network like your IOT and just restrict with a normal VLAN to get the additional functionality you are looking for. Keep at it!!
@dropzero 5 ай бұрын
@@ethernetblueprint this is exactly what I ended up doing. I realized with the rules that were in place the IoT and the Guest network (without Network Isolation checked) still could not communicate outside of their own VLAN. I set up 2 rules to allow communication from devices on the guest network to static IPs i created for the printer and apple tv in my living room that are both on the Main network. BOOM ! worked right away. I also went into the Guest network and turned on Device Isolation.. now the devices on the Guest network can't talk to each other and everything is working as intended!
@wheresmymaitai Ай бұрын
Thank you so much. After watching several videos and web based walk-throughs, but I could not get things working 100% - finally scrapped and went through your video and presto everything is working, have my Iot and Cameras on separate vlans as well as my Guest Network. Tested, retested and everything is communicating as it should and blocked as it should. I am getting a ton of DROP invalid State trigger events for various devices I have, mostly Apple ones (home pods, Apple TVs, iPads, iPhones) as well as some out door eufy cams. Within an hour I’m seeing 60 plus triggers, 95% are Apple devices. This seems excessive, but I’m unsure if this is anything to be concerned about.
@ethernetblueprint Ай бұрын
I have read that can be common and a lot of times it’s from a malformed packet. I get a lot of those too. It has never presented an issue.
@wheresmymaitai Ай бұрын
@@ethernetblueprint Thanks once again! I'll just ignore those and move on.
@JohnSparro Ай бұрын
Thank you!! One question, when setting up your LAN LOCAL rules, why do you explicitly add DENY rules instead of explicitly adding ACCEPT rules with a default DENY at the end? This seems like the only place where you do not follow the "deny by default" best practice? This doesn't seem to scale with more networks (but maybe this is intentional for the video!). Also, Unifi has a firewall option for "network type" of "Gateway IP Address", which I believe is the 192.168.x.1. Would you recommend using that Unifi default instead of creating the groups like "DROP IOT to its Gateway"? Thank you!!!
@ethernetblueprint Ай бұрын
You bring up a good point. Most of the home networks that are setup as on the smaller side so this ruleset works pretty well. For larger scale networks, your suggestion would work better for scale. Most of the reasons I do this this way is to be able to teach people who are newer to Unifi and Firewalls in general. Deny by default practices can more difficult to troubleshoot - especially if you are newer. As far as your second question, I am not familiar with where that setting is to be able to answer your question. Sorry man!
@aaronweber7031 2 ай бұрын
Of course I will test this when I have time, but will the "Drop Private to Private" rule affect devices on the same network, or only those attempting to route to other networks? I'm thinking about devices like Sonos that "talk to each other" (multicast, I believe). I suppose I should check how to add Sonos to the IOT network anyway, because there's some auto-discovery between the app and the devices, and if my phone is on my default network, IDK if it can find the players.
@ethernetblueprint 2 ай бұрын
So a couple things here. 1) No it will not affect same network devices from talking to each other since they don’t reverse through the Firewall. 2) with sonos, even though it’s a smart device, I have found that you have a better experience if you put Sonos on the same network as your phones. The rules to make Sonos work across VLANs can get complicated and still might not work that great. In most cases, Most devices that use multicast like chromecasts will work with these rules but you need to enable mDNS…
@ivicanikolic6355 4 ай бұрын
Amazing video ... Appreciate details... I follow almost everything for my scenario. The only pickle I got is my IoT devices still get dhcp range from main dhcp range. my LAN has /22 suffix to have more available networks and IoT is on vlan 20 ... Any hint what to check. ?
@ethernetblueprint 4 ай бұрын
What is the IP range for your IOT VLAN 20? And I assume that these are wireless devices connecting via SSID?
@ivicanikolic6355 4 ай бұрын
@@ethernetblueprint IoT - 10.7.20.6 - 10.7.20.254 .... main LAN 10.7.0.16 - 10.7.3.254 --- IoT is wireless devices - right... even from laptop wifi go on IoT still gets in main LAN dhcp range
@ethernetblueprint 4 ай бұрын
Can we take this offline and talk via email? That way you can send me a couple screenshots and we can get to the bottom of it. I am sure there is a reason for it. (and sorry for the delay, the message went into my "held for review" folder and I didn't see it) tim@ethernetblueprint.com
@cacophony6963 24 күн бұрын
Great tutorial, but one question: I followed your exact approach yet I'm able to ping other devices on the IOT network while on the IOT network. I thought that should have been blocked based on the rules? I'm using a new UCG Ultra running latest software.
@ethernetblueprint 23 күн бұрын
With these rules, you should to be able to ping and communicate within the IOT VLAN. Thats normal. You shouldn’t be able to reach other VLANs or get to the IOT gateway on ports 80, 443 and 22. If you were to do device isolation, then you’d achieve what you’re talking about. Hope that makes sense.
@larrameburger 13 күн бұрын
Thanks for this great video but I have a question about the rule to block the IOT network from it's own gateway, why can't you just combine it into one group with the port group? It seems redundant to create a separate rule for this.
@ethernetblueprint 11 күн бұрын
I actually need to test this a little more. I have a lot of people ask me this question and to be honest, this is the way I have always done it and have never just blocked the gateway. I will have to test and get back to the group!
@jcast2833 4 ай бұрын
I am running 2 security systems-one via DVR and the other Unifi Protect. Do I need to secure both camera Systems or just the Non Unifi cameras?
@ethernetblueprint 4 ай бұрын
I think I would secure both typically. Are the cameras on the DVR IP cameras or are they analog?
@calebdrake3544 4 ай бұрын
IOT network for cloud services like cameras and wireless thermostat, maybe tv streaming devices?
@ethernetblueprint 4 ай бұрын
Yes... typically devices that have "smart" in the name. Smart Assistant, Smart Plugs, Smart Thermostat, Smart garage door opener... etc
@jadan2000 Ай бұрын
Question about the IOT vlan. If you control your IoT devices with mobile apps, does your phone have to be in the IPT vlan in your situation?
@ethernetblueprint Ай бұрын
It does not in most cases. If your phone is on your default network and mDNS is enabled, with these rules, it should be able to control your IOT devices. However, there can be exceptions depending on the technology of the device and how it communicates on the network.
Techno Tim
Рет қаралды 203 М.
Leader Academy
Рет қаралды 19 М.