Securing Your Unifi Network
Рет қаралды 25,411
Күн бұрынIn this video I will demonstrate securing your Unifi network.
***NOTE If putting MAC white list on ports that are connecting to the access points, You need to put all the device MAC addresses that you want to communicate with those APs, If you do not you will get no internet access**
Remote user VPN video • Unifi 6.1.71 Remote Us...
Firewall video • Video
------------------------------------------------------------------------------------
◼️Hire us on our website
mactelecomnetworks.com/
◼️Join our discord server:
/ discord
◼️Contact me on email:
cody@mactelecomnetworks.com
------------------------------------------------------------------------------------
◼️Find us on social media:
◾Instagram:
/ mactelecomnetworks
◾Facebook:
/ mactelecomnetworks
◾Twitter:
/ mactelecomn
◾TikTok:
/ mactelecomnetworks
Linkedin:
/ cody-maccallum-29311b6b
------------------------------------------------------------------------------------
◼️If you would like to support the channel I have an Amazon storefront below:
◾Canadian Amazon Store front:
www.amazon.ca/shop/mactelecom...
◾USA Amazon store front:
www.amazon.com/shop/macteleco...
Timestamps
Intro 0:00
Enabling Two factor authentication 0:29
Disabling remote access 1:38
Tagging wired ports and creating switch port profiles 2:20
Locking down port wity MAC allow list 7:35
Locking down wireless network with MAC allow list 8:13
Unifi threat management 9:13
@ssinger1300 4 ай бұрын
Whether you like the new user interface or not, that is the one that 90% of the people that are watching your videos are using I suggest making videos, utilizing the new interface, or at least one video for each interface I know that’s a lot of extra work. I do not particularly like switching back-and-forth between the new interface and the old interface, so I just learned to utilize the new interface, which is more intuitive in my opinion.
@javiercamacho1673 3 жыл бұрын
Excellent video Cody, very useful tips, thanks
@OGH3294 3 жыл бұрын
Hey cody, thank you for all your unifi videos. Got my UDM Pro today. I am so happy since its my cake day and got UDM PRO.
@andrewmccallum5699 3 жыл бұрын
Nice way to look at a Unifi network, some really useful tips re how to secure it too, thanks!
@gaspo53 3 жыл бұрын
Great video, as always! Greetings from Argentina
@bassman7115 Жыл бұрын
Subscribed. Thank you!
@chrisumali9841 3 жыл бұрын
thanks for the tip and info, have a great day
@MactelecomNetworks 3 жыл бұрын
No problem 👍
@VitoAD 3 жыл бұрын
Great video, getting ready to migrate to a UDMP from a USG and adding UniFi Protect.
@MactelecomNetworks 3 жыл бұрын
Awesome have fun with the migration
@lioneldagon6868 3 жыл бұрын
Great video.
@martinvanwijngaarden7235 3 жыл бұрын
Great tutorial, thank you for this, and all other great vids. Those vids are the reason I did choose to replace my 15 year old network for the Unifi eco system. UDM-pro - USW-16POE - USW 8POE - Cat.6a If you would live over here, I definitely did hire you for a day to make all the settings optimal, maybe we could do Teamviewer in the near future. Regards from the Netherlands and keep up the good work.
@MactelecomNetworks 3 жыл бұрын
HI Martin Glad I could help. I do remote consultation if needed in the future
@kushhalai6403 3 жыл бұрын
Nice video.
@MisterV.. 3 жыл бұрын
Great video again. Thx. I'm really looking forward to the video on the radius server. Hopefully with mac authentication for wifi and lan.
@MactelecomNetworks 3 жыл бұрын
I’ll be doing radius within Unifi as well as external
@hoosierwifiguy7001 3 жыл бұрын
supurb video, thank you
@lste1143 Жыл бұрын
Great video once more. Thanks to you I got into UniFi ecosystem and set up everything. Regarding the security of ports. In your explanation your intention is to have only active ports on VLANs and use only a PC on LAN during configuration? After close that port and have no other active ports on LAN/All? Because using Mac filter on a port with default or LAN will allow any device no matter what MAC address list is set to that port I have tested. What about the SFP ports on all or LAN? An intruder can use an SFP port to connect ? What is the point then to secure all other ports on Vlan with mac if your SFP ports or active LAN/All ports remain unsecured? Your thoughts? Many thanks Cody!!
@dnegrichjr 3 жыл бұрын
Thank you! Any help I can get on the how and why of IOT VLAN and firewall settings is appreciated. I need it all!
@louiem5985 2 жыл бұрын
Awesome video you put together... I just turn on my 2 auth now I feel better. You mention something about disabling remote. since I plan on having camera's I won't be able to view them on my phone with an app? I would have to us a web interface ? Can you do a video on that or point me in the right direction for more info. Thanks and keep up the great work.
@pabloescobar9337 3 жыл бұрын
What do you suggest larger enterprise organizations do for Access? Do you think the UDMP is reliable and powerful enough?
@MehrdadGivehchi 3 жыл бұрын
Great video-Thanks Can u cover how to fix the mDNS issue with the UDM Pro? For the life of me I can’t get Sonos, chrome cast, etc work across multiple VLANs. I have spent many hours and still no luck. The closest things is use a 3rd part container and disable the UDM Pro’s reflector and IGMP snooping. Apparently UBiquiti’s implementation of Avahi is buggy. Thnaks
@chrism9004 Жыл бұрын
What advantages are there using Google Authenticator over the UI Verify app? Essentially they are doing the same thing, yes?
@yourpalfranc 3 жыл бұрын
Hi, Cody. You mentioned in the video that you have your DNS running on a Raspberry Pi. I did a quick search through your videos but didn't find one on that subject. Did I miss it or have you done one? I'm interested in what you have running and how you set it up. Thanks!! This video was really helpful.
@MactelecomNetworks 3 жыл бұрын
Hey Brittany, Nah I haven’t done a video on won’t. I just run pihole there is a bunch of poeple on KZbin who have done it though. Check out craft computing
@dinanathsinha8228 2 жыл бұрын
When will you make a video on 802.1x port authentication on ubiquiti switchs?
@szosziba007 3 жыл бұрын
Windows Server 2019 + NPS + RADIUS + Dynamic VLAN will be in the near future? As far as I know, the unifi switch doesn't know yet.
@TheEpicolor Жыл бұрын
Is port security possible to use on a port that I have an AP on? When I add the MAC address of the AP, the port is blocked. (I'm on a newer UI version: 7.3.83, where instead of "MAC ID Filter Allow list" I have simply "MAC Address List" and it does not specify if it allow or deny list. (US-8-150W, US-16-150W)
@michaelc3882 3 жыл бұрын
Great video Quick comment looks like you did a MAC allow at the port for the AP the problems is it only allows the AP and nothing that is connected through it wireless. Is there a step I am missing ?
@MactelecomNetworks 3 жыл бұрын
Hey it won’t work. I put a correction in the description. I overlooked it the ap Mac will only work
@jacksjourney9487 2 жыл бұрын
Hey I have a question if I’m being targeted by a hacker is it mandatory to change my IP address before I buy and configure a firewall?
@saraban5rivers 3 жыл бұрын
suggestion for the 'upcoming' firewall video. Can you explain how to access one device (e.g. Synology on one VLAN) on another device (e.g. Computer on other VLAN). Thanks.
@Madmik 3 жыл бұрын
I guess this will help: kzbin.info/www/bejne/rHa0nHalrJyqmrc
@saraban5rivers 3 жыл бұрын
@@Madmik thank you
@MactelecomNetworks 3 жыл бұрын
Yup that video should help. Just need to make a accept rule and place it on top of the deny rules
@jonnyzeeee 3 жыл бұрын
Seems like the switch port profile you created has all networks with a native network of “lan”. So what’s the difference between that and the ‘all” profile which already exists?
@MactelecomNetworks 3 жыл бұрын
Yes I added all of the vlans as I am using them all. I was showing you how to create the port profiles. If you only needed one or two that all you would tag. Main thin here is just not to have it set to all
@techreviewsau 3 жыл бұрын
Great video again, Cody! Question: I have our Pi-Hole in its own VLAN. Would it be more secure that way, or no difference? Also, does setting an Egress Rate Limit only affect whatever device is directly downstream of that Port (and not the WAN or other VLANS as well), or not sure yet? I'm on the current UniFi OS and Controller versions.
@reallynotbob6 2 жыл бұрын
Pi-Hole is something I would just put onto management if it were just me. I VLAN and secure devices that are regularly accessed outside of the network as a policy. So my Plex server, cameras, and my IoT devices are on their own secure VLANS. Also depends on your firewall rules. If you don't tinker with those and block anything out to your other VLANS that aren't established or related, if those devices do get pwned, then there's nothing stopping them from getting into devices on your other VLANS if no explicit firewall rules exist. Video is for a UDM-Pro but this guy explains the how very well. kzbin.info/www/bejne/i3iloJWKftN8eMU
@Wait...whaaat 3 жыл бұрын
If you use authy, you dont necessarily need ui account backup codes for your account, as you can transfer add/remove devices that can use your authy account. Ofc you would need backup codes and etc for authy account in order to login to your authy account on a new device.
@MactelecomNetworks 3 жыл бұрын
Interesting ive never used authy may look into it.
@Wait...whaaat 3 жыл бұрын
Once I did run into the lost phone scenario issue (screen was broken) with google authenticator - did not want to go trough that again. There are other authenticator options besides google and authy (have tried few) but all-in-all authy seems to be the best.
@MactelecomNetworks 3 жыл бұрын
I completely lost my phone luckily had the backups so wasn’t bad.
@kencee9213 3 жыл бұрын
How can you access udm pro to check the network remotely then. Can you just set up 2 factor and then still be able to use the unifi app
@cam7ech 3 жыл бұрын
He stated, if you disable remote access, you can only access it by using a VPN to get back into your home network, then load the UDMP from a web browser. Personally I think leaving it enabled with 2FA should be enough for most home users, since setting up a VPN is above most home users knowledge. More security, less convenient and vise versa. It’s up to you to decide how secure you want things.
@MactelecomNetworks 3 жыл бұрын
I only showed disabling the cloud access as an option it is up to the end user if they would like to do that. With all the controversy around it I thought it would be good to put in the video
@walt6010 3 жыл бұрын
Why not create a “local” super admin user to administer the UDM.
@shanelord1666 3 жыл бұрын
It’s a shame you did a new guide using the classic dashboard. Sure the new one is not your preference, but it’s the near future for Unifi so means this guide is dated already. I don’t need another guide using the old interface.
@MactelecomNetworks 3 жыл бұрын
Well I mean if you know networking you should be able to translate from classic to the new UI. Also the classics won’t be going anywhere anytime soon
@TechWazza 3 жыл бұрын
This is possibly a stupid question. However, if I disable "Remote Access" from unifi.ui.com/, how does that stop someone who has managed to obtain my unifi credentials from turning the same setting back on and subsequently gaining remote access?
Techno Tim
Рет қаралды 211 М.
FISPECKT
Рет қаралды 208 М.