This one of the best walkthroughs I have seen for pfsense alone... This one is a bookmark for sure...

Nice tutorial. Pity the UniFi firewall is still so basic. When Chris Buechler one of the co-founders of the pfSense project left 5 years ago to join Ubiquiti I really thought it was to get the firewall in UniFi up to a standard people expect but that hasn't happened sadly. I've been using pfSense since 2007 and I haven't used a UBNT UniFi firewall in all that time as it feels so limited.

Nice tutorial. One thing to note is you will want to turn off DHCP noted in 8:16 as you turned on DHCP in pfSense at 4:17. You don't want two DHCP servers on the same subnet

Nice tutorial. Just got a pfSense firewall and want to integrate it in front of my Ultimate Dream Machine Pro. I feel prepared now for the next step: integrating it. You earned a bookmark.

Great end to end...covers all the steps. so many tutorials out there missing a couple key steps.

I was pulling my hair out until I saw your video. Video is complete and I was able to figure out my "user error"

Thank you so much for this video just configured a Netgate 6100 with 10 AP Enterprise pro's

Excellent and easy as eating a pie...Loved and highly appreciated...exactly what I was looking for..🤩

Great job Cody!

You have the BEST tutorials period!

NICE AND SIMPLE TO FOLLOW THANKS. my WiFi now connects alot quicker as I re did my vlan setup on my unifi controller.

Good video. I'm a big fan of PFSense and Unifi. The Unifi UI is about to change again a bit with 7.xx.

How does the native vlan play a part here

Great video! Question I run a UDM pro actually two one at my home and one at my office, but also have a PF sense box that I would like to experiment with. Is there a possible way that PF sense can work with the UDM dream machine pro utilizing the best features of both if so how would one set this up. I like the way that PF sense Handles internal host domains something that I’m trying to set up on my UDM pro. So basically I registered a domain and want the local machines to be accessed with that domain both internally and externally. I can’t quite figure out how to accomplish this securely with the dream machine pro. Thanks for all the videos.

Heh thought router on a stick was long dead, it's still clinging on :) I put a Cheap layer 3 switch in front of my pfSense brings more to the table, reduces downtime, uplink saturation etc. For home environment though this would work a treat 👌

@Mactelecom Networks Is it possible to link the Netgate 6100 to the Unifi using an SPF+ connection? Any benefit to this?

you talked about linking anotther video for the setup of this. Could you supply that or add it to the description please? This is some REALLY GOOD WORK!! The break down is amazing!!!

Thanks for the video, much appreciated. I recently replaced my Edgerouter X with a Netgate 3100 and the main reason I chose a Netgate instead of a UDM Pro is the pfSense firewall. In the pfSense firewall I understand what I do and can do my own rules, but in the Edge OS I have no idea. I search KZbin for settings and try to copy them to my own router with varying results. And the UniFi firewall is also a bit unclear in my opinion.

Nice one, but going OT don't like netgate since they EOS 3100 and 5100. Now they points 2100 as successor of 3100. Don't know what kind of business positioniing of this devices is in other countries but in my country (Poland) 3100 was just fine for small business. 2100 is not.

just one question,,, if you are not using an USG router , how do you get the info from your network ?? i mean the info usually you can get from the dashboard , and from stats

Would you recommend pfSense or Dream Machine Pro for FW configurations? Also any recommended appliances for pfSense?

14:48 Why does this rule not block a device on Staff from pinging other devices on the same (Staff) network since the RFC1918 includes all private IP addresses including the ones in its own VLAN?

Great video. Since the launch of Unifi express. Would it be advised to remove the cloud key and install the Unifi express in-between and Pfsense and the usg switch giving me additional network features Intrusion detection and Intrusion prevention. I realize Pfsense can also offer this, but can you run both in addition to ad blocking.

awesone tutorial

do i need a cloudkey? i tried connecting sg1100 LAN straight to switch and nothing is happening.. wont show up on unifi network application

RFC1918 is a group of the other LANs you have in pfsense?

Doesn't the router drop down in the network settings allow you to select Third-party Gateway? if you use that it gets rid of all settings

hoping someone could explain why i dont see STAFF net. In my environment its IoT and i dont see IoT net as source?

I have been running pfsense with Unifi for a long time, but in the end found that running a fortigate makes much more sense. pfsense over time develops issues with updates, has issues with handling a power outage and VPN just doesn't work that well, having to deal with open source clients.

downsides of running the unifi controller on the pfsense box? Not asking if it can be done, but asking from a security and topology perspective

@Mactelecom Networks Thanks for this video it was SUPER helpful! Quick question for you. I'm replace my USG-3p router with a pfsense soft router. I'm wondering, if I gave my pfsense router LAN network the same IP address as my USG, would all my Unifi Networks work as is with them set to CORPORATE networks or do you think I should change them to be VLAN only? Thanks again for this vid- was an excellent guide

If you use network isolation under advanced features that will allow you to use VLAN only and assign them to switch ports instead of creating dummy networks with fake IP ranges.

I don't have the equipment yet, but I have some unifi stuff coming and was wondering, what's better, using unifi for dhcp and such, or pf/opn-sense? Or is it about equal? Either way I'll have to learn it (watch a bunch of YT videos) to set it up.

Excellent!!

Now Cody, I run a restaraunt and they have their own system in place for POS. Their system is connected to our system which then goes out to the internet. Wouldnt RFC block the internal IP of the POS router from accessing the internet?

Do you still get the unifi network stats and insights using pfsense as a router and unifi as a switch?

Why would you use PFSense instead of a Dream Machine? Giving an example and reason for using this setup would help any non network experts which i am guessing is half or more of your users.

Can you discuss how to update unifi devices that have really old firmware by inputting the link address of where to pull the firmware update from.. I have a few that get stuck if trying the standard update method and either won't complete or want adopted again. Thanks

Maybe overkill for your scenario but why routing all vlan's over 1 physical NIC instead of segregating it over other physical ports. For instance your camera network would benefit being routed over 1 physical port, especially if you have many camera's. What do you think? You have the 6100, so I would use the advantage of so many ports.

Does the PC who's hosting the Unifi Controller have to be in the same subnet as other Unifi gears? If not, how can the PC adopt other gears? Thanks a lot!

This is really a great video! Learnt a ton. It's there a way to put a pfsense box in with a udm-pro behind it as a passthrough/bridge?

Why do people make subnets "wide" open, Do you really need a 254 addressed subnet for the camera system ? I always see this. Good video Sir.

Thanks.

Hi Cody. I may be wrong about this, but I think in the new Unifi UI, the "VLAN Only" network option has been moved to the Advanced Features section. It is now shown as "Network Isolation." I tested this by switching to the old UI, creating a VLAN only network and then saw that the new UI displayed that network in the Network Isolation section. It seems to work how you set it up as well, not sure what the differences are between the two setups without a USG/UDM as the router.

damnit! I understand the firewall rules better in pfsense than in udm-pro... ( i have udm-pro, buddy of me uses pfsense). Also it seems you can add rules above or below the existing rules in pfsense? Don't think you can do that in unifi, or can it be done?

Thank you - nice walkthrough - but it hurt my eyes to see how you segment your /24 networks. .10 to .200 isn't very binary. I would like to see something like .64 to .127 or .128 to .254 both can be described in one line of code 🙂 old school i know

The new controller software has more bugs than an ant colony. Can no longer assign VLANs to switch ports and my AP constantly drops SSIDs from broadcasting. DO NOT update to this version. Support was supposed to contact me 2 days ago. Not a peep.

The blaring question is, where is the camera recording to?

Did someone say hosted Protect??

Hostifi went from $49 a month to $99 a month, it's a rip-off, there are other options of which self-hosted FTW

Slow down on talking its not a race

I still don't get why one would use the new UI in the Unifi Controller ... It is dog shit ... It's missing options .. it's clunky as hell .. and you get 0 benefit from it