Unifi Network update 8.1.113 : Switch ACLs, OSPF

Рет қаралды 49,833

Күн бұрын

Пікірлер: 125

@LordSaliss 6 ай бұрын

Once Ubiquiti releases the next firmware that brings more fine grained features to L3 ACLs (already confirmed by Glenn@UI), it would be cool if you did a new video on setting up a network with a UDM SE, an L3 top switch, and a couple L2 switches, and a wifi AP or two, and a NAS. Then show everyone the best way to currently set everything up in the newer user interface as far as how the physical layout is, the newest way to do wifi SSIDs with multiple passwords to send clients to different vlans, using the L3 switch as the vlan router to take load off the firewall, using ACLs for securing the vlans, and adding some traffic rules on top for internet related traffic stuff. There have been a lot of new features the past 6 months or so, as well as major UI changes, so I think a new video will be in order that includes all the newest things.

@headlibrarian1996 3 ай бұрын

Until they add unidirectional ACLs I view them as pretty useless. I can't isolate my IoT VLAN from my management VLAN without also isolating management from IoT. From another channel's review isolation generates two rules, one for each direction, suggesting that the underlying hardware supports one-way rules. That this isn't exposed in the GUI is inexcusably lazy, as I doubt that would have been more than a couple of extra hours to write up properly.

@jensche21 6 ай бұрын

Nice, I would love to see how you do routing and firewall rules with the new simple and advanced... Especially intervlan communication vs. Isolation

@mosher2302 6 ай бұрын

When will they allow uploading icons for devices?

@randominternet5586 6 ай бұрын

WOW! OSPF and BGP coming, L3 ACL? They are crushing it. Combined with their site support offering this will let them go up market a bit for sure. I was looking for some alternatives and I think this may mean no need.

@Timi7007 6 ай бұрын

ACLs and OSPF!!! Finally!! Great update, great video!

@rezenclowd3 6 ай бұрын

sorta.....

@Timi7007 6 ай бұрын

@@rezenclowd3 Haven't dug into the change logs yet myself: What is missing this time?

@rezenclowd3 6 ай бұрын

@Timi7007 he states in the vid. Acl applies to entire network/subnet. Ie if I want to only allow 1 devixe for mgmt or say 1 printer, you can't.

@Timi7007 6 ай бұрын

@@rezenclowd3 Oh, right! But I can still use firewall rules for that.

@rezenclowd3 6 ай бұрын

@Timi7007 which is slow, unless your using a vpp firewall/router

@jandrop6431 6 ай бұрын

This version comes loaded with improvements, I think we'll need a new full setup video as they've moved many settings around. On another note, I want to take this opportunity to thank you for all the help you provide us with both these informative videos and the tutorials, Thanks!

@buldozzer3456 6 ай бұрын

This Update is, or will be a huge step in the right direction, again! I dont't really have a use case for OSPF or the ACLs in Unifi, since I don't use any Layer 3 capabilities of Ubiquti. For me, the best feature is that they brought back the side tabs. I loved them in the legacy UI!

@michaelconti-ferner8019 6 ай бұрын

Please make a new setup vid using new release. One thing though, PLEASE do it from start to finish. Your last video you had done some stuff ahead of time and so it was hard to follow. Please do this from the very beginning as in powering up the device for the first time.

@calark5812 6 ай бұрын

Where are IDS/IPS settings found on the UDM SE in this version?

@TechnoTim 6 ай бұрын

This was great, thanks Cody! I still don't know if I should migrate to L3 yet, I am thinking no until we have more controls over the ACLs.

@PriscoPellegrino 6 ай бұрын

A new video build with the new setting will be great....thank you for your great videos Bravo!!!

@giles_dron 6 ай бұрын

as always top vid. what would I like to see? multiple taggable VLANs on WAN please :)

@YouTubeGoody 6 ай бұрын

Vertical topology! It’s about time!

@TheJoaolyraaraujo 6 ай бұрын

Thank you. Suggestion, give an example use case for new features.

@SnowBob302 6 ай бұрын

I'd like to see a new network setup video and if IoT networks can now be better set up with the isolation rules instead of firewall rules

@jetblast1212 6 ай бұрын

Thanks for the update Cody. Maybe instead of one big configuration video, maybe you could break it down into smaller topics and tie them together with a Playlist. It might be easier to make and update the videos

@MactelecomNetworks 6 ай бұрын

I agree. I also hate making long videos 😂

@fthorsen 6 ай бұрын

So this L3 ACL feature is great, but... I noticed that a lot the of Unifi equipment don't support L3. Such as UDR and the UDM SE. So if you want to use L3 ACL to secure your main network, you need to make sure that all your guest and IoT devices are connected through a L3 switch. So if you have a UDR and you're using the build in wifi, this won't secure what you want. The same if you have a UDM-SE with one or more APs connected directly to it (as it supports PoE). I guess L3 switch features will never come to devices missing it :(

@richardrodgers1009 6 ай бұрын

Thanks for the update. Next I'd like to see MLAG support from Ubiquiti

@Giancarlo_Sforza 6 ай бұрын

THIS IS AN ORGASM MEGA UPDATE 💯 Please make a new setup video and if you can touch more in the firewall rule

@DeusMaximusX 6 ай бұрын

When you do a 2024 setup guide, I’d be curious to know how the new network isolation option compares to the usual custom firewall rules we usually implement for our IoT network and other networks that we don’t want talking across VLANs.

@gixster92 6 ай бұрын

thanks for the video.... I would like to see how you handle roku devices on the firewall rules. with your current IoT vLan, I can't get it to work and I have to put them on my open FAmily VLan. Same goes with my kids gaming console.

@judgementalmedia 5 ай бұрын

Since this update nothing but issues. Been running smoothly with minor quirks for a year and a half. Now I can't get portforwarding to work and when dowloading at full speed of my glass fiber connection it loses internet connection. Gotta do a full restart to get it back. Thinking of reverting to my fritzbox again or move on to opnsense or pfsense.

@justinknash 6 ай бұрын

What’s the real difference between selecting isolate network in the network settings to prevent network to network communication and using L3 network isolation (ACL)?

@Steen3S 6 ай бұрын

Will start testing 8.1.113 soon! Nice video!

@RealPNAT 6 ай бұрын

I’m holding off on creating firewall and traffic rules - selfishly - until your next full setup video, since you do an excellent job highlighting key features and easy to follow instructions!

@eugen189763987689379 4 ай бұрын

Just went Network 8.2.93 and remembered your channel and came back to see if there is any new video on new releases. Would really appreciate these for new releases.

@paul3151 4 ай бұрын

Could you show how to use it with L3 Routing to get Speeds in lan higher than what udm pro allows? Would be awesome! :-)

@cyberblut 6 ай бұрын

L3 ACL finally!

@DanielGonzalez_ARG 5 ай бұрын

Where are IDS/IPS settings found on the USG PRO 4 in this controller version?

@k2_tech745 6 ай бұрын

The advanced FW rule layout is huge for those of us that deal with FWs often and are used to seeing this type of layout for security management.

@bluearcherx 6 ай бұрын

the fact that they spent any time at all on toplogy view and it wasn't fixing devices that show up under random switches they aren't connected to is a travesty

@fordsrmaster 6 ай бұрын

I'd like to see you release a video showing how to set up Unifi Talk using Flowroute and Yealink phones.

@MPHxthexLegend 6 ай бұрын

Side Tabs copied from Omada, oh wait, Omada copied the whole GUI

@JohnnyB_RO 6 ай бұрын

great update from Ubiquiti & great content from you as well :)

@manuelaraica3216 6 ай бұрын

as usual pack and loaded with content while keeping good timing

@TechySpeaking 6 ай бұрын

first

@wilsonlspacheco 6 ай бұрын

🇵🇹 Many thks for this update !! 🙏🏻😁👊🏻

@sliphere011 6 ай бұрын

ACLs! And the firewall UI is millions of times better.

@PabloTBrave 6 ай бұрын

Horizontal topology was always daft for laptops as networks are normally wider than deep like monitors

@psycl0ptic 6 ай бұрын

wait, "check off" 5:05? is that a thing or just a Canadian thing?

@chinanguyen4352 6 ай бұрын

this version it, i see unfi access point random auto restar, i dont understand ?

@joshhowell3627 6 ай бұрын

Did they remove the Identity Enterprise from the left side bar in the console settings?

@OliverStahl 6 ай бұрын

Compared to my version 8.0.28, Gateway and Hotspot Manager are missing in this release.

@richardturkson5916 6 ай бұрын

Loving these changes Matt. Thank you!

@GwamallaGhirras 6 ай бұрын

Great update - lots of new features - thank you

@schwagsman 6 ай бұрын

Would I be able to use one of these new features to effectively disable NAT? I really like using a UDM/USG as a secondary gateway behind something else, like a Sophos firewall, but disabling NAT has been such a PITA since the new OS launch.

@PowerUsr1 6 ай бұрын

So obviously this is a play (ACL) to make it independent from having a UDM which is a great first step. That said, OSPF looks very limiting so far.

@malzbier1339 6 ай бұрын

I wish there was proper IPv6 support.

@galengautreaux942 6 ай бұрын

If L3 switch routing via the GUI ACLs is configured, are any network statistics and information sent to the router so that we can still view activity within the network application?

@meteailesi 6 ай бұрын

Hey Cody , please make a full setup with Udm pro and 3party switch config like tp link omada switch / edgeswitch

@Sevenfeet0 6 ай бұрын

Gee, it only took how many years to finally get L3 capability in L3 switches? Still, happy its finally here (although it's not quite complete). At some point someone will try to figure out if it's compatible with other manufacturers which has been a long standing issue.

@udirt 6 ай бұрын

Finally getting there - we put Mellanox switches in the core. Having the chance to go OSPF when talking to the access layer is kind of a sexy step forward.

@MrSamucbr 6 ай бұрын

Am I the only one waiting for the 2024 full setup vid?

@MactelecomNetworks 6 ай бұрын

Doubtful 😂 it will be like a month or so from now

@cody62293 6 ай бұрын

L3 ACLs will be very useful. Now we just need stacking to make Unifi a viable option for larger corporate networks.

@BlackBagData 6 ай бұрын

Surprised I didn’t see North Korea in your blocked countries list :)

@SimoAtlas 6 ай бұрын

OSPF and BGP and other stuff really are game changer and they started to compete with Cisco

@luiscobarrus4046 6 ай бұрын

te amo, me encantan tus aplicaciones

@213garcia 6 ай бұрын

Visualization of FW rules is improved so now it's time to improve logging of the rules!

@Campion565sc 6 ай бұрын

Rotating the topology!!! Would like to see AI security auditing.

@jakobholzner 6 ай бұрын

Would love to see a speed limitation for different networks not just sogar clients and also a download limiter per network per month

@bobbydini5567 6 ай бұрын

patiently waiting for layer 2 traffic over site magic via GRE

@EViL3666 6 ай бұрын

Rebranding STP to "AI Detections" .... Are they poaching staff from AWS? In v8.2, look for Routing to rebranded AI Roads, and VPN to AI Underground... Though I love new dashboard, the new UI is finally useful... they're still missing some features, that I have to dip back into the old-UI for, which they really should prioritise.

@MactelecomNetworks 6 ай бұрын

They aren't rebranding anything. The AI detections is just another place to look at logs for certain things

@jonnyzeeee 6 ай бұрын

Nice summary Cody. Keep up the great work!

@walidk9027 6 ай бұрын

Thank you very any update on the reporting ,creating custom reports

@Tech_Circuits 6 ай бұрын

I would rly love scheduled vpn access so clients can only get access to the vpn at certain times

@Legendary_UA 6 ай бұрын

Thanks for the update, well, not you, but the update on the update 😂😂

@TrupalPatel-j2t 6 ай бұрын

Can i tplink eap225 access point in to unifi dream machine pro

@seandean8293 6 ай бұрын

Looking forward to them adding BGP.

@djtopshatta1439 6 ай бұрын

I would like to see full build with the blocking of gateway!

@MaddMo 6 ай бұрын

Who needs firewall rules when you have ACLs

@djz3r063 6 ай бұрын

Awesome update as always!!! Anyone having issues with the new U6 Pros dropping and reconnecting devices at random. Also, having serious issues with wireless IP Phones

@DrSkeets 6 ай бұрын

I was having connection issues after the last U6 Pro firmware update. My fix was doing a device restart from the UniFi app.

@peteradshead2383 6 ай бұрын

I like the new statistics page , before it was ABC used 1.3gb of data , but you had to check each client until you found the right one , now it show which clients used that data , the threat and firewall rules enforced to user is a little hard to find , but all in all I like it .

@MactelecomNetworks 6 ай бұрын

Ya I like that to forgot to mention it in the video but a great new addition

@ericdodson3630 6 ай бұрын

with this update and the 24/7 support, Ubiquiti might soon be seen as an option for Enterprise

@MactelecomNetworks 6 ай бұрын

Currently the support is only Monday-Friday but its a first good step

@tedev 6 ай бұрын

yes. full build video all the way.

@garanceadrosehn9691 6 ай бұрын

I'll admit that the change which immediately cheered me up was the ability to rotate the topology graph. 🙂

@MactelecomNetworks 6 ай бұрын

It’s the little things 😂 I love that change as well

@ZooKeD-- 6 ай бұрын

How often do they push out updates? I just purchased the dream machine pro.

@MactelecomNetworks 6 ай бұрын

Usually big updates are once every few months. Small fixes maybe once a month

@walidk9027 6 ай бұрын

Any updates on changing the layouts of main dashboards thank you

@MactelecomNetworks 6 ай бұрын

Not that I know of but would be nice to have customization

@TechGuyWiz 6 ай бұрын

Full build video please!!!!

@recalion 6 ай бұрын

Thx for the short overview

@telnetdoogie 6 ай бұрын

What’s the benefit of using ACLs versus the firewall rules for intra lan rules?

@LordSaliss 6 ай бұрын

Using an l3 switch with ACLs takes vlan routing duties off the firewall so that the firewall can be freed up for just internet related traffic. ACLs are also far faster processing than firewall rules because they are handled within the switch ASIC instead of a general purpose CPU like the firewall runs.

@telnetdoogie 6 ай бұрын

@@LordSaliss would this result in a noticeable throughout difference when say, copying files between two VLANs or is it likely negligible? I’d like to use it for education / learning purposes, but wondering if it’s overkill for the average user (1 switch, a few VLANs)

@LordSaliss 6 ай бұрын

@@telnetdoogie Likely a tiny bit higher. I believe latency is measured in the high microseconds to extremely low ms range when doing the routing on the firewall, and is measured in the low microsecond to high nanosecond range when doing the work on a basic switch. The very best top end switches that are 100gb+ type now days actually measure sub-100ns packet-in to packet-out latency now! 😳That latency advantage could translate to higher file transfer bandwidth, but how much IDK. It may only matter on things like RDMA based transfers between NVME drives, but UniFi switches do not support the best RDMA method that is fastest (RoCEv2), and instead only support iWARP RDMA. You also need to either be using iSCSI protocol for the transfer method, or have a Workstation or Enterprise version of the OS to get the RDMA feature over normal SMB. So the majority of people wont be able to take advantage of it anyway.

@DangoNetwork 6 ай бұрын

when MLO rollout for wifi 7?

@MactelecomNetworks 6 ай бұрын

Nope sure hopefully soon they did show it off at a convention not long ago

@rickwookie 6 ай бұрын

omg topology rotation!!! finally!!!

@rickwookie 6 ай бұрын

Oh, sadly the description fields don't show in rotated (or as I like to call it "correct top-down") view.

@wodn184fn8 6 ай бұрын

amazing news. Love when im seeing ubiquiti improves so much. This is what it means to care for your customers.

@chris_schenkel 6 ай бұрын

You poor naïve fool.

@libertine5606 6 ай бұрын

UNIFI IS NOT READY FOR PRIME TIME! You have to use their server and if it doesn't work you are screwed. If you don't have the right Java or if it conflicts with something It just doesn't work. And they have had this problem for over 10 years! SAD! Where would Apple be if they put out such crap!

@DeusMaximusX 6 ай бұрын

Sounds like a pain. If only they had their controller software available in some kind of small network device that could manage updates itself, or integrated into their higher end gateways, or even offered some kind of hosting service for it in the cloud OH WAIT

@libertine5606 6 ай бұрын

@@DeusMaximusX ya if you want a extra proprietary device that only they provide then yes. However if you want a switch and wap Unifi sucks.