No video
What does the UniFi firewall block by default?
Рет қаралды 12,501
Күн бұрынWhat does the Ubiquiti UniFi firewall block by default? More than you think. Unsolicited packets won't get in. By default it will only allow responses in from machines on the LAN. A LOT of other brands of firewall operate this way too - TP Link, Grandstream, Synology, etc.
Want to join us in learning how to deploy network services like this? Put your name on the training list now: williehowe.com...
Hire us! williehowe.com
Amazon Afflilate Links for Ubiquiti Gear:
UDM Pro Link: amzn.to/3LKaqBR
Standard UDM Link: amzn.to/3AKChvr
Affiliate Links (I earn a small percentage of the sale if you use these links):
My AmazonLink: www.amazon.com...
Netool: netool.io use code WHT to save at least 10%!
Digital Ocean Affiliate Link: m.do.co/c/39aa...
Patreon Link: / williehowe
Contact us for network consulting and best practices deployment today! We support all Grandstream, Synology, DrayTek, Obihai, Poly, Ubiquiti, MikroTik, Extreme, Palo Alto, and more!
Come back for the next video!
Twitter - @WillieHowe
TikTok - @whowe82
SUBSCRIBE! THUMBS-UP! Comment and Share!
@davidanderson2436 Жыл бұрын
Thanks Willi ! Very helpful - yes like to see more on creating rules and maybe some good to block things!😮
@MountVernonTowers Жыл бұрын
It'd be nice for you to create a video that illustrates a "starter" position of how the firewall needs to be setup if the defaults are not good enough for security. Thanks for your content sir.
@kristopherleslie8343 Жыл бұрын
Agreed 👍🏽 he’s a genius and I’m definitely here to learn
@Richard_GIS Жыл бұрын
I must say just watched '2023 Firewall Features Compared' from lawrence systems and it raised exactly that question you now answer in this video, THY
@WillieHowe Жыл бұрын
My comparison is coming soon.
@MitchellEarl Жыл бұрын
Good video. The built in app blocking traffic control is pretty slick and they added a bunch of new ones with the 3.x updates.
@redheelerdog Жыл бұрын
Thanks Willie for a great explanation, I would like to see more videos on the new UniFi OS and firewalls. Keep up the good work!
@ryoohk Жыл бұрын
Awesome video sir. Only time we block out bound traffic is on our Point of Sale side but we are starting to get out of being that tight because it can become a huge hassle.
@mattq5474 4 ай бұрын
Any rules that would help access to the cloudkey for CCTV? great vid
@PE4Doers Жыл бұрын
Excellent video and topic Willie. Thanks you 😊
@dhiaahmed5420 Жыл бұрын
I liked your way of explanation
@czummo76 Жыл бұрын
What I'd like to see is a segment on LAN IN vs LAN OUT firewall rules explaining why you would or wouldn't set a FW rule on the LAN OUT as opposed to setting it on the LAN IN in the firewall - All my rules are set on the LAN IN as that was the way I learned and i don't know the purpose or use case where you'd set a FW rule on the LAN OUT - Thanks
@The_Tech_Ninja 11 ай бұрын
It would be great if you can make a video about fw rules, for example: You have a UDM Pro, NAS, Plex app... so to allow Plex running on a NAS and get access from the outside.
@FEPLabsRadio 3 ай бұрын
Willie - I've had a UDM Pro for a couple of years. I cannot for the life of me figure out how to disable port 80 from outside. THe admin interface of the UDM is wide open from the internet. On most firewalls I've ever worked on, you can enable/disable WAN access to the admin interface. It's driving me nuts. I can hit my UDM from work, from a phone, wherever. Obvi, I'm testing from outside. The cable modem is in WAN1. I do have several port forwards enabled that go to internal resources on 80, but the external side of all those is 8080,8081, etc. It seems crazy that a security oriented device like the UDM would disable this by default. When I got the UDM, I disabled the remote access completely. What am I missing here? Thanks, and great channel!
@WillieHowe 3 ай бұрын
Create a WAN_LOCAL rule that blocks 80 and 443
@FEPLabsRadio 3 ай бұрын
@@WillieHowe Thanks - I have an "Internet Local" rule to try and block it, I assume that's what WAN_LOCAL is called now? No joy on that, either.
@JasonsLabVideos Жыл бұрын
Looks good to me !
@stephanedelaval6525 Жыл бұрын
Basics to remember, thanks. This is for TCP. For UDP, is the internet incoming traffic blocs unless it is a response from an internal request ?
@WillieHowe Жыл бұрын
It's all traffic.
@lcgn Жыл бұрын
Very helpful, thanks a lot! I was told the exact opposite: oh no you can’t start UniFi, you need to set your rules before, otherwise your a** will be wide open in the internet. Good to see that someone could proof them wrong!
@Der_Ingenieur Жыл бұрын
You mentioned you are not using IPv6. Is there anything special you have to do to prevent IPv6 traffic from making it on or out of your network?
@wiebowesterhof Жыл бұрын
If you don't want/need IPv6, on a lot of the firewalls mentioned, you pretty much just uncheck the box that routes/permits IPv6.
@kristopherleslie8343 Жыл бұрын
Does unifi offer a way to do firewall management by cli
@WillieHowe Жыл бұрын
No
@55555Luc333 Жыл бұрын
Thanks Willie for the video. Any thoughs on the best routeur to setup a Voip, cameras, and computer network?
@WillieHowe Жыл бұрын
How big is the network?
@55555Luc333 Жыл бұрын
@@WillieHowe 20 Voip grandstream, 2 ucm6302 for high avaibility, 4 cameras, about 20 computers.
@55555Luc333 Жыл бұрын
Also 3 GWN7803P.
@WillieHowe Жыл бұрын
@@55555Luc333 I'm probably sticking a Grandstream router in there.
@55555Luc333 Жыл бұрын
@@WillieHowe Got 2 GWN7062 from our training class. Was not shure if it would be a big enough router for the network. Was also thinking about Synology RT6600ax but might be overkill. If you could make a video on how you would go about choosing the right router for different application it would be great.
@stevenmishos Жыл бұрын
InterVLAN traffic for Guest networks is blocked by default when they're used (default restrictions block RFC1918 addresses and are controlled by Authorization Access in Hotspot Manager). ... and the restrictions are enforced by both the firewall and AP when wireless is used (which is where people struggle... they change the firewall rule and wonder why the traffic isn't passing).
@WillieHowe Жыл бұрын
We didn't talk about that -- we talked about oobe
@stevenmishos Жыл бұрын
@@WillieHowe understood, and I don't disagree with anything you said, but when people enable a default guest network, this is their problematic reality.
@Minsk_Accords 13 күн бұрын
@@stevenmishosSending you a virtual beer for this comment!
@jeetashjivan5620 Жыл бұрын
can only hear by default mentioned 2million times - 6 min just to be told if u want to block out bond traffic you must creat rule - okay cool thanks
@NT-zg2hj Жыл бұрын
first lol
@coyoteaus7378 Жыл бұрын
Absolutly non sensical
Techno Tim
Рет қаралды 219 М.