The NEW UniFi Zone-Based Firewall is AWESOME! (complete walkthrough)
Рет қаралды 16,482
Күн бұрын
@oakfig Күн бұрын
This is exactly what I was looking for. Great job 👍
@ufomism Күн бұрын
Would be cool if you could recreate the firewall rules you did in the advanced setup video but with zones
@QuikTechSolutions 4 сағат бұрын
Outstanding video! Frank you have a knack of taking a complex topic and delivering un such a way, everyone can understand. Well done!
@chrismallia29 23 сағат бұрын
Your videos are the best! You explain everything so clearly and in great detail making it easy to understand. I especially appreciate how you address confusions that others overlook like the multiple rules that split into zones in the UniFi firewall. Keep up the amazing work
@WunderTechTutorials 20 сағат бұрын
Thank you very much! Appreciate you watching!
@PolarRed Күн бұрын
the video I've been waiting for since 4pm today, when I upgraded, and thought, WTH is this?
@awsomepossum558 Күн бұрын
Dead ass no cap😂
@rajivvishwa Күн бұрын
Would you relocate the IoT network into a new zone or keep it inside 'Internal'. I wanted to get a clear picture of policies applied on IoT network with ZBF but I'm not sure if moving out of internal would break things.
@WunderTechTutorials 20 сағат бұрын
You can - I think that's where it depends on what you want to do, but if you just want to isolate it from all other networks, it's not crazy to set up a "Block RFC1918" zone or something similar and put it in there.
@Sapious1 Күн бұрын
This was great. Thanks! 👍🏻
@sylvainHZT 21 сағат бұрын
Very nice video, congrats for your crystal clear explanations.
@talbech 9 сағат бұрын
Interesting video and good explanation. I really like the matrix overview, but I doubt Unifi will ever replace my Juniper and OPNsense firewalls, which have had zones for many years already.
@stephenrosenthal5337 Күн бұрын
Nice explanation. I'm sure I'll be rewatching it this weekend when I update.
@Justintime631 20 сағат бұрын
Thanks for another great video, and looking forward to more on this topic
@danielmcgowan9534 Күн бұрын
I'll have to watch this one more than once. Firewall rules are confusing to me. The concept is understandable. I like the change with LAN IN and LAN OUT I get into a tailspin with that when I try to implement rules.
@gam3955 Күн бұрын
Finally, was I was waiting for since long time. Thanks for showing us the new setup and thanks to Ubiquiti 😅 it’s great 👍
@scockman Күн бұрын
Thanks for another great tutorial!
@TechMeOut5 Күн бұрын
Excellent video Frank. I think i actually like the zone based firewall...it really is actually easier to manage. Have a great day buddy
@WunderTechTutorials Күн бұрын
Thanks, Avi! Appreciate you watching! Wish I knew you were recording a video on this too - I would have called you out in it, but I recorded it last week and it was too late. Hopefully next time because I loved your video!
@ianaway Күн бұрын
It works great, a little bit of adjustment at first but the only thing I think is missing is the possibility to select many zone in source and destination. Sometime you need to create the same access-list to work with many source or destination networks, for example, my DNS are on a separate vlan and ALL zones need to have access to those. But overall, Ubiquiti are getting better and better !
@SquashPile Күн бұрын
Upgraded CGM OS/Network (UniFi OS 4.1.13/Network 9.0.108) a few hours ago. I was going to wait a day or two to update to the Zone based FW. Nope.. just did that too. Took like 5 seconds and I already found some Plex rules I need to remove. I went ahead and subscribed to CyberSecure too. Not so sure about that, but yeah. Usually don't use their IPS/IDS, but wanted to give it a try.
@gnz8v Күн бұрын
Newbie here. Just wondering, how do you clean up the individual threat actors' IPs that have been blocked in the firewall page? It's populating more and more and I can't seem to group them up.
@praetorxyn Күн бұрын
Fantastic stuff, hopefully this is a full release by the time I put in a Unifi stack (hopefully this year). Are you goign to redo the Unifi firewall tutorial with this new paradigm?
@WunderTechTutorials Күн бұрын
Thank you, and yes! I created that video because technically, you don't have to "upgrade" to this, so understanding the "old" way is still important (for now), but I think it's just a matter of time until this is the norm so definitely more content coming on it! Thanks for watching!
@sammiefreeheal2430 Күн бұрын
Thanks for great overview Frank. Out of the box, is the new Zone Based Firewall Zero Trust? - No traffic allowed until Zone and policy's are created.
@WunderTechTutorials 19 сағат бұрын
Thank you! It depends what zone you put them in. Technically, it used to be that way, but now since you're forced to select a zone when the VLAN is created, it'll have whatever permissions that specific zone has access to.
@juri14111996 16 сағат бұрын
Still no Realtime view to see wat gets blocked??
@fbifido2 17 сағат бұрын
@6:03 - Doesn't the firewall BLOCK by default? so why do you need to create so many block rules? I expected you will need to create a lot of allow rules.
@WunderTechTutorials 17 сағат бұрын
The firewall (prior versions) always allowed by default. Now it depends on what zone you pick for the VLAN.
@curtispavlovec 2 сағат бұрын
Is how it should be but UniFi has always been allow not deny
@ronm6585 6 сағат бұрын
Thank you.
@kht-admin 21 сағат бұрын
Nice. Those RFC1918 are mainly duplicates and need to be removed. The scope of the zones is defined by the ip ranges of the Networks in source and destination Zones. Anything that is not a locally defined Network or VPN range is handled by the {zone} - External zone pairs. That is the only place RFC1918 has relevance.
@riccardozulian3180 8 сағат бұрын
Can you elaborate on this? I've three networks on the Internal, and I was using a "block inter vlan traffic" using RFC1918. What do you suggest instead?
@RK-ly5qj Күн бұрын
Zones arent new - its not a "new way to..." zones are handy, but it depends from scenerio. In enterprise environment, using zones depends from various things, but basic of this are still FW rules. Zones can be tricky to manage, so it depends. I think that ubi should simplify FW rules first and then supply it with zones, if ever needed for home users. In fact, inter vlan routing should be prohibited out of the box as good FWs does in terms of "zero trust concept".
@WunderTechTutorials Күн бұрын
Didn't mean to imply they're new, just that they're new in UniFi Network.
@curtispavlovec 2 сағат бұрын
Yes! Inter VLANs should always be blocked by default.
@vitiosus701 8 сағат бұрын
So basically, Unifi is catching up to firewalls like Palo Alto and Fortinet in terms of security policies?
@CedroCron Күн бұрын
I don't like Unifi's interface. I find it overly complicated for no reason. Albeit what you are talking about today is not though. I hope they take this way of doing and visualizing things to their other hardware areas.
@mikemcdonald5147 Күн бұрын
I don't see the click to upgrade????
@mikemcdonald5147 Күн бұрын
I dont have the update weird>?????
@vardagsteknik6576 Күн бұрын
Nice video. But it was hard to see what you did becorse your face video was all over on the right side when you showen the rule boxes.
@WunderTechTutorials Күн бұрын
Yeah, not ideal and I apologize. I tried to show screenshots with red boxes to highlight what I was talking about but it'll be fixed in future videos. I record with OBS studio so I couldn't go back and fix it without recreating it, which I tried to avoid because I was happy with the explanation.
@vardagsteknik6576 Күн бұрын
@@WunderTechTutorials Looking forward to a future video. You can always hide your face at any time when recording, and put it back again. Get a streamdeck and do it easy at the same time. Keep up the good work :)
@WunderTechTutorials Күн бұрын
That's the plan! Thank you for watching!
@BrazenNL Күн бұрын
Not sure you checked, but at about eight minutes in you're blocking what you're talking about.
@WunderTechTutorials Күн бұрын
Yeah I tried to add screenshots to highlight what I was showing but since it's all recorded at the same time, I can't remove my face 🤦♂️. I'm sorry about that.
@PowerUsr1 Күн бұрын
"industry leading from a ease of use perspective" I'm going to assume you haven't used literally any other ZBFs. If you haven't that's fine, just try to avoid statements like that because, to me, its cringe. Ive been a NE for over 15 years.
@WunderTechTutorials Күн бұрын
I figured this would come up and considered taking it out, but I stand by it because it's from the perspective of a home user/small business. Not many full fledged enterprises using UI equipment right now, so for the home/small business user, I do believe that this is industry leading from an ease-of-use perspective (and I purposely said ease-of-use only). The best option for this audience if you want a ZBF is probably OPNsense and it's not as user-friendly in this regard. So yes, for the person who is actually considering running Cisco/Palo Alto - fine, I agree with your point, but those aren't generally the people that watch these types of videos, nor is it something that we should actually recommend to them.
@AirforceSweden415 22 сағат бұрын
Well what was wrong with old concept. I am not a big fan of big changes.
@mitchellsmith4601 Күн бұрын
Only amateurs use Ubiquiti equipment, it’s insecure garbage.
@davidmiedema2950 18 сағат бұрын
Citation needed...
Mactelecom Networks
Рет қаралды 37 М.
That Little Puff
Рет қаралды 24 МЛН
KTZ Systems
Рет қаралды 121 М.