วีดีโอ

Are you required to do the subscription? Can you add and manage devices without this option? Looking to manager devices for a small organization without a monthly fee.

Hello, thanks for the video. In the rules I try fo filter by domain names. For some domains, the filter doesn’t work, any idea?

Context?

this man has glasses

Thank you, extremely well explained

Can you activate your subscription in no services zone? Or do you have to pre-Subscribe before you enter no service zone?

I have a simple question, i have a kid, and I need to block all traffic to his PC except several domains and I cant get it to work. I have created 2 rules one allows selected domains and another blocks all traffic, I have arranged it in order, allow rule is above block rule, and it still don't work, what I'm missing here? its all done in one zone, external, and source is set as my child PC for both rules, and destination set as block any and allow selected domains?

I might have missed it… what was the name of the brand for the rails sold on Amazon?

This helped me so much Thank you

Hey, love the content. Do you have 'n video or instructions to setup advance QOS and queues on a UniF network? Keep up the great work

People should be aware that a lot of the features mentionedhere require Mosyle's Fuse subscription which is a higher tier plan. Such as the integration with an external IdP.

Great video. Second one should be about firewall rules for this setup. 🙂

So just to be clear.. If I want to use Mosyle my customers, or my company, will have to wipe all the customer MacBooks in order to enroll them? Show stopper..

Good stuff thanks for making this video

Or u can just tick the box "isolate" and it does it for u

Excellent video! It would be helpful if you edited with a picture in picture of your talking head shot so we could spend more time orienting to the screen you are on. Your instructions are so clear I feel like I can take this VLAN configuration on myself!

Has anyone figured out how to change the default rule between to zones? e.g.: VPN to Internal is "Allow All" and there is no option to change that default rule to "Block All". The only way to make that happen is to create an additional rule, which results in a quite comic Block and Allow rule in the overview. Unfornately it also bypasses the overview matrix: it doesn't show "Block all", it shows "See policies". For me, it makes the overview matrix somewhat useless.

Master!

Love you Man! you made my day Simple yet most powerful starter 👍

10:42 So China is bad even with no precedent of breach or any known case of spying. Btw the NSA is trustworthy as shown by Mr. Snowden! 😅

I just saw this today on my unify network and installed it. As a newbie in networking, how do I set this up to “control” what apps or websites my young kids use?

I noticed that there isn't a way to limit a device network speed. I use to create a firewall for specific devices to limit their speed that uses the wired connection

fix the dang loggin

Can I use .lan instead of .local? I get a multicast warning, and I also cant seem to visit it from my browser. Thanks for the great video though this has really helped :)

still trying to work out how to do something , allow only extremal traffic from a region ( The UK ) to a in internal IP , but still allow that IP allowed to get to any region .

Would you relocate the IoT network into a new zone or keep it inside 'Internal'. I wanted to get a clear picture of policies applied on IoT network with ZBF but I'm not sure if moving out of internal would break things.

FortiGate has Zone and it makes simply firewall policy.

Zone-Based firewall is a feature that the mainstream firewall manufactures have had for years. It's nice to see Ubiquiti has taken the Apple out of their firewall and started to get closer to what their high-end competitors have been doing for years.

This looks _so_ nice! Can't wait to get it on my UDMP! I've managed to get a decent set of firewall-rules for my VLANs thanks to your videos, but firewalls is not my thing. This makes firewalls so much more user-friendly!

Major firewall vendors have had this for years.

Isn't this the same as using aliases in other firewalls like OPNsense? Been looking for a way to upgrade from my 2.5GbE OPNsense firewall, to something that can do 10Gb IDS/IPS. Just saw Unifi has their Enterprise Gateway that does exactly this but if they are just now adding in something as simple as firewall aliases (Zones), they are way too far behind other firewalls still.

Firewalling is the most fun part of networking... until you have to do it on a Ubiquity firewall. This is why all IT Pros are NOT using Unifi DM/DMP/Fortress to secure their network, although they might be using their switches and other hardware. We stick to true firewalls like Netgate, Fortigate, SonicWall, Watchguard, CheckPoint to just name a few. Edit: The fact that you still need to define policies to BLOCK traffic between networks or zones is a fundamental flaw in the way Unifi implement security. That behavior is the same as an L3 switch where you have it route traffic and where you need to add ACLs to prevent traffics between networks. A modern firewall blocks EVERTYHING from the get go, and you just need to open what you need. That is why it is inherently more secure then having to think to block everything and not forget anything.

I just updated to 9.x, but I dont see the ZBF options enabled on my UDM-Pro. anyone else having this issue ?

Whats really impressive that Ubiquiti listen to the Community and change things very quick and makes the product better and better.

Best Unifi configuration Guide I've seen thus far!

Oh, this update seems awesome. I can't wait to tinker.

So it’s basically the same as in OpenWRT

I've been in the networking business for over 40 years, so I chuckled when he referred to the old days of networking. Having been around for a while, I'm in a good position to say that this is one of the best instructional videos I've ever watched -- on any subject. I'm considering covering my consumer-grade home network to UniFi and this will be something I refer to again and again. Thanks!

Curious as to why you set the DNS server at the individual network level rather than at the WAN level? Also, what's the advantage of going changing classes of IP addresses?

Great video! Very good lighting. Easy to understand. ❤

Should you use a management vlan for UniFi devices?

Default network is on vlan 1. I read it’s best practice to skip vlan 1

Hi sir I'm fan of your video can I ask question? if I don't have controller and I have unifi A6plus AP.. how I can open it ? it is okay to buy a poe adaptor with 24volts? I hope you Will reply thank you..

I'm still using the USG-8-XG still working great for a 1G WAN connection.

Great video, I have I full unifi network and have deployed one for my local Shrine. the one questions I have is how to block networks from getting to the web interface of the gateway.

I have att fiber, ubiqui get very high latency at times, speed test is good but my computer at times crawls along with 20 to 30 second delay. Any suggestions ???? Thanks