Whether you like the new user interface or not, that is the one that 90% of the people that are watching your videos are using I suggest making videos, utilizing the new interface, or at least one video for each interface I know that’s a lot of extra work. I do not particularly like switching back-and-forth between the new interface and the old interface, so I just learned to utilize the new interface, which is more intuitive in my opinion.
Great tutorial, thank you for this, and all other great vids. Those vids are the reason I did choose to replace my 15 year old network for the Unifi eco system. UDM-pro - USW-16POE - USW 8POE - Cat.6a If you would live over here, I definitely did hire you for a day to make all the settings optimal, maybe we could do Teamviewer in the near future. Regards from the Netherlands and keep up the good work.
Great video once more. Thanks to you I got into UniFi ecosystem and set up everything. Regarding the security of ports. In your explanation your intention is to have only active ports on VLANs and use only a PC on LAN during configuration? After close that port and have no other active ports on LAN/All? Because using Mac filter on a port with default or LAN will allow any device no matter what MAC address list is set to that port I have tested. What about the SFP ports on all or LAN? An intruder can use an SFP port to connect ? What is the point then to secure all other ports on Vlan with mac if your SFP ports or active LAN/All ports remain unsecured? Your thoughts? Many thanks Cody!!
Hi, Cody. You mentioned in the video that you have your DNS running on a Raspberry Pi. I did a quick search through your videos but didn't find one on that subject. Did I miss it or have you done one? I'm interested in what you have running and how you set it up. Thanks!! This video was really helpful.
Hey Brittany, Nah I haven’t done a video on won’t. I just run pihole there is a bunch of poeple on TH-cam who have done it though. Check out craft computing
Awesome video you put together... I just turn on my 2 auth now I feel better. You mention something about disabling remote. since I plan on having camera's I won't be able to view them on my phone with an app? I would have to us a web interface ? Can you do a video on that or point me in the right direction for more info. Thanks and keep up the great work.
If you use authy, you dont necessarily need ui account backup codes for your account, as you can transfer add/remove devices that can use your authy account. Ofc you would need backup codes and etc for authy account in order to login to your authy account on a new device.
Once I did run into the lost phone scenario issue (screen was broken) with google authenticator - did not want to go trough that again. There are other authenticator options besides google and authy (have tried few) but all-in-all authy seems to be the best.
Great video-Thanks Can u cover how to fix the mDNS issue with the UDM Pro? For the life of me I can’t get Sonos, chrome cast, etc work across multiple VLANs. I have spent many hours and still no luck. The closest things is use a 3rd part container and disable the UDM Pro’s reflector and IGMP snooping. Apparently UBiquiti’s implementation of Avahi is buggy. Thnaks
Great video Quick comment looks like you did a MAC allow at the port for the AP the problems is it only allows the AP and nothing that is connected through it wireless. Is there a step I am missing ?
suggestion for the 'upcoming' firewall video. Can you explain how to access one device (e.g. Synology on one VLAN) on another device (e.g. Computer on other VLAN). Thanks.
Is port security possible to use on a port that I have an AP on? When I add the MAC address of the AP, the port is blocked. (I'm on a newer UI version: 7.3.83, where instead of "MAC ID Filter Allow list" I have simply "MAC Address List" and it does not specify if it allow or deny list. (US-8-150W, US-16-150W)
Seems like the switch port profile you created has all networks with a native network of “lan”. So what’s the difference between that and the ‘all” profile which already exists?
Yes I added all of the vlans as I am using them all. I was showing you how to create the port profiles. If you only needed one or two that all you would tag. Main thin here is just not to have it set to all
He stated, if you disable remote access, you can only access it by using a VPN to get back into your home network, then load the UDMP from a web browser. Personally I think leaving it enabled with 2FA should be enough for most home users, since setting up a VPN is above most home users knowledge. More security, less convenient and vise versa. It’s up to you to decide how secure you want things.
I only showed disabling the cloud access as an option it is up to the end user if they would like to do that. With all the controversy around it I thought it would be good to put in the video
Great video again, Cody! Question: I have our Pi-Hole in its own VLAN. Would it be more secure that way, or no difference? Also, does setting an Egress Rate Limit only affect whatever device is directly downstream of that Port (and not the WAN or other VLANS as well), or not sure yet? I'm on the current UniFi OS and Controller versions.
Pi-Hole is something I would just put onto management if it were just me. I VLAN and secure devices that are regularly accessed outside of the network as a policy. So my Plex server, cameras, and my IoT devices are on their own secure VLANS. Also depends on your firewall rules. If you don't tinker with those and block anything out to your other VLANS that aren't established or related, if those devices do get pwned, then there's nothing stopping them from getting into devices on your other VLANS if no explicit firewall rules exist. Video is for a UDM-Pro but this guy explains the how very well. th-cam.com/video/UGBobTInIBc/w-d-xo.html
It’s a shame you did a new guide using the classic dashboard. Sure the new one is not your preference, but it’s the near future for Unifi so means this guide is dated already. I don’t need another guide using the old interface.
This is possibly a stupid question. However, if I disable "Remote Access" from unifi.ui.com/, how does that stop someone who has managed to obtain my unifi credentials from turning the same setting back on and subsequently gaining remote access?
Whether you like the new user interface or not, that is the one that 90% of the people that are watching your videos are using I suggest making videos, utilizing the new interface, or at least one video for each interface I know that’s a lot of extra work. I do not particularly like switching back-and-forth between the new interface and the old interface, so I just learned to utilize the new interface, which is more intuitive in my opinion.
Hey cody, thank you for all your unifi videos. Got my UDM Pro today.
I am so happy since its my cake day and got UDM PRO.
Nice way to look at a Unifi network, some really useful tips re how to secure it too, thanks!
Great tutorial, thank you for this, and all other great vids.
Those vids are the reason I did choose to replace my 15 year old network for the Unifi eco system.
UDM-pro - USW-16POE - USW 8POE - Cat.6a
If you would live over here, I definitely did hire you for a day to make all the settings optimal, maybe we could do Teamviewer in the near future.
Regards from the Netherlands and keep up the good work.
HI Martin Glad I could help. I do remote consultation if needed in the future
Great video, getting ready to migrate to a UDMP from a USG and adding UniFi Protect.
Awesome have fun with the migration
Excellent video Cody, very useful tips, thanks
Great video, as always! Greetings from Argentina
Great video once more. Thanks to you I got into UniFi ecosystem and set up everything. Regarding the security of ports. In your explanation your intention is to have only active ports on VLANs and use only a PC on LAN during configuration? After close that port and have no other active ports on LAN/All? Because using Mac filter on a port with default or LAN will allow any device no matter what MAC address list is set to that port I have tested. What about the SFP ports on all or LAN? An intruder can use an SFP port to connect ? What is the point then to secure all other ports on Vlan with mac if your SFP ports or active LAN/All ports remain unsecured? Your thoughts? Many thanks Cody!!
When will you make a video on 802.1x port authentication on ubiquiti switchs?
Hi, Cody. You mentioned in the video that you have your DNS running on a Raspberry Pi. I did a quick search through your videos but didn't find one on that subject. Did I miss it or have you done one? I'm interested in what you have running and how you set it up. Thanks!! This video was really helpful.
Hey Brittany,
Nah I haven’t done a video on won’t. I just run pihole there is a bunch of poeple on TH-cam who have done it though. Check out craft computing
What advantages are there using Google Authenticator over the UI Verify app? Essentially they are doing the same thing, yes?
Great video again. Thx. I'm really looking forward to the video on the radius server. Hopefully with mac authentication for wifi and lan.
I’ll be doing radius within Unifi as well as external
Subscribed. Thank you!
Awesome video you put together... I just turn on my 2 auth now I feel better. You mention something about disabling remote. since I plan on having camera's I won't be able to view them on my phone with an app? I would have to us a web interface ?
Can you do a video on that or point me in the right direction for more info.
Thanks and keep up the great work.
Thank you! Any help I can get on the how and why of IOT VLAN and firewall settings is appreciated. I need it all!
thanks for the tip and info, have a great day
No problem 👍
You should do a 2024 version of this video
If you use authy, you dont necessarily need ui account backup codes for your account, as you can transfer add/remove devices that can use your authy account. Ofc you would need backup codes and etc for authy account in order to login to your authy account on a new device.
Interesting ive never used authy may look into it.
Once I did run into the lost phone scenario issue (screen was broken) with google authenticator - did not want to go trough that again. There are other authenticator options besides google and authy (have tried few) but all-in-all authy seems to be the best.
I completely lost my phone luckily had the backups so wasn’t bad.
Great video.
Great video-Thanks
Can u cover how to fix the mDNS issue with the UDM Pro? For the life of me I can’t get Sonos, chrome cast, etc work across multiple VLANs. I have spent many hours and still no luck. The closest things is use a 3rd part container and disable the UDM Pro’s reflector and IGMP snooping. Apparently UBiquiti’s implementation of Avahi is buggy.
Thnaks
Hey I have a question if I’m being targeted by a hacker is it mandatory to change my IP address before I buy and configure a firewall?
What do you suggest larger enterprise organizations do for Access? Do you think the UDMP is reliable and powerful enough?
Great video
Quick comment looks like you did a MAC allow at the port for the AP the problems is it only allows the AP and nothing that is connected through it wireless. Is there a step I am missing ?
Hey it won’t work. I put a correction in the description. I overlooked it the ap Mac will only work
suggestion for the 'upcoming' firewall video. Can you explain how to access one device (e.g. Synology on one VLAN) on another device (e.g. Computer on other VLAN). Thanks.
I guess this will help: th-cam.com/video/vEQkCow7wdU/w-d-xo.html
@@Madmik thank you
Yup that video should help. Just need to make a accept rule and place it on top of the deny rules
Windows Server 2019 + NPS + RADIUS + Dynamic VLAN will be in the near future? As far as I know, the unifi switch doesn't know yet.
Is port security possible to use on a port that I have an AP on? When I add the MAC address of the AP, the port is blocked. (I'm on a newer UI version: 7.3.83, where instead of "MAC ID Filter Allow list" I have simply "MAC Address List" and it does not specify if it allow or deny list. (US-8-150W, US-16-150W)
Seems like the switch port profile you created has all networks with a native network of “lan”. So what’s the difference between that and the ‘all” profile which already exists?
Yes I added all of the vlans as I am using them all. I was showing you how to create the port profiles. If you only needed one or two that all you would tag. Main thin here is just not to have it set to all
supurb video, thank you
Nice video.
How can you access udm pro to check the network remotely then. Can you just set up 2 factor and then still be able to use the unifi app
He stated, if you disable remote access, you can only access it by using a VPN to get back into your home network, then load the UDMP from a web browser. Personally I think leaving it enabled with 2FA should be enough for most home users, since setting up a VPN is above most home users knowledge. More security, less convenient and vise versa. It’s up to you to decide how secure you want things.
I only showed disabling the cloud access as an option it is up to the end user if they would like to do that. With all the controversy around it I thought it would be good to put in the video
Why not create a “local” super admin user to administer the UDM.
Great video again, Cody! Question: I have our Pi-Hole in its own VLAN. Would it be more secure that way, or no difference?
Also, does setting an Egress Rate Limit only affect whatever device is directly downstream of that Port (and not the WAN or other VLANS as well), or not sure yet?
I'm on the current UniFi OS and Controller versions.
Pi-Hole is something I would just put onto management if it were just me. I VLAN and secure devices that are regularly accessed outside of the network as a policy. So my Plex server, cameras, and my IoT devices are on their own secure VLANS.
Also depends on your firewall rules. If you don't tinker with those and block anything out to your other VLANS that aren't established or related, if those devices do get pwned, then there's nothing stopping them from getting into devices on your other VLANS if no explicit firewall rules exist. Video is for a UDM-Pro but this guy explains the how very well. th-cam.com/video/UGBobTInIBc/w-d-xo.html
It’s a shame you did a new guide using the classic dashboard. Sure the new one is not your preference, but it’s the near future for Unifi so means this guide is dated already. I don’t need another guide using the old interface.
Well I mean if you know networking you should be able to translate from classic to the new UI. Also the classics won’t be going anywhere anytime soon
This is possibly a stupid question. However, if I disable "Remote Access" from unifi.ui.com/, how does that stop someone who has managed to obtain my unifi credentials from turning the same setting back on and subsequently gaining remote access?