My Full Unifi Network Setup - Firewall Rules, VLANs, WiFi, and more

Thanks for the walk thru, grabbed a couple of nuggets...

Thank you once again mister Owl for the great video ❤. Have my inter-vlan rules now set up via firewall rules but this inspires me to try traffic rules instead.

Awesome Tutorial Brett.

Thank you so much, helped sort my inter-vlan rules, well at least for now

I've designed networks to handle 10's of thousands of machines, engineered external networks to deal with millions of concurrent users, written thousands of ACL's and stateful firewall rules, debugged incredibly complex asymmetric routing issues, reverse engineered router firmware to find ring buffer limits... ALL of this is FAR easier than the sore excuse for firewall management that exists in the UDM line.

The fitting word for unifi in an enterprise: Uniprise. Well said. That was not an error on your part. 😂

Awesome - thanks a lot for video. I'm a Unifi Newbee and this helped me a lot 👍👍

Excellent video buddy

Unifi has come a long way in just a few years. I had lots of issues trying to setup a few networks I was doing for clients but finally got them going. But I was trying to use the USG and they eventually crapped out with all the traffic. I couldn't justify the bigger gateways at the time with the cost of them.

Love your videos! I'm just learning more about networking and have heard your discontent regarding Unify Networks. I'm thinking about going with an Omada setup because I think I can get it to do what I want for about a third less than what I would spend on Unify. Is there no networking "Brand" out there that does what you want or is there such a cost disparity that you settle for Unify? Just curious!

Thank you for this nice overview of your network setup. I briefly saw that you have a Chromecast and I was wondering if you could elaborate on how you have it set up? I have my Chromecast on my IoT VLAN and I can't cast from my main network no matter what I try.

Loved it, thy

Thank you for your videos. I am new to Unifi and have been learning a lot from them.
I have a couple of questions. In the video you mention that one section of security area I believe “Traffic Rules” is not specific in the order that they are created and that these rules are processed by Allows first then Blocks. However, “Firewall” Rules are processed in the specific order from top to bottom. Do I have that correct?
Traffic rules are similar to Firewall rules but a more simplistic/generic approach? Not sure I understand the difference between them.
Thank you again.

this was very interesting to see. can I ask what is in your main vlan? also if you have smart tvs, where would they be?

Get a USW Pro Aggregation and run the swiches from that, it have SFP28 for the 10G switch

Yessir! MF legend is back and just in time for my new UniFi setup.

Maybe down the road you could expound upon the steps you took to work through the ATT Fiber gateway and into the UDM Pro. I have the Arris BGW210-700 and it seems as though everyone has different steps to get a good signal to the UDM. It only has a pass-through capability but it would be great to hear how you did it. Thanks.

Hey Raid Owl I got a question for you: any tips or suggestions on how to get "Local DNS Record" working with IP address reservations for your self hosted services?

🤔 was there an update that change the main dashboard to not show the firewall image? I used to see the USG but now it's a PC image. 🤨

Nice

when I did my rules for my iot vlan I blocked trafic to and from all local networks, and then I made an allow rule for the ports and ips I need. Are there any downside from doing it that way? I only put a hue bridge, tv and surround on it so far. I also made an allow rule for the plex server hosted on another vlan.

Thank you for using a good mic and not having insane lip smack sounds like some other tech you tubers. Ruins their content.

If I'm converting from an Orbi router connected to two wired satellites, would I only need a Dream Machine and 2 APs?

I don't hard limit my guest network. But it has a very low QoS priority :D

I had AT&T fiber internet, looking at your diagram it goes direct to UTM pro without any router in-between, is it possible with UDM pro? please help me.

would love a follow up and more detail on the PI VPN setup...I didn't realize you could do that! Thanks!

Awesome setup, it's possible to have a cheap Network devices for homelab? Unifi it's a little expensively

I cannot get into my dashboard any more... used to have a link, but that was deleted. I thought it used the router ip address, but that isnt wokring. I have 3 discs in my home network and cannot update them any more. Help!

No PPSK?

Are you able to get close to 10G inter-vlan routing from the UDMP? I was wondering if I'd need a layer 3 switch like the EnterpriseXG-24 for full 10G routing across vlans. Curious if you tested this maybe with/without IDS on if that is the bottleneck.

have you considered star topology for switches ? and APs? connecting those to UDM instead of switch. One less single point of failure, routing would be optimal.

Can I ask what made you switch from a pfsense gateway to Unifi DM Pro?

Any chance you could do a video on WireGuard set up in Unifi? Tried a few times to get it set up and while I can hit my UDM Pro, I get no internet access from the inside 😢

Can you please comment on the noise level of the XG-24? I have an US-16-XG that is a little bit to loud to have in the room next to my bedroom but I can't find any comment on the noise level of the XG-24 so your input will be greatly appreciated.

I wonder whats your total power consumption for this setup? Do you have numbers?

So i take it u like Unifi now? I remember ur video trying it out coming from open or pfsense and u didnt seem to like unifi all that much :)

surley distributed falls back to failover if one isp dies it would be pretty dumb if it just stopped routing when one goes down

Don't tell ANYONE but I have a UDM Pro in my rack ATM ! :O

Idea on Inter-VLAN is not fully correct. You have Gen-2 switches that are L2/L3, I will let you figure out the rest.
Your network ports, if you don't set the VLAN's on the port, they are trunk and your devices are exposed to ALL VLAN's on your network.
Gateway monitoring works loosely. If you have a UXG, be prepared for fustration as you need to reboot the turds every few days as they stop recording/reporting.
WAN DNS is just that, WAN side, so I am guessing you have possibly double NAT and a PITurd infront? If you want DNS done for your network, do it in the NETWORKS. WAN side doesn't sneak back inside the network for WAN DNS. More on this shortly.
DHCP snooping on UniFi is known for being resource hungry. Turn ON Flow Control.
I did see that your "external" network is possibly open, now refer to my second line comment. Your switch ports are open and exposed.... I'm out of here.

all of us to unifi:
23:49

ubiquiti is not really ready for ent deployments due to poor ipv6 support - try it yourself and see how terrible it is

Unifi routes VLAN traffic through the UDMP? That's nuts, inter-client traffic such as workstationNAS that doesn't go to the Internet should never hit your UDMP, it should be routed in the switch.

abou wifi...than U see me that I give password almost to everyone...xd

makes no sense that the 8port would have to go all the way back to the dreammachine and then down the tree again? if that network worked correct it would go up 1 step and then down 1 step the other side of the tree and be done...

OCD instantly kicks in when I see 4 switches connected to each other in a chain :) I would never set my network up like this, so many points of potential failure.

Unify the subscribe button with the bell, the like button as the best man while commenting is the ring man !!11

Writing those firewall rules is ASS

Please stop using vlan 1 it hurts to see

Too much radiation in your house. Are you living in a factory size space? Have you ever measured this radiation or you re kind of live fast -> die young-> stay pretty type of guy?