hi. thanks for the vid. i dont really understand when you would use Lan In or Lan Local. if i want to open the Local Ingress Ports stated by unify, how should i do that?
Settting this system up in a clients house. Never done it before but I think the only hard part is going to be the firewall. How complicated is it for a pretty good protection standpooint.
Hi John, thanks for the informative video, it helped me a bunch with my new Unifi system. I have a question regarding VLANs: Do you group ALL your WiFi devices into your Wifiland VLAN? or are there exceptions?... Do you have two or more WiFi VLAN networks? or just one? Thanks
Good question and I have since removed it but the logic is something like this. Lg’s implementation of webos doesn’t get patched much, uses much open source software and has a huge user install base. Good target for hackers. The Apple TV. Patches more but giant giant install base. High reward for hackers. I don’t want one of those devices to be a gateway to the rest of my network
Right now you don’t have granularity of each individual site. You have “levels” that limit access to sites but none that are explicitly “block this one, not that one”. Instead you can leverage a squid server hosted off a VM on a workstation if you really wanted to go UniFi…but …not ideal…
By chance do you have any guidance on the port forwarding bug that exists on Ubiquiti OS? I got my UDM pro yesterday and absolutely can not SSH into my server remotely. Port forwarding rule was made and the firewall rule is added and enabled. Driving me crazy.
I haven’t had an issue however I believe there is a specific setting at the console maintenance page level (not in the network app) that enables the ssh access remotely)
Seriously, the b roll I used at 1:17 - what did the lady say?
Awesome tutorial, very well explained with good visuals
Thanks for the feedback!
have you any experience getting sonos to work on isolated ioT network and the UDMP?
hi. thanks for the vid.
i dont really understand when you would use Lan In or Lan Local.
if i want to open the Local Ingress Ports stated by unify, how should i do that?
Settting this system up in a clients house. Never done it before but I think the only hard part is going to be the firewall. How complicated is it for a pretty good protection standpooint.
Easy for pretty good protection. Separate your devices into IOT and everything else. Turn on the intrusion detection and you are done.
do you have any experience with UDMP and having sonos work on an ioT network?
Actually I do run an old Sonos system on my network but have it on the primary non-IOT wifi….(it’s the original Play 5’s (4 of them))
@@johnsfilmsllc I have all first gen stuff too and while all my firewall rules work for everything else, seems sonos is a pain
Hi John, thanks for the informative video, it helped me a bunch with my new Unifi system. I have a question regarding VLANs: Do you group ALL your WiFi devices into your Wifiland VLAN? or are there exceptions?... Do you have two or more WiFi VLAN networks? or just one? Thanks
I have a separate Wi-Fi network hosted off the same AP’s called “InsecureThings” that has it’s own vlan
The thought is my sprinkler system getting hacked doesn’t have to mean my laptops and then server need to enjoy a firm probing :)
Any thoughts on the best practice for blacklisting certain websites via a USG Pro?
Sure look into Pihole
Why did you create a separate entertainment VLAN and what specific rules were applied to it?
Good question and I have since removed it but the logic is something like this. Lg’s implementation of webos doesn’t get patched much, uses much open source software and has a huge user install base. Good target for hackers. The Apple TV. Patches more but giant giant install base. High reward for hackers. I don’t want one of those devices to be a gateway to the rest of my network
@@johnsfilmsllc Thanks for the video. Great work!
Best video thanks
Thanks! I hope it helped!
Your WAN IP appears in 4:40
Im using sonicwall because we are a school and we wan to block apps as facebook, instagram and etc. can i do that with a ubiquiti device?
Right now you don’t have granularity of each individual site. You have “levels” that limit access to sites but none that are explicitly “block this one, not that one”. Instead you can leverage a squid server hosted off a VM on a workstation if you really wanted to go UniFi…but …not ideal…
Hi! How can I block an specify web page in firewall settings
You can find out the IP of the website and block it on your outbound firewall
By chance do you have any guidance on the port forwarding bug that exists on Ubiquiti OS? I got my UDM pro yesterday and absolutely can not SSH into my server remotely. Port forwarding rule was made and the firewall rule is added and enabled. Driving me crazy.
I haven’t had an issue however I believe there is a specific setting at the console maintenance page level (not in the network app) that enables the ssh access remotely)
More than likely you are using a residential connection with carrier grade nat blocking your port you need to punch through with a VPN or forwarding
Hardly everything you need to know 😂
Definitely looks like "F*ck ...", but after careful inspection, I'm going with "Fine, I'll do it"
Exactly what I was thinking! Maybe???