I can't get over how much more logical the firewall section is!! As an enterprise network security admin I found that section abysmally dysfunctional prior to this change. It's passable now with this zone conversion!
The API has already existed forever, except there weren’t any official documentation. The API can do a lot more than what the official documentation says, in fact, the web UI uses the API for everything - so if there is something that you want that isn’t documented then you can use your browser’s network debug tools.
Thanks Willie for another great video. I have just recently moved off of TP-Link stuff and went all in on Unifi. Even before this update I was up and running for a week. I love the "single-pane of glass" that Unifi has for there network. I am looking forward to watching the upcoming Unifi videos.
Really excited about the zone-based firewall. As someone considering moving from OPNSense to Unifi for their SOHO network, that entire interface looks a lot easier to understand (especially while I'm learning) than what I'm working with now. OPNSense isn't impossible to use, but I'd be lost without well written tutorials and don't really feel like I'm learning it holistically. The new Unifi interface you showed off looks like it'd be a lot easier to learn and use for someone who doesn't really need the awesome power of OPNSense.
Some great updates. I'm looking forward to using the API to be able to semi-automate the statistics collection for my day job. Still investigating a potential move to GS, but this update certainly makes Unifi a more competitive option.
We are currently using EdgeRouter Infinity's as our firewall and site to site vpn's and then unifi for our network controllers. Hopefully over summer, we will switch to the zone based firewall and standardize to just the unifi platform.
Appears Ubiquiti hasn't released 4.1 firmware for the UXG line of gateways yet. I'm running network server 9 and a UXG Pro Gateway but don't have the new firewall option yet.
I would like to see some IPv6 videos and how to best implement it into my network for better performance. I have played with it in the past but have found that not many VPN providers support IPv6. I am glad I decided to purchase the UDM Pro Max because that means I get access to all the new features and improvements. Nothing cut short here.
I dont see it called out in this video but in site to site tunnels, the update adds Policy Based routing too over those tunnels. I believe this is new.
I upgraded my UCG-Nax yesterday. I didn't think to record the numbers. But, I saw inter-vlan file transfer speed jump up quite a bit. It went from ~70 MBps to ~100, between an i9 workstation, and a Synology 1817+ NAS, both with 1gig ports, over a 2.5 gig multi-switch path.
For those of us that are very new to this or are not professional IT people could you go through the upgrade steps? I haven’t found a very good one, but I’m sure they are out there.
Interesting. UCG-Ultra auto upgraded last night, but no sign of the new zone feature. It’s a family members that’s just left tbh. I’ll have a look more as an option over pfsense at my folks. I’m using Sophos XG, but IPsec S2S VPNs
Checkpoint: I want to know if I can isolate a single computer that bypasses these controls? Even if I have to place that computer on a different subnet - I can’t risk the false positives or overzealous controls for one device that I use and currently have isolated on its own network.
Its just me or the Zone Firewall is "identical" to a Sonicwall? Using the two platforms I can agree that this Zone is a more easy approach! Nice Ubiquiti!
That’s some nice changes , I wish they would get some better access switches. I need at least dual hot swappable psus Edit: looks like they have that now. Can they stack now?
without the ability to see inside the traffic via ssl inspection this is only a blacklist...and that's always lagging. it's better than nothing but without tls interception it's effectiveness is limited.
For those of us that are very due to this or are not professional IT people could you go through the upgrade steps? I haven’t found a very good one, but I’m sure they are out there.
Willy, could you create a video on “high isp latency detected” notices? Why it happens, and how to fix?
More Unifi IPv6 videos would be terrific.
I agree :) IPv6 is still a lot of mystery, even for ubiquiti users :)
Please run through the cert. That would be cool !
More on TLS - SSl Certs would be great
Please run through cert purchase and upload!
Maybe add Lets Encrypt registration and auto-renewal if thats possible?
Happy for the API. That's going to be very useful for some stuff.
I’m curious about a “best practices” approach for implementing an IoT VLAN using the new zone based firewall method.
I would love an explainer on the Certificate installation. Especially if you can explain the hairpinning.
I can't get over how much more logical the firewall section is!! As an enterprise network security admin I found that section abysmally dysfunctional prior to this change. It's passable now with this zone conversion!
The API has already existed forever, except there weren’t any official documentation.
The API can do a lot more than what the official documentation says, in fact, the web UI uses the API for everything - so if there is something that you want that isn’t documented then you can use your browser’s network debug tools.
Thanks Willie for another great video. I have just recently moved off of TP-Link stuff and went all in on Unifi. Even before this update I was up and running for a week. I love the "single-pane of glass" that Unifi has for there network. I am looking forward to watching the upcoming Unifi videos.
It would be nice to learn about Ip6 and what I need or can use it for
Really excited about the zone-based firewall. As someone considering moving from OPNSense to Unifi for their SOHO network, that entire interface looks a lot easier to understand (especially while I'm learning) than what I'm working with now. OPNSense isn't impossible to use, but I'd be lost without well written tutorials and don't really feel like I'm learning it holistically.
The new Unifi interface you showed off looks like it'd be a lot easier to learn and use for someone who doesn't really need the awesome power of OPNSense.
Please do some videos on BGP, Certs and IPv6. Many thanks 👍
Some great updates. I'm looking forward to using the API to be able to semi-automate the statistics collection for my day job. Still investigating a potential move to GS, but this update certainly makes Unifi a more competitive option.
We are currently using EdgeRouter Infinity's as our firewall and site to site vpn's and then unifi for our network controllers. Hopefully over summer, we will switch to the zone based firewall and standardize to just the unifi platform.
Appears Ubiquiti hasn't released 4.1 firmware for the UXG line of gateways yet. I'm running network server 9 and a UXG Pro Gateway but don't have the new firewall option yet.
More info on IPv6? Yes please!
That is a lot of improvements!
I would like to see some IPv6 videos and how to best implement it into my network for better performance. I have played with it in the past but have found that not many VPN providers support IPv6. I am glad I decided to purchase the UDM Pro Max because that means I get access to all the new features and improvements. Nothing cut short here.
I dont see it called out in this video but in site to site tunnels, the update adds Policy Based routing too over those tunnels. I believe this is new.
Another great video like always!
I would like to see you purchase or download a certificate from an existing domain and install it in Unify Network! Thanks!
I upgraded my UCG-Nax yesterday. I didn't think to record the numbers. But, I saw inter-vlan file transfer speed jump up quite a bit. It went from ~70 MBps to ~100, between an i9 workstation, and a Synology 1817+ NAS, both with 1gig ports, over a 2.5 gig multi-switch path.
More on TLS - SSI Certs, please. I really would like to learn more about this.
Yes, please do all of those you mentioned.
Network 9 looks awesome, I just upgraded.
These upgrades were needed. No granular firewall rules made me feel they were trash in the past.
I'm from Portugal and in my UDW the CyberSecure dont apear. Is it only avaiable in th US?
In Network 9; the network checkbox setting "Isolate Network" seems redundant to putting the specific network into a custom zone. Or is it just me?
For those of us that are very new to this or are not professional IT people could you go through the upgrade steps? I haven’t found a very good one, but I’m sure they are out there.
A video on zone based firewall would be very much appreciated. WTF are those zones for?
Interesting. UCG-Ultra auto upgraded last night, but no sign of the new zone feature. It’s a family members that’s just left tbh.
I’ll have a look more as an option over pfsense at my folks. I’m using Sophos XG, but IPsec S2S VPNs
Checkpoint: I want to know if I can isolate a single computer that bypasses these controls? Even if I have to place that computer on a different subnet - I can’t risk the false positives or overzealous controls for one device that I use and currently have isolated on its own network.
yes a SSL/TLS certificate and upload would be good. any free cert sites would be good as well.
IPv6 please !
I’m really looking forward to seeing how the API works and what people do with it…..
well the storage reformat process on the DreamWall was horrible, automatically reboot the whole system
Hope the API drives towards maybe an app store..
Sure, but when will the topology start working?
Good video,
Its just me or the Zone Firewall is "identical" to a Sonicwall?
Using the two platforms I can agree that this Zone is a more easy approach!
Nice Ubiquiti!
Zone based firewalls are nothing new, IIRC it was introduced with Cisco ASA and is in every NGFW
personaly I like new firewall - that make my work with vlans more easy - I recomanded to swich to that new zones firewall
That’s some nice changes , I wish they would get some better access switches. I need at least dual hot swappable psus
Edit: looks like they have that now. Can they stack now?
without the ability to see inside the traffic via ssl inspection this is only a blacklist...and that's always lagging. it's better than nothing but without tls interception it's effectiveness is limited.
For those of us that are very due to this or are not professional IT people could you go through the upgrade steps? I haven’t found a very good one, but I’m sure they are out there.
There is an “Updates” page in the “Control Plane” or the main UniFi OS page. You should probably enable automatic updates.
Also, you said something about being able to have someone help me with checking my system out. Do I just go on the website and contact you that way?
@@nmfireman yes
I need more ETHERLIGHTING. It should have its own Channel!
BGP is an enterprise feature. Awesome, especially for Kubernetes with MetalLB. So KeepaliveD and ARP/VRRP is dead with this feature
EdgeRouter.... no new FW. ((
Dark mode would be great
It already exists
@@samuelhulme8347i wish OP would have used dark mode.
they need to start bundling these machines with more ram...