background preloader

Ubiquiti

Facebook Twitter

USG Firewall: Introduction to Firewall Rules. This article explains where and how to configure firewall rules in the UniFi Network Controller and offers some suggestions on how to manage the firewall with the UniFi Security Gateway (USG).

USG Firewall: Introduction to Firewall Rules

This article is applicable to all USG models. Back to Top The UniFi Security Gateway (USG) offers administrators many useful features to manage their UniFi network, including the ability to create and manage firewall rules that help ensure the security of the network. This guide will explain how to configure firewall rules in the UniFi Network Controller and offer some suggestions for managing the firewall using the USG.

It is important to note that when a new rule is created, its position on the list—before or after the predefined rules, will make a big difference since firewall rules are processed in top-to-bottom order. Simple USG Firewall rule to block QUIC. Everything is great - not so much - Blocked by access control is out of control. Association Failures - Blocked By Access Control. Sophis UTM and Unifi - Hardware, Installation, Up2Date, Licensing - Sophos UTM 9. Hi all, I'm considering installing Sophos UTM at my business.

Sophis UTM and Unifi - Hardware, Installation, Up2Date, Licensing - Sophos UTM 9

I currently have a unifi setup. Fibre Modem --> Unifi USG --> Unifi Switch --> Unif APs. I have a few questions about the install. Firstly do I install the UTM in between the fibre modem and the USG, or between the USG and Switch? Also i have 4 VLANs setup so if i was to put the UTM in between the USG and switch will the UTM pass all the VLANs i.e. trunking? My other idea was to use the UTM as a VPN server, currently the Unifi one is very buggy. And finally to test the system i will be using an old intel i3 3220 and a 4 port intel nic. will this be ok for web filtering/reporting and VPN? Sorry for all the questions. What NTP server is recommended in settings.

Sundries and DNS Filter Follow-up. Internet Content Filtering - DNSFilter. DNSFilter makes it easy to deploy comprehensive, yet customizable URL filtering and internet blocker policies specifically tailored to your network.

Internet Content Filtering - DNSFilter

Start building your web content filtering policy by selecting the categories you want to block. Simply tell DNSFilter what type of websites you want to block - Adult Content, Illegal Content, Streaming Media, Chat & Instant Messaging, Social Networking, etc. - and we’ll do the rest. Our proprietary internet filtering algorithms intelligently categorize sites so you don’t have to constantly maintain a list of blocked sites.

You can even enforce Google SafeSearch, YouTube restricted mode, and block uncategorized/unknown sites so nothing slips through the cracks. Web Content Filtering Policies and Categories While our content categories handle the meat-and-potatoes of your internet policy, our custom whitelists and blacklists take care of the fine details. Ubiquiti EdgeRouter Content Filter. Ubiquiti Networks - Create Deep Packet Inspection Firewall Rule. Reddit - Ubiquiti Networks. Re: Survey: Which gateway firewall/router are you using in your UniFi networks? At home, I have been using Sophos UTM for a while (ever since early version of 9) with a bunch of VLANs trunked to a D-Link DGS-1210-24 switch then up to a UAP-AC-LR (with two of them linked to SSIDs).

Re: Survey: Which gateway firewall/router are you using in your UniFi networks?

I did look at pFsense, but I really do like the Sophos UTM interface. I am curious about their new Sophos XG version, but the last time that I looked, it was still very much in its infancy (at that time, there were only the initial mutterings of them creating a UTM to XG migration toolkit, but I have no idea where things have now progressed to; I must go and check at some stage soon). Incidentally, I run Sophos on a tiny, J1900 based fanless PC (bought from Alibaba and marketed as an 'industrial router'). UniFi - How to Manually Change the Cloud Key's Controller Version via SSH. Readers will learn how to change the controller version on the UniFi Cloud Key.

UniFi - How to Manually Change the Cloud Key's Controller Version via SSH

This article will discuss how to download and install a controller version via SSH. This is specially useful when installing unreleased versions you will find in the Beta blog. For an update to the newest public release available, a simple upgrade via the WebUI is the easiest way to go. Steps 1. If you are interested in a release that is not a Stable release, find the link in the corresponding alpha and beta blog. USG Feature Roadmap - January 2017 update.

UniFi Updates Blog. UniFi - Forums. UniFi Routing & Switching Feature Requests. When I'm comparing between Meraki Security Devices and USG, I realised a very important feature which USG lacks, which is the support for USB Cellular Stick.

UniFi Routing & Switching Feature Requests

I believe that the support for USB Sticks are crucial for: 1. Deployments that relied on cellular data as their primary connection. 2. Mission critical deployments which use cellular data as their failover. Other than that, I don't see the reason for UBNT to not support USB Cellular Stick because even a cheap $40 mini router from TP-Link supports this function. Suggestions on how to deploy support for USB Cellular Stick. I would suggest UBNT add another option called "USB Cellular Stick" under the USG > WAN > Connection Type. In the "USB Cellular Stick" Option, I would suggest putting "Country" and "Carrier" with preset settings like the ones shown below: Other than that, please add a "Custom" settings option under the Username and Password for the APN settings so that we can use custom APNs when the situation requires it.

USG DHCP MAC Address Reservations. USG DHCP MAC Address Reservations - Page 2. UniFi and switch VLAN configuration. From Ubiquiti Wiki Introduction This deployment example is to demonstrate switch VLAN configurations for UniFi APs.

UniFi and switch VLAN configuration

This is for demonstration ONLY and experienced IT should already be familiar with below contents. We are NOT suggesting how your network should be configured, and we will NOT support if these switch configurations failed your network. The reader of this document is expected to have VLAN and switch knowledge. Deployment In this example, we will trunk 4 different switches (Netgear, HP, Cisco, D-Link) and use AirRouter as the DHCP server also the gateway to internet. UniFi FAQ. From Ubiquiti Wiki This wiki is no longer being maintained.

UniFi FAQ

Please refer to community knowledge base for the latest information. General Questions Controller Installation Is there a user guide? Yes, check You will find the latest Datasheet, Quick Start Guide, and User Guides. Downloads. Downloads. USG passthrough/monitor mode. It Works: UPDATE 9/13/2017: Instructions on how to disable NAT are now provided by @UBNT-cmb here Steps to make it work by @ecomerc here : Here are the corrective items1) Add the USG internal network(s) to "Network Protection" -> "Firewall" as the source for all outgoing rules2) Add the USG internal network(s) to the "Network Protection" -> "NAT" masqerading sources3) My major fault. make sure the USG internal networks are NOT assigned the the UTM already: "Interfaces & Routing" -> "Interfaces" -> "Additional Addresses" then it works.

USG passthrough/monitor mode

Getting Unifi AP to see VLANs through Switch, pfSense and ESXi : homelab. Help with PFsense, UniFi, VLAN setup - Ubiquiti Networks Community. It sounds like you are fighting with both VLAN and (initially) restrictive firewall issues.

Help with PFsense, UniFi, VLAN setup - Ubiquiti Networks Community

No worries I also had to get my feet wet. If this is your first VLAN-enabled network deployment, best is to get some practise. Ideally get 2 computers with some Linux/BSD/OSX that have fixed IPs (before go DHCP). On Windows you need a network driver that can configure on the driver level (i.e. Unifi + pfSense: Wanting separate DHCP scopes based on VLANS - Wireless Networking. I've got a Unifi Switch and 3 AP-AC Lites.Upstream of those is a pfSense box with 2 interfaces (LAN & WAN, if you couldn't guess) I'm just having the worst time wrapping my head around VLANning in the first place, so I don't know if that's a factor in what's confusing me.

I want:-Corp DHCP limited to just 25 addresses: 192.168.100.100-124 255.255.255.0 (static IPs for gateway, APs, and switch are in the 192.168.100.1-5 range). I'm not going to let workers connect their personal devices to the corp network, which is quite small. -Guest DHCP in a different subnet, preferably a /23 setup since there'll be a TON of guest traffic in/out.

Setup Azure to Unifi USG IPSec VPN. Had another tech firm that needed some Tier 3 assistance as they were having trouble with their VPN connection. I helped them setup Azure to Unifi USG IPSec VPN to connect their headquarters to the hosted RemoteApps server. This tutorial will go into detail about the creation of this tunnel starting with the Microsoft Azure side first using Resource Manager. It will be using the following parameters: VNet Name: TestNetworkAddress Space: 10.10.0.0/16Subnets:Primary: 10.10.10.0/24GatewaySubnet: 10.10.0.0/24Resource Group: TestResourceGroupLocation: West USDNS Server: Azure DefaultGateway Name: TestVPNGatewayPublic IP: TestVPNGatewayIPVPN Type: Route-basedConnection Type: Site-to-site (IPsec)Gateway Type: VPNLocal Network Gateway Name: TestSiteLocal Subnet: 10.20.20.0/24Connection Name: VPNtoTestSite Configure an Azure VPN gateway This part takes the longest, so it should be done first: Configure an Azure Local Network Gateway.