@Joe-ux2vy
Another great video - it's obvious this guy puts in so much time into creating these videos for people to learn. Remember to thank him properly with a like! Thanks again Tim
@brianfritz575
Best Video I've seen online about using Unifi Zone Based Firewall rules. You've made this so much clearer to me. I'm ready to jump in and try my own network. Thanks!
@enriquebenedicto9429
This was an incredibly useful video. Before purchasing my own system, I was looking at various videos on it to have a sense of what I was getting into. There are things in your video I never would have thought doing. I've had my UDM Pro and U7 Pro's for a few weeks now, configuring it all locally and offline, so I could safely explore and test its features. I took quite some time in figuring out my VLAN's, Zones and WiFi, and I thought I'd shared my current architecture, as I'm quite happy with it. VLAN: First, I created a Network named "Deadend Network". Both "Deadend Network", and "Default" are basically configured like your "Default" network, but I used "Deadend Network" as the Native VLAN in a number of RADIUS setups. I felt it better conveyed its purpose. Then I created a ton of separate VLAN's for my IoT, rather than lumping everything together. This comes extremely handy later. So I have a "Camera Network", a "Firestick Network", a "Thermostat Network", etc... I even created separate VLAN's for wired IoT devices. All configurer to be "Isolated". Put all of those in the "Hotspot" zone. I also created an "Admin Network", which would be your "Management". ZONES: Here again, I created different zones for clarity. A "Block Everything Zone", where "Default" and "Deadend Network" are. A "Gateways Only Zone", where my "Admin Network" is. Finally, a typical "Home Zone". Like I said. Most of my VLAN's belong to the "Hotspot" zone. These zones help me tweak rules without accidently screwing things up on my Admin Network. Also, if there's a suspicious IoT device... I can quickly block its VLAN by adding a rule under Hotspot, just for that VLAN group without affecting all my other devices in other VLAN's. WIFI: This is my various IoT VLAN's come handy. The thing is, all* my current IoT devices can be configured through Bluetooth. Which means none of them even need mDNS. But, more importantly, literally all of them basically only support WPA2. Because of that, I created a first WiFi called *_guest_2p (for WPA2 Personal). That's where I put all my IoT, but using separate PPSK for each of those separate IoT VLAN. That way, rogue devices would only have the password for their own VLAN. This alone, justified having multiple VLAN's in my view. That WiFi also has the "Enhance IoT Connectivity" Enabled, as well as the "Client Device Isolation". I also created *_guest_3p (WPA3 Personal), *_guest_2e (WPA2 Enterprise), *_guest_3e (WPA3 Enterprise), *_guest_3ex (WPA3 Enterprise with Xtra encryption). All these WiFi guests have their "Client Device Isolation" Enabled. The last one I have is *_home_3ex, which is virtually identical as the *_guest_3ex, but doesn't have "Client Device Isolation" set. Finally. My Admin Network isn't accessible through WiFi. Only through wired connections on a handful of specific ports. I bought a dedicated cheap laptop for the sole purpose on controlling the system. I have the Max series of switches, which illuminate their ports, and configured the port colors to be based on VLAN's rather than the default "Speed" settings. This gives me an immediate feedback if I'm accidently connecting to the wrong VLAN. I'm quite happy with my current setup. But it all started with your video.
@ihuntyou3
Thanks much for this. Just sank my teeth into the unifi world and was having some trouble nailing down the vlan and firewall settings. After this everything is working like I expect and have the knowledge to continue from where we left off. Masterful job.
@TheQuietBeast
Wow! This video was just what I needed now when I finally got a Unifi Cloud Gateway and wanted a setup almost identical to yours. Many thanks for a great comprehensive video. Like that you didn't fast forward on that filling out. Really great everything. I managed to create something similar but with an additional network for job. Actually I wanted a WiFi for that too but noticed that my AP's could only handle four WiFi's so I had to compromise a little. Seems to work really great. I read about VLAN's about a year ago and thought to myself, my god, this will likely never happen in my home. But now with your video. Here we are! :) and also, thanks to Ubiqity for this feature zone based rules. This matrix really makes things easier. Not complicated function really, it just group things and displays in another way than we are used to. Fantastic, keep up the great work!
@u2ramess666
I was following the first 8 videos in setting up my network and was happy to see the updated one for the zone firewall settings. And tonight I saw this one and started over. I have a few devices hooked up and all are working so far. I'm going to swap over to the new network tomorrow.
@jshtz4
While migrating from my 6-year-old USG to a UCG, I messed up and completely locked myself out of my controller--finally had to do a factory reset. π€¦ββ This video was incredibly helpful for getting everything set up again. On my old USG, I had some NAT rules configured via JSON and I now see those in the GUI with the UCG+Controller v9. I'd love to see you cover some of these more advanced features.
@richardturkson5916
Bravo, the best End-to-End comprehensive Unifi network video out there. Love it and you are right-on with these setups. You also do take the time to convey the structured plan and then demo the configuration. Most of the popular guys are not doing this anymore. Thank you for taking the time to develop and publish great content. Keep up the good work!
@wfcperrine
I've watched this whole video about 19 times because it's so helpful. I can't wait to see your future videos.
@ACanadianRVereh
Thank you for the great videos , I am a retired network engineer for 20 years, and I am a fan of Unfi I have over 9 networks I look after. I can always learn something new here
@asinderman
Dear Tim, thank you for your excellent Unifi network course. Your clear explanations of complex topics and practical examples have been invaluable. Your content quality and community engagement are outstanding.
@alanblyde8502
As a newbie this is absolutely appreciated il be tidying up my network for sure, it people like yourself that are what us novices need, a lot to take in but explained very well, ausom and hi from downunder π¦πΊπ
@jamesforde421
I am very new to this ecosystem and had been jumping all over the place trying to learn as I setup my system. Thanks so much for creating this updated step by step tutorial.
@mrtn02550
I just recently migrated my home network to a full Unifi setup. This video helped me more than any other resource I've come across. Nice, clear examples. Not over-complicating things. Describing the process more than super specific cases. Subscribed and looking forward to more!
@lm3718
Thanks! This channel has been amazing, thanks so much!!
@sporter555
Great video for newbies like me to networking and firewalls. Between you and Ubiquiti's design team ease of setup has become a reality for me! It is invaluable for us to be able to follow you as you do every step with explanations along the way to create a logical well thought out architecture for a safe home network. I watched this video thru the first time and was confident I could go back a second viewing and create my own VLAN group while listening and pausing. It all works now and I feel much safer. Thanks so much!
@garyphilipp163
Once again, thank you! Your Newbie series was huge in helping me set up my first Unifi system. But as you said, things changed. I watched your Zones video, and it helped me update what I had to use Zones (perfectly!). But this video was amazing in doing a reset, and helping to understand all the steps from the beginning. Your series here is much appreciated!
@markgxo
Extremely well done video explaining everything end to end. This gave me a good handle on the zone based firewall rules. Your example is a good slate to start from, and all I had to do was add access for my VPN connections. Great job!
@wcanderson4007
This is a GREAT video with clear clean instructions. Been doing this since the 1980s. As a Cisco AGS, Cisco Catalyst 4000 and way many more guy who was working with Cisco, Gandalf, Bay Networks at the beginning of Routers, Firewalls etc I found the Ubiquity confusing and confounding. THANK YOU
@intheblackofficialchannel