Calgarypuck Forums - The Unofficial Calgary Flames Fan Community
Old 05-29-2021, 07:06 PM   #1
GoinAllTheWay
Franchise Player
 
GoinAllTheWay's Avatar
 
Join Date: Apr 2003
Location: Not sure
Exp:
Default Any Unifi users in the house?

Got a question regarding the Unifi controller.

I've been working from home for some time now, my wife even longer. We both have work issued PC's that I'd really like to isolate completely from the rest of my network. I don't want our personal PC's to be able to see the work computers and vice versa.

I have a USG, 2 switches and an AP, all from Ubiquiti. I have the main LAN and main wireless, the main wireless is attached to main LAN. I also created a work vlan and another wireless network attached to that vlan.

I've created a 2 firewall rules in LAN out that I think should be blocking all traffic between the two.

I open a command prompt and I can't ping anything on the main network from my work PC and from can't ping my work PC from anything on the main network.

So have I done this correctly? What's giving me pause is I applied these firewall rules to LAN out as per a video I watched but then found documentation on the ubiquiti website that says to do this on LAN in.

Quote:
1.LAN IN is where you want to filter all of your LAN/VLAN traffic, as IN is the first point of entry to the firewall, no matter the interface. The OUT ruleset will only be used in rare special cases.
Despite that, it seems to be working as expected? Seems I have much to learn regarding firewall rules.
GoinAllTheWay is offline   Reply With Quote
Old 05-30-2021, 04:19 PM   #2
TorqueDog
Franchise Player
 
TorqueDog's Avatar
 
Join Date: Jul 2010
Location: Calgary - Centre West
Exp:
Default

There are a few ways to isolate clients on wireless networks using the Unifi controller, but so long as you can't access the other machines within your network then I think you're good.
__________________
-James
GO
FLAMES GO.
TorqueDog is offline   Reply With Quote
The Following User Says Thank You to TorqueDog For This Useful Post:
Old 05-30-2021, 05:48 PM   #3
GoinAllTheWay
Franchise Player
 
GoinAllTheWay's Avatar
 
Join Date: Apr 2003
Location: Not sure
Exp:
Default

What methods do you use? I know you can set up a guest network but that requires you to leave the controller running 24/7. Currently I have the controller installed on my gaming machine. I spose I could buy a cloud key but have no need for remote access.
GoinAllTheWay is offline   Reply With Quote
Old 05-31-2021, 09:18 AM   #4
Hemi-Cuda
wins 10 internets
 
Hemi-Cuda's Avatar
 
Join Date: Feb 2006
Location: slightly to the left
Exp:
Default

Quote:
Originally Posted by GoinAllTheWay View Post
What methods do you use? I know you can set up a guest network but that requires you to leave the controller running 24/7. Currently I have the controller installed on my gaming machine. I spose I could buy a cloud key but have no need for remote access.
You really should get the cloud key if you've got a full Unifi setup. You don't have to use the cloud portion of it, I don't for security reasons
Hemi-Cuda is offline   Reply With Quote
The Following User Says Thank You to Hemi-Cuda For This Useful Post:
Old 05-31-2021, 09:42 AM   #5
GoinAllTheWay
Franchise Player
 
GoinAllTheWay's Avatar
 
Join Date: Apr 2003
Location: Not sure
Exp:
Default

I have thought about it. They aren't overly expensive. I'm just not sure what use I'd get out of it other than having the controller running full time. What do you use yours for?
GoinAllTheWay is offline   Reply With Quote
Old 05-31-2021, 11:49 AM   #6
TorqueDog
Franchise Player
 
TorqueDog's Avatar
 
Join Date: Jul 2010
Location: Calgary - Centre West
Exp:
Default

You can apply Layer 2 isolation for clients connected to wireless networks you define, or you can use rules for controlling traffic across VLANs as you've done.

I have a Gen. 1 Cloud Key plugged into my primary switch (PoE is nice) so I can get outage notifications and ensure my network is up before I start work (Shaw has bitten me a few times).
__________________
-James
GO
FLAMES GO.
TorqueDog is offline   Reply With Quote
Old 05-31-2021, 03:00 PM   #7
Hemi-Cuda
wins 10 internets
 
Hemi-Cuda's Avatar
 
Join Date: Feb 2006
Location: slightly to the left
Exp:
Default

Ya I just have my cloud key so I can manage the network without having to go turn a PC on, and I like being able to get email alerts. Also if you ever want to dabble with home video surveillance, the new cloud key with a 1TB hard drive in it would be very nice
Hemi-Cuda is offline   Reply With Quote
Old 06-01-2021, 10:22 AM   #8
GoinAllTheWay
Franchise Player
 
GoinAllTheWay's Avatar
 
Join Date: Apr 2003
Location: Not sure
Exp:
Default

Quote:
Originally Posted by Hemi-Cuda View Post
Also if you ever want to dabble with home video surveillance, the new cloud key with a 1TB hard drive in it would be very nice
Very much want to dabble I've watched reviews on the unifi cams and they seem pretty solid. Looked at the cloud key with HD and wow that's pricey. I think I'd rather go with the generation behind it and send the camera feeds to central storage that I already have.

**edit**

N/M, was looking at the wrong device. The UCK with the 1TB drive is only $25 more than the previous generation. Probably a easier getting camera footage to go straight to it too. That might actually be a good idea.

Last edited by GoinAllTheWay; 06-01-2021 at 03:52 PM.
GoinAllTheWay is offline   Reply With Quote
Old 06-06-2021, 02:04 PM   #9
GoinAllTheWay
Franchise Player
 
GoinAllTheWay's Avatar
 
Join Date: Apr 2003
Location: Not sure
Exp:
Default

Thanks for the suggestions on the cloud key. Went ahead and bought the UCK v2+. Slick little device and it is indeed handy having the controller available 24/7.

Plugged UCK in, updated the software and restored from a backup of the Windows based controller I was using.

Now that raises a question. On the Windows version I was previously using, I used the local credentials I generated when I first set it up.

Setting up the UCK for the first time required me to sign in using my UI cloud credentials. Now I can use both but can only gain access to the Unifi Protect app by signing in the the UI credentials. Any way to associate that app with my local credentials? It's not a big deal but I'd rather use local.

Also disabled cloud access. I log in to ui.com and don't see my controller listed there so think that's disabled properly.
GoinAllTheWay is offline   Reply With Quote
Old 06-06-2021, 03:39 PM   #10
Hemi-Cuda
wins 10 internets
 
Hemi-Cuda's Avatar
 
Join Date: Feb 2006
Location: slightly to the left
Exp:
Default

Quote:
Originally Posted by GoinAllTheWay View Post
Thanks for the suggestions on the cloud key. Went ahead and bought the UCK v2+. Slick little device and it is indeed handy having the controller available 24/7.

Plugged UCK in, updated the software and restored from a backup of the Windows based controller I was using.

Now that raises a question. On the Windows version I was previously using, I used the local credentials I generated when I first set it up.

Setting up the UCK for the first time required me to sign in using my UI cloud credentials. Now I can use both but can only gain access to the Unifi Protect app by signing in the the UI credentials. Any way to associate that app with my local credentials? It's not a big deal but I'd rather use local.

Also disabled cloud access. I log in to ui.com and don't see my controller listed there so think that's disabled properly.
You can go into Settings > Admins and create a new local super admin
Hemi-Cuda is offline   Reply With Quote
The Following User Says Thank You to Hemi-Cuda For This Useful Post:
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 09:09 AM.

Calgary Flames
2023-24




Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright Calgarypuck 2021