Pardon my ignorance but what does the ubiquity switch and cloud key get you? This seems like overkill for a home network. (but I do love overkill)
Pardon my ignorance but what does the ubiquity switch and cloud key get you? This seems like overkill for a home network. (but I do love overkill)
Braindead VLANs and good port monitoring to start. Sometimes people want to see what's wrong instead of having to put in time to figure it out.
Doing this is like going SSD on your laptop/desktop, once you do it, you'll never go back.
Rob Sandling, BS:SWE, MCP
NexgenAppliances.com
Phone: 866-794-8879 x201
Email: support@nexgenappliances.com
The cloud key means you don't need to install software to run full time on a computer somewhere to manage your ubiquiti devices (or pay for the cloud service). The switch gives you the correct fancy 24v PoE (16port models and above) and makes it much easier (or even possible at all vs an unmanaged switch) to handle vlans.
Last edited by jcoehoorn; 08-31-2018 at 02:24 PM.
Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 16.5 to protect a 1Gbps fiber link for ~450 residential college students and associated staff and faculty
Cool. Thanks for the information. I need to school myself up on virtual lans.
Oh yeah only for the wifi clients which are only the employees wifi phones. All company pc's and servers are normal untangle clients.
I decided to do my thing and give to all my coworkers internet and this was a perfect solution. Maybe if we upgrade our work licence to more than 25 users i will stop to use unifi as router but so far i haven't experienced a singe problem and its difficult to explain to my boss why we need the upgrade lol.
Rob Sandling, BS:SWE, MCP
NexgenAppliances.com
Phone: 866-794-8879 x201
Email: support@nexgenappliances.com
But untangle does the routing to all pc's and everything , i dont want usg to do that and i dont trust it.
Also with this way the client that connects to untangle that carries all the mobiles which is the usg in bandwidth control got a low priority and thats it, i dont want the mobiles to melt the company internet.
I didn't say make Untangle a bridge, I said to turn off NAT. Port forwards would be on the USG entirely, Untangle is routing everything and filtering it. There is no reason to not "trust" the USG, it works well within its sphere. But you take a performance hit, and a headache hit when adding a layer of NAT you don't need.
If you want more ACLs, that's what the firewall module is for.
Rob Sandling, BS:SWE, MCP
NexgenAppliances.com
Phone: 866-794-8879 x201
Email: support@nexgenappliances.com
This was my approach, hope I got it right...
For my password protected wifi the clients are routed to my main network as I do not share that password. However, I added a second wifi network on my unifi ap as a open guest network and did the following...
I added a vlan tagged interface with a different subnet on untangle like this. (and created a policy for that vlan, rules, captive portal, etc...)
Annotation 2018-11-29 225148.jpg
Then configured my unifi ap-pro to route/tag all traffic through to the new untangle vlan interface... Like here.
Annotation 2018-11-29 224813.jpg
While there is no physical separation, I believe this should work the same? I hope I got it right. Please advise if my logic is off here!
As for my iot devices I am still struggling on the proper approach. What do you do with devices you want local access to but do not trust? The best I could come up with is completely isolate the extremely un-trusted (DVR camera system etc.) and restrict other mildly trusted devices that I need local access to and only allow those the required ports in/out.