Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 22
  1. #11
    Master Untangler
    Join Date
    Nov 2014
    Location
    Charlotte, NC
    Posts
    100

    Default

    Pardon my ignorance but what does the ubiquity switch and cloud key get you? This seems like overkill for a home network. (but I do love overkill )

  2. #12
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,236

    Default

    Braindead VLANs and good port monitoring to start. Sometimes people want to see what's wrong instead of having to put in time to figure it out.

    Doing this is like going SSD on your laptop/desktop, once you do it, you'll never go back.
    JasonJoel likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #13
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,877

    Default

    The cloud key means you don't need to install software to run full time on a computer somewhere to manage your ubiquiti devices (or pay for the cloud service). The switch gives you the correct fancy 24v PoE (16port models and above) and makes it much easier (or even possible at all vs an unmanaged switch) to handle vlans.
    Last edited by jcoehoorn; 08-31-2018 at 02:24 PM.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 16.2 to protect 500Mbits for ~450 residential college students and associated staff and faculty

  4. #14
    Master Untangler
    Join Date
    Nov 2014
    Location
    Charlotte, NC
    Posts
    100

    Default

    Cool. Thanks for the information. I need to school myself up on virtual lans.

  5. #15
    Master Untangler bluechris's Avatar
    Join Date
    May 2016
    Location
    Athens, Greece
    Posts
    178

    Default

    Quote Originally Posted by Loudog2 View Post
    Are you double nat’ing with the untangle and USG configured like that?
    Oh yeah only for the wifi clients which are only the employees wifi phones. All company pc's and servers are normal untangle clients.
    I decided to do my thing and give to all my coworkers internet and this was a perfect solution. Maybe if we upgrade our work licence to more than 25 users i will stop to use unifi as router but so far i haven't experienced a singe problem and its difficult to explain to my boss why we need the upgrade lol.

  6. #16
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,236

    Default

    Quote Originally Posted by bluechris View Post
    Oh yeah only for the wifi clients which are only the employees wifi phones. All company pc's and servers are normal untangle clients.
    I decided to do my thing and give to all my coworkers internet and this was a perfect solution. Maybe if we upgrade our work licence to more than 25 users i will stop to use unifi as router but so far i haven't experienced a singe problem and its difficult to explain to my boss why we need the upgrade lol.
    If you're going to stack up the Untangle as a router behind the USG, why not untick the NAT box on external? No more double NAT... all you have to do is make sure the USG has a route for any network beyond the Untangle, pointed at the nearest Untangle IP address.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #17
    Master Untangler bluechris's Avatar
    Join Date
    May 2016
    Location
    Athens, Greece
    Posts
    178

    Default

    Quote Originally Posted by sky-knight View Post
    If you're going to stack up the Untangle as a router behind the USG, why not untick the NAT box on external? No more double NAT... all you have to do is make sure the USG has a route for any network beyond the Untangle, pointed at the nearest Untangle IP address.

    But untangle does the routing to all pc's and everything , i dont want usg to do that and i dont trust it.
    Also with this way the client that connects to untangle that carries all the mobiles which is the usg in bandwidth control got a low priority and thats it, i dont want the mobiles to melt the company internet.

  8. #18
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,236

    Default

    Quote Originally Posted by bluechris View Post
    But untangle does the routing to all pc's and everything , i dont want usg to do that and i dont trust it.
    Also with this way the client that connects to untangle that carries all the mobiles which is the usg in bandwidth control got a low priority and thats it, i dont want the mobiles to melt the company internet.
    I didn't say make Untangle a bridge, I said to turn off NAT. Port forwards would be on the USG entirely, Untangle is routing everything and filtering it. There is no reason to not "trust" the USG, it works well within its sphere. But you take a performance hit, and a headache hit when adding a layer of NAT you don't need.

    If you want more ACLs, that's what the firewall module is for.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #19
    Master Untangler bluechris's Avatar
    Join Date
    May 2016
    Location
    Athens, Greece
    Posts
    178

    Default

    Quote Originally Posted by sky-knight View Post
    I didn't say make Untangle a bridge, I said to turn off NAT. Port forwards would be on the USG entirely, Untangle is routing everything and filtering it. There is no reason to not "trust" the USG, it works well within its sphere. But you take a performance hit, and a headache hit when adding a layer of NAT you don't need.

    If you want more ACLs, that's what the firewall module is for.
    Got you thx, even though i dont want to mess at all with usg in port forwards or anything.

  10. #20
    Untanglit TheDude's Avatar
    Join Date
    Dec 2017
    Location
    Missouri
    Posts
    17

    Default

    This was my approach, hope I got it right...

    For my password protected wifi the clients are routed to my main network as I do not share that password. However, I added a second wifi network on my unifi ap as a open guest network and did the following...

    I added a vlan tagged interface with a different subnet on untangle like this. (and created a policy for that vlan, rules, captive portal, etc...)
    Annotation 2018-11-29 225148.jpg

    Then configured my unifi ap-pro to route/tag all traffic through to the new untangle vlan interface... Like here.
    Annotation 2018-11-29 224813.jpg

    While there is no physical separation, I believe this should work the same? I hope I got it right. Please advise if my logic is off here!

    As for my iot devices I am still struggling on the proper approach. What do you do with devices you want local access to but do not trust? The best I could come up with is completely isolate the extremely un-trusted (DVR camera system etc.) and restrict other mildly trusted devices that I need local access to and only allow those the required ports in/out.

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2