The NEW UniFi Zone-Based Firewall is AWESOME! (complete walkthrough)

38 Comments

1. eh, I'm sticking with the old way for now….maybe I'll change eventually. I'm not modifying firewall rules all that often.

2. Take a backup first!!!

3. About time Unifi put a DMZ on it !!

4. Love your stuff. Synology. Unifi. Technology stuff from you is great just like Kellogg's Frosted Flakes, only less sugar.

5. Maybe someone can help me here. I was using traffic rules and they worked quite well for me. So are we saying traffic rules are a thing of the past now?

6. Outstanding video! Frank you have a knack of taking a complex topic and delivering un such a way, everyone can understand. Well done!

7. Thank you.

8. So basically, Unifi is catching up to firewalls like Palo Alto and Fortinet in terms of security policies?

9. Interesting video and good explanation. I really like the matrix overview, but I doubt Unifi will ever replace my Juniper and OPNsense firewalls, which have had zones for many years already.

10. Still no Realtime view to see wat gets blocked??

11. @6:03 – Doesn't the firewall BLOCK by default?
    so why do you need to create so many block rules?
    I expected you will need to create a lot of allow rules.

12. Thanks for another great video, and looking forward to more on this topic

13. Nice. Those RFC1918 are mainly duplicates and need to be removed. The scope of the zones is defined by the ip ranges of the Networks in source and destination Zones. Anything that is not a locally defined Network or VPN range is handled by the {zone} – External zone pairs. That is the only place RFC1918 has relevance.

14. Very nice video, congrats for your crystal clear explanations.

15. Well what was wrong with old concept. I am not a big fan of big changes.

16. Your videos are the best! You explain everything so clearly and in great detail making it easy to understand. I especially appreciate how you address confusions that others overlook like the multiple rules that split into zones in the UniFi firewall. Keep up the amazing work

17. I don't see the click to upgrade????

18. "industry leading from a ease of use perspective"
    I'm going to assume you haven't used literally any other ZBFs.
    If you haven't that's fine, just try to avoid statements like that because, to me, its cringe. Ive been a NE for over 15 years.

19. Would you relocate the IoT network into a new zone or keep it inside 'Internal'. I wanted to get a clear picture of policies applied on IoT network with ZBF but I'm not sure if moving out of internal would break things.

20. I don't like Unifi's interface. I find it overly complicated for no reason. Albeit what you are talking about today is not though. I hope they take this way of doing and visualizing things to their other hardware areas.

21. It works great, a little bit of adjustment at first but the only thing I think is missing is the possibility to select many zone in source and destination.

    Sometime you need to create the same access-list to work with many source or destination networks, for example, my DNS are on a separate vlan and ALL zones need to have access to those.

    But overall, Ubiquiti are getting better and better !

22. Only amateurs use Ubiquiti equipment, it’s insecure garbage.

23. Thanks for great overview Frank. Out of the box, is the new Zone Based Firewall Zero Trust? – No traffic allowed until Zone and policy's are created.

24. I'll have to watch this one more than once. Firewall rules are confusing to me. The concept is understandable. I like the change with LAN IN and LAN OUT I get into a tailspin with that when I try to implement rules.

25. Finally, was I was waiting for since long time. Thanks for showing us the new setup and thanks to Ubiquiti 😅 it’s great 👍

26. Newbie here. Just wondering, how do you clean up the individual threat actors' IPs that have been blocked in the firewall page? It's populating more and more and I can't seem to group them up.

27. Zones arent new – its not a "new way to…" zones are handy, but it depends from scenerio. In enterprise environment, using zones depends from various things, but basic of this are still FW rules. Zones can be tricky to manage, so it depends. I think that ubi should simplify FW rules first and then supply it with zones, if ever needed for home users. In fact, inter vlan routing should be prohibited out of the box as good FWs does in terms of "zero trust concept".

28. Nice video. But it was hard to see what you did becorse your face video was all over on the right side when you showen the rule boxes.

29. Excellent video Frank. I think i actually like the zone based firewall…it really is actually easier to manage. Have a great day buddy

30. Not sure you checked, but at about eight minutes in you're blocking what you're talking about.

31. Upgraded CGM OS/Network (UniFi OS 4.1.13/Network 9.0.108) a few hours ago. I was going to wait a day or two to update to the Zone based FW. Nope.. just did that too. Took like 5 seconds and I already found some Plex rules I need to remove. I went ahead and subscribed to CyberSecure too. Not so sure about that, but yeah. Usually don't use their IPS/IDS, but wanted to give it a try.

32. Would be cool if you could recreate the firewall rules you did in the advanced setup video but with zones

33. Nice explanation. I'm sure I'll be rewatching it this weekend when I update.

34. Thanks for another great tutorial!

35. Fantastic stuff, hopefully this is a full release by the time I put in a Unifi stack (hopefully this year). Are you goign to redo the Unifi firewall tutorial with this new paradigm?

36. This was great. Thanks! 👍🏻

37. the video I've been waiting for since 4pm today, when I upgraded, and thought, WTH is this?

38. This is exactly what I was looking for. Great job 👍

Comments are closed.