Unifi SOP – Initial Firewall Rules and Profile Groups
Unifi SOP – Initial Firewall Rules and Profile Groups
Create Firewall Rule to Allow Established and Related
Network / Settings / Firewall & Security / Firewall Rules, Create New Rule
Type: LAN In
Description: Allow Established and Related
Rule Applied: Before Predefined Rules
Action: Accept
IPv4 Protocol: All
Source Type: Port/IP Group
IPv4 Address Group: Any
Port: Any
Destination Type: Port/IP Group
IPv4 Address Group: Any
Port: Any
Advanced: Manual
– Match State Established
– Match Stated Related
Block InterVLAN Routing / Allow Default VLAN Into All Other VLANs
Create Group of Private IPs Addresses – RFC 1918
Network / Settings / Profiles / Port and IP Groups / Create New Port/IP Group
Profile Name: Group of Private IPs Addresses – RFC 1918
Type: IPv4 Address/Subnet
Address:
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
Create Firewall Rule to Allow Default VLAN Into All Other VLANs
Network / Settings / Firewall & Security / Firewall Rules, Create New Rule
Type: LAN In
Description: Allow Default VLAN Into All Other VLANs
Rule Applied: Before Predefined Rules
Action: Accept
IPv4 Protocol: All
Source Type: Network
Network: Default
Network Type: IPv4 Subnet
Destination Type: Port/IP Group
IPv4 Address Group: All Private IP Addresses (RFC 1918)
Port: Any
Apply Changes
Create Firewall Rule to Block InterVLAN Routing
Network / Settings / Firewall & Security / Firewall Rules, Create New Rule
Type: LAN In
Description: Block InterVLAN Routing
Rule Applied: Before Predefined Rules
Action: Drop
IPv4 Protocol: All
Source Type: Port/IP Group
IPv4 Address Group: All Private IP Addresses (RFC 1918)
Port: Any
Destination Type: Port/IP Group
IPv4 Address Group: All Private IP Addresses (RFC 1918)
Port: Any
Apply Changes
Block IoT Network From Other Gateways
Group of All Network IP – Exclude IoT
Network / Settings / Profiles / Port and IP Groups / Create New Port/IP Group
Profile Name: Group of All Gateways – Exclude IoT
Type: IPv4 Address/Subnet
Address:
10.1.1.1
10.1.10.1
Apply Changes
Block IoT Network From Other Gateways
Network / Settings / Firewall & Security / Firewall Rules, Create New RuleĀ
Type: LAN Local
Description: Block IoT Network From Other Gateways
Rule Applied: Before Predefined Rules
Action: Drop
IPv4 Protocol: All
Source Type: Network
Network: IoT
Network Type: IPv4 Subnet
Destination Type: Port/IP Group
IPv4 Address Group: Group of All Gateways – Exclude IoT
Port: Any
Apply Changes
Title
Subtitle