UniFi Network With a Non UniFi Firewall (pfSense With Layer 3 Adoption)
Vložit
- čas přidán 25. 07. 2024
- UniFi Network With a Non UniFi Firewall is a pretty common practice in the networking field. Many MSP companies will even recommend their client to use UniFi access points and switches but in some cases, they will recommend some other vendor firewall like pfSense or even Edgerouter.
In this UniFi Network With a Non UniFi Firewall we are under the assumption you already have a UniFi controller in a remote or cloud location already up and running with port forwarding enabled already. Without this preliminary step, you wont be able to accept incoming adoption requests from your UniFi devices.
Another assumption made in this UniFi Network With a Non UniFi Firewall video is that you will not be using a single flat network (not recommended) and you will be segregating your network into Vlans. Traffic between Vlans should be firewalled properly!
This UniFi Network With a Non UniFi Firewall practice comes with a very good reason in some cases and in other cases going full UniFi (AP's, Switches, Gateway) makes prefect sense. It really depends on the deployment and the network needs.
Some of us home lab geeks just prefer pfsense and so deploying UniFi Network With a Non UniFi Firewall is just a matter of preference. I personally LOVE pfsense and going in this UniFi Network With a Non UniFi Firewall direction with a pfsense firewall is definitely a sweet spot. You just cannot go wrong with pfSense!
In this video we are to learn how to actually go about creating a UniFi Network With a Non UniFi Firewall. this means we will create vlans, dhcp, firewall rules in pfsense and even set whatever is needed to make layer 3 adoption easy and almost automatic if you are using an offsite UniFi controller.
UniFi Layer 3 Adoption KB:
help.ui.com/hc/en-us/articles...
Unifi Port Forwarding KB:
help.ui.com/hc/en-us/articles...
DHCP Option 43 HEX converter:
tcpip.wtf/en/unifi-l3-adoptio...
Please subscribe and follow us on Twitter: / techmeout5
Join our Synology Facebook group: / synousergroup
Join our Ubiquiti UniFi Facebook group: / ubntusergroup
#UniFi #pfsense #network - Věda a technologie
Nice video Avi, very well explained! I do this type of thing all the time, I do not use UniFi routers but I do use their switches access points.
Yep, its a pretty common practice and as a UDM Pro user...i can definitely see its shortcomings
Hi, great video! One question, the way that you have this setup, does the layer 3 switch manage the inter vlan routing? Thanks
thanks for this video! excellent!
Loved the video, Avi!
Thanks for watching Frank. Cheers.
This should be on the front page of the UniFi site.
great vid
so i have this similar setup
im using opnsense
im using hosted controller on docker and had to use inform as docker has different network
anyways
my question is for the switched connected as uplink what firewall rules need to be applied?
or do i not use anything for uplink? currently i have it as open for testing snd have dhcp address different from the network address
does the 'Traffic Insights' work with this setup with pfsense?
Will this work using a Firewalla GOLD firwall? I prefer Firewalla then PFsense since it's easier to setup?
Im doing a few steps forward and i have NGF from SophosXG and then Ubi switch and APs. Im using it for home and business.
Ofc Sophos at work is payed 😆 but it can do much much more then udm and pfsense a spacially in layer7
Yep. Pfsense is more of a router whereas sophos is a full layer 7 utm
@@TechMeOut5 indeed:)
I have a unifi switch connected to my cheap spectrum router that does do vlans. I created a network on vlan 20, created a port profile with vlan 1 as native. As soon as I assign that port profile to the port connecred to my laptop , I loose network connectivity. I am trying to understand why this is happening and I can ping other networks that I had set up within the switch. Can someone please help answer this questions for me. I onky have unifi switch, cloud key and my spectrum router.
Hi. If your firewall doesn't support vlans...sadly, you will not be able to use vlans. In order to use vlans every device, switches, access points, routers, all of them has to support vlans, especially the router which is typically the origin point of the vlan tags
Can a pfsense do 1gbps pppoe?
I think you might have a misunderstanding. Pfsense can do pppoe, the speed of the connection depends on the hardware pfsense runs on. Pfsense is just the software level
@@TechMeOut5 I learned that the hard way. I keep forgetting the pfsense is the same. I've got a UDR and a Key2 Pro with USD all collecting dust and now use a UDM-SE. All cause the others were not good enough hardware for gigabit ethernet when a old old Nighthawk R9000 was... I find it weird that Ubiquiti Unifi would so greatly under power anything. But I'm learning I need to rely on myself for this gear especially with UniFi Talk their support so far have been of no help with other issues.
UniFi and pfsense is my favorite combo! not a fan of the unifi selection of firewalls