- Review: Ubiquiti UniFi Security Gateway (USG)
- UniFi Internet Security DNS Filtering
- Can I monitor Ubiquiti UniFi network devices with PRTG?
- Block a single website using Unifi Security Gateway?
- UniFi Dream Machine Pro: Much Machine, Missing Dream
Review: Ubiquiti UniFi Security Gateway (USG)This article describes how to configure port forwards on a UniFi Security Gateway, and how to troubleshoot them if not working as desired. Example Network Overview. On the LAN there is a Linux server at Back to Top. To get there, follow these steps:. The following fields are available for configuration in port forwards:. Name: Descriptive name of the port forward for reference purposes only. No functional impact. From: This field specifies the source addresses that are allowed through the port forward. In cases where you can limit the source IP or network that can use the port forward, it is best to do so, as it greatly limits the security exposure of your network. Only the specified IP or network will be allowed through the port forward. Port: The Port field specifies the external port to be forwarded. Forward IP: This field specifies the internal IP address to use for the destination of this port forward. Forward Port: The Forward Port specifies the internal port to where the traffic is forwarded. Most services use TCP. Click Apply after filling in the fields appropriately. The configuration will provision to the USG, and the port forward will be active once provisioning has completed. Make sure to test your port forwards from outside your network on the Internet. SSH is a common example of a service that people often configure externally on a different port than internally, mostly to avoid the bulk of brute force attacks. There is no real security in doing so, as any system susceptible to a SSH brute force attack will be found and compromised regardless of port, but there is value in considerably reducing log spam from authentication failures, and not wasting system resources on processing the attempts. Once again, click on Apply. Now the Port Forwards panel would display two configured entries:. You can click the pencil to the right of an entry to edit it, or the trashcan to delete. In the WAN IN firewall rules displayed in the controller, you will see rules added to pass the traffic associated with your port forwards. You edit or delete the port forwards to edit or delete those rules. Verify Configuration and Test Methodology. First, take a close look at your configured port forwards. A subtle typo in an IP or port number has tripped up all of us on occasion. Just verify the IP and port is correctly entered. When testing your port forwards, make sure to do so from the Internet.
UniFi Internet Security DNS Filtering
The advent of new, high performance hardware in the Dream Machine line is combined with the potential promise of integrating functions which previously required multiple components from their solution stack. Part of the problem stems from the transition to UniFi OS. It was apparent that a lot of attention went into the packaging and design of the Dream Machine Pro that we purchased. Upon removal of the tab, the foam inserts that secure the device are very high quality. The accessories kit is nestled in the available space embedded in the foam. Opening the accessory box reveals the rack ears, screws for mounting, power cable and adhesive feet if the UDM Pro will be deployed on a desktop. Physical preparation and installation was simple. With the unit rack-mounted in our wiring closet, the challenges began to occur. The guided setup process worked well until the final steps when an error occurred. Two reboots later, the process completed and we went through the documented procedure to transition from a prior controller to the integrated controller within the Dream Machine. It ultimately ended up being faster to re-establish our networks and associated configurations manually. The slots above the ports and drive bay incur less turbulence than the prior air-cooled gateway solutions. The deep dimensions of the Dream Machine Pro may present an issue if a short-depth rack is in use. We were forced to upgrade our rack previously during the implementation of the PoE port UniFi Switch. Errors related to hardware offload, which do not pertain to the Dream Machine line, are all that appear near the top of the interface. Setting static values for eighty percent of guaranteed or validated upload and download rates worked for about two or three days. Afterward, our experienced speeds crawled to twenty five percent of the established settings. As soon as we disabled Smart Queues, things went back to normal. The inability to define multiple sites on the integrated controller will add complexities to the administration of the solution set. There are also missed opportunities with some of the design decisions. The absence of PoE ports on both the Dream Machine and Dream Machine Pro ensures that smaller setups will still require injectors or an adjunct switch with PoE capability. The absence of feature parity between the Dream Machine controller and the Cloud Key eliminates some functions at best and results in management pain points at worst. Ideally, Ubiquiti would have done better had they introduced transitional models; the USG and USG Pro 4 with more potent processors and potential memory upgrades would have assisted in addressing throughput with security-related features enabled. These upgrades would have moved the needle to enable the adoption of faster connectivity without breaking the current model. Alas, ripping the band-aid off and diving into a not-yet-feature-complete replacement is going to do more harm than good. Your email address will not be published. This site uses Akismet to reduce spam. Learn how your comment data is processed. Skip to content. Ubiquiti Networks. February 15, March 4, Reztek Systems 0 Comments. Leave a Reply Cancel reply Your email address will not be published.
Can I monitor Ubiquiti UniFi network devices with PRTG?
Joinsubscribers and get a daily digest of news, geek trivia, and our feature articles. MAC address filtering allows you to define a list of devices and only allow those devices on your Wi-Fi network. Just using WPA2 encryption is enough. Each device you own comes with a unique media access control address MAC address that identifies it on a network. Your router probably allows you to configure a list of allowed MAC addresses in its web interface, allowing you to choose which devices can connect to your network. So far, this sounds pretty good. But MAC addresses can be easily spoofed in many operating systemsso any device could pretend to have one of those allowed, unique MAC addresses. MAC addresses are easy to get, too. This entire process could easily take less than 30 seconds. Basically, as long as you have a strong passphrase with WPA2 encryption, that encryption will be the hardest thing to crack. Think of it like adding a bicycle lock to a bank vault door. Any bank robbers that can get through that bank vault door will have no trouble cutting a bike lock. This will take some time if you have a lot of Wi-Fi-enabled devices, as most people do. This is on top of the usual setup process where you have to plug in the Wi-Fi passphrase into each device. MAC address filtering, properly used, is more of a network administration feature than a security feature. However, it will allow you to choose which devices are allowed online. For example, if you have kids, you could use MAC address filtering to disallow their laptop or smartphpone from accessing the Wi-FI network if you need to ground them and take away Internet access. For example, they might allow you to enable web filtering on specific MAC addresses. Or, you can prevent devices with specific MAC addresses from accessing the web during school hours. The Best Tech Newsletter Anywhere. Joinsubscribers and get a daily digest of news, comics, trivia, reviews, and more. Windows Mac iPhone Android. Smarthome Office Security Linux. The Best Tech Newsletter Anywhere Joinsubscribers and get a daily digest of news, geek trivia, and our feature articles. Skip to content. How-To Geek is where you turn when you want experts to explain technology. Since we launched inour articles have been read more than 1 billion times.
Block a single website using Unifi Security Gateway?
Find out how you can reduce cost, increase QoS and ease planning, as well. You are invited to get involved by asking and answering questions! The sensor will not produce any alerts by default, unless it is unable to authenticate or contact the UniFi controller. Once the sensor is deployed, you're advised to set up limits in the channel's settings. For example, define a lower error limit for the number of connected access points. This way you are notified as soon as the number of connected access points is lower than expected. Please refer to this set up guide for notifications using limits: Notification via Limits - Example. Now, select Add Sensor. On the Add Sensor to Device screen, enter the following: 4. You can omit -port and -site when working with the default. For non-default sites, use the site's "code" as pointed out here by wimkoopman. The sensor should display channels and values after one scanning interval. Once this happened, you can start adjusting the channel limits to your requirements optional. Click here to enlarge. We haven't experimented with Ubiquity's devices until now, from support experience we know that some device families Airmax, Airfiber implement SNMP V1rather limited through proprietary or trough Mikrotik's MIB, but at this time there's no definitive answer we can provide on the subject for the UniFi family of devices. I'll leave your inquiry open should someone else with more experience on these devices be able to contribute as well. Up Down Hi Great sensor!!!! It works fine on the default site, however on any other site it returns error Niet gemachtigd Not Authorized From the controller point of view I authenticated with the main account, which should have no restrictions Please let me know if you have any suggestions. Update: It also works on other sites, but instead of the site name you have to pick up the number of the site by checking the URL example:. In this case 3kh0qlq5 is the ID which you should use as a site name in this script. Add comment Created on Jan 16, AM by wimkoopman Up Down Hello wimkoopmanthank you very much for your feedback and input. Regarding your inquiry, yesthat should be possible with minor modifications. As a general rule, everything that's available in the web-interface properties, counters is also available in the API. This will print-out the whole content of the variable, which is a huge chunk of JSON-encoded data. Up Down This looks great! Im trying to get it work, but I dont know if im doing something crazy. I get an error when creating the sensor. Up Down Hello there Bosseplease beware that I haven't tested the script with version 5. However, I don't see why it shouldn't. Please try something else: Instead of deploying the sensor in PRTG, open up the bit powershell shell Windows Powershell x86navigate to the path of the script and run it from there, using the same parameters. Please also make sure that you're running a supported powershell version on the server and that you've followed the Guide for PowerShell based custom sensors. Up Down Hello Luciano. Thanks for your very helpfull tips. I did as you wrote.