VLAN and firewall setup for network segmentaton on Unifi Dream Machine (UDM)

Recently installed Unifi Dream Machine
to clean up my network cupboard

Previously I have written about my home network setup with Unifi and Untangle. I recently swapped out this setup and replaced it with a single device, the Unifi Dream Machine (UDM). The UDM combines the functions of the Unifi Security Gateway (USG), cloud key/controller, managed four port switch and Wireless Access Point (WAP). The reason I changed was that I did not need a complicated setup or have room for extra network gear at my home any more. The existing Unifi USG, switches and WAPs have been relocated to my new office which has a lot more space. This type of prosumer equipment gives more ability to customise your network settings than typical commercial home routers.

The UDM was reasonably straight forward to setup out of the box and my network cupboard is much tidier now that this replaces five separate devices. I always use separate wireless networks for my main home network, Internet of Things (IoT) devices (such as Smart TVs, speakers and lights) and for gaming consoles. The UDM also supports a guest network which I have enabled for visitors but this is seldom used. The UDM features provides some additional controls and monitoring to enable a more secure home or small business network.

It has taken me awhile longer to take the extra steps necessary for segmenting these networks with Virtual Local Area Networks (VLANs), which was one of the main reasons for acquiring the UDM. Rob Pickering has written a useful guide for Ubiquiti – Configure micro-segmentation for IoT devices which I recommend reading. This is a bit dated now with the main configuration difference being the additional tabs in the firewall settings. You will want to use the LAN In and LAN Local tabs to set up firewall rules to prevent devices on your IoT network from having access to your other networks. This setup does work with the Phillips Hue bridge provided that you enable MDNS in settings/services within your Unifi controller interface.

There are several good YouTube videos that provide more guidance about how to setup VLANs for network segmentation on Unifi and other devices. I have linked some below that I found most useful and encourage you to check out and subscribe to these channels and also look for other videos specific to your needs. Securing your network is a key aspect of improving your cybersecurity and segmenting with VLANs will help mitigate risks from compromised IoT devices. You don’t need to do everything all at once so take the time to find out more about how to secure your home or small business network and start taking some some steps to do this.

Securing smart home devices using VLAN and firewall rules on Ubiquiti by reallyMello is a simple guide to setting up network segmentation for IoT devices using Unifi. This is quite similar to Rob’s article above if you want some help to follow this.

Configuring Unifi Firewall Rules by Mactelecom provides updated instructions for the new firewall interface and instructions for where to place your rules in the LAN in and LAN Local tab.

There are some quite detailed and more sophisticated setup instructions in Setup IoT VLANs and Firewall Rules with UniFi.  ULTIMATE (Smart) Home Network Part Three by The Hook Up.

Published by Adrian Bugg

I am an experienced leader of innovation through data and analytics for digital transformation, small business owner, and father of four children. I want to share my expertise and experience to help others in their workplace, at home and in their daily lives.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s