New Member
Posts: 7
Registered: ‎08-10-2018

Beginner's Guide to Home Network security with Unifi

[ Edited ]

Hi All,

 

a couple of weeks ago I decided to "upgrade" my home network with Unifi products. To this end I bought a USG, a UC-CK, and a Switch (8-60W). I am also using my ISPs router, which cannot be put into Bridge mode. To make it work anyways, I put it on a different subnet(192.168.5.1, the Unifi Gateway is on 192.168.1.1 --- by default, the router was on 192.168.2.1, but this way the USG had no internet access.)

 

I read through the Guidelines on Unifi, in particular

Intro to Networking

Using Vlans

How to disable InterVlan routing

 

So far I am not very well-versed when it comes to network technology. I was hoping to get hints on must-read links.

I do understand how the Encryption protocols work (except radius, but I'm not planning on using it anytime soon), but am unclear on how packages are sent.

So, here are a couple of questions I had, and would appreciate an answer to:

 

1) What are the consequences of my ISP router not being in pass-through, but on a different subnet. What kind of communication is allowed between devices on a different subnet (i.e., is my ISP router a security risk for other devices on a different subnet?)

2) What are the differences between VLAN and a Guest-network? To me, VLAN is basically a way to make sure that only certain devices (e.g. the ones connected to the VLAN) can communicate to each other. Which is kind of the same as the Guest Network, which works exclusively through firewall rules (is that correct? So far, I have a Guest Network on a different VLAN than the "default" network)

3) Is there a link to how WAN OUT (/ WAN IN) under firewall routes is defined? I.e. are WAN OUT rules applied to traffic leaving the  "Source" and going to the "Destination" (i.e. are IN and  OUT defined from the source viewpoint, or from the destination one?)

4) I like playing around with things, but am not yet very knowledgeable when it comes to network protocols. I have a raspberry pi that I'd like to use to run "pi-hole". For this, I need to reconfigure my raspberry pi as a DNS server. Can anyone explain to me what the consequences of this would be? 

 

Sorry for the stupid questions, I'm trying to play around and experiment without jeopardizing security.

 

Thanks in Advance!!

 

 

 

Member
Posts: 142
Registered: ‎10-28-2015
Kudos: 38
Solutions: 3

Re: Beginner's Guide to Home Network security with Unifi

Hi and welcome to the wonderful world of Unifi. 

I have read your post and am confused how you planned to "upgrade your wifi" with a USG and a Switch? Did you not get any WiFi Access points? 
Who is your ISP? Can you ask them if they will allow you to use the USG to replace their router? 
If not, then send the USG back and get a pair of Access Points, the LIte will do for now, they will max out at 867Mbps on 5Ghz but that will suffice in the real world. 
Then run Cat5E/Cat6 or Cat 7 from the switch (Iti s a POE Switch?) to the Access Points , this will certainly upgrade your Wifi. 

USG-P4 (4GB)
4x APs (Various)
5x Switches (Various)
1xCloudkey
New Member
Posts: 7
Registered: ‎08-10-2018

Re: Beginner's Guide to Home Network security with Unifi

[ Edited ]

Oh, sorry, not a native speaker here. Yeah, of course I meant "upgrade my network" - ups.

  I fixed it in the original post.