When it comes to building routers and firewalls many people think that it's always complicated, often involving 3rd party configs, different types of devices, etc.. In the meantime - it's not that complicated at all. ;-) It all comes down to the decision on which vendor you are going with.. I choose Ubiquity. for 3x simple reasons:
1) Most intuitive graphical user interface I've ever seen..
2) quite few tools built in into one, centralised system
3) number of options available..
So let's say you need to organize Internet connection @t your house and you need to make sure that it will work, and it's tested, it's connecting in acceptable manner.. 'Acceptable manner == ping REPLY delay' :D
Anywho.. Let's assume you have ISP (Internet Service Provider) and "some devices" discoverable as local LAN network devices.. ;-)
Quick deployment of UDM-SE
You connect UDM-SE to:
- power
- network
In this particular case - our ISP will be SpaceX Starlink - broadcasting their packets thru whichever satellite they're casting the signal from at the moment. And from where they send the packets from.. ;-)
OK. So let's say that they have Dream Machine connected directly to WAN (yes - still Dream Machine)
We can start the setup via mobile app (both: Android and iOS work as far as I know) - or connect to the router directly.
Now. We need to figure out in which VLAN we will reside.. So let's quickly figure out in which sub net we will deploy new network.
All the basics can be configured here:
Here you set your sub net range, sub net mask, and possibly a gateway.. Who knew that the gateway is not in the same sub net as the rest of my network ... ? Right? :D
I highly recommend to change the default 192.168.0.0/8 sub net to anything else.
1- Hackers are looking for this by default..
2- I always wanted to have my own class /22 octet in a public space anyway..
3- my proposal: 172.2.1.100 for the router
;-) but it's really up to you how you modify this to any known sub net ranges..
Once you complete the router setup and configuration - You are free to enable Threat Management and Security Console (which: will signifantcly increase the CPU load and RAM usage in general..).
Please keep in mind that the above configuration will put the load on the system.. ;-)
Now that you have your router up and running it might be a good moment to take a quick look at your Ubiquity Firewall and the default rules, set during initial deployment:
I guess it's OK to leave the defaults as they are for now :-) One thing worth mentioning here is probably built-in Honeypot:
This setting can be used to start creating set of rules for your IDS/IPS system - also built-in into Dream Machine. This system can analyze your traffic in following categories:
If you are not hosting anything from your home network - you can safely ignore all of the above. If you are - it's probably best to take a closer look at some of the above settings. :-)