What's new
By:

Unifi security issues

Most likely what is happening here is accidental misconfiguration of a gateway using external Network application software. UXG-Lite gateway doesn't have built-in controller. In theory when adopting a gateway with no controller the rules for it are created automatically. On gateways with controller built-in the firewall rules are pre-configured already to block everything incoming by default. The old method of configuring the firewall is still allowed, but since the zone matrix is not present it limits the visibility of the end result. Making a mistake becomes much easier.

All the firewall rules represented with "wall" icon are custom rules created by the user. The ones with "padlock" icon are the default ones and they can't be changed or deleted. The firewall in this video doesn't appear to be in default configuration state. The statement "what they have" (UniFi) is incorrect, it's more like "what I have" (the user). Why they have it this way with custom rules for whatever is already blocked by default - I don't know. Perhaps this gateway has to be deleted from the Network application and adopted again in order to restore the default state.
 
As @ColinTaylor says RTFM or in my case watch the video ;)

So, you can imagine my ears pricked up seeing this title, as I am in process of building out my unifi rack. Since UniFi 9.0.108 was around when they made the change to FW and introduced Zone-Based-Firewalls-in-UniFi (ZBF)

Maybe, this is just me.. but you better believe one of the first things I do whenever deploying something edge/public/forward facing is to give it a good going over with nmap Or as you have done track with third-party monitoring services or Shodan / Flare..

On a side note: I just got my service upgrade today, to 2G Symmetrical ! (yay!)
 
Not using the new firewall is perhaps result of old habits as well.
 
You must log in or register to reply here.

Similar threads

CntrlAltDel
Shoddy performance from UniFi nanoHD APs
Replies
7
Views
932
degrub
D
H
Does Unifi ever update their OpenVPN server software?
Replies
19
Views
2K
Piotrek
P
Spartan
Ubiquiti UDR7 UniFi Dream Router 7 (UDR7)?
Replies
1
Views
402
Tech9
Tech9
vinylgrrl
Using Ubiquiti Airmax Omni 5G (AMO-5G) antennas with currently available APs?
Replies
6
Views
1K
tgl
T
T
Entware opkg is missing snort binary, but has lots of new suricata binaries?
Replies
3
Views
526
treefu
T
Similar threads
Thread starter Title Forum Replies Date
P Ubiquiti security. General Network Security 5
sfx2000 News Brother Printer Security issues - Brother along with other ODM's (Minolta, Toshiba, Ricoh, and Fujifilm) General Network Security 0

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 39,578 (members: 15, guests: 39,563)
Back
Top