https://lawrence.video/

---
Thanks to NinjaOne for sponsoring this video
https://lawrence.video/NinjaOne-Dec-2025
---

By default, UniFi networks are more permissive than many people realize.
New VLANs can talk to each other, internal networks often have broad access to the gateway, and “internal” traffic is frequently trusted unless you explicitly lock it down. In this video I go over how to change the default setting to get your network to a more secure posture. 

UniFI VPN Rules
https://youtu.be/xzR2c3OO41s?si=7z7VH-btX213SKjx

UniFi Zone Firewalls
https://youtu.be/pBeIT7aSuMw?si=gb_XD23LPG5DG7K-

Connect With Us
---------------------------------------------------  
+ Hire Us for a project: https://lawrencesystems.com/hire-us/
+ Toms' Twitter 🐦 https://twitter.com/TomLawrenceTech
+ Our Website https://www.lawrencesystems.com/
+ Our Forums https://forums.lawrencesystems.com/
+ Instagram https://www.instagram.com/lawrencesystems/
+ Facebook https://www.facebook.com/Lawrencesystems/
+ GitHub https://github.com/lawrencesystems/
+ Discord https://discord.gg/ZwTz3Mh

Lawrence Systems Shirts and Swag
---------------------------------------------------
►👕 https://lawrence.video/swag/


AFFILIATES & REFERRAL LINKS
---------------------------------------------------
Amazon Affiliate Store
🛒 https://www.amazon.com/shop/lawrencesystemspcpickup

UniFi Affiliate Link
🛒 https://lawrence.video/unifi-affiliate

All Of Our Affiliates help us out and can get you discounts!
🛒 https://lawrencesystems.com/partners-we-love/

Gear we use on Kit 
🛒 https://kit.co/lawrencesystems

Use OfferCode LTSERVICES to get 10% off your order at
🛒 https://www.techsupplydirect.com?aff=2

Digital Ocean Offer Code
🛒 https://m.do.co/c/85de8d181725

HostiFi UniFi Cloud Hosting Service
🛒 https://hostifi.net/?via=lawrencesystems

Protect your privacy with a VPN from Private Internet Access
🛒 https://www.privateinternetaccess.com/pages/buy-vpn/LRNSYS

Patreon
💰 https://www.patreon.com/lawrencesystems

Chapters
00:00 UniFI Firewall Rules
01:11 Default Security Posture
02:00 UniFi Port Security 
05:02 Setting Alarm for Switches
05:30 Default Firewall Zones and Rules
12:20 UniFi Gateway Rules
15:00 Creating a Custom Zone
16:00 Locking Down Gateway Rules
19:40 Custom Allow Rules
20:52 External Access and VPN Settings
23:00 Adding More Rules if needed

Lawrence Systems

UniFi networking equipment ships with permissive default security settings that allow inter-VLAN communication, unrestricted gateway management access, and open switch ports. This guide demonstrates how to implement a locked-down security posture by configuring port security (disabling unused ports, restricting VLANs, MAC address filtering), creating zone-based firewall rules that block traffic by default, limiting gateway management interface access to only DNS/DHCP ports, isolating networks properly, and handling VPN client routing. The tutorial covers practical implementation using custom zones, inverted block rules, and granular allow policies to achieve defense-in-depth security.

UniFi Firewall Defaults Too Are Open: Here’s How to Lock Them Down