Ubiquiti, Unifi and The Dream Machine Pro

Stories about the Ubiquiti UDM Pro and setting it up behind pfSense

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.

🔒 Related Stories: Unifi | Dream Machine Pro | Ubiquiti | Network Security

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Update 4/12/2024: These stories are based on a device I received shipped from Ubiquiti that likely came with out of date firmware. I just confirmed this with someone at the company. I’m getting a new device and will revise these stories once I get that device and configure it.

Do you know what traffic exists at the edge of your network? What inspects what the devices that inspect your network send? Periodically taking a look at that traffic might be a good idea.

Why a pfSense in front of a UDM Pro?

Thoughts on one network design. If you are trying to avoid double NAT bypassing the firewall may not be the ideal solution.

Administering network devices — where are your passwords when you need them?

Avoiding supply chain issues and devices tampered with in transit.

Assessing who might actually be building and testing your network devices.

Stories on setting up the pfSense found here:

First impressions of UDM Pro. The UI was confusing. When I last logged in it got better but I still couldn’t do something because part of the new UI didn’t work. So I had to resort to the old UI. It seems like it’s getting better though.

You’ll need to change some routing in pfSense to get a UDM Pro to work behind it.

How I resolved the no Internet problem — finally.

Looking at the domain names an out of the box UDM Pro connects to.

Using domain names in firewall rules did not allow me to complete the setup process. More reverse-engineering to try to figure out what IP ranges the process required.

No Power over Ethernet (I see they do have a model that has this now — “special edition” — argh — and this post explains why you might need it.)

Finally got wifi working — and it took a lot longer than these blog posts make it seem. Hopefully, I’ve saved others some time and helped you better secure your network.

This is a pfSense setting but you might have devices that don’t allow you to define DNS settings or don’t abide by them (Google Chrome) so you can configure your pfSense in front of the UDM to send all DNS requests to your preferred servers. This is also good for NTP and ICMP.

Need to look into IDS and IPS options on Ubiquity Dream Machine Pro comparable to this:

Testing WPA3 on the UDM Pro

I think this issue was caused by the fact I received a device with way outdated firmware somehow…going to test with a newer model:

I still have more to configure on the UDM — segmenting out different networks for different access points, for example, and checking out the various security options and traffic monitoring. More to follow.

Also more posts on network security in general:

Seems like a bug — incessant traffic to blocked ports and protocols:

Follow for updates.

Teri Radichel | © 2nd Sight Lab 2023

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab

Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation

Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab