Device Isolation and Network Isolation are UniFi Switch features that automatically add Access Lists (ACLs) to block traffic between devices on the same or different virtual networks (VLANs).
Device Isolation and Network Isolation are supported on all UniFi Switch models with a few exceptions. ACLs are not supported on UniFi Gateways and Access Points, even those with integrated switches. The following devices do not support ACLs:
- All UniFi Gateways
- All UniFi Access Points (including In-Wall models)
There are different options available to suit different needs:
- L3 Network Isolation (ACL) - Automatically blocks all IPv4 traffic between devices in different networks.
- Device Isolation (ACL) - Automatically blocks all traffic between devices in the same network.
L3 Network Isolation (ACL)
Enable Network Isolation to block all IPv4 traffic between devices in different virtual networks (VLANs). Network Isolation automatically creates IPv4 Access Lists to block traffic in both directions between the subnets associated with each network.
Network Isolation can be configured to:
- Combine a single Source network and multiple other Isolate From networks.
- The Source network is isolated from the Isolate From networks in both directions.
- Create multiple combinations to isolate different networks from each other.
Network Isolation cannot be configured on networks when:
- UniFi Network Server is present on either of the networks.
- UniFi Cloud Key is present on either of the networks.
Note: Network Isolation does not apply to IPv6 traffic.
Device Isolation (ACL)
Enable Device Isolation to block all traffic between devices in the same virtual networks (VLANs). Device Isolation automatically creates MAC Access Lists to block traffic between the devices inside each network with the exception of traffic to the UniFi Gateway and UniFi Cloud Key.
Device Isolation cannot be configured on networks when:
- UniFi Network Server is present.
- Third Party Gateway is used.
Note: Multiple networks selected under Device Isolation are not isolated from each other. Configure Network Isolation to block traffic between different networks.
Frequently Asked Questions
1. How does Device Isolation differ from Network Isolation?
2. How do Device and Network Isolation (ACLs) differ from Firewall Rules?
3. I want to block IPv4 traffic between my Virtual Networks. Should I use Firewall Rules or ACLs?
If Layer 3 Routing is not used and the UniFi Gateway is routing the traffic between VLANs, either Network Isolation or Firewall Rules can be used to limit the traffic.
4. I want to block traffic between devices on the same Virtual Network. Should I use Firewall Rules or ACLs?