Help Center Help Articles Professional Support Professional Integrators Community RMA & Warranty Downloads Tech Specs

Migrating to Zone-Based Firewalls in UniFi

UniFi Network 9.0, introduces a zone-based approach to firewalling, designed to simplify policy management. By grouping interfaces like VLANs or WANs into zones, you can define rules more efficiently, improve traffic control, and enhance network segmentation with better policy visualization. 

This article answers frequently asked questions specific to users who had custom firewall rules defined prior to migration. Users with new setups, and users who have already performed the migration can click here to see how it works.

For users that have not yet migrated and are looking for information on our prior firewalling approach, click here.

Will there be downtime during migration?

No. The migration process takes just a few seconds, and traffic will continue to pass during the transition.

What happens during the migration?

Your existing rules will be mapped to the new zone-based framework, based on the table below. While this might result in multiple rules being generated, your firewall policies will be functionally identical.

Ruleset Source Zone Destination Zone
LAN_IN Internal Internal, Hotspot, External, VPN
LAN_OUT Internal, Hotspot, External, VPN Internal
LAN_LOCAL Internal, VPN Gateway
GUEST_IN Hotspot Internal, Hotspot, External, VPN
GUEST_OUT Internal, Hotspot, External, VPN Hotspot
GUEST_LOCAL Hotspot Gateway
WAN_IN External Internal, Hotspot, External, VPN
WAN_OUT Internal, Hotspot, External, VPN External
WAN_LOCAL External Gateway

Why do I have so many rules after migration?

We took a conservative approach in order to ensure identical functionality before and after the migration. As a result, the migration may generate a variety of rules that are redundant or otherwise have no impact. After testing to see which rules are functional or not, you are welcome to remove any redundant rules.

How do I migrate my rules?

To migrate to Zone-Based Firewalls, navigate to Security > Traffic & Firewall Rules and click Upgrade.

Was this article helpful?