UniFi Gateway - Traffic Rules

2023-06-09 21:27:40 UTC

Use Traffic Rules as a next-generation Firewall that is capable of advanced security filtering to Block, Allow, or Speed Limit specific traffic.

Common use cases for Traffic Rules are:

  • Parental Controls: Block specific apps / websites at specific times.
  • Speed Limit: Set download and upload limits for specific clients.
  • Domain Filtering: Prevent clients from accessing specific domains.
  • Network Isolation: Prevent clients on different LAN networks from communicating with each other.

Requirements

A Next-Gen UniFi gateway or UniFi Gateway Console.

Available Options

Traffic Rules can be configured to:

  • Block, Allow or Speed Limit traffic.
  • Match an entire LAN network or a specific client device.
  • Match specific traffic categories such as an App or Domain.
  • Be always active or on a schedule.

Specific traffic can match on the following categories:

  • App
  • App Group
  • Domain Name
  • IP address + port
  • IP address range
  • Region
  • Internet
  • Local Network

Note: Domain matching requires the client devices to use the UniFi gateway as the DNS server.

Examples

Network Isolation
Enhance security by preventing communication between your default corporate network and a guest network.
  • Action: Block
  • Category: Local Network
  • Local Network: Default
  • Direction: Traffic from all local networks
  • Target: One or more virtual network(s)
  • Schedule: Always
Bandwidth Limit Devices
Prevent guest clients or large application updates from using too much network bandwidth.
  • Action: Speed Limit
  • Category: App
    • Select an app such as Windows Update
  • Download Limit: 10Mbps
  • Upload Limit: 10Mbps
  • Target: PC
  • Schedule: Always
Scheduled Blocking & Parental Controls
Block certain websites or applications after bedtime.
  • Action: Block
  • Category: App
    • Select an app such as YouTube or Twitch
  • Target: iPad
  • Schedule: Every week from Monday to Friday from 9:00PM to 8:00AM.

Frequently Asked Questions

1. How do Traffic Rules differ from Firewall Rules?

Firewall Rules are generally used to match on specific ports and IP addresses.
Traffic Rules can match on categories such as an App or Domain and allow you to filter traffic in an intuitive and streamlined way.

2. I want to block traffic between my LAN networks. Should I use Firewall or Traffic Rules?

It is recommended to use Traffic Rules for this purpose. Traditionally, several different Firewall Rules would be used to block or allow traffic between multiple networks. With Traffic Rules, this same configuration can be achieved in just a few clicks.
See the examples section for more information.

3. I want to block certain websites past my child's bedtime. Can I use Traffic Rules for this?

Yes. Traffic Rules allow you to configure schedules to block specific Apps.
See the examples section for more information.

4. A certain client is taking up all my bandwidth. Can I use Traffic Rules to limit this?

Yes. Either Speed Limit all Internet traffic from this client or match on specific App(s) that are taking up the most bandwidth.
See the examples section for more information.
Was this article helpful?
125 out of 413 found this helpful