UniFi OS Consoles Wi-Fi Switching Camera Security Phone System Door Access Accessories UISP
Support Resources
Store
Support Resources
UniFi OS Consoles Wi-Fi Switching Camera Security Phone System Door Access Accessories UISP Store

UniFi Gateway - Traffic Rules

Traffic Rules is a feature found in the Traffic Management section of your Network application that provides powerful security filtering to Block, Allow, or Speed Limit specific traffic.

Common use cases for Traffic Rules are:

  • Parental Controls: Block specific apps / websites at specific times.
  • Speed Limit: Set download and upload limits for specific clients.
  • Domain Filtering: Prevent clients from accessing specific domains.
  • Network Isolation: Prevent clients on different LAN networks from communicating with each other.

Requirements

  • A Next-Gen UniFi gateway or UniFi OS Console with an integrated Next-Gen gateway.

Available Options

Traffic Rules can be configured to:

  • Block, Allow or Speed Limit traffic.
  • Match an entire LAN network or a specific client device.
  • Match specific traffic categories such as an App or Domain.
  • Be always active or on a schedule.

Specific traffic can match on the following categories:

  • App
  • App Group
  • Domain Name
  • IP address + port
  • IP address range
  • Region
  • Internet
  • Local Network

Note: Domain matching requires the client devices to use the UniFi gateway as the DNS server.

Examples

If you want to Block your child's iPad from accessing specific websites past their bedtime, then create a Traffic Rule with the following options:

  • Action: Block
  • Category: App
    • Select an app such as YouTube or Twitch
  • Target: iPad
  • Schedule: Every week from Monday to Friday from 9:00PM to 8:00AM. 

If you want to Speed Limit a PC when it is performing updates, then create a Traffic Rule with the following options:

  • Action: Speed Limit
  • Category: App
    • Select an app such as Windows Update
  • Download Limit: 10Mbps
  • Upload Limit: 10Mbps
  • Target: PC
  • Schedule: Always

If you want to Block clients on other Virtual Networks from communicating with the Default network, then create a Traffic Rule with the following options:

  • Action: Block
  • Category: Local Network
  • Local Network: Default
  • Direction: Traffic from all local networks
  • Target: One or more virtual network(s)
  • Schedule: Always

Frequently Asked Questions

1. How do Traffic Rules differ from Firewall Rules?

Firewall Rules are generally used to match on specific ports and IP addresses.

Traffic Rules can match on categories such as an App or Domain and allow you to filter traffic in an intuitive and streamlined way.
2. I want to block traffic between my LAN networks. Should I use Firewall or Traffic Rules?

It is recommended to use Traffic Rules for this purpose. Traditionally, several different Firewall Rules would be used to block or allow traffic between multiple networks. With Traffic Rules, this same configuration can be achieved in just a few clicks. 

See the examples section for more information.
3. I want to block certain websites past my child's bedtime. Can I use Traffic Rules for this?

Yes. Traffic Rules allow you to configure schedules to block specific Apps.

See the examples section for more information.
4. A certain client is taking up all my bandwidth. Can I use Traffic Rules to limit this?

Yes. Either Speed Limit all Internet traffic from this client or match on specific App(s) that are taking up the most bandwidth.

See the examples section for more information.
Was this article helpful?
101 out of 361 found this helpful