Help me build my new home/business network

[NAS Newbie]

re PoE and AC Lite AP:

this AP is compatible with: 802.3af/A PoE 24V Passive PoE (Pairs 4, 5+; 7, 8 Return)
your switch is pre-configured to “auto sense” PoE+ devices
you need configure all PoE port separately for each PoE devices

But why would Port2 autoconnect to the AP while Port1 won't? I didn't change anything in Port2 to make it connect.

 

[NAS Newbie]

it's really heavy topic
1. Unifi controller has written User manual also for unskilled users. Then my recommendation is open it and follow all steps for proper setup + write there your comments (for a better understanding in future). It will be also a training, how to use the controller.

2. Network:
- "Corporate network" for your main LAN (computer, NAS), use also VLAN setting for it
- "Guest" for Guest WiFi portal, you can define there VLAN field, for next "shielding" of such network, e.g. just for connection of your guest to internet, but not for your Corporate Network.

3. Firewall is your best fiend. You have to define WAN IN/OU/Local, LAN IN/OUT/Local, Guest IN/OUT/Local rules

4. Port forwarding also

5. Geo IP filtering or THREAT MANAGEMENT:
a) when you enable Geo Filtering feature, you have to also enable Hardware offload, then you can't use THREAT MANAGEMENT. In Geo IP Filtering you can define lot of possible features. For me it's better to use Threat Management (IDS) when you have WAN download line >250Mb (I have 1Gbps). But try it and test the performance of the filtering.
b) Hardware offload you can setup by the mentioned Unifi controller guide.
c) THREAT MANAGEMENT (better IPS) and its CATEGORIES - you can play with all the categories, even till a time when you chose "Game categories ON" and your children will ask you - why I can't connect to Minecraft?
this is really up to your testing. I will send you a screenshot by PM.

View attachment 1934

6. Definitely you have to enable DPI - Deep packet inspection
Then you will see what happens in your network - STATISTIC section.
You can setup all possible data category visualization (e.g. what IP or named client eat what bandwidth by what category e.g. YouTube streaming, or by Netflix, ...). or you can see all details by client (split of packet inspections).
View attachment 1933

7. for direct Unifi VPNs - Services/Radius

.... we can spend time till next morning

sorry, I should have been more clear. I can definitely dig into specifics more, but I was wondering if there are any immediate steps that I should take that might not be covered by Ubiquiti guidance. For example, everyone here recommends disabling the Admin account on our NAS, but I haven't seen that as a general rule from synology. You covered more than what I was expecting. I assume that some of the data logging stuff requires the controller to be running at all times and so is not accessible when I'm only running it part-time off my pc currently?

 

[NAS Newbie]

you can see the NAS IP from your Unifi controller

when you have Win based PC, download:


then open the tool and search all your devices in LAN
Note:
you have to define subnet for the search

I was able to find the NAS IP using both the Unifi controller and the IP scanner. When I right-clicked on the NAS in the IP scanner, I was able to explore the unit in File explorer and see my stored data. However, when I try entering the IP address directly into a web browser, it times out on me and I cannot access it. It still is not showing up on Synology Assistant.

edit to add: the myname.synology.me address also does not work.

 

[jeyare]

Ubiquiti controller is far away from troubles like default admin account and default ports change as we know from Syno or use SSH in Syno router for deactivate default admin account.

These controller accounts have been created by you during first installation of the controller. No need worry.
You can be 100% sure that I will tell you about similar "traps" in initial configuration.

As I understand from your last wording, you have installed/operated the controller in/from your PC.

Back to beginning of our discussion weeks ago:
- running of the Unifi controller in PC is ok for the first touch. Done
- you can now migrate the operation into docker container in your NAS:

Ubiquiti - Migrating existing Ubiquiti UniFi Controller to Docker in Synology NAS

Some googled guides doesn't work. Then you can save a time with this one. Simple and perfect! Thanks to JackobAlberty we have stable and helpful management of Ubiquiti Unifi environment in Docker. Prerequisite: 1. Upgrade your existing Unifi...

www.synoforum.com

- then you will get right operation of your controller. Some reason - Guest hotspot portal needs active connection into controller. Or any remote changes from your phone (blocking communication, ...).
- Just use backup of the configs to safe place in the NAS. Then you will be happy, that no need factory reset, when something will be damaged during your setup. It will takes just minute or two for new container creating with last known configuration (restore of the backup).

 

[NAS Newbie]

Ubiquiti controller is far away from troubles like default admin account and default ports change as we know from Syno or use SSH in Syno router for deactivate default admin account.

These controller accounts have been created by you during first installation of the controller. No need worry.
You can be 100% sure that I will tell you about similar "traps" in initial configuration.

As I understand from your last wording, you have installed/operated the controller in/from your PC.

Back to beginning of our discussion weeks ago:
- running of the Unifi controller in PC is ok for the first touch. Done
- you can now migrate the operation into docker container in your NAS:

- then you will get right operation of your controller. Some reason - Guest hotspot portal needs active connection into controller. Or any remote changes from your phone (blocking communication, ...).
- Just use backup of the configs to safe place in the NAS. Then you will be happy, that no need factory reset, when something will be damaged during your setup. It will takes just minute or two for new container creating with last known configuration (restore of the backup).

Sounds good, thanks again. Docker is on the list of things to figure out, but for now getting internet up and running in general was more important. Controller is just running on PC right now, but it is a laptop so it isn't always connected and/or powered on.

 

[NAS Newbie]

Any idea why Synology assistant cannot find my NAS but the IP scanner can? I can right-click on my NAS in the IP scanner and explore it using windows explorer, and the unifi controller shows that the NAS is uploading and downloading data both on LAN ad WAN. I just cannot access via synology.me, IP address, or through synology assistant. If needed, I can bring it back to my old house and hook it back up to that network. I wondering if perhaps there's a firewall setting that I need to adjust? I just can't wrap my head around how I can sort of access it but not really.

 

[jeyare]

Port forwarding:
Unifi controller

UniFi - USG/UDM: Port Forwarding Configuration and Troubleshooting

Overview Readers will learn how to forward UDP and TCP ports to an internal LAN device using the Port Forwarding feature on the UDM and USG models. NOTES & REQUIREMENTS: Applicable to t...

help.ui.com

1. simple setup:
you need just setup http (80) & https (443) port forwarding rules (from WAN side) to your NAS IP by ports defined in DSM (http, https)
then your NAS will be available at https://your.synology.me: port

2. better setup:
keep the simple setup + define Reverse proxy in DSM

Tutorial - Synology Reverse Proxy

This tutorial will cover a few short steps that you need to know and setup in order to make your apps and services accessible via the internet (or LAN) using a specific domain name and custom (or default) port. It will also help you to avoid...

www.synoforum.com

then your NAS will be available at https://your.synology.me .... no need use port
this setup is better for all next setup like Unifi controller in NAS container, ...

 

[jeyare]

you don’t need synology assistant anymore
last time used by me 10y ago (may be)

 

[jeyare]

ofc you need create LE certificate or use your own Wildcard certificate
you can find such threads in our forum

 

[jeyare]

I have to say, that Ubiquiti makes next step to perfection: they have GUI and also CLI setup examples in their knowledge base guides. This is something what is missing in Syno support.

 

[jeyare]

Jus to be 100% sure - is your ISP Router switched to bridge mode?

 

[NAS Newbie]

Sorry, I was gone on a short vacation. Router is in bridge mode. Called syno support and they got me going. I needed to do a network reset on the NAS so that the admin account would be enabled again. For whatever reason he said that the admin account had to be enabled when accessing from a new network in order to get the DNS to recognize it. I was able to get signed in after that and have now re-disabled the default admin account.

I use syno assistant to re-map my network drives. It seems that about 50% of the time when I disconnect my laptop from the hardwired network and either switch to wifi or just go completely off my network, I lose my folders that I have mapped to the NAS, even after I re-connect to the hardline. I posted a question about it last year and the suggestions there helped but didn't eliminate the problem. Now I have to go through all the ubiquiti and syno info that you've posted here and get everything set up, but at least I can access it now. thanks.

 

[jeyare]

good luck

you need migrate the Unifi controller to NAS (Docker), then your trouble will be disappeared immediately

Q:
WiFi uses same subnet as the wired LAN?
Pls. write: What is your IP address, when you are connected by wire and what by WiFi?

 

[NAS Newbie]

The last two digits on my laptop's in the IP address change depending on if I'm on wire or wifi. .17 for wire, .13 for wifi.