docs: record unifi firewall enforcement and closeout
This commit is contained in:
@@ -5,14 +5,14 @@
|
||||
Goal: enforce clean segmentation between Management, Trusted, Servers, IoT, Guest, Cameras, and Legacy CIA quarantine without using broad lazy exceptions.
|
||||
|
||||
Assumptions:
|
||||
- Final networks:
|
||||
- VLAN 10 Management -> `10.5.10.0/24`
|
||||
- VLAN 20 Trusted -> `10.5.20.0/24`
|
||||
- VLAN 30 Servers -> `10.5.30.0/24`
|
||||
- VLAN 40 IoT -> `10.5.40.0/24`
|
||||
- VLAN 50 Guest -> `10.5.50.0/24`
|
||||
- VLAN 60 Cameras -> `10.5.60.0/24`
|
||||
- Legacy CIA quarantine -> existing legacy subnet/VLAN retained temporarily
|
||||
- Current live networks:
|
||||
- Management -> `10.5.0.0/24`
|
||||
- Trusted -> `10.5.1.0/24`
|
||||
- IoT -> `10.5.10.0/24`
|
||||
- Cameras -> `10.5.20.0/24`
|
||||
- Servers -> `10.5.30.0/24`
|
||||
- Guest -> `10.5.90.0/24`
|
||||
- Legacy CIA quarantine -> `192.168.1.0/24` retained temporarily
|
||||
- Use address/object groups where UniFi allows them.
|
||||
- Apply stateful best practice first: established/related before policy rules.
|
||||
- Specific allows always go above broad denies.
|
||||
|
||||
Reference in New Issue
Block a user