Unifi IOT Firewall Rules

To separate your IoT devices, it is advisable to create a firewall rule to block new and invalid traffic from the IoT VLAN to your default VLAN. This allows you to talk to your devices while permitting only established and related or returning traffic.

Cover image  Unifi IOT Firewall Rules

Setting Up a VLAN for IoT Devices

From your UniFi dashboard, navigate to Settings > Networks and click on the New Virtual Network link. Use the following settings for your IoT VLAN:

IoT VLAN Settings

Creating an IOT network
  • Auto-Scale Network: Unchecked.
  • Host Address: Set your preferred one (e.g., match the third octet to VLAN IDs for consistency).
  • Advanced: Manual.
  • Guest Network: Unchecked.
  • Isolate Network: Unchecked.
  • Allow Internet Access: Checked ✅.
  • Content Filtering: None.
  • IGMP Snooping: Unchecked.
  • mDNS: Checked ✅.
  • DHCP Server: Use predefined settings.
DHCP Settings of the IOT network

These settings will place IoT devices into their own LAN. For enhanced security, you can restrict traffic from IoT devices to the rest of your home LAN.

Traffic & Firewall Rule Setup

From the UniFi dashboard, go to Settings > Security > Traffic & Firewall Rules, and click on the Create Entry link.

Firewall Rules

Rule Details

  • Rule Type:
    • Type: LAN In.
    • Name: IoT to LAN Established or Related.
    • Action: Accept.
    • Protocol: All.
    • Before Predefined Rules: Yes.
  • Source:
    • Source Type: Network.
    • Network: IoT.
    • Network Type: IPv4 Subnet.
    • MAC Address: Not specified.
  • Destination:
    • Destination Type: Network.
    • Network: Home.
    • Network Type: IPv4 Subnet.
  • Advanced Options:
    • Match State: Established, Related.
    • Match IPsec: Do not match.
    • Logging: Enabled.

The Match State option is crucial for this rule. Ensure “Established” and “Related” are selected to restrict traffic to valid sessions.

Essential Part to be set

For a more detailed explanation of Match State, refer to Firewall Rule Match State Explained.

By following these steps, your IoT devices will have limited access to your home network, enhancing security while maintaining functionality.