full image - Repost: Firewalla as router and UCG also on network, please humor me. (from Reddit.com, Firewalla as router and UCG also on network, please humor me.)
Mining:
Exchanges:
Donations:
Why? I'm a geek, like to tinker, play with tech, and want both platforms. Is it necessary? No. Does it make things more complicated? Yes. I would love it if both Firewalla and UCG can report the same network flows and co-manage the network, but I know it's not possible. Still, I would appreciate it if you would just humor me with this idea and answer some questions. For now, I would like to keep Firewalla as the router, not make it a bridge. I have Unifi APs and switches and about to buy more. I currently have a self-hosted Unifi OS Server. I can see some basic traffic Tx/Rx data and connection, but nothing more. I understand that if I want the full Unifi experience, I need a gateway running as a gateway, but I wonder if I can get a little more data, such as flow, from Unifi by doing the following--1) On Firewalla, create a second network (idea from u/DisturbedMagg0t), let's say that is 192.168.2.x/24. The primary network is 192.168.1.x/24--where all the devices, switches, APs are.2) Connect the UCG's WAN port to the 192.168.2.x port on Firewalla. Connect one of UCG's LAN port to the 192.168.1.x main network. Disable DHCP on UCG.3) Connect the entire 192.168.1.x downstream network to another one of UCG's LAN port.WAN <--> Firewalla <--> .2.x port <--> UCG WAN port|-(WAN)----> Firewalla <--> .1.x port <--> UCG LAN port <--> Another UCG LAN port <--> the entire .1.x network, switches, APs, devices, etc.In this case, the UCG will see all of the .1.x WAN-bound traffic as local traffic, essentially making the UCG a bridge.Questions:1) Will the UCG report the flow that it sees through its two LAN ports? 2) Other than flow, if it even works, what else can I enable and utilize with the UCG in the mix? Do I get anything else when compared to having the Unifi OS server alone? I want to be able to deploy OON, and L3/ACL switches are required. Firewall rules won't work because traffic won't flow through UCG.I do not want to double NAT because the first router will see all traffic from a single IP, which drastically reduces the utility for flow reporting.Anyway, please give me your thoughts. Thanks!
Social Media Icons