I have a USG a Unifi switch mini and an Ap M.
I have two networks the Main Lan and Guest Network with as vlan 10 both with Wifi.
I have configured Guest portal on my Guest wifi. Now my problem is i cant access my emby server running on my Main Lan. I need a way for devices on guest Wifi to access my emby Server on my Lan Network.
Lan Network 192.168.1.0/24
Guest Network (Vlan 10) 192.168.10.0/24
Emby server ip address 192.168.1.10
Your Help would be highly Appreciated.
The way UniFi configures guest networks is by blocking all the local connections. The work around is no using the “Guest” setting in UniFi and creating a custom guest network with a series of network rules that block local access except to the Emby device.
Unifi in the old settings, you could apply guest policies to a “guest” network then add a lan-in rule to allow to a specific port or a address group. Not so much any more. Below are screen shots of my lab with rules that prevent inter vlan traffic, prevent access to other net works gate ways, and prevent access to the native network gateway, while allowing certain networks access to the printer. Happy to explain specific group rules.
Cheers,
So i can not archive what i want with Guest policies enabled?
Because i needed guest portal to work on my guest network.
Also i have an isp provided router. Can shifting the Nas Server from my main Lan Network to the isp provided router help me access it on all my networks?
Let me ask you a question. Why do you need the guest portal? Are you using vouchers, have a landing page, using google/Facebook login, or pay to access?
The whole point behind a guest portal is so those guest clients, cannot see, ping, ssh, each other, the gateway, or any other networks. They only see out to the wan, or a server.
You can still in classic GUI create a guest network and then create a guest wifi with guest polices. Set as a wpa personal with password access. The. You can create a allow rule in the guest out to access another network item. If that network item needs to reach the guest client then you will need to create a guest in rule.
Yes i do use the default unifi captive portal with voucher based authentication. I occasionally had guests ask for my password and later shared it with neighbours. So i figured a onetime voucher works best.
I tried creating a guest in rule in firewall to allow traffic with source as guest network and destination as server ip address. And also added my server ip adress to pre authorisation access in guest control.
Both these solutions seemed to allow me access my server on the guest network however i discovered access is granted before the guest portal. Once a user gets an ip address even without captive portal authentication they can already access my server.
Yes that is correct with the guest portal, and part of the problem with it, from a security standpoint, if you only want certain guests to have access to your server. But from the sounds of it, looks like you have a solved problem!
Cheers
I really don’t have a problem solved.
Anyone that would have access to my network would access the server.
I need only authenticated guests to access my server. Not Anyone in the wifi range.
Sorry miss understood, but yes as soon as the guest get an IP they will be able to access, voucher authorized or not.
I will see if I can duplicate on my lab… what controller version are you running, and what hardware USG or UDM platforms.
This is my hardware
Using USG with Unifi Switch mini
Controller is 6.1.71.0
Access point is UAC AP M
