Hello, I have troubles to get started. I had USG, Unifi 8-port switch and CloudKey G2+. Now I’m trying to build my new home network with Netgate 4200, USW-Enterprise-24-PoE and CloudKey G2+. I did factory reset to CloudKey in order to start from the scratch.
I think I already got the pfSense side built, basic settings, LAN and four VLANs and basic rules for VLANs, allow all Protocols out. The problem is that I can’t get to CloudKey at all. Its display shows the default fallback ip address (192.168.1.30). How should I start the configuration on the Unifi side so that I can have the Unifi Network formed and then adopt that switch? My iMac doesn’t even get an IP address because the Unifi network is missing, right? This is probably a simple thing but I just can’t seem to move forward with this. The attached picture shows how the devices are connected to each other. Most likely, this will raise questions and I will be happy to answer them all.
The UCK-G2-Plus should detect the switch so you can adopt it.
Is the netgate 4200 is it giving out dhcp to the networks on the network ?
Is the switch getting an ip address ?. you can see the ip address on the little screen
Is the UCK-G2 on the same network ? If not you need to change the IP address of the device - https://dl.ubnt.com/guides/UniFi/UCK-G2_QSG.pdf
Ideally you should give it a static IP address out of the dhcp scope https://community.ui.com/questions/Static-IP-on-Cloud-Key-Gen2-Plus/2db3a127-3628-4e93-afd0-31cb4e89209a
Thank you!
Ok, but I can’t connect to the UCK-G2-Plus so is there any other way to check it?
It should give out DHCP. Is there some way to confirm it?
Switch have address 192.168.1.20 on the little screen. But my LAN address in the Netgate is 192.168.55.1 so I don’t understand where from that address on the switch is coming from?
It should be, but how can I confirm that. I haven’t do anything with UCK-G2 after factory reset (it is just pluged in to the switch).
I have to check this. I seems that I’m really novice with al this, sorry.
Have a look at these videos how to setup PFsense
Step to 9:00 mins - https://www.youtube.com/watch?v=eusQ2859F1M
Switch on 192.168.1.20 means it can not see a dhcp server
UCK-G2-Plus - check out Cloud Key Gen2 Plus (youtube.com)
I would suggest youtube is your friend. lots of video on setting up pfsense and Cloud Key Gen2 Plus
Thanks! I have watched a lot of videos about subject but apparently not exactly the ones that would be useful in these questions. I will familiarize myself with all the things you refer to and get back to it when I have completed possible tests and procedures.
I think you need to unplug your switch and test your rules are working between the LAN and vLANs, if you have another managed switch that would confirm where the fault is.
Firewall logs shows that 192.162.1.20 is blocked. That IP address shows on the little screen of the switch. Switch is connected to port 4 on Netgate. I thing that I saw earlier address 192.162.1.30 on that list too (fallback address of the CloudKey).
I would think that the necessary firewall rules have been made, but apparently something is missing. Can you tell from that log which settings should be changed?
192.168.1.20 is the default ip address if the device can not see the dhcp server on your network
Is port 4 where you are connecting your unifi equipment on , as i can see you have many configured networks
What is the ip address of port 4 , and have you enabled dhcp on this port - Services - DHCP server
If you plug a machine into port 4, do you get an ip address.
Ok.
It is on (“Enable interface” checked). Yes I have created 4 VLANs and they go trough PORT 4.
Now I’m starting to see more clearly… it doesn’t have an IP address because I haven’t given it an address (IPv4 Configuration Type: none) and thus DHCP isn’t configured for it either. How primitive and simple can I be, yes, I’m such a beginner 
So it’s should be treated as another LAN? I guess I can’t give it the same address as the actual LAN port has?
So I should probably connect the switch to exactly that PORT2LAN port (port 2 is Netgate) and also direct the all VLANs to go through it, right, and forget PORT4 completely at this stage?
Nope.
from the screenshot of port4 , you need to get it a ipv4 static ip address and configure dhcp on port4
Each port has to be configued as a totally seperate network - ports do not operate as a network switch
Is office going to be your main network, then you need delete the vlan setting 120 and configure port 4 with the same network settings
I connected the switch to Netgate port 2 (the actual LAN port) and also directed all VLANs to go through it. The switch, CloudKey and iMac immediately got IP addresses and I can connect to the CloudKey. Now the next thing is to set up the Unifi network and start adopting all Unifi access points and cameras and set up Wlains and set which devices I want to direct to which VLAN from the switch. I meant to leave all the network devices in the actual LAN, the computers in the Office VLAN, the Ubiquiti cameras in the CAM VLAN and the television and other similar ones in the IOT VLAN. For these VLANs, I probably still have to make firewall settings between each other, but I found at least one video where Tom shows an example of making such firewall rules.
Thank you very much for all the help! I greatly appreciate.
PFSense - Vlan settings. These settings apply to business and home users
It shows you the firewall rules for each network