I have the dream machine SE the has 3 subnets in my office. Im able to back up PCs that are on the main subnet but I cant figure how to get the other PCs to backup unless I put them on the same network as the synology NAS.
So basically what I want it to be able to backup the PCs that are on all the subnets using Active Backup on the office synology NAS. I was thinking it might need some sort of inter Vlan routing but Im not too sure on how to accomplish that or if thats even the answer.
Are you blocking RFC1819 chatter between VLANs? If not and they aren’t segmented in anyway either with a firewall policy or isolation enabled, guest mode, etc. The Synology NAS should be able to talk with everything.
I have clients using both Pfsense + UniFi switches & UDM Pro + UniFi switches utilizing multiple vlans and the NAS can connect to everything just fine. On segmented networks I just a have a firewall policy exception to allow the NAS.
I was actually blocking RCF1819 since I didn’t want the POS systems talking to the other things in the office. I disabled that rule and its working now.
What would I need to do in order to allow the NAS to everywhere so I can back up the other subnets and block all the other vlan traffic?
And thanks for the assist. I cant believe that totally forgot about that rule. Im very new to unifi and its still a work in progress.
Per PCI-DSS you need to disable RFC1819 on the POS network. You should be able to create a rule to allow that single address to communicate with devices on that network. But you need to have that NAS hardened for sure, with no external access with Quick Access or whatever Synology is calling it these days.
Honestly I personally wouldn’t use a UniFi security appliance for any business that has to be PCI-DSS or HIPAA compliant. During a security audit this would be a complete mess, and staying compliant will be difficult with it’s lack of advanced capabilities.
I figured it out. I planned on upgrading this stuff to some cisco equipment around July but I dont have any time to take down this whole place until then. And I wanted to have a few days for me to fine tune everything so I figure in July when we are closed for 3 weeks that will give me enough time to kill the network and get it back up. Hopefully.
Thank again for sparking my memory and for the advice.
