Blocking sites with Ubiquiti Unifi

Guide for Block websites with Ubiquiti Unifi and FlashStart

1. What is unifi?

Ubiquiti’s UniFi product line offers a wide range of devices, including WiFi access points, switches, controllers, security cameras, and other network devices. All of these devices are integrated into a single management platform that allows network administrators to view real-time network performance, apply configurations, design policies, and manage the network efficiently.

UniFi is a comprehensive solution for network management that allows companies to manage different environments from a single point. In the past, the management of different devices was done through local access; now we can manage devices, such as routers, switches, and access points, from a single place.

2. How to block inappropriate sites on your network with Unifi

Unifi has total control of the network, thanks to the integration of routers, switches, and access points. We can manage the traffic flowing through a network and control it. To do this, it is necessary to integrate into our network router USG or DreamMachine; both devices have the integration of DPI (Deep Packet Inspection). This new feature allows us to analyze the traffic by layer 7 and apply policies on this, such as blocking sites or allowing access. It also has the possibility of applying policies by networks or individual devices and create schedules as to where to apply these policies.

Traffic management with Unifi

It should be noted that to achieve this, it is necessary to integrate a router from the Unifi line. Otherwise, we will not be able to manage the traffic in a centralized way. Unifi detects different categories, including social networks, forbidden sites, web services, and work tools among the main categories. We have the flexibility that if the application is not detected by DPI, we can specify the domain.

The main sites are already integrated in Unifi.

Main Site integrated in Unifi

3. How to improve your network security by blocking malicious sites in Unifi

Blocking malicious sites is a measure that a network administrator should take. With UniFi, you can set up rules to block malicious sites for hosting malware, phishing, viruses, and other types of online attacks. This will help protect your users from potential threats and prevent your network from being affected by them.

In addition, UniFi allows you to customize your blocked sites list, giving you full control over which sites are allowed on your network and which ones are blocked. It is important to improve the level of network security, as any entry vector could end up affecting a company’s operation.

Remember that you can add DPI categories or, in the case that unusual behavior is detected on a site, the administrator can block the domain and apply it to a network or individual devices.

New Rule in Unifi

>> FlashStart protects you from a wide array of threats and blocks access to malicious sites ? Activate now your “Free trial”

4. How to customize your blocked sites list in Unifi for your company

Unifi gives us the possibility to create several categories of filtering. For example, we could create categories to block malicious sites, social networks, and video in three different categories, where we could apply it to different networks.

The site blocking policies differ between networks or even between devices. For example, an administrator may want to block access to social networks in the finance network, but in the marketing network, yes. This can be done in a simple way in Unifi. The customization of policies is done by creating different categories and groups.

Unifi not only has DPI for traffic filtering, but it also integrates IDS/IPS on the routers, which means that it will be able to categorize malicious traffic from non-malicious traffic. It should be understood that an administrator could block different categories of traffic, not for being malicious, such as a site hosting malware, but for better bandwidth management, such as blocking video platforms.

For blocking specifically malicious traffic, such as viruses, malware, even access to TOR networks, we will use the IDS/IPS functions in Unifi. From this section we can block dangerous sites and even block blocks of IP addresses by geolocation.

In the Firewall & security section, we can specify the dangerous categories to block.

5. Integrating FlashStart for content filtering with Unifi

FlashStart is a content filtering solution, supported by its artificial intelligence, that will always maintain an up-to-date list of potential dangerous sites.

FlashStart integrates very easily with Unifi and will support the protection of a Unifi network with new features. The DPI or IDS/IPS functions in any router consume a lot of resources. We can better manage resources by integrating a content filter with FlashStart in our Unifi network. This way we can block sites with Unifi without using any additional function in the router.

FlashStart is a DNS filtering solution. It is not a DPI system. We must be clear about this concept, since the traffic will pass through the router, but no restriction will be applied by DPI or IPS. Rather, this restriction will be given by the DNS configuration, where FlashStart will take care of the job according to the administrator’s policies.

In the same way that we have filters by categories, in FlashStart, we also have them and a control by schedule, but not only that, but any category is constantly updated thanks to the AI designed entirely by FlashStart. Blocking sites in Unifi is fully compatible with FlashStart and provides great control benefits in a network.

Content filters with Flashtart to block sites with Unifi.

6. Endnotes

In short, blocking malicious sites and managing other sites on the network is a crucial aspect of operating an enterprise network. With UniFi, you can easily customize your blocked sites list to ensure the security of your network and protect your users. Remember that keeping your blocked sites list up-to-date is an important part of managing your network, so it is critical to dedicate time and attention to this task if you use UniFi.

FlashStart will give us the peace of mind that if we block a category of sites. It will always be up-to-date, and no administrator intervention is required. The only step is to apply the policy and integrate FlashStart with UniFi to start blocking sites and protecting the network.

With UniFi and FlashStart, you can have peace of mind, knowing that your network is protected, secure, and up-to-date at all times.

>> FlashStart is totally in the cloud and easily activated ? Try it now

You can activate the FlashStart® Cloud protection on any sort of Router and Firewall to secure desktop and mobile devices and IoT devices on local networks.

Category: Internet Security How-to guides
Reading time 3 min
Dario NogueraBlogger & Trainer Mikrotik
I share knowledge and expertise on networking, specializing in Mikrotik devices. Through blogging and training courses, I make complex concepts accessible to networking enthusiasts and operators, providing them with the resources they need to excel in the field.

View all posts by Dario Noguera

I share knowledge and expertise on networking, specializing in Mikrotik devices. Through blogging and training courses, I make complex concepts accessible to networking enthusiasts and operators, providing them with the resources they need to excel in the field.
Share this post:  
For information
click here
For a free trial
click here
For prices
click here
Follow us on
Linkedin | YouTube
Related posts
How to set up a “Facebook block” on one’s corporate network
How to Detect a Man-in-the-Browser Attack
Network attacks: why network attacks are on the rise and how to stop them
How to protect privacy on the Internet with DNS-over-TLS