For the latest updates please refer to our Firewall Best Practices guide for the latest IP address ranges and services.
Connecting to the UDM Pro
In order to connect the UDM Pro to the network:
- Ensure the modem or other ISP provided equipment is in bridge mode. Anyone familiar with the local network setup will be able to assist with this.
- Note: If the IP address is static, it will be necessary to load this information into the UDM Pro.
- Connect the router to the modem provided by the ISP, ensuring that it is the only device connected. All other devices will connect to the router or a switch connected to the router.
- In most cases, the router can be accessed locally at 192.168.0.1 or 192.168.1.1.
Creating an IP Group
- The UDM Pro uses IP Groups to define IP addresses or ranges of IP addresses that are allowed through the firewall.
- Once logged in start by selecting the gear in the bottom left-hand corner of the control panel.
- Then select Routing & Firewall from the menu.
- Once in Routing & Firewall menu, navigate to Firewall then Groups.
- Then select Create New Group
- The new group will start with naming the group, for this, we have put Cytracom IP's.
- The next portion will have you add the IP address ranges, due to it being multiple addresses we will use a CIDR for almost all of them.
- Each CIDR/IP address will need to be its own line, a new line can be created by selecting the +ADD button just below the address field.
- Once all IP addresses/ranges have been added select Save at the bottom left.
Creating Firewall Rules/ Adjusting Timeouts
- Next, we will add the firewall rule to ensure that traffic is allowed in and out of the network.
- First, you will navigate to the Firewall tab.
- Second, make sure you are under the WAN IN tab.
- Finally, select the Create New Rule button.
- The new rule will come up mostly blank.
- Start by giving the rule a name, in this case, we used Cytracom VoIP
- Set the rule to be applied Before Predefined Rules
- Set the Action to Accept
- Set the IPv4 Protocol to TCP and UDP
- Set logging to enabled.
- Leave IPsec as Don't match on IPsec Packets.
- Leave the Source field at default settings.
- Set Destination
- Destination Type - Address/Port Group
- IPv4 Address Group - Cytracom IPs
- Port Group - Leave unchanged
- Select Save at the bottom left.
- Once completed you should see the rule commit and it will return you back to the IPv4 rule summary.
- Next, we will adjust the UDP timeout settings on the UDM Pro.
- Under the Firewall section select Settings.
- Under the settings section, you will need to disable two modules and adjust two timeouts.
- CONNTRACK MODULES
- H.323 - set to off
- SIP - set to off
- STATE TIMEOUTS
- UDP Other - 180
- UDP Stream - 180
- CONNTRACK MODULES
- Once updated select Apply Changes at the bottom left.
- The UDM Pros support a QoS feature known as Smart Queues. It will automatically tag traffic and prioritize time-sensitive traffic. Note: Smart queues are highly CPU intensive and will reduce the maximum bandwidth when running. It is also suggested to disable DPI if smart queues are enabled as it will impact bandwidth throughput as well.
- Start by navigating to Network, then select edit on the applicable WAN interface.
- It will transition to settings for the WAN interface, under Common Settings, enable Smart Queues.
- It will give the option to "Pre-populate" the upload/download field when selected it will run a bandwidth test and populate the fields.
- The upload/download fields can be manually updated. Note: Bandwidth is referenced in Kbit/s.
- Once completed select Save in the bottom left corner.