How to effortlessly implement layer 7 firewall rules using Ubiquiti’s EdgeRouters

How to effortlessly implement layer 7 firewall rules using Ubiquiti’s EdgeRouters

Many companies have those few employees who hog bandwidth for non-work related applications like YouTube, Facebook and even Peer-to-Peer applications. So how do you control this without expensive layer 7-firewall software? We have created a simple guide on how you can gain back the control of your network with Ubiquiti EdgeRouters. If you have an existing Ubiquiti EdgeRouter in your network that enables the main Internet breakout and your DHCP server, you can simply follow these steps to implement firewall rules to block certain traffic on your network.

  • On your EdgeRouter dashboard, navigate to the Traffic Analysis tab and ensure that the enabled option is selected.

Within a couple of seconds, the router will start generating information on the connected users as well as the type of traffic being generated by each user.

  • Once you have a better understanding of the consumption in your network, you can start putting firewall rules in place.  Simply navigate to Firewall/NAT and select Firewall Policies.

  • Click on Add Ruleset, and add the name of your ruleset and description – and set the default action to Accept and click Save.

  • Click on Actions and Edit Ruleset.

  • Click on the Interfaces tab and set your interface and direction to IN.  For the purpose of this guide, eth2 is our LAN DHCP Server and WAN OUT connection.

  • Click on the Rules tab and click on Add New Rule.  For this example, we name the rule drop streaming, set the action to drop and select all protocols.

  • Click on the Advanced Tab and make the following changes:

From the Application dropdown, select Streaming.

Click on Save.

  • Once the ruleset has been saved, test by opening YouTube.com to test if the rule is working.