Network Administration
Ubiquiti Unifi Site Magic
11/11/23 11:54
Site Magic
I was going to write a long article about the Site Magic feature on the Unifi Gateway devices. But I can't. And the reason is particularly rare and satisfying. If you are using this product for what it is designed and marketed to do.
It is easy to set up
It just works.
So if you want to
Allow full connection between two or more non-overlapping networks located behind Ubiquiti Unifi gateways
and provided
At least one those gateways having a public IP address
The gateways have a communication path between them
Don't need to deal with more than 5 gateways (apparently this limit will change)
A half dozen mouse clicks will get the job done. So far it seems to manage IP address changes and restore itself after network loss with no intervention and has replaced a rather complex IPSec VPN setup.
Accessing Apple from Australia
13/03/14 10:09
All I was trying to do was update my iPhone and iPad to 7.1, but I kept getting a server unavailable message. A ping to apple.com returned Communication prohibited by filter then the penny dropped someone at an ISP in the states was blackholing traffic to Apple.
Update (12:09 AM) There has been a suggestion that this is the result of DNS attack affecting some Apple domains (http://www.macnn.com/articles/14/03/12/fault.is.likely.due.to.hacker.attack.rather.than.apple.originated.issue/) which would have many of the same symptoms as being blackholed on the way to a legitimate location. The attackers were at least clever enough to make sure that the reverse address had something Apple related in it and at least in the case of the addresses I looked at addresses owned by Apple. Read More...
Update (12:09 AM) There has been a suggestion that this is the result of DNS attack affecting some Apple domains (http://www.macnn.com/articles/14/03/12/fault.is.likely.due.to.hacker.attack.rather.than.apple.originated.issue/) which would have many of the same symptoms as being blackholed on the way to a legitimate location. The attackers were at least clever enough to make sure that the reverse address had something Apple related in it and at least in the case of the addresses I looked at addresses owned by Apple. Read More...
Why NAT is not a security mechanism
28/10/13 18:15
All too frequently I see articles that refer to Network Address Technology (NAT) as a security mechanism. Let us be clear NAT has nothing to do with strengthening security and an awful lot to do with weakening it. Read More...