eric/ericxliu-me
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

📚 Auto-publish: Add/update 1 blog posts
All checks were successful
Hugo Publish CI / build-and-deploy (push) Successful in 12s
Details

Browse Source 
Generated on: Mon Sep 22 07:31:20 UTC 2025
Source: md-personal repository
This commit is contained in:
Automated Publisher
2025-09-22 07:31:20 +00:00
parent 96e2f71ffd
commit f6853a1cc4
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
content/posts/unifi-vlan-migration-to-zone-based-architecture.md
View File

@@ -55,10 +55,12 @@ The final configuration groups the individual VLANs into distinct zones, forming
* **DMZ:** Contains the `dns` and `prod` networks for semi-trusted, exposed services. * **DMZ:** Contains the `dns` and `prod` networks for semi-trusted, exposed services.
* **IoT:** Contains the `iot` network. This is a low-trust zone for smart devices. * **IoT:** Contains the `iot` network. This is a low-trust zone for smart devices.
* **Management:** Contains the `management` network. This is a highly privileged, isolated zone for network infrastructure. * **Management:** Contains the `management` network. This is a highly privileged, isolated zone for network infrastructure.
![S3 File](http://localhost:4998/attachments/image-167d5cef9e79e622fff779f3671492a8a5a343ea.png?client=default&bucket=obsidian)
#### The Security Policy Matrix #### The Security Policy Matrix
The true power of this model is realized in the firewall's zone matrix, which dictates the default traffic flow between each zone. The true power of this model is realized in the firewall's zone matrix, which dictates the default traffic flow between each zone.
![S3 File](http://localhost:4998/attachments/image-4b9dbea5f7ceb0446d517305bc281b74e7f22ffc.png?client=default&bucket=obsidian)
This matrix enforces the desired security policy with clear, high-level rules: This matrix enforces the desired security policy with clear, high-level rules:
* **Complete IoT Isolation:** The `IoT` row shows that devices in this zone are blocked from initiating any communication with any other internal zone. Their only allowed path is out to the internet. * **Complete IoT Isolation:** The `IoT` row shows that devices in this zone are blocked from initiating any communication with any other internal zone. Their only allowed path is out to the internet.