Skip to main content

Setting up Smoothwall with UDM-SE

Network Documentation – UniFi Dream Machine SE 

 

1. Overview 

The UniFi Dream Machine SE (UDM-SE) is configured to manage multiple VLANs, providing logical network separation for VoIP, IoT, Guest, Facilities, Pupil, and CCTV traffic. Each VLAN is associated with a dedicated domain, and firewall rules are applied to secure traffic flows and control access to Smoothwall filtering. 

Shape 

2. VLAN Configuration 

VLANName 

VLAN ID 

Purpose / Notes 

Default 

1 

Local domain; default network. 

VoIP 

1308 

Voice over IP traffic. 

IoT 

1309 

Internet of Things devices. 

Guest Wi-Fi 

1310 

Guest & Staff Wi-Fi (no certificates required). 

Facilities 

1311 

Facilities devices. 

Pupil 

1312 

Student devices – certificates distributed via Intune. 

CCTV 

1313 

Reserved for CCTV network (naot yet in use). 

Shape 

3. VLAN Domain Assignments 

VLAN Name 

Domain 

VoIP 

NOR-VoIP-oliveacademies.org.uk 

IoT 

NOR-Staff-oliveacademies.org.uk 

Guest 

NOR-Guest-oliveacademies.org.uk 

Facilities 

NOR-Fac-oliveacademies.org.uk 

Pupil 

NOR-Student-oliveacademies.org.uk 

CCTV 

NOR-CCTV-oliveacademies.org.uk 

Default 

localdomain 

Shape

4. DNS & Policy Records 


  • A Records: 

  • smoothwall.NOR-Student-oliveacademies.org.uk - 10.13.12.2 

  • smoothwall.NOR-VoIP-oliveacademies.org.uk - 10.13.8.2 

  • smoothwall.NOR-Staff-oliveacademies.org.uk - 10.13.9.2 

  • smoothwall.NOR-Fac-oliveacademies.org.uk- 10.13.11.2 

  • smoothwall.local - 10.13.7.7 


Shape 

5. Firewall Rules 

Rule 1: Internal Smoothwall Ping 


  • Source: Internal – any device, any port. 

  • Destination: Internal zone (Smoothwall Static IP list). 

  • Protocol: Custom ICMP. 

  • Action: Allow + auto-allow return traffic. 

  • Purpose: Enables internal devices to ping Smoothwall for connectivity checks. 

Shape 

Rule 2: Internal to Smoothwall Filtering 


  • Source: Internal – any device, any port. 

  • Destination: Smoothwall Static IP list (by IP). 

  • Port: Custom 442. 

  • Action: Allow + auto-allow return traffic. 

  • Purpose: Allows internal devices to connect to Smoothwall filtering services. 

Shape 

Rule 3: Smoothwall Static VLAN IPs 


  • Source: Internal VLAN IPs (list of VLANs). 

  • Destination: External (any). 

  • Ports: Any. 

  • Action: Allow. 

  • Purpose: Permits VLAN traffic to access external destinations through Smoothwall. 

Shape 

6. Notes & Considerations 


  • The CCTV VLAN (1313) is not yet active – plan for camera IP ranges and firewall policy before rollout. 

  • The smoothwall.local A record should be tested for DNS resolution and functionality. 

  • The Guest Wi-Fi VLAN (1310) currently provides access without certificates – consider isolating staff Wi-Fi if stronger authentication is required. 

  • Certificates for Pupil VLAN (1312) are managed through Intune – verify deployment consistency across student devices. 


Shape 

No comments to display

Back to top