With the recent news on the Ubiquiti hack it may be a good idea for piece of mind to disable remote access and use local access only for UniFi Network and UniFi Protect. Here I will show you how to workaround the cloud requirement for UniFi Protect to access your cams from the iOS app without exposing your NVR to their cloud.
I use a Cloud Key G2+ for protect with pfsense for the edge of my network.
I recently found that if you make a firewall rule blocking the cloud key from the internet it will still let you access the protect app locally while on the unifi.ui.com site it wont let you which is preventing cloud access.
The rules should be similar with other firewalls but if you have a UDMP then you may be SOL since that is all in one. I am still testing this out but wanted to share it to help others who want this workaround.
This assumes you have already remote access enabled in the Cloud Key settings.
- In pfsense go to Firewall –> Rules –> LAN
- Create a new rule on the bottom of the list like this
- Save the rule
- Make sure you drag/move this rule ABOVE the default allow LAN rule.
- Save and reset firewall states just in case. Diagnostics –> States –> Reset States
- Check your CK from unifi.ui.com if you can access it. You should not be able to while still retaining local access if on the same subnet.
I also am allowing NTP and DNS to the cloud key since updated time is important for the cams.