High Level Design

Networking

The following diagram explains the following:

• Components
• Networking
• Interconnects
• Power Types
• Cabling
• Service demarcation

Interconnect Requirements

In oder to obtain access to services running on the UDM Pro (Gateway) access to the Internet is needed outbound. There is no need to enable inbound port mapping or NAT translation / port forwarding.

A connection (potentially layer 3) is needed from the core Dell switches to the UDM. This will enable outbound connection from the UDM to the Cloud Gateway control plane, and Microsoft Entra on the Internet.

There will be two isolated private (RFC1918) networks within the Gateway which provide:

• Access Control
• Camera networks

These networks will be isolated and not advertised outside of the UDM for security and assurance.

The following controls will be deployed:

• VLAN separation
• No Inter-vLAN network routing
• Network isolation policy to prevent device to device communication
• MAC access control to prevent alternate device connection
• Physical port policies (locked down when not in use)
• Door locks and sensors are connected via AWG18 single pair cables for power and signalling only.
• Access to the UDM would be via:
  • Direct connection from the Switch vLAN (ip address of the UDM)
  • Cloud Control plane (https://unifi.ui.com/