The security audit just got smarter about catching VLAN isolation gaps.
What's New
-
Broader isolation coverage - The audit now checks that ALL network types are properly blocked from reaching Security and Management VLANs. Previously it only checked a subset of networks, so things like DMZ or Printer VLANs could slip through. Now if anything can reach your cameras or switches without a block rule, you'll know about it.
-
Smarter firewall rule evaluation - Fixed a subtle issue where UniFi's predefined "Allow Return Traffic" rules were causing false negatives. These RESPOND_ONLY rules only permit return traffic for established connections, not new connections. But the audit was seeing them match first and concluding traffic was "allowed." Now it correctly skips RESPOND_ONLY rules and evaluates whether new connections are actually blocked.
-
Recognizes manual block rules - Networks protected by explicit firewall block rules are now treated as effectively isolated, even without the "Network Isolation" toggle enabled. This avoids false positives if you've already set up manual rules.
-
Clearer recommendations - Isolation issues now explain why the Isolate Network toggle alone isn't enough: it's outbound-only and can be inadvertently bypassed by allow rules. For more on this, see our blog post on the UniFi Network Isolation bug.
Installation
Windows: Download the MSI installer below
Docker:
docker compose pull && docker compose up -d