In this guide I'll show you how to allow traffic between VLANs, assuming you've already followed our guide to block all inter VLAN traffic

A common setup in a home network is to have a LAN and an IoT network

We want LAN to be able to communicate to IoT and we want IoT to be able to reply back, but we don't want IoT to be able to open new connections to LAN

Similarly in a business environment we might want LAN to be able to talk to a Printers VLAN, and we want Printers to be able to reply back but not open new connections

This guide will show you how to do that

If instead you want to block all traffic between the VLANs, follow this guide instead: block all inter VLAN traffic

Or if you want to allow all traffic between these two VLANs just don't do the last step of the second rule where we limit it to only allow the return traffic

To get this to work we need two allow rules placed above the Block Inter VLAN rule:

Here's how to configure that

Under Settings > Security > Firewall > Create Policy

Name: Allow LAN to IoT

Source Zone: Internal, Network, LAN

Action: Allow

Destination Zone: Internal, Network, IoT

Add policy

Under Settings > Security > Firewall > Create Policy

Name: Allow IoT Return Traffic to LAN

Source Zone: Internal, Network, IoT

Action: Allow

Destination Zone: Internal, Network, LAN

Connection State: Return Traffic

Add policy

If you are using the old firewall interface, before zone-based was implemented in UniFi, creating the rule looks like this:

Settings > Security > Traffic & Firewall Rules > Advanced

Create Entry

Type: LAN IN (Curious about LAN IN vs LAN OUT? Check our article here)

Name: Allow LAN to IoT

Source Type: Network

Network: LAN

Destination Type: Network

Destination Network: IoT

Advanced: Auto

Type: LAN IN

Name: Allow IoT Return Traffic to LAN

Source Type: Network

Network: IoT

Destination Type: Network

Destination Network: LAN

Advanced: Manual

Match State: Established, Related