--- project: name: UniFi Post-Migration Summary 2026-03-17 status: active category: infrastructure source: homelabagentroot created: 2026-03-17 updated: 2026-03-17 description: Final summary of UniFi zoning, host migration, and rollback references after the March 17 cleanup wave goals: - Record the end state after network cleanup - Provide a quick reference for what changed and what remains - Link operators to rollback and runbook notes priority: high tags: [unifi, post-migration, summary, rollback] --- # UniFi Post-Migration Summary 2026-03-17 ## Completed Changes - `Family of D.` moved from `Management` to `Internal` - `Management` reduced to `Default` only - New `Internal` access rules created for `Servers`, `IoT`, and `Staging` - Logging enabled on key edge, VPN, and east-west user-defined policies - Legacy `192.168.1.x` host paths removed from: - `proxmox` - `ubuntu` - `truenas` - Wi-Fi participation removed from: - `grizzley` - `ice` - Staging-side `192.168.40.x` host paths removed from: - `truenas` - `grizzley` - `ice` - Staging access policies disabled: - `Vpn to Staging` - `Allow Servers to Staging` ## Current Host End State | Host | Current Primary Addressing | Notes | |------|----------------------------|-------| | `ubuntu` | `192.168.50.61`, `192.168.30.61` | App edge healthy; UniFi may still show stale alternate observations | | `proxmox` | `192.168.50.11`, `192.168.30.11` | Legacy `192.168.1.11` removed | | `truenas` | `192.168.50.12` | Legacy `192.168.1.12` and staging `192.168.40.12` removed | | `grizzley` | `192.168.50.84`, `192.168.30.84` | Wi-Fi removed | | `ice` | `192.168.50.197`, `192.168.30.197` | Wi-Fi removed | ## Remaining Follow-Up - Allow UniFi controller client history to age out or refresh - Keep remaining `192.168.30.x` service-side paths in place for now because they appear to support intentional IoT-side service adjacency; remove them only after per-service validation - Review public `HTTP` exposure and any duplicate firewall rules - `grizzley` still has one disconnected/no-IP UniFi history record; a direct delete attempt returned `api.err.NotFound`, so this currently looks like controller-history lag - `TrueNAS` is intentionally exposed through the local-only route `truenas.local.tophermayor.com`; `truenas.tophermayor.com` is not the canonical admin URL ## References - Canonical current-state reference: [`docs/UNIFI_NETWORK_INFRASTRUCTURE.md`](/Users/christopherjohnsisonmayor/Infrastructure/core/docs/UNIFI_NETWORK_INFRASTRUCTURE.md) - Runbook: [[unifi-host-migration-runbook.md|UniFi Host Migration Runbook]] - Rollback: [[unifi-rollback-2026-03-17.md|UniFi Rollback 2026-03-17]] - Execution details: [[unifi-execution-plan.md|UniFi Execution Plan]]