TopherMayor/hermes-ice
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
hermes-ice/homelab/docs/unifi-rollback-2026-03-17.md
Hermes Agent e4d91aadf9 Initial commit: homelab infrastructure wiki 
- Full Obsidian vault content
- Host configs (ice, grizzley, ubuntu, proxmox, truenas, panda, hyte)
- Media stack documentation
- Traefik HA setup
- Automation scripts
- Bachelor party planning
2026-05-24 16:08:40 -07:00

2.4 KiB
Raw Permalink Blame History

project
project
name status category source created updated description goals priority tags
UniFi Rollback 2026-03-17 active infrastructure homelabagentroot 2026-03-17 2026-03-17 Rollback notes for the first UniFi zone and policy changes applied on 2026-03-17
Restore pre-change zone membership if needed
Record new policy IDs created during the first change wave
Provide a safe reference before the next production network cutover
high
unifi
rollback
firewall
zones
change-management

UniFi Rollback 2026-03-17

Backups

Pre-change snapshots were saved to:

  • /private/tmp/unifi-change-backups-20260317/zones-before.json
  • /private/tmp/unifi-change-backups-20260317/policies-before.json

Changes Applied

Zone Changes

Before:

  • Management -> Default, Family of D.
  • Internal -> empty

After:

  • Management -> Default
  • Internal -> Family of D.

New User-Defined Policies Created

ID Name
ccc50b02-81ee-4e85-a994-87228b28d6ef Internal to Servers HTTPS
07e03549-c022-4e90-981d-154269dc0471 Internal to Servers HTTP
6a7c0209-3d75-4826-bc61-ab98d9fe3ce3 Internal to IoT
977017d1-7600-48b1-9f04-e76eed01ca2c Internal to Staging

Existing Policies Modified

Logging enabled on:

  • 89de6586-d284-4ce0-8e1f-8fea428c4af4 Allow External to Web Proxy
  • b13ad681-3d4c-4cb0-b186-70678087ddc9 Vpn to Management
  • 92c1b619-ef7e-4b74-aaca-e57851abe962 MBA VPN to Management
  • 5e6f26c2-1487-4e92-b682-6bcbb987b913 Vpn to Servers
  • 3b64e36a-a452-4ab0-96b5-6088efb2330c Vpn to IoT

Rollback Steps

If the Family of D. cutover needs to be reversed before the next maintenance window:

  1. Move Family of D. back into Management
  2. Remove Family of D. from Internal
  3. Keep the new Internal user-defined rules disabled or delete them if they are no longer needed
  4. Re-test access from a 192.168.10.x client to Servers, IoT, and Staging

Rollback Zone State

Desired rollback state:

  • Management -> bcf0598f-9361-4306-9024-9817fd841836, fb44c9bf-1534-4a98-9c7e-6aee4bf4069a
  • Internal -> no networks assigned

Notes

  • policies-before.json is only a 200/236 visible slice from the original tool output; use live API reads plus the saved zone snapshot for the most accurate rollback reference.
  • System-defined edge rules such as Allow Port Forward HTTP and Allow Port Forward HTTPS were not modified.
Reference in New Issue View Git Blame Copy Permalink