TopherMayor/hermes-ice
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
hermes-ice/homelab/docs/unifi-rollback-2026-03-17.md
Hermes Agent e4d91aadf9 Initial commit: homelab infrastructure wiki 
- Full Obsidian vault content
- Host configs (ice, grizzley, ubuntu, proxmox, truenas, panda, hyte)
- Media stack documentation
- Traefik HA setup
- Automation scripts
- Bachelor party planning
2026-05-24 16:08:40 -07:00

80 lines
2.4 KiB
Markdown
Raw Permalink Blame History

---
project:
name: UniFi Rollback 2026-03-17
status: active
category: infrastructure
source: homelabagentroot
created: 2026-03-17
updated: 2026-03-17
description: Rollback notes for the first UniFi zone and policy changes applied on 2026-03-17
goals:
- Restore pre-change zone membership if needed
- Record new policy IDs created during the first change wave
- Provide a safe reference before the next production network cutover
priority: high
tags: [unifi, rollback, firewall, zones, change-management]
---
# UniFi Rollback 2026-03-17
## Backups
Pre-change snapshots were saved to:
- `/private/tmp/unifi-change-backups-20260317/zones-before.json`
- `/private/tmp/unifi-change-backups-20260317/policies-before.json`
## Changes Applied
### Zone Changes
Before:
- `Management` -> `Default`, `Family of D.`
- `Internal` -> empty
After:
- `Management` -> `Default`
- `Internal` -> `Family of D.`
### New User-Defined Policies Created
| ID | Name |
|----|------|
| `ccc50b02-81ee-4e85-a994-87228b28d6ef` | `Internal to Servers HTTPS` |
| `07e03549-c022-4e90-981d-154269dc0471` | `Internal to Servers HTTP` |
| `6a7c0209-3d75-4826-bc61-ab98d9fe3ce3` | `Internal to IoT` |
| `977017d1-7600-48b1-9f04-e76eed01ca2c` | `Internal to Staging` |
### Existing Policies Modified
Logging enabled on:
- `89de6586-d284-4ce0-8e1f-8fea428c4af4` `Allow External to Web Proxy`
- `b13ad681-3d4c-4cb0-b186-70678087ddc9` `Vpn to Management`
- `92c1b619-ef7e-4b74-aaca-e57851abe962` `MBA VPN to Management`
- `5e6f26c2-1487-4e92-b682-6bcbb987b913` `Vpn to Servers`
- `3b64e36a-a452-4ab0-96b5-6088efb2330c` `Vpn to IoT`
## Rollback Steps
If the `Family of D.` cutover needs to be reversed before the next maintenance window:
1. Move `Family of D.` back into `Management`
2. Remove `Family of D.` from `Internal`
3. Keep the new `Internal` user-defined rules disabled or delete them if they are no longer needed
4. Re-test access from a `192.168.10.x` client to `Servers`, `IoT`, and `Staging`
## Rollback Zone State
Desired rollback state:
- `Management` -> `bcf0598f-9361-4306-9024-9817fd841836`, `fb44c9bf-1534-4a98-9c7e-6aee4bf4069a`
- `Internal` -> no networks assigned
## Notes
- `policies-before.json` is only a `200/236` visible slice from the original tool output; use live API reads plus the saved zone snapshot for the most accurate rollback reference.
- System-defined edge rules such as `Allow Port Forward HTTP` and `Allow Port Forward HTTPS` were not modified.
Reference in New Issue View Git Blame Copy Permalink