Self hosted Unifi Controller Inform Issues

I am currently running a self hosted Unifi Controller. This controller serves as my personal controller, and controller for various clients. I run a pfSense with Unifi switches running multiple VLANs. Main VLAN (Unifi Controller on this VLAN), Guest VLAN, and Test VLAN. My issues is this.

When I order new equipment for a client, I have it sent to me first. I connect the equipment to the Test VLAN, and SSH into the device and do a set-inform to my public FQDN for my controller. The equipment will not show up in Unifi Controller to adopt. But if I take equipment to customers site, and perform the set-inform it works just fine. I am trying to do all this so that I can pre-configure all equipment before install.

Please advise.

Connect the device to the same network as the unifi controller , then it appear in the controller where you can adopt it to the correct site - no security issues.

On the inform command, does the fqdn point to the IP address of the unifi controller - you probably need to setup spilt dns. On PFsense under DNS Resolver, create a host override entry

If you want to setup on the Test Vlan, you need to allow inform port 8080 from the testvlan to the unifi controller network.

Correct devices on the same network as the controller do not get the FQDN as the inform address, as they stay local. And connect to the controller without issues.

On the Test VLAN, SSH’d into the equipment I am able to ping the FQDN and resolves to the public IP as it should.

During testing I allowed ANY on port 8080, and still had the same issues.

The fqdn needs to resolves to the internal ip address of the controller, as previous post create host override withing PFSense - DNS Resolver that points your fqdn to the unifi internal ip address

You know it has worked, when you do a ping on the fqdn it should resolve your internal ip address.

Sorry, I misunderstood you at first. I will give that a try.

Okay, so that works. But it breaks the SSL on the Unifi Controller, and have to use the local IP instead of the FQDN.

Okay, I think I am seeing why. This is going through HAProxy, which is providing the correct SSL. We are bypassing that with the DNS records, correct?

Do not use HAProxy,

You could delete the host overwrite and setup ‘nat reflection’ on the port forwarding rule - Network Address Translation — NAT Reflection | pfSense Documentation (

No sure if the above will work

Yes, you are bypassing HAProxy by settings a host override.