Setting up static ips for Unifi Cameras

I am just trying to set some Unifi cameras to have a static IP over on a VLAN. Right now they are just on Network.

When I am in the Unifi controller and I click on the camera → setting IP settings It says “Requires are Unifi Gateway or layer 3 switch”

In protect there is Manage → restart / remove

and Advanced → advanced → Real Time Streaming Protocol (RTSPS)

Any help would be great!

Assign fixed ip address on the dhcp server giving out IP on the network

You mention vlan, have your setup your switches, router , etc with vlan settings

Pfsense is my dhcp server.

I have Unif switches.

Yes everything is set up. I actually have a Synology NVR (DVA1622) and cameras already on the “cameras” VLAN. I have outside cameras that the Synology manages and Unifi camera that the Unifi controller manages for inside.

I guess with other security cameras I would just log into the cameras and assign them the static ip address. Then on the unifi switch I would change “Native VLAN / Network” to the VLAN I want them on.

So you are saying for me to do it in pfsense " DHCP Static Mappings"?

thank you!

Yes use, DHCP static mappings.

Change the vlan on the switch port first, so the devices are getting the correct vlan ip address

Under DHCP Server (Select the correct network), scroll down to the end - add status mappings for the device. - Note the the ip address has to be outside the dhcp range.

Thank you, I will do that.

Have a good day!

So that worked great. However, I needed to add a firewall rule to all those camera’s to get back to the controller. Is this the most secure way of doing this?

My controller is over on (In my first post I said, but its not)

my rule is
Protocol: TCP
Source: the cameras IPs (I will put them all in a alias)
Destination: the controller (

Can I limit the scope of this rule?

When I’m googling it, I am seeing ports that need to be opened are 7442, 7444 and, 7550

Put the Synology NVR on the same network as the cameras, as most of the traffic will be between cameras and nas unit

Then create a pfsense rule to allow access to the Synology from the normal network,

If you do the above, block all internet access except for the nas - cameras do not need internet access

Sorry there is a confusion.

The Synology NVR is for my outside camera. That is set up and working.

I followed Tom’s

Securing Surveillance Camera Networks

I am talking about my UNIFI cameras going back to my UNIFI controller.

Need more info

What Unifi controller , what network is it on (i.e vlan, ip address)

Are there any other devices managed on the unifi controller

What network are the cameras on (vlan)

What firewall / router

Cloud Key Gen2 Plus

The controller is on the network @

It does manage my AP’s and switches

The cameras are now on my camera VLAN network (you just helped me set up)

Firewall is Pfsense Netgate 7100

Within PFSense, create an alias with the cameras IP’s

Then create a firewall rule to allow camera access to the Gen2, source will be camera alisas to Gen2 IP all ports udp and tcp.

If you know the ports used, you could locked it down more to the ports but as the cameras can only access the gen2 , you limited security risk.

Sounds like you need to have that rule, otherwise the camera’s won’t be able to access the controller. Personally I would block WAN access on the CAM vlan as it doesn’t need it.

1 Like