First off, I can’t ditch the UDMPRO because it’s the only thing that runs access and this building already has Access deployed. With that out of the way…
I had to put an existing UDMPRO behind pfsense. The location uses the controller, protect, and access.
I used the method of using a separate interface on pfsense, on an isolated network, connected to the UDMPRO WAN. Then a static route to the network controller from all the other lans and vlans in pfsense. UDMPRO is set to allow any/any on its wan. So that works fine, all the APs use a MGMT vlan, all the cameras and access control together on a building vlan. I SSH’d into all the APs and used the cameras GUI to point them back to the controller via my static route. Everything was re-adopted properly, the controller and the cameras re-adopted and all is well.
The issue is Unifi Access, it is still working according to its policies, but in the GUI the devices are all ‘disconnected’. I recall when I originally setup the UDMPRO I was able to select the correct VLAN (40) to put the unifi access software on that vlan. But now that dropdown only has ‘lan’ in it, with the gateway ip.
I’ve attached a crude drawing so there is hope of understanding the setup.
So far I haven’t had to reset any devices to get them to reconnect, but, is that what I need to do for the access controllers? How do I update their ‘inform’ address?
Even the cameras that are daisy-chained off the access controls are re-adopted into protect no prob, so I expected the Access devices to reconnect as well. But, there seems to be no way to SSH into them. I took a factory fresh one, and really there is no way to tell it where the controller is, they have to be in the same subnet I guess.
Thanks for any advice anyone might has on getting this working!!
