What Unifi ports need a forward for remote managment


#1

Hi all,

Thanks to Tom I tried a demo pack of some Unifi equipment.
And I like it! I like it so match that I want to switch some contacts I help to Unifi to make my life easier.

Part of the demo kit is a v1 Cloud Key. I like to keep using that for now and like to know what ports I need to open on my pfsense firewall for the external equipment to be able to use /inform and adopt successfully, and be able to manage them.

I did some googe-ling and did find 5 ports
8080 and 3478 are already open.
I open 8443 when needed. (unifi.ubnt.com forwards now to the internal cloud key domain also, I probably changes something, did not do that before)
But I also found 8880 and 8843. Do those need a forward?
Did I miss any?

Other part of the demo kit is a USG, that I will use to test the remote connection.
Tonight at a friends house I will connect the USG and hope it will show up in my controller.

Hope someone can give me the list of needed ports and other tips.

Thanks in advance.
Richard


#2

Here is the official list from UniFi


#3

@LTS_Tom Thanks, I will configure it and test it tonight.


#4

I like to think of the unifi controller as multiple different services, not just a single big one, that you can make accessible independently of one another.

The GUI runs on TCP 8443 by default. You can change this to whatever you like.

The device-controller communication takes place on TCP 8080 and UDP 3478. This one is a bit more complicated. As far as I know, you can change the port of the inform address from 8080 to anything you want, since this is manually provided by you during the inform process. However, I don’t think you can change the STUN port (3478). Also, STUN is in fact not required at all, but I highly recommend using it.

Note that you don’t necessarily have to make the controller GUI accessible from the internet in order for clients to have their devices communicate with it, because these are two different services.

TCP 8880 and 8843 are only needed when using the captive portal function of the controller, which I have never used because I quite like pfSense’s captive portal.


#5

Thanks for you added information, and now I get where 8880 and 8843 is for and I don’t need them.
I did the test and it worked :smile:

I think I have to have the GUI open, because I changed the Controller Hostname in the settings, and when I start the controller from unifi.ubnt.com it points to that hostname.

For now I’m happy that it works.

Again thanks for the info.