Required Ports Reference
The following lists the UDP and TCP ports used by UniFi. This information mainly applies to users with a self-hosted UniFi Network Server, or users with third-party devices and firewalls. For this reason, we generally recommend a full UniFi deployment for seamless deployment and optimal native compatibility.
Local Ingress Ports (Incoming)
Protocol | Port Number | Usage |
TCP/UDP | 53 | Used for DNS. This is required for Guest Portal redirection, downloading updates, and remote access. |
UDP | 3478 | Used for STUN. |
UDP | 5514 | Used for remote syslog capture. |
TCP | 8080 | Used for device and application communication. |
TCP | 443 |
Used for application GUI/API as seen in a web browser. Applications running on a UniFi Console |
TCP | 8443 |
Used for application GUI/API as seen in a web browser. Applications running on a Windows/macOS/Linux machine |
TCP | 8880 | Used for HTTP portal redirection. |
TCP | 8843 | Used for HTTPS portal redirection. |
TCP | 6789 | Used for UniFi mobile speed test. |
TCP | 27117 | Used for local-bound database communication. |
UDP | 5656-5699 | Used by AP-EDU broadcasting. |
UDP | 10001 | Used for device discovery. |
UDP | 1900 | Used to "Make application discoverable on L2 network" in the UniFi Network settings. |
UDP | 123 | Used for NTP (date and time). Required for establishing secure communication with remote access servers. |
Note: Although TCP 22 is not one of the ports UniFi Network operates on by default, it is worth mentioning that is the port used when UniFi devices or the Network application is accessed via SSH.
Ingress Ports Required for L3 Management Over the Internet (Incoming)
These ports need to be open at the gateway/firewall as well as on the machine running the UniFi Network application. This would be achieved by creating port forwards on the gateway/firewall where the application is running.
Protocol |
Port Number |
Usage |
UDP | 3478 | Used for STUN. |
TCP | 8080 | Used for device and application communication. |
TCP | 443 |
Used for application GUI/API as seen in a web browser. Applications running on an UniFi Console |
TCP | 8443 |
Used for application GUI/API as seen in a web browser. Applications running on Windows/macOS/Linux machines |
TCP | 6789 | Used for UniFi mobile speed test. |
TCP | 8880 | Used for HTTP portal redirection. (only needed if using Guest hotspot) |
TCP | 8843 | Used for HTTPS portal redirection. (only needed if using Guest hotspot) |
Egress Ports Required for UniFi Remote Access (Exiting)
In most cases, these ports will be open and unrestricted by default.
Protocol | Port Number |
Usage |
TCP/UDP | 53 | Used for DNS This is required for Guest Portal redirection, downloading updates, and remote access. |
UDP | 3478 | Used for STUN. |
TCP/UDP | 443 | Used for Remote Access service. |
TCP | 8883 | Used for Remote Access service. |
UDP | 123 | Used for NTP (date and time). Required for establishing secure communication with remote access servers. |
Changing Default Ports
Changing default port assignments can only be done on self-hosted UniFi Network Servers (Windows/macOS/Linux). This can be accomplished as follows:
- Close any instances of the UniFi Network application.
-
Modify the
system.properties
file, which can be found in the directory<unifi_base>/data/system.properties
.-
For example, if port 8081 was in use and port 8089 was open, you could change it by modifying
unifi.shutdown.port=8081
tounifi.shutdown.port=8089
-
For example, if port 8081 was in use and port 8089 was open, you could change it by modifying
- Restart the UniFi Network application.
Note: Make sure there are no leading or trailing spaces, comments, or other characters (i.e., #) on any custom lines. Otherwise, UniFi Network will ignore the customizations.