UniFi Gateway Consoles WiFi Switching Camera Security New Integrations Accessory Tech Identity
UISP
Support Dropdown arrow
Store Search
User
Help Center UniFi Help Articles UISP Help Articles Community UniFi Design Center UISP Design Center Contact Support Tech Specs
Sign Up UniFi Portal
Ubiquiti Logo Ubiquiti Logo
User User
Log In Sign Up UniFi Portal
UniFi Gateway Consoles WiFi Switching Cameras & Security New Integrations Accessory Tech Identity UISP Store Search

Support

Help Center UniFi Help Articles UISP Help Articles Community Contact Support Tech Specs

Social

Facebook Twitter Youtube Instagram

Company

Careers Contact Us Investors

Training

Courses Calendar Trainers Become a Trainer

Tools

WiFiman UniFi Design Center UISP Design Center
  1. Ubiquiti Support and Help Center
  2. UniFi
  3. Protect
  4. Features & Configuration
Help Center
Back to Top

UniFi Protect - Optimizing Camera Connectivity

2023-09-19 17:07:59 UTC

This article describes how to access your UniFi Protect application, the factors that may create connectivity issues, and how to address said issues.

How to Connect to UniFi Protect

There are two ways to access your UniFi Protect application:

  • Locally, by using an internet browser to access the IP address of the UniFi Console which has Protect installed.
  • Remotely on the web, through the UniFi Site Manager (unifi.ui.com), or mobile app (iOS / Android).

Note: Remote access must be enabled in your Protect application. It is enabled by default.

To enable Remote Access in your UniFi Protect application if it has been disabled:

  1. Use a web browser to access the UniFi Console which has Protect installed, via its IP address. This requires you to be on your local UniFi WiFi network. 
    1. If you don’t know your UniFi Console's IP address, use the WiFiman app (iOS / Android) to locate it on your WiFi network.
  2. Log in to your Ubiquiti SSO account.
  3. Go to the Console Settings > Advanced menu, and enable the "Remote Access" toggle.

Understanding Your Connectivity Issue

Properly classifying your connectivity issue can help you resolve it more efficiently. Consider an issue as one of the following types:

  • Poor camera connectivity results from the camera receiving a weak WiFi signal, and will affect the recordings (e.g., low-quality recordings, gaps in footage)
  • Poor client connectivity is a result of a poor internet connection while accessing Protect remotely. Recordings will be played in reduced quality, to provide a smoother playback experience, but they are still stored locally in full quality.

Identifying Issues

To identify potential reasons for Protect connectivity issues:

  1. Try accessing your UniFi Console locally by entering its IP address in your web browser, or remotely via the UniFi Site Manager (unifi.ui.com) or the Protect mobile app.
  2. Use different mobile devices, ideally running different operating systems (iOS, Android).
  3. Use different supported browsers, such as Chrome, Firefox, or Safari, on different computers.
  4. Connect to different client locations, such as:
    1. A local network with the same subnet as the Protect application.
    2. A mobile carrier network via a mobile device or tethering.
    3. A remote network, such as a workplace or public WiFi network.
  5. Have multiple users, ideally with different system roles, attempt to access the Protect application.

Note: Track your observations. They may be helpful if you need to contact our technical support team.

My Camera Streams Load Slowly, or Buffer Frequently.

To identify potential reasons for slow stream loading and/or frequent buffering:

  1. Check the stability of your network connection:
    1. Perform a speed test using the WiFiman app while connected to the same network as your UniFi Console. Protect deployments with network speeds under 2.5 Mbps may see poor performance.
  2. Ensure that your computer or mobile network is not limiting bandwidth:
    1. A VPN could be preventing client devices from making a peer-to-peer connection with your UniFi Console. If so, disable the VPN.
    2. Check if there’s a conflict where the UniFi Console is on your local network, but on a different subnet than the client.
  3. Ensure that you haven’t exceeded your UniFi Console's maximum supported camera limit
  4. Check your computer's CPU utilization. If the CPU utilization is nearing 100%, try playing back fewer simultaneous video streams (i.e., fewer cameras on the live view matrix).

I Can Access Protect Locally, but Not Remotely.

If you can't access the Protect application remotely:

  1. Confirm that Remote Access is enabled. If it is enabled, try disabling it and enabling again.
  2. Confirm that you have permission to access Protect remotely. For more information, see UniFi Protect - Add and manage users.
  3. Visit status.ui.com to see if there are any issues with Ubiquiti’s Remote Management Service currently being resolved.

I Can't Access Protect from the Mobile App.

If you can't access Protect from the mobile app:

  1. Verify that the UniFi Protect mobile app is updated to the latest version.
  2. Ensure that the UniFi Protect mobile app is not restricted from accessing WiFi or cellular data:
    1. For iOS devices, go to Settings > Cellular Data menu and make sure "UniFi Protect" is toggled on.
    2. For Android devices, go to Settings > WiFi & Internet > Data Usage > Cellular Data Usage menu, select UniFi Protect, and make sure WiFi and cellular data are not disabled in the App data usage section.
  3. Disable a VPN if one is enabled, since some VPNs may block WebRTC connectivity, which is used by Protect.
    1. For Android devices with VPN enabled, try disabling the Private DNS in the Settings > WiFi & Internet > Private DNS menu. On some WiFi and mobile carrier networks, certain Private DNS providers such as CloudFlare's 1.1.1.1 may interfere with WebRTC.
  4. Disable or remove any third-party security or privacy apps that may interfere with network connectivity.
  5. Force-quit the mobile app and open it again.

If the steps above do not resolve the issue, uninstall the mobile app, reinstall, and attempt again.

I Can't Access Protect from My Web Browser.

If you’re having trouble accessing Protect from a web browser, but you can connect with the mobile app or a web browser on a different network, there may be an issue with your network configuration. For more information, see the Advanced Troubleshooting section. 

If you have a UniFi Cloud Key Gen2 Plus updated to Version 2.0.24, running Protect application Version 1.14.0 or higher, it operates via UniFi OS and, therefore, can be accessed remotely at unifi.ui.com, not protect.ui.com.

If you don't see the Cloud Key running your Protect application on unifi.ui.com, make sure your UCK G2 Plus’ version is up to date. For more information, see UniFi - How to manage & upgrade the Cloud Key.

If your Cloud Key's firmware is up to date and can see the Protect application at unifi.ui.com but can't access it, verify that Remote Access is enabled. See the How to connect to UniFi Protect section.

I Can't Access Protect on a Specific Browser.

Browser-specific access failures are most often caused by third-party software, such as a browser extension or an application on the computer.

Common extensions, software, and other features known to cause issues include:

  • uBlock Origin
  • Privacy Badger
  • WebRTC Leak Prevent
  • Various VPN services, such as Tunnelbear
  • Ad or traffic blockers that interfere with WebRTC connectivity

To troubleshoot browser issues:

  1. Disable all suspected third-party security or privacy-related browser extensions and software.
  2. If you can now access Protect, re-enable the extensions and software one at a time, and test your Protect access after each one. This will help you identify the inhibiting software.
  3. (For Chrome only) Disable the feature flag Anonymize local IPs exposed by WebRTC:
    1. Copy and paste the following into your address bar: chrome://flags/#enable-webrtc-hide-local-ips-with-mdns
    2. Select "Disabled," then restart Chrome.

Once you've found the inhibiting software, leave it disabled or uninstall it. If it’s essential, consult the software's documentation for further guidance on how to configure it so it doesn't prevent Protect access.

I'm a New User and See a "No Controllers Detected" Notification.

If you’re a new user and see a "No Controllers Detected" notification after trying to access the Protect web application:

  1. Make sure that your UniFi Console and Protect application versions are up to date.
  2. Make sure that you have permission to remotely access the UniFi Protect application. For more information, see UniFi Protect - Add and manage users .
  3. Ensure that you are a verified and active user by going to unifi.ui.com, clicking on your UniFi Console, navigating to the Users menu, and checking your user status.
  4. If this doesn't resolve the issue, delete the custom users and user roles created, reboot the UniFi Console, and recreate the users:
    1. Log in to your UniFi Console from the Owner account.
    2. Go to unifi.ui.com, click on your UniFi Console, navigate to the Users menu, and delete all custom users and user groups. 
    3. Click on the dot grid icon in the top-right corner of the dashboard, navigate to Protect > Roles, and delete all custom user roles. 
    4. Click on the dot grid icon in the top-right corner of the dashboard, click the Settings > Advanced tab on the left side of the following screen, and click "Restart Device."
    5. Once the device reboots, log in again with the Owner account and recreate all desired users, groups, and roles. 

Advanced Troubleshooting

Ensure That a WebRTC Connection Can be Established.

UniFi Protect uses WebRTC technology to establish connections between your UniFi Console and client devices through NAT and firewalls, such as a UniFi Gateway, without requiring explicit port forwarding or the revision of firewall rules.

Typically, you won’t need to make any changes to your network, device, or client configurations in order to access Protect locally or remotely.

To establish a WebRTC connection needed to access Protect, both networks (i.e., the one that your Protect application connects to and the one that your client device(s) connect to) must meet these requirements:

  • Reliable access to Internet and DNS service
  • Adequate bandwidth for basic connectivity and video transfer
  • Outbound TCP connection capability on Port 443
  • Outbound UDP connection capability on Ports 0–65535

Note: Port forwarding is not required for TCP or UDP connectivity.

  • A firewall configured to accept solicited, inbound UDP traffic
  • No network security appliances (e.g., IPS) or services blocking WebRTC (e.g., STUN or DTLS)
  • No gateways configured to use Symmetric NAT, which either block peer-to-peer connections, force the use of a relay server (i.e., TURN), or cause said relay to fail

Note: For more information on the technical aspects of WebRTC, please visit webrtc.org.

 

Troubleshooting WebRTC Connection Issues Caused by Symmetric NAT

Symmetric NAT, while uncommon, can cause issues when establishing WebRTC and other peer-to-peer connections because it does not maintain a 1:1 port mapping ratio for established connections, causing them to fail.

If that happens, WebRTC will attempt to connect via a relay server (i.e., TURN), which will result in either poor connection quality or outright connection failure.

If you are behind a Symmetric NAT, you can either:

  • Establish a VPN connection between the client device and Protect; or
  • Configure your router to a mode other than Symmetric NAT, such as Cone NAT.

The UniFi Console which has the UniFi Protect application installed will automatically detect and log Symmetric NAT on its side but will be unable to determine the NAT type on the clients’ side.

If you suspect Symmetrical NAT on the console-side connection:

  1. Establish an SSH connection to your UniFi Console.
  2. Execute the following command: grep -Ri "symmetric" /srv/unifi-protect/logs

Any results will confirm that the connection failed due to Symmetric NAT.

 

Troubleshooting issues with a particular network

If you identify connectivity problems within a particular network, focus your troubleshooting efforts there. For example, if you can connect to your business’ Protect deployment from home, but not at a different office, focus on troubleshooting the latter network.

If you can't access Protect from any remote location, focus first on the application’s on-site network.

In both cases:

  1. Verify that the UniFi Console which has Protect installed, and is managing all client devices, has a stable internet connection, including a valid gateway IP and DNS servers. Some DNS providers are known to cause problems, such as 1.1.1.1. Try changing it to Google's 8.8.8.8.
  2. Verify that selected DNS servers properly resolve the following domains:
    1. Device.svc.ubnt.com
    2. Device.amplifi.com
    3. Global.stun.twilio.com
    4. Global.turn.twilio.com
  3. Review your firewall configuration to ensure it meets the requirements listed in the WebRTC section. If you’ve configured custom firewall rules, try disabling them temporarily to test your connection.
  4. Remove any port forwards for UniFi Protect that may have been configured incorrectly.
  5. Disable any network-level security appliance or service rules intended to block WebRTC's internal protocols, STUN or DTLS. If you are using a UniFi gateway , the UniFi Intrusion Prevention System (IPS) does not require a specific configuration to prevent WebRTC connectivity blockage.
Was this article helpful?
71 out of 866 found this helpful