Overview
This article will answer the question of how to access the UniFi Network Controller on the UDM platform by IP or hostname.
Table of Contents
- Introduction
- Network Diagram
- Steps: How to Access the Controller via IP
- Testing & Verification
- Related Articles
Introduction
Users may wish to access the UniFi-OS local portal by IP in certain situations. Since the local portal is on the UDM Pro, and not on a host that is on the LAN, a firewall pin-hole is suggested instead of port forwarding as would be done on other hosts (see Related Articles below).
Network Diagram
Steps: How to Access the Controller via IP
1. Open the UniFi Network Controller.
2. Navigate to Settings > Routing & Firewall > Firewall > WAN_LOCAL.
3. Select "Create New Rule".
4. Fill in the fields with the following information:
Action : Accept
IPv4 Protocol : TCP
Rule Applied : Before pre-defined rules
Destination : Create a new port group with port 443 in the group
- If desired, also apply a "source restriction" to this rule to make the access only available to certain IP addresses.
- When restricting direct access to UniFi-OS on a dual-WAN configuration also indicate the proper destination IP in this firewall rule.
5. Click "Save".
Testing & Verification
To verify that the firewall pin-hole has been properly configured, try to access the UDM Pro by its WAN IP or hostname associated with the IP. If the test does not provide the desired results, check any source IP restrictions configured. If the rule appears to be applied properly, advanced troubleshooting with tcpdump may provide the clearest indication of the issue.
WAN 1
tcpdump -npi eth8 dst port 443 and host <WAN1_IP_ADDRESS_HERE>
WAN 2
tcpdump -npi eth9 dst port 443 and host <WAN2_IP_ADDRESS_HERE>
For further support please reach out to the UniFi Support Team.
Related Articles
UniFi - USG Port Forward: Port Forwarding Configuration and Troubleshooting