Support Downloads Community

UniFi Video is an obsolete product line.

This application and its related devices will no longer receive any manner of technical support, including functional and security updates. Additionally, there will be no further updates to Help Center content pertaining to UniFi Video.

UniFi - UDM Pro: How to Access the UniFi Network Application by WAN IP or Hostname


This article will answer the question of how to access the UniFi Network application on the UDM platform by IP or hostname.

This article applies only to theUniFi Dream Machine Pro (UDM-Pro).

Table of Contents

  1. Introduction
  2. Network Diagram
  3. Steps: How to Access the Application via IP
  4. Testing & Verification
  5. Related Articles


Back to Top

Users may wish to access the UniFi-OS local portal by IP in certain situations. Since the local portal is on the UDM Pro, and not on a host that is on the LAN, a firewall pin-hole is suggested instead of port forwarding as would be done on other hosts (see Related Articles below).

NOTE: Applying a port forward rule to a UDM Pro LAN IP will provision a destination network address translation (DNAT) rule and is not recommended.

Network Diagram

Back to Top


Steps: How to Access the Application via IP

Back to Top

1. Open the UniFi Network application.

2. Navigate to Settings > Routing & Firewall > Firewall > WAN_LOCAL.

3. Select "Create New Rule".

4. Fill in the fields with the following information:

Action : Accept
IPv4 Protocol : TCP
Rule Applied : Before pre-defined rules
Destination : Create a new port group with port 443 in the group

  • If desired, also apply a "source restriction" to this rule to make the access only available to certain IP addresses.
  • When restricting direct access to UniFi-OS on a dual-WAN configuration also indicate the proper destination IP in this firewall rule.

5. Click "Save".

Testing & Verification

Back to Top

To verify that the firewall pin-hole has been properly configured, try to access the UDM Pro by its WAN IP or hostname associated with the IP. If the test does not provide the desired results, check any source IP restrictions configured. If the rule appears to be applied properly, advanced troubleshooting with tcpdump may provide the clearest indication of the issue. 

CLI: Access the command line interface (CLI). You can do this by using a program such as PuTTY.


tcpdump -npi eth8 dst port 443 and host <WAN1_IP_ADDRESS_HERE>


tcpdump -npi eth9 dst port 443 and host <WAN2_IP_ADDRESS_HERE>

Related Articles

Back to Top

UniFi - USG Port Forward: Port Forwarding Configuration and Troubleshooting

Was this article helpful?
49 out of 139 found this helpful