Support Downloads Community

UniFi Video is an obsolete product line.

This application and its related devices will no longer receive any manner of technical support, including functional and security updates. Additionally, there will be no further updates to Help Center content pertaining to UniFi Video.

UniFi - UDM Pro: How to Access the UniFi Controller by WAN IP or Hostname

Overview

This article will answer the question of how to access the UniFi Network Controller on the UDM platform by IP or hostname.

NOTES & REQUIREMENTS:
This article applies only to theUniFi Dream Machine Pro (UDM-Pro).

Table of Contents

  1. Introduction
  2. Network Diagram
  3. Steps: How to Access the Controller via IP
  4. Testing & Verification
  5. Related Articles

Introduction

Back to Top

Users may wish to access the UniFi-OS local portal by IP in certain situations. Since the local portal is on the UDM Pro, and not on a host that is on the LAN, a firewall pin-hole is suggested instead of port forwarding as would be done on other hosts (see Related Articles below).

NOTE:Applying a port forward rule to a UDM Pro LAN IP will provision a destination network address translation (DNAT) rule and is not recommended.

Network Diagram

Back to Top

unifi-os-wan.png

Steps: How to Access the Controller via IP

Back to Top

1. Open the UniFi Network Controller.

2. Navigate to Settings > Routing & Firewall > Firewall > WAN_LOCAL.

3. Select "Create New Rule".

4. Fill in the fields with the following information:

Action : Accept
IPv4 Protocol : TCP
Rule Applied : Before pre-defined rules
Destination : Create a new port group with port 443 in the group

OPTIONAL PARAMETERS:
  • If desired, also apply a "source restriction" to this rule to make the access only available to certain IP addresses.
  • When restricting direct access to UniFi-OS on a dual-WAN configuration also indicate the proper destination IP in this firewall rule.

5. Click "Save".

Testing & Verification

Back to Top

To verify that the firewall pin-hole has been properly configured, try to access the UDM Pro by its WAN IP or hostname associated with the IP. If the test does not provide the desired results, check any source IP restrictions configured. If the rule appears to be applied properly, advanced troubleshooting with tcpdump may provide the clearest indication of the issue. 

CLI: Access the command line interface (CLI). You can do this by using a program such as PuTTY.

WAN 1

tcpdump -npi eth8 dst port 443 and host <WAN1_IP_ADDRESS_HERE>

WAN 2

tcpdump -npi eth9 dst port 443 and host <WAN2_IP_ADDRESS_HERE>

For further support please reach out to the UniFi Support Team. 

Related Articles

Back to Top

UniFi - USG Port Forward: Port Forwarding Configuration and Troubleshooting

Was this article helpful?
47 out of 129 found this helpful

Submit an RMA request

Visit the Ubiquiti RMA portal to submit a warranty claim for your Ubiquiti device.

Visit the RMA portal >

Plan your UniFi Deployment

Use the Design Center to design your UniFi Network using the most suitable products.

Try the UniFi Design Center >

Talk to other Ubiquiti users

Visit our worldwide community of Ubiquiti experts for more answers and solutions.

Ask the Ubiquiti Community >