UniFi - UDM Pro: How to Access the UniFi Controller by WAN IP or Hostname


This article will answer the question of how to access the UniFi Network Controller on the UDM platform by IP or hostname.

This article applies only to theUniFi Dream Machine Pro (UDM-Pro).

Table of Contents

  1. Introduction
  2. Network Diagram
  3. Steps: How to Access the Controller via IP
  4. Testing & Verification
  5. Related Articles


Back to Top

Users may wish to access the UniFi-OS local portal by IP in certain situations. Since the local portal is on the UDM Pro, and not on a host that is on the LAN, a firewall pin-hole is suggested instead of port forwarding as would be done on other hosts (see Related Articles below).

NOTE:Applying a port forward rule to a UDM Pro LAN IP will provision a destination network address translation (DNAT) rule and is not recommended.

Network Diagram

Back to Top


Steps: How to Access the Controller via IP

Back to Top

1. Open the UniFi Network Controller.

2. Navigate to Settings > Routing & Firewall > Firewall > WAN_LOCAL.

3. Select "Create New Rule".

4. Fill in the fields with the following information:

Action : Accept
IPv4 Protocol : TCP
Rule Applied : Before pre-defined rules
Destination : Create a new port group with port 443 in the group

  • If desired, also apply a "source restriction" to this rule to make the access only available to certain IP addresses.
  • When restricting direct access to UniFi-OS on a dual-WAN configuration also indicate the proper destination IP in this firewall rule.

5. Click "Save".

Testing & Verification

Back to Top

To verify that the firewall pin-hole has been properly configured, try to access the UDM Pro by its WAN IP or hostname associated with the IP. If the test does not provide the desired results, check any source IP restrictions configured. If the rule appears to be applied properly, advanced troubleshooting with tcpdump may provide the clearest indication of the issue. 

CLI: Access the command line interface (CLI). You can do this by using a program such as PuTTY.


tcpdump -npi eth8 dst port 443 and host <WAN1_IP_ADDRESS_HERE>


tcpdump -npi eth9 dst port 443 and host <WAN2_IP_ADDRESS_HERE>

For further support please reach out to the UniFi Support Team. 

Related Articles

Back to Top

UniFi - USG Port Forward: Port Forwarding Configuration and Troubleshooting

Was this article helpful?
21 out of 54 found this helpful
Can't find what you're looking for?
Visit our worldwide community of Ubiquiti experts for more answers
Visit the Ubiquiti Community