02-14-2018 11:46 PM
I can access the GUI locally but externally I can't.
I added the WAN IN rule to allow 80,443 and put the public IP in the destination but it is not accessible remotely.
I have NAT enabled and the port forwards work to the internal devices.
Do I need to make a port forward for 80 and 443 to the router address?
02-15-2018 12:10 AM
I would highly recommend against exposing your config WebGUI to the internet as it is exposes your router to potential ha let’s for hijacking and other malicious acticities. Ssh is better, and vpn even better than that. If you do go with the web exposed to the internet, make sure you have very strong security in place (long username, complex password, limited ips allowed to access, etc).
With all of that said, you need to modify your WAN_LOCAL rules, not your WAN_IN.
Finally, update the firmware so your device has the latest security updates, among other fixes, optimization’s, and feature additions. v1.10.0 just came out recently
02-15-2018 12:14 AM - edited 02-15-2018 12:22 AM
How can you manage your router via the mobile app if you don't open up the GUI.
I was hoping to change the web port from 80 to something else.
I also tried the WAN Local adding a new rule to allow TCP to 80 and 443 but no go.
I looked for firmware and it looks like only 1.9.7 is out.
02-15-2018 09:37 AM
Let's take a step back for a moment...
What are you trying to do? Are you attempting to use the mobile app while connected to your LAN or while in a remote location?
And, especially if you're doing this remotely, what specific administration tasks are you attmpting to accomplish?
The mobile app is much less mature than the web GUI, so there is far less capability exposed in that mobile app than if you log in via the standard web GUI. Both should work without any additional modifications while you are connected to the LAN. If you are trying to work remotely, depending on the tasks, you may still want to do that with the web GUI anyway. But whichever way you actually administer the system, you'll be far better off from a security standpoint if you choose to use SSH or VPN.
Regarding the firmware: yes, 1.9.7 was probably the current on the downloads when you checked last, but literally in the last few hours, the site has been updated.
02-15-2018 10:10 AM
Oh, and FWIW, you must be running EdgeMax firmware 1.9.0 or higher if you want to use the mobile app (minimum requirements as listed in the app description).
02-15-2018 02:31 PM
Thanks for the reply,
yes I don't really want to manage the router as such. I just want to be able to logon to the router to get the stats, like what device has done what, bandwidth checking etc.
I can't seem to get the Andriod Unifi app connected to the router that is why I thought it had something to do with it not being accessible remotely.
The app is looking for port 8443.
Many thanks for the reply
02-15-2018 02:53 PM
The unifi app is not going to work -- it is only for the unifi equipment, not the EdgeMax line.
The appropriate app for the EdgeMax stuff is the UNMS app (at least on iOS). It requires firmware v1.9.0+ on your router. It is not yet mature enough to provide statistics -- you need the regular web UI for that function (assuming traffic analyis enabled).
The EdgeMax traffic analysis is not as good as the Unifi DPI feature, but for that you'd want to use a Unifi Security Gatway (hardware) instead of an EdgeMax device.
Do you need to get the stats remotely? Or is this something you will only need to do when you're on your LAN?
02-15-2018 02:57 PM
I would like it remotely as I am using this hardware and I like the interface.
I want to put it in for customers and manage my sites from either mobile/tablet for diagnosing internet issues and connectivity.
perhaps I need to re-look at the hardware and setups for the sites.
Most would be a Router, a unifi SP and a switch.
02-15-2018 03:04 PM
Also still on topic.
The UNMS is looking for port 443 and it appears closed.
Also it can connect to UNMS web controller. Is this something you could setup or register for so you could manage your sites?
02-15-2018 03:29 PM
I have not used the UMNS management system (different than the mobile app, and maybe running the full UNMS system will expose more features within the mobile app), but it is probably something you should look at if you are managing multiple sites remotely.
Alternatively, you could move everything to Unifi which has a very nice controller and the ability to have multiple unique sites all manageable from a single controller system -- Unifi is a bit less flexible (currently) than EdgeMax when it comes to some of the advanced features and firewall stuff (in terms of what is exposed to be adjusted via GUI), but is often considered easier to use and has the benefit of being a one-stop-shop for managing a full system (router + switches + APs). Unifi's feature set is continually growing and catching up with EdgeMax.
UNMS is linux only, Unifi is Linux/Mac/Win. There are several methods to have good remote-control options, and I think a lot of people are spin up a cloud-VM for these management consoles since it is cheap and easy.
Given that these tools exist, you should really avoid opening the web management console to the internet for each site. Opening these to the web is a recipe for disaster (security risks) and not an appropriate way to manage multiple customer sites. You can always do a per-site VPN if you don't want to use a central controller.
Regarding your port 443 being closed... first, I think that's okay based on my above statement. But if you are really intent on opening it...
-- have you updated your firmware yet?
-- post your sanitized config to this forum (use a code+spoiler tag in the rich text editor) -- ssh into the device and then copy and paste the output from "show configuration | cat" (be sure to remove any sensitive/identifiable information including your username/password for the login).
02-15-2018 03:43 PM
Thanks for the Reply.
I want to trial it on my device to see what info I could get out of it.
So if I am using the wrong product line, may need to rethink setups for customers.
If opening up 443 to the internet is a risk I would prefer to take your advice on that.
I did upgrade to 1.10 and now on the GUI it has a UNMS icon but it says disabled.
I would assume I need a UNMS controller running somewhere on the local subnet.
Would I get more stats out of the UNMS than that of the Edgemax GUI?
Sorry for the questions I like the product and just want to get it right for myself first then deploy it for customers.
02-15-2018 04:04 PM
Yes, you'll need a UNMS instance to properly enable the feature on the router. You can download and install it onto a linux box or linux VM on your network and try it out. I don't think that UNMS needs to be on a local subnet -- it should be possible to host it anywhere (i.e. on a cloud/VM or at another location in general), but you should see if that does what you want before worrying about how/where to host a multi-site/customer controller.
I don't know the answers to the rest of your questions about the UNMS and statistics, but if you do some research on both the UNMS environment and Unifi devices and controller software, you should be able to find the products that work for your needs.
If you have specific questions about the capabilities of the systems, I'd recommend starting targeted threads with appropriate titles to get better answers from the community. When posting, specify your application/use-case/requirements so people can give you the best/relevant info and advice.
02-15-2018 04:35 PM
Yes, the Unifi CK is a good setup. Since the EdgeRouter is not controllable/monitorable by the Unifi controller, you'll most likely want to switch to the USG instead of the ER so that you can take full advantage of the integration, statistics, and monitoring.