Reply
Veteran Member
Posts: 4,225
Registered: ‎05-19-2009
Kudos: 598
Solutions: 18

getting ready to attach a Public IP to our UCRM Server what is the recommended method?

We moved UCRM to its own server no longer have UNMS fighting for ports

 

 

Whats the Recommend Method for the most secure Public UCRM Deployment?

 

 

A : have the server behind NAT and Firewall Forward ports 80, 81, 443 out the WAN IP of our Core WISP WAN IP (Mikrotik)

 

B : Bridge the UCRM Server its own Public IP lock Ubuntu Ports to only allow 80,81,443

 

What's everyone else doing?

Veteran Member
Posts: 4,225
Registered: ‎05-19-2009
Kudos: 598
Solutions: 18

Re: getting ready to attach a Public IP to our UCRM Server what is the recommended method?

@UBNT-Petr

 

 

can UCRM support dual NIC's?

 

NIC 1 with Public IP

 

NIC 2 With the private IP to control the CPE Radios

 

 

would that be the config we would want?

 

 

Ubiquiti Employee
Posts: 3,401
Registered: ‎12-10-2015
Kudos: 1217
Solutions: 264

Re: getting ready to attach a Public IP to our UCRM Server what is the recommended method?

What exactly do you mean by the support of dual NICs? UCRM is a web app which can be deployed on a server which is connected to your network. This connection can be handled by dual NICs but how does it affect UCRM and its features?
Highlighted
Member
Posts: 127
Registered: ‎04-18-2016
Kudos: 15
Solutions: 1

Re: getting ready to attach a Public IP to our UCRM Server what is the recommended method?

[ Edited ]

@900mhzdude wrote:

@UBNT-Petr

 

 

can UCRM support dual NIC's?

 

NIC 1 with Public IP

 

NIC 2 With the private IP to control the CPE Radios

 

 

would that be the config we would want?

 

 


 

I recently switched over my UNMS/UCRM/Unifi/Air Control to all seperate VM's on a server.  We are running a Apache2 server on a ubuntu VM reverse proxing subdomains to each machine.  That way only the apache2 server is internet facing and is using fail2ban to ban anyone spamming it or ssh probing bot nets.

 

setup for UNMS and UCRM> https://help.ubnt.com/hc/en-us/articles/115015690207-UNMS-Reverse-Proxy

 

 

Also ours is NAT'd to a public IP so no need to assign a public IP to a deicated port on a router.  Just NAT the apache2 server with a public and point that to the internal UNMS/UCRM servers.

Reply