Reply
New Member
Posts: 9
Registered: ‎04-20-2018
Kudos: 1

Unifi video cloud access port question

[ Edited ]

Hi all - I've got a strange situation that I'm hoping you can help me figure out. I have a self-made NVR running Unifi Video 3.9.11. Loading the web interface locally (i.e. on the same LAN and connecting to the NVR directly) works fine. Accessing the NVR via the Unifi cloud service is giving me some problems, but only for some connections - read on:

 

On my USG that controls my LAN, I have a standard rule that allows all established and related connections inward and outward and a rule that allows all UDP out. Most of my LAN has an outward "block all" by default and a long list of ports that I've opened outward for various reasons. There is a block of IPs (one whole class C), though, that I do not block any outgoing ports for (basically used for testing). Browser clients with a LAN IP in this block can connect to the Unifi cloud server and connect through to my NVR without issue (though it does take about 30 seconds to load the server's cameras and such - I've been just dealing with that, but I mention it in case it's a sign of something else). LAN browser clients who are NOT in that IP block can connect and authenticate to the Unifi cloud server but then get stuck "Connecting..." to my NVR until the client gets the "Cannot Connect to NVR" pop up.

 

I've tested this with the same machine, going back and forth between IP addresses: In the unfettered block = connection. Not in the unfettered block = no connection. Thus, I don't think it's a cookie or cache problem in the browser. I don't think it's an inbound connection issue, because there is no difference in inbound rules between the unfettered IP block and the rest of the LAN. Connections via the Unifi cloud service from off-network (say, from my home conenction) also work fine, so it definitely seems like it's some blockage on my general LAN.

 

To add more information, the Unifi video Android and iOS apps work fine via the cloud route on either the unfettered IP block or the rest of the LAN (though they too have the ~30 seconds delay, in case that matters).

 

So, anyone have any clue what kind of outbound connections I need to allow so that browser clients in the main block of the LAN can connect through the Unifi cloud service to my NVR? Thanks for your time.

Highlighted
New Member
Posts: 9
Registered: ‎04-20-2018
Kudos: 1

Re: Unifi video cloud access port question

[ Edited ]

As a follow up, after doing some tcpdump investigating, it seems that TCP port 8848 is necessary and perhaps TCP port 3478. In my brief testing, it seems that there's some connection between port 3478 being open and client load time. Still more testing to do on that, though.

Reply