Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

×
Reply
New Member
Posts: 16
Registered: ‎05-14-2012
Kudos: 3

Firewall - ports to open

Hi,

Our unifi controller is installed on a Windows 7 machine, at the moment I have disabled the firewall on the Windows 7 and also configured our network firewall to allow everything to the Windows 7 machine (don't worry this is just a test environment).

Now the time is nearing where we are thinking of moving to production, what ports do we need to open up on our firewall to make this work?

Note: Our unifi controller is on the same VLAN as the APs.
Also, one SSID uses the guest portal, this uses a commercial ISP outside our network and once client connect it can only talk to the unifi controller (in guest portal mode) through it's public IP which initially we had trouble because we didn't allow the controller's public IP on the guest portal's allowed subnets! Man Wink

Please advise. Thanks!


Vito
SuperUser
Posts: 5,587
Registered: ‎01-10-2012
Kudos: 2599
Solutions: 266

Re: Firewall - ports to open

from the FAQ: wiki.ubnt.com/UniFi_FAQ#How_can_I_run_UniFi_Controller_on_different_ports
Open the config file listed and all the ports required are there.
When you receive a solution to your question/issue, don't forget to mark your thread as solved and to give kudo's to the people who have helped you out!
New Member
Posts: 2
Registered: ‎03-16-2016
Kudos: 1

Re: Firewall - ports to open

correct ports to open are as follows.

TCP: 8080, 8443, 8880, 8843

UDP: 3478, 10001

New Member
Posts: 8
Registered: ‎04-02-2016
Solutions: 1

Re: Firewall - ports to open

For sure this is from the local network to the firewall

Is it also neccesarry to open these ports the other wat around (so from the firewall to the local network)?

New Member
Posts: 1
Registered: ‎02-17-2017

Re: Firewall - ports to open

Well, this link no longer goes anywhere definitive. It goes (as of Mar'17) to a page listing dozens of articles of which the one indicated is not a part of.

 

I'm still looking at my windows 7 box no longer communicates with any of my UniFi's (they are all in the disconnected stated). I'm guessing that updating/upgrading Java recently had something to do with this, but even with the latest controller software, they still aren't communicating.

 

If I turn off windows firewall, things start to work.  But of course thats a bad situation. It also indicates to me that Ubiquity didn't factor things into their installer like opening ports for communications as I have uninstalled and reinstalled the latest software with no depreciable effect.

 

Marcos

 

SuperUser
Posts: 5,587
Registered: ‎01-10-2012
Kudos: 2599
Solutions: 266

Re: Firewall - ports to open


mdella wrote:

 

I'm still looking at my windows 7 box no longer communicates with any of my UniFi's (they are all in the disconnected stated). I'm guessing that updating/upgrading Java recently had something to do with this, but even with the latest controller software, they still aren't communicating.

 

If I turn off windows firewall, things start to work.  But of course thats a bad situation. It also indicates to me that Ubiquity didn't factor things into their installer like opening ports for communications as I have uninstalled and reinstalled the latest software with no depreciable effect.

 


Yup, the Unifi installer creates application specific firewall rules.  And more often than not, a Java upgrade will cause them to no longer match.  

 

Go into your Windows Firewall and write down the settings for all the current Unifi firewall rules - ports, TCP/UDP, etc. and then just create them as generic port rules.  You can delete or leave the Unifi rules created by the installer - your choice.

 

Those application based Windows firewall rules are more trouble than they are worth IMNSHO.  Then again, if nothing can communicate on the port the box really is secure so there is that Roll Eyes (Sarcastic)

When you receive a solution to your question/issue, don't forget to mark your thread as solved and to give kudo's to the people who have helped you out!
Reply