Upgrading not working, unless...

klausgodtkjaer · ‎12-05-2016

Hi.

So I've run into a upgrade problem on some unifi devices, sitting behind a NGFW(Next generation firewall) which has a https proxy that scans. amongst other things, HTTPS-traffic. All of a sudden upgrading the unifi devices is an issue.

I went through the Firewall logs and saw some traffic to the off site Unifi Controller on port 8080(duh), but also traffic to 52.85.253.51 on port 443. nslookups thats a IP at cloudfront.

I went ahead whitelisting the unificontroller wanip, that did not help on upgrading the AP's. Then I went whitelisting 52.85.253.51 and the AP's is upgrading just fine.

Do you guys know, if there is a FQDN i can whitelist instead? dl.ubnt.com did not help, nut it did show a single time in the logs, never to be seen again

bzimmerman · ‎01-05-2018

I've had a similar issue with NTP and Lightspeed on our school network. Our Apple devices would never get NTP from time.apple.com and our UAPs wouldn't get NTP on boot. Ended up getting a list of IPs that Apple uses for NTP and having to approve IPs instead of FQDNs in the filter and then I changed my UniFi controller to just use several of the approved IPs for NTP.

Someone from UBNT will have to comment as to whether that update IP is static or not for this. You might also consider putting your UBNT devices into a specific VLAN, or address range and excuse those devices from SSL inspection. I've had to do that for certain devices, or even certain domains from certain devices (some Android devices will always think they have no internet connection on wifi if I don't give *.google.com a SSL scan exception from that domain. Which sucks, because I then lose the ability to see search queries from those devices).

klausgodtkjaer · ‎12-05-2016

Thanks for the input.

I guess I will have to write directly to UBNT support then

Upgrading not working, unless...

Re: Upgrading not working, unless...

Re: Upgrading not working, unless...

Company

In the News

Training

Buy Now

Social