Hi.
So I've run into a upgrade problem on some unifi devices, sitting behind a NGFW(Next generation firewall) which has a https proxy that scans. amongst other things, HTTPS-traffic. All of a sudden upgrading the unifi devices is an issue.
I went through the Firewall logs and saw some traffic to the off site Unifi Controller on port 8080(duh), but also traffic to 52.85.253.51 on port 443. nslookups thats a IP at cloudfront.
I went ahead whitelisting the unificontroller wanip, that did not help on upgrading the AP's. Then I went whitelisting 52.85.253.51 and the AP's is upgrading just fine.
Do you guys know, if there is a FQDN i can whitelist instead? dl.ubnt.com did not help, nut it did show a single time in the logs, never to be seen again 
