How to Access the UniFi Controller by WAN IP or Hostname on a UDM (PRO)

How to Access the UniFi Controller by WAN IP or Hostname on a UDM (PRO)

More and more of our captive portal customers have been asking for instructions on how to access the UniFi controller/Network Application by the public IP address or hostname when using a UDM, UDM PRO, or UDR gateway.

The following instructions apply to most situations where external access to the web interface or API is required, when in doubt please make sure to contact your solution provider.

These instructions assume you are using the Classic/Legacy Interface. In the future, we plan on updating this post with instructions based on the New Interface.


Create firewall rule

  • Open de UniFi Controller/Network Application
  • Navigate to Settings > Routing & Firewall > Firewall > WAN LOCAL
  • Select Create New Rule
  • Apply the following values to the respective fields:
    • Name: apply a logical name, e.g. WAN access
    • Rule Applied: Before pre-defined rules
    • Action: Accept
    • IPv4 Protocol: TCP
    • Destination: Create and save a new port group with port 443 in the group
  • Save the Firewall Rule
  • The Firewall Rules for WAN LOCAL should now look like this:

Optional source restrictions

To restrict access you can also apply a “source restriction” to this Firewall Rule to make the access only available to certain external IP addresses. Create an IPV4 Address Group in the Source section containing the external IP addresses that are allowed access. All other addresses are denied access.

The Port Group and MAC address settings in the Source section can remain untouched.


Access by hostname

In cases where the gateway has a dynamic public IP address or where WAN failover is used it is necessary to use a dynamic hostname to access the UDM, UDM PRO, or UDR from the internet.

  • Navigate to Settings > Services > Dynamic DNS
  • Select Create New Dynamic DNS
  • Select a service provider and follow their instructions
  • Once set up correctly you can access the web interface through a URL structured like so:
    • https://my-dynamic-hostname.ddns.net:443

Local Account

For API access to a UniFi OS device such as the UDM, UDM PRO, and UDR a local admin account is required. Please follow these steps to create one:

  • Open the UniFi OS Console
  • Select Users > Add User
  • Create a user account similar to this example:
  • Save the user account

You can then access the API using the Local Username and the Password you just created for the account.


Testing & Verification

To verify that the Firewall Rule has been properly configured, try to access the UDM/UDM PRO/UDR by its WAN IP, its dynamic hostname or the hostname associated with the IP address. If the test does not provide the desired results, check any source IP restrictions configured. If the Firewall Rule appears to be applied properly, advanced troubleshooting with tcpdump may provide the clearest indication of the issue. Please open a topic on the community if you need any help.


Suggestions/feedback

Please let us know if you have any comments or suggestions on how we can improve these instructions.

Having worked in the IT industry for many years, Erik has gained broad experience in many IT-related aspects such as security, network management and design and service management. Erik founded Art of WiFi in 2016 to help improve the WiFi experience for as many users and companies as possible.

0 Comments

Leave a reply

Your email address will not be published.

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.