• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Unifi Controller Unable to process received Adoption Request through Firewall

Scheduled Pinned Locked Moved NAT
2 Posts 2 Posters 448 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • 8
    8ayM
    last edited by Apr 21, 2024, 5:10 PM

    Current Configurations:

    Both local and cloud controllers on Unifi Self hosted controller v. 8.1.113
    UAP-AC-Pro firmware is: 6.6.5.5

    I currently have Dynamic DNS to resolve the IP change between the cloud and local hosting, an DYDNS does

    Current Production works. Any Direct IP (which I never do short of testing for the current issue) or domain name configurations work.

    Attempted configurations coming through the pfSense firewall seem to fail.

    Old Controller is cloud hosted

    • unifi.xxx.com
    • X.X.X.195

    New Controller is locally hosted

    • test.xxx.com
    • Local: 192.168.1.151
    • Wan Address: X.X.X.154

    DyDNS Subdomain Configuration:
    c6eaa728-51a3-4d92-8008-7a1fc3e7780a-image.png

    Configured Aliases:

    • IP:
      a2b79698-2b46-4fef-b6a7-6f13e3ea6700-image.png

    • Ports:
      0ca45898-bda9-41aa-a2a8-e262df64b207-image.png

    Firewall Rules:

    • Configured Firewall NAT:
      16293401-321a-4e93-b8b3-7214bbce2f97-image.png

    • Firewall Rules applied to WAN:
      72f5daa4-6d92-401b-8282-5424bc9b2859-image.png

    Working:

    I was able to remove a spare AP from my OLD Controller and send a:
    set-inform http://192.168.1.151:8080/inform
    And it was received on the new controller, but this was all done over the local LAN

    While SSH'd into the AP I am able to Ping the DYDNS

    While SSH'd into AP I can send a:
    set-inform http://XXX:8080/inform
    And the device will show up for adoption in either controller.

    Oddly sending the request to the locally hosted controller also results in the cloud controller showing the unit for adoption as well, where I can adopt and it works fine.

    Only in the cloud hosted will the device actually enroll.

    On the Locally hosted controller the status changes to "Adopting" or "Click to Learn More". Second one being a link that brings up this informational window.
    23ba3c2e-f6dd-4769-ad4b-9dce605c7556-image.png

    Not Working:

    Actually adopting AP (presumable anything) on self hosted controller.

    1 Reply Last reply Reply Quote 0
    • G
      grey63
      last edited by Apr 22, 2024, 5:05 AM

      I have noticed that the Unifi Controller software has become increasingly dependant on background links "phoning home". Last time I ran a local traffic audit I found packets from the controller to muliple mystery sites. After adding firewall rules to block the traffic, I found I could no longer adopt new devices.

      Maybe check the current documentation for your controller version for required TCP and UDP ports.

      cheers

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received