Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unifi Controller Unable to process received Adoption Request through Firewall

    Scheduled Pinned Locked Moved NAT
    2 Posts 2 Posters 481 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 8
      8ayM
      last edited by

      Current Configurations:

      Both local and cloud controllers on Unifi Self hosted controller v. 8.1.113
      UAP-AC-Pro firmware is: 6.6.5.5

      I currently have Dynamic DNS to resolve the IP change between the cloud and local hosting, an DYDNS does

      Current Production works. Any Direct IP (which I never do short of testing for the current issue) or domain name configurations work.

      Attempted configurations coming through the pfSense firewall seem to fail.

      Old Controller is cloud hosted

      • unifi.xxx.com
      • X.X.X.195

      New Controller is locally hosted

      • test.xxx.com
      • Local: 192.168.1.151
      • Wan Address: X.X.X.154

      DyDNS Subdomain Configuration:
      c6eaa728-51a3-4d92-8008-7a1fc3e7780a-image.png

      Configured Aliases:

      • IP:
        a2b79698-2b46-4fef-b6a7-6f13e3ea6700-image.png

      • Ports:
        0ca45898-bda9-41aa-a2a8-e262df64b207-image.png

      Firewall Rules:

      • Configured Firewall NAT:
        16293401-321a-4e93-b8b3-7214bbce2f97-image.png

      • Firewall Rules applied to WAN:
        72f5daa4-6d92-401b-8282-5424bc9b2859-image.png

      Working:

      I was able to remove a spare AP from my OLD Controller and send a:
      set-inform http://192.168.1.151:8080/inform
      And it was received on the new controller, but this was all done over the local LAN

      While SSH'd into the AP I am able to Ping the DYDNS

      While SSH'd into AP I can send a:
      set-inform http://XXX:8080/inform
      And the device will show up for adoption in either controller.

      Oddly sending the request to the locally hosted controller also results in the cloud controller showing the unit for adoption as well, where I can adopt and it works fine.

      Only in the cloud hosted will the device actually enroll.

      On the Locally hosted controller the status changes to "Adopting" or "Click to Learn More". Second one being a link that brings up this informational window.
      23ba3c2e-f6dd-4769-ad4b-9dce605c7556-image.png

      Not Working:

      Actually adopting AP (presumable anything) on self hosted controller.

      1 Reply Last reply Reply Quote 0
      • G
        grey63
        last edited by

        I have noticed that the Unifi Controller software has become increasingly dependant on background links "phoning home". Last time I ran a local traffic audit I found packets from the controller to muliple mystery sites. After adding firewall rules to block the traffic, I found I could no longer adopt new devices.

        Maybe check the current documentation for your controller version for required TCP and UDP ports.

        cheers

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.