Unifi Controller Unable to process received Adoption Request through Firewall
-
Current Configurations:
Both local and cloud controllers on Unifi Self hosted controller v. 8.1.113
UAP-AC-Pro firmware is: 6.6.5.5I currently have Dynamic DNS to resolve the IP change between the cloud and local hosting, an DYDNS does
Current Production works. Any Direct IP (which I never do short of testing for the current issue) or domain name configurations work.
Attempted configurations coming through the pfSense firewall seem to fail.
Old Controller is cloud hosted
- unifi.xxx.com
- X.X.X.195
New Controller is locally hosted
- test.xxx.com
- Local: 192.168.1.151
- Wan Address: X.X.X.154
DyDNS Subdomain Configuration:
Configured Aliases:
-
IP:
-
Ports:
Firewall Rules:
-
Configured Firewall NAT:
-
Firewall Rules applied to WAN:
Working:
I was able to remove a spare AP from my OLD Controller and send a:
set-inform http://192.168.1.151:8080/inform
And it was received on the new controller, but this was all done over the local LANWhile SSH'd into the AP I am able to Ping the DYDNS
While SSH'd into AP I can send a:
set-inform http://XXX:8080/inform
And the device will show up for adoption in either controller.Oddly sending the request to the locally hosted controller also results in the cloud controller showing the unit for adoption as well, where I can adopt and it works fine.
Only in the cloud hosted will the device actually enroll.
On the Locally hosted controller the status changes to "Adopting" or "Click to Learn More". Second one being a link that brings up this informational window.
Not Working:
Actually adopting AP (presumable anything) on self hosted controller.
-
I have noticed that the Unifi Controller software has become increasingly dependant on background links "phoning home". Last time I ran a local traffic audit I found packets from the controller to muliple mystery sites. After adding firewall rules to block the traffic, I found I could no longer adopt new devices.
Maybe check the current documentation for your controller version for required TCP and UDP ports.
cheers