Required Ports for UniFi Network Controller

When setting up a UniFi Network Server, correctly configuring network ports is crucial for ensuring smooth communication between devices and applications. This guide provides an in-depth reference to the UDP and TCP ports used by UniFi, particularly relevant for those managing a self-hosted UniFi Network Server or utilizing third-party devices and firewalls. While a full UniFi deployment is recommended for seamless integration and optimal compatibility, this guide covers the essential ports needed for various deployment scenarios.

Local Ingress Ports (Incoming)

The following table lists the ports required for local communication within a UniFi Network environment. These ports must be open to ensure proper device functionality and communication within the network.

ProtocolPort NumberUsage
TCP/UDP53Used for DNS services. Essential for Guest Portal redirection, software updates, and remote access.
UDP3478Utilized for STUN (Session Traversal Utilities for NAT).
UDP5514Used for remote syslog capture, enabling centralized logging.
TCP8080Facilitates device and application communication.
TCP443Handles the application GUI/API, accessible through web browsers.
TCP8443Also used for application GUI/API, specifically when running on a UniFi Console.
TCP8880Used for HTTP portal redirection, typically for guest access.
TCP8843Handles HTTPS portal redirection for secure guest access.
TCP6789Facilitates UniFi mobile speed test operations.
TCP27117Manages local-bound database communication for UniFi applications.
UDP5656-5699Reserved for AP-EDU broadcasting, allowing audio announcements over the network.
UDP10001Used for device discovery, crucial for initial setup and management.
UDP1900Enables “Make application discoverable on L2 network” in the UniFi Network settings.
UDP123Utilized by NTP (Network Time Protocol) for synchronizing date and time, essential for secure remote access.

Note: Although TCP port 22 is not used by default in UniFi Network operations, it is commonly employed for SSH access to UniFi devices or the Network application.

Ingress Ports Required for L3 Management Over the Internet (Incoming)

For remote management of the UniFi Network application, particularly over the internet, the following ports must be open on both the gateway/firewall and the machine running the UniFi Network application. These ports facilitate secure and effective management from remote locations.

ProtocolPort NumberUsage
UDP3478Used for STUN, enabling devices behind NAT to communicate with the controller.
TCP8080Facilitates communication between devices and the UniFi Network application.
TCP443Handles secure access to the application GUI/API via a web browser.
TCP8443Also used for GUI/API access when the application is running on a UniFi Console.
TCP6789Reserved for UniFi mobile speed tests, allowing remote performance checks.
TCP8880Used for HTTP portal redirection, necessary if utilizing a Guest hotspot.
TCP8843Used for HTTPS portal redirection, also for Guest hotspot setups.

Egress Ports Required for UniFi Remote Access (Exiting)

To enable remote access to the UniFi Network, the following egress ports must be open. These ports are typically open and unrestricted by default, allowing the UniFi Network to communicate with external services and devices effectively.

ProtocolPort NumberUsage
TCP/UDP53Used for DNS services, crucial for Guest Portal redirection, updates, and remote access functionality.
UDP3478Utilized for STUN, allowing seamless NAT traversal.
TCP/UDP443Used for Remote Access service, ensuring secure communication with external servers.
TCP8883Specifically used for Remote Access services.
UDP123Managed by NTP for time synchronization, critical for maintaining secure communication protocols.

Changing Default Ports

For users operating a self-hosted UniFi Network Server on Windows, macOS, or Linux, there may be situations where changing the default port assignments is necessary. This can be done by following these steps:

  1. Close the UniFi Network Application: Ensure that any running instances of the UniFi Network application are fully closed before proceeding.
  2. Modify the system.properties File: Locate the system.properties file, typically found in the directory <unifi_base>/data/system.properties.
  3. Adjust the Port Settings: For example, if port 8081 is currently in use and port 8089 is available, you would change the line unifi.shutdown.port=8081 to unifi.shutdown.port=8089.
  4. Restart the UniFi Network Application: Once the changes are made, restart the application to apply the new port settings.

Important: Ensure there are no leading or trailing spaces, comments, or other characters (such as #) in the custom lines within the system.properties file. Any such characters can cause the UniFi Network application to ignore the custom configurations.

Conclusion

Proper port configuration is vital for the efficient operation of a UniFi Network Server, particularly when managing devices both locally and remotely. By understanding and applying the port settings outlined in this guide, you can ensure smooth communication across your network infrastructure.

For the most current information on required ports and additional configuration options, please refer to the official Ubiquiti Required Ports Reference.


Categories:

Tags:

About The Author: