When setting up a UniFi Network Server, correctly configuring network ports is crucial for ensuring smooth communication between devices and applications. This guide provides an in-depth reference to the UDP and TCP ports used by UniFi, particularly relevant for those managing a self-hosted UniFi Network Server or utilizing third-party devices and firewalls. While a full UniFi deployment is recommended for seamless integration and optimal compatibility, this guide covers the essential ports needed for various deployment scenarios.
Table of Contents
Local Ingress Ports (Incoming)
The following table lists the ports required for local communication within a UniFi Network environment. These ports must be open to ensure proper device functionality and communication within the network.
| Protocol | Port Number | Usage |
|---|---|---|
| TCP/UDP | 53 | Used for DNS services. Essential for Guest Portal redirection, software updates, and remote access. |
| UDP | 3478 | Utilized for STUN (Session Traversal Utilities for NAT). |
| UDP | 5514 | Used for remote syslog capture, enabling centralized logging. |
| TCP | 8080 | Facilitates device and application communication. |
| TCP | 443 | Handles the application GUI/API, accessible through web browsers. |
| TCP | 8443 | Also used for application GUI/API, specifically when running on a UniFi Console. |
| TCP | 8880 | Used for HTTP portal redirection, typically for guest access. |
| TCP | 8843 | Handles HTTPS portal redirection for secure guest access. |
| TCP | 6789 | Facilitates UniFi mobile speed test operations. |
| TCP | 27117 | Manages local-bound database communication for UniFi applications. |
| UDP | 5656-5699 | Reserved for AP-EDU broadcasting, allowing audio announcements over the network. |
| UDP | 10001 | Used for device discovery, crucial for initial setup and management. |
| UDP | 1900 | Enables “Make application discoverable on L2 network” in the UniFi Network settings. |
| UDP | 123 | Utilized by NTP (Network Time Protocol) for synchronizing date and time, essential for secure remote access. |
Note: Although TCP port 22 is not used by default in UniFi Network operations, it is commonly employed for SSH access to UniFi devices or the Network application.
Ingress Ports Required for L3 Management Over the Internet (Incoming)
For remote management of the UniFi Network application, particularly over the internet, the following ports must be open on both the gateway/firewall and the machine running the UniFi Network application. These ports facilitate secure and effective management from remote locations.
| Protocol | Port Number | Usage |
|---|---|---|
| UDP | 3478 | Used for STUN, enabling devices behind NAT to communicate with the controller. |
| TCP | 8080 | Facilitates communication between devices and the UniFi Network application. |
| TCP | 443 | Handles secure access to the application GUI/API via a web browser. |
| TCP | 8443 | Also used for GUI/API access when the application is running on a UniFi Console. |
| TCP | 6789 | Reserved for UniFi mobile speed tests, allowing remote performance checks. |
| TCP | 8880 | Used for HTTP portal redirection, necessary if utilizing a Guest hotspot. |
| TCP | 8843 | Used for HTTPS portal redirection, also for Guest hotspot setups. |
Egress Ports Required for UniFi Remote Access (Exiting)
To enable remote access to the UniFi Network, the following egress ports must be open. These ports are typically open and unrestricted by default, allowing the UniFi Network to communicate with external services and devices effectively.
| Protocol | Port Number | Usage |
|---|---|---|
| TCP/UDP | 53 | Used for DNS services, crucial for Guest Portal redirection, updates, and remote access functionality. |
| UDP | 3478 | Utilized for STUN, allowing seamless NAT traversal. |
| TCP/UDP | 443 | Used for Remote Access service, ensuring secure communication with external servers. |
| TCP | 8883 | Specifically used for Remote Access services. |
| UDP | 123 | Managed by NTP for time synchronization, critical for maintaining secure communication protocols. |
Changing Default Ports
For users operating a self-hosted UniFi Network Server on Windows, macOS, or Linux, there may be situations where changing the default port assignments is necessary. This can be done by following these steps:
- Close the UniFi Network Application: Ensure that any running instances of the UniFi Network application are fully closed before proceeding.
- Modify the
system.propertiesFile: Locate thesystem.propertiesfile, typically found in the directory<unifi_base>/data/system.properties. - Adjust the Port Settings: For example, if port 8081 is currently in use and port 8089 is available, you would change the line
unifi.shutdown.port=8081tounifi.shutdown.port=8089. - Restart the UniFi Network Application: Once the changes are made, restart the application to apply the new port settings.
Important: Ensure there are no leading or trailing spaces, comments, or other characters (such as #) in the custom lines within the system.properties file. Any such characters can cause the UniFi Network application to ignore the custom configurations.
Conclusion
Proper port configuration is vital for the efficient operation of a UniFi Network Server, particularly when managing devices both locally and remotely. By understanding and applying the port settings outlined in this guide, you can ensure smooth communication across your network infrastructure.
For the most current information on required ports and additional configuration options, please refer to the official Ubiquiti Required Ports Reference.