Unifi AP remote management options

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Unifi AP remote management options

1101

3122 posts

Uber Geek

#207357 20-Dec-2016 15:27

Hi there

Im looking for advice re remote management options for the Unifi AP units

ie how to manage them from out of office (the Unifi's are at a branch office)
Of course the easiest way is via TeamVeiwer onto the branch PC it was setup on

Other options ?
Can I open port 8443 in the firewall and acesss via the management software but manually put in static IP of the remote office (https:\\staticIP:8443 etc)
if so, do I only need to open that single port. Ive seen conflicting info and vagueness re what ports need to be opened .

Any other options , I read some mention of a ph app. Does that ph app need the purchase of the cloud management option ?

I presume the devices cant be access directly, only via the management software .

Cheers

richms

28172 posts

Uber Geek

Trusted

Lifetime subscriber

#1692894 20-Dec-2016 15:35

I have a different port used for it and it works fine for several offsite unifis at friends and relatives places.

Just be sure that the port that the unifi server is listening on is the one that you have forwarded, as it seems to internally send that port number to the client devices for part of the firmware update operation, and has to have the URL that resovles to it put into the config somewhere (cant get to that PC at the moment as windows update has broken its network and there is stuff in the way to get over to it with a monitor to fix the network - again)

When I had the external port forwarded to the default inform port (which was 8800 or something from memory) the firmware updates would not happen, I had to have the internal server on the same port number as the external interface had it on.

SSH in and provide the inform url as is well documented, it will check in and show as adoptable on the web UI, then I had to do the set-inform command again, and it was adopted, and then again and it stuck. Docs say it needs to be done twice, I had to do 3. Perhaps once didn't work because of shoddy internet or something. Others I have provisioned at home and then done the set-inform while on the lan and then taken out and they have just worked fine.

The web UI doesnt need to be made accessible, its a different port to that which the inform uses.

Richard rich.ms

chevrolux

4962 posts

Uber Geek
Inactive user

#1692898 20-Dec-2016 15:47

So have you got your Unifi server running at head office? Or are you managing them one-by-one with onsite controllers at the branches?

If you have a good amount of them it's probably worth spinning up a VM (on EC2 for example) and having them all centrally managed there. Obviously means you need to manage the server too but you can keep them quite locked down by just utilising EC2 security groups. Do it on Ubuntu 16.04 and it will come in on the free tier for the firs year.

I personally don't think the Unifi could app is that good, just makes it easy for consumers.

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#1692913 20-Dec-2016 16:50

If you've got multiple sites why aren't you just centrally managing them on a single UniFi server install? If you don't have VPN connectivity between sites just open up remote access from your main site (preferably locked both by IP) and then use set-inform or DHCP option 43 at each remote site?

michaelmurfy

meow
13242 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#1692923 20-Dec-2016 17:04

I've set this up in the cloud on EC2 - depending on the amount of AP's you have I'll be quite happy to set you up so you can adopt your AP's to the cloud controller.

Basically I'm using the UniFi software running on Ubuntu Linux w/ a nginx reverse proxy and additional firewall rules for security. I don't recommend forwarding 8443 to your controller only because if (and when) there is a security flaw in your UniFi software this could compromise your controller and potentially your network.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.