More and more of our captive portal customers have been asking for instructions on how to access the UniFi Network Application by the public IP address or hostname when using a UniFi Dream Machine, Dream Machine Pro, or Dream Router gateway.
Most of the time, when access from the outside is needed to the web interface or API, the following instructions apply: if you're not sure, contact your solution provider.
These instructions assume you are using the classic or legacy interface. In the future, we plan on updating this post with instructions based on the new interface.
Open de UniFi Controller/Network Application
Navigate to Settings > Routing & Firewall > Firewall > WAN LOCAL
Select Create New Rule
Apply the following values to the respective fields:
Name: apply a logical name, e.g. WAN access
Rule Applied: Before pre-defined rules
IPv4 Protocol: TCP
Destination: Create and save a new port group with port 443 in the group
Save the firewall rule
The firewall fuels for WAN LOCAL should now look like this:
To restrict access, you can also apply a “source restriction” to this firewall rule to make access available only to certain external IP addresses. Create an IPV4 Address Group in the Source section containing the external IP addresses that are allowed access. All other addresses are denied access.
The port group and MAC address settings in the source section can remain untouched.
In cases where the gateway has a dynamic public IP address or where WAN failover is used, it is necessary to use a dynamic hostname to access the UDM, UDM PRO, or UDR from the internet.
Navigate to Settings > Services > Dynamic DNS
Select Create New Dynamic DNS
Select a service provider and follow their instructions
Once set up correctly you can access the web interface through a URL structured like so:
For API access to a UniFi OS device, a local admin account is required. Please follow these steps to create one:
Open the UniFi OS Console
Select Users > Add User
Create a user account similar to this example:
Save the user account
You should now be able to access the API using the local username and password that you just created for the account.
To verify that the firewall rule is properly configured, try to access the UniFi OS console by its WAN IP, its dynamic hostname, or the hostname associated with the IP address. If you do not see the UniFi OS login page, check any source IP restrictions configured. If the firewall rule appears to have been applied properly, advanced troubleshooting with tcpdump may provide the clearest indication of the issue.
Please open a topic in the Ubiquiti community if you need any help.
Please let us know if you have any comments or suggestions on how we can improve these instructions.