Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates
-
We just upgraded routers and I am having a horrible time with Ubiquiti trying to get basic information regarding which external ports need to be open (outbound) to allow the controller software to check for firmware updates and how to manually initiate a firmware check from the controller to ensure it is working. I think we are now set on port 8080, but I still need to know how to initiate the firmware check in the controller to ensure it can download new firmwares.
Is their support usually this bad? Am I just being dense and missing something here?
.
.
.
.
Sent: Wednesday, June 15, 2016 9:44 AM
To: 'Ubiquiti Networks'
Subject: RE: Unifi Software Firmware PortCan you please explain to me how any of the steps below would verify that the controller is able to connect to your servers on the internet to ensure the controller is able to download firmware updates
Sandy N (Ubiquiti Networks)
Jun 15, 02:59 PDT
Hi Billy,To perform a firmware check to verify that the connection is good following commands can be run:
Connect the AP directly to your laptop/computer and check if you're able to ping the AP. To check this, please follow the steps given below:
• Directly connect the AP to the laptop/desktop in which the controller is installed (POE port of the POE adapter goes to the AP and LAN port goes to the computer)
• Assign static IP address 192.168.1.25 to the laptop/desktop.Subnet mask as 255.255.255.0 Default gateway as 192.168.1.20 since its a fallback IP address of AP
• Check whether the controller is reachable to the AP by using the ping command.Go to the command prompt and type 'ping 192.168.1.20'
• Also, run the discovery tool (installed along with the controller) and check whether UAP is discovered in it. If UAP is detected, you can reset it from there.Billyraines
Jun 14, 14:39 PDT
Sure, thanks.
Can you please tell us if there is a way for us to trigger a firmware check from the Unifi controller so we can verify that the connection is good.Daryl M (Ubiquiti Networks)
Jun 14, 14:38 PDT
Hi Billy,Open only port 8080, as for now and if you have any ap running older firmware . Then try to perform update via controller with only port 8080 open.
Billyraines
Jun 14, 14:34 PDT
Hi Daryl. I do not believe all of those ports need to be open on our external firewall to allow firmware updates. As I stated previously, we do not have firewall restrictions internally, only for external connections, so I am confused as to why you are telling me to allow out of network computers to connect to the WebUI on the controller and opening port 8080 when it says it is only used for UAP->Controller communication. Are you not able to provide me with the specific information that I need? Can you please tell us if there is a way for us to trigger a firmware check from the Unifi controller so we can verify that the connection is good.Daryl M (Ubiquiti Networks)
Jun 14, 14:22 PDT
Hi Billy,Below are ports which need to be open
• 8080 (port for UAP to inform controller)
• 8443 (port for controller GUI / API, as seen in web browser)
• 8880 (port for HTTP portal redirect)
• 8843 (port for HTTPS portal redirect)
• 27117 (local-bound port for DB server)
• 3478 # UDP port used for STUN
• 8881 for redirector port for wireless clients
• 8882 for redirector port for wired clients
Also open some other basic port like 80,443,23,22,1Billyraines
Jun 14, 14:20 PDT
Also is there a way for us to trigger a firmware check from the Unifi controller? We would like to verify that this is resolved. We are still new customers, so we have only done it once and we were prompted automatically in the controller software
So to allow the Controller to access your servers on the internet, we only need to open port 8080 for the controller? Sorry for all the extra clarification, all of the references on that page and in this email refer to intercommunication between the controller and AP, not controller and Ubiquiti’s firmware serverDaryl M (Ubiquiti Networks)
Jun 14, 14:14 PDT
Hi Billy,The port number which are mention in the Article only those need to be kept open.
The controller and AP talk to on port number 8080.
Let us know if you have any other question.
Billyraines
Jun 14, 11:17 PDT
Yes I googled earlier and saw that article, unfortunately it says nothing regarding firmware updates.
Could you please tell me which port the controller software is using when it initializes a connection to check for firmware updates? Are there any other ports that need to be opened externally to allow the Unifi Software to connect (excluding cloud management)?Sandy N (Ubiquiti Networks)
Jun 14, 08:35 PDT
Hi Billy,Thanks for getting in touch with us!
During initial setup of UniFi we suggest to disable firewall as it may block the default ports used by UAP to discover in Unifi controller.
Once the UAP is adopted in the Unifi controller you can enable firewall.
Please click on the below link for UniFi controller ports list.
If you have any other questions, please let us know.
Billyraines
Jun 14, 08:22 PDT
Hello. We are replacing our firewall and need to allow outbound access from our server running the unifi software (for managing our WAPs) so that it can check for firmware updates (We do not have cloud access) and anything else it needs to operate normally. Could you please let me know which ports we need to enable to allow the software to function normally? We do not have internal network restrictions, so our only concern is regarding the Unifi Software phoning home. -
Are you blocking outbound requests?
Assuming the controller software is installed on an internal machine, I'm not sure what the issue is. Assuming your internal PCs can surf the web, do you need to do more than that?
-
@Dashrender said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
Are you blocking outbound requests?
Assuming the controller software is installed on an internal machine, I'm not sure what the issue is. Assuming your internal PCs can surf the web, do you need to do more than that?
Yea this new peplink blocks everything outbound that does not have a rule (hits the default rule).
Honestly I just want to make sure the firmware updates will download to the controller. I dont see how to verify that is working
-
OK, I admit I didn't read the entire first post - the wall of text was just to much.
But a simple chat boiled it down to this.
OP has a Peplink - that Peplink blocks everything outbound and inbound by default. This means that a rule needs to be made for ANY traffic passing through it.
I suggested that the OP ask UBNT the following:
Hey - I have a firewall that blocks all outbound EVERYTHING.
What ports do I need to open from this machine to allow the UBNT controller to update itself?
-
@Brains said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
Honestly I just want to make sure the firmware updates will download to the controller. I dont see how to verify that is working
You do not download firmware updates to the controller. When you upgrade the controller new firmware is included in it.
In my case the controller is a Ubuntu VM and the controller updates via apt-get.
I have no idea how their key controller updates.
-
@Dashrender said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
OK, I admit I didn't read the entire first post - the wall of text was just to much.
But a simple chat boiled it down to this.
OP has a Peplink - that Peplink blocks everything outbound and inbound by default. This means that a rule needs to be made for ANY traffic passing through it.
I suggested that the OP ask UBNT the following:
Hey - I have a firewall that blocks all outbound EVERYTHING.
What ports do I need to open from this machine to allow the UBNT controller to update itself?
No, the OP was doing it wrong. There is no method to update firmware in the controller. There never has been.
There is a way to do it by manually getting a firmware file from Ubnt and sticking that file in a certain location on the controller. But that is the only method outside of updating the controller itself to get different firmware on a controller.
-
@JaredBusch said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
@Brains said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
Honestly I just want to make sure the firmware updates will download to the controller. I dont see how to verify that is working
You do not download firmware updates to the controller. When you upgrade the controller new firmware is included in it.
What do you mean? Are you saying the firmware updates for the WAPs are bundled in software updates for the Controller?
We have only upgraded the firmware through the controller once so far and did this:
-
@Brains said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
@JaredBusch said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
@Brains said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
Honestly I just want to make sure the firmware updates will download to the controller. I dont see how to verify that is working
You do not download firmware updates to the controller. When you upgrade the controller new firmware is included in it.
What do you mean? Are you saying the firmware updates for the WAPs are bundled in software updates for the Controller?
That is exactly what I just said.
-
@JaredBusch said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
@Brains said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
@JaredBusch said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
@Brains said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
Honestly I just want to make sure the firmware updates will download to the controller. I dont see how to verify that is working
You do not download firmware updates to the controller. When you upgrade the controller new firmware is included in it.
What do you mean? Are you saying the firmware updates for the WAPs are bundled in software updates for the Controller?
That is exactly what I just said.
So I guess my question becomes how to trigger an update of the controller software?
-
@Brains said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
We have only upgraded the firmware through the controller once so far and did this:
Yes, that is how you upgrade an AP from inside the controller. To get newer firmware, you have to update the controller.
-
@Brains said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
@JaredBusch said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
@Brains said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
@JaredBusch said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
@Brains said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
Honestly I just want to make sure the firmware updates will download to the controller. I dont see how to verify that is working
You do not download firmware updates to the controller. When you upgrade the controller new firmware is included in it.
What do you mean? Are you saying the firmware updates for the WAPs are bundled in software updates for the Controller?
That is exactly what I just said.
So I guess my question becomes how to trigger an update of the controller software?
@Brains said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
@JaredBusch said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
@Brains said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
@JaredBusch said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
@Brains said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
Honestly I just want to make sure the firmware updates will download to the controller. I dont see how to verify that is working
You do not download firmware updates to the controller. When you upgrade the controller new firmware is included in it.
What do you mean? Are you saying the firmware updates for the WAPs are bundled in software updates for the Controller?
That is exactly what I just said.
So I guess my question becomes how to trigger an update of the controller software?
You don't. You do it manually. In my case with
apt-get. If your controller is on Windows, then you download the update and install it. -
@JaredBusch said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
@Brains said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
We have only upgraded the firmware through the controller once so far and did this:
Yes, that is how you upgrade an AP from inside the controller. To get newer firmware, you have to update the controller.
Thanks Jared. This setting kinda threw me, I just assumed it downloaded the new firmware on its own
-
@Brains said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
@JaredBusch said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
@Brains said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
We have only upgraded the firmware through the controller once so far and did this:
Yes, that is how you upgrade an AP from inside the controller. To get newer firmware, you have to update the controller.
Thanks Jared. This setting kinda threw me, I just assumed it downloaded the new firmware on its own
That setting simply auto upgrades the AP when it checks in and finds new firmware on the controller.
-
@JaredBusch -- He wants to know how to make it download the new AP firmware, not the new version of the controller software, if I am understanding the OP.
-
@dafyre said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
@JaredBusch -- He wants to know how to make it download the new AP firmware, not the new version of the controller software, if I am understanding the OP.
No shit.. Read much?
-
@JaredBusch Thanks im updating our documentation now. it seems like we are already 1 firmware version behind. Is there a way to be automatically notified when there are controller updates?
-
@JaredBusch said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
@dafyre said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
@JaredBusch -- He wants to know how to make it download the new AP firmware, not the new version of the controller software, if I am understanding the OP.
No shit.. Read much?
I thought I had. It took me to the end of the thread instead of the last post that I read. My bad.
-
@Brains said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
@JaredBusch Thanks im updating our documentation now. it seems like we are already 1 firmware version behind. Is there a way to be automatically notified when there are controller updates?
Subscribe to their blog.
https://community.ubnt.com/t5/UniFi-Updates-Blog/bg-p/Blog_UniFi -
@JaredBusch said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
@Brains said in Ubiquiti Support - Firewall Exceptions For Controller To Allow Firmware Updates:
@JaredBusch Thanks im updating our documentation now. it seems like we are already 1 firmware version behind. Is there a way to be automatically notified when there are controller updates?
Subscribe to their blog.
https://community.ubnt.com/t5/UniFi-Updates-Blog/bg-p/Blog_UniFiThanks I went ahead and signed up for RSS feed as well. I appreciate the help Jared
-
Thanks all. It looks like I wont have to open any ports to the controller
