UniFi VPN Ports
UDP 500 – ISAKMP
UDP 4500 – NAT-T (encapsulation of ESP)
1701 – L2TP
1723 – PPTP (IIRC, not needed if you’re doing L2TP)
1812 – radius authorization
1813 – radius accounting (probably not needed)
UniFi – Ports Used
Local Ingress Ports
| Protocol | Port number | Usage |
| UDP | 3478 | Port used for STUN. |
| UDP | 5514 | Port used for remote syslog capture. |
| TCP | 8080 | Port used for device and application communication. |
| TCP | 443 | Port used for application GUI/API as seen in a web browser. Applications hosted on a UniFi OS Console |
| TCP | 8443 | Port used for application GUI/API as seen in a web browser. Applications hosted on Windows/macOS/Linux |
| TCP | 8880 | Port used for HTTP portal redirection. |
| TCP | 8843 | Port used for HTTPS portal redirection. |
| TCP | 6789 | Port used for UniFi mobile speed test. |
| TCP | 27117 | Port used for local-bound database communication. |
| UDP | 5656-5699 | Ports used by AP-EDU broadcasting. |
| UDP | 10001 | Port used for device discovery. |
| UDP | 1900 | Port used for „Make application discoverable on L2 network“ in the UniFi Network settings. |
Note: Although TCP 22 is not one of the ports UniFi Network operates on by default, it is worth mentioning in this article since it is the port used when UniFi devices or the Network application is accessed via SSH.
Ingress Ports required for L3 management over the internet
Note: These ports need to be open at the gateway/firewall as well as on the UniFi Network application host. This would be achieved by creating port forwards on the gateway/firewall where the application is hosted.
| Protocol | Port number | Usage |
| UDP | 3478 | Port used for STUN. |
| TCP | 8080 | Port used for device and application communication. |
| TCP | 443 | Port used for application GUI/API as seen in a web browser. Applications hosted on a UniFi OS Console |
| TCP | 8443 | Port used for application GUI/API as seen in a web browser. Applications hosted on Windows/macOS/Linux |
| TCP | 8843 | Port used for HTTPS portal redirection. |
| TCP | 6789 | Port used for UniFi mobile speed test. |
Egress Ports required for UniFi Remote Access
Note: In most cases, these ports will be open and unrestricted by default.
| Protocol | Port number | Usage |
| UDP | 3478 | Port used for STUN. |
| TCP/UDP | 443 | Port used for Remote Access service. |
| TCP | 8883 | Port used for Remote Access service. |