Change default ports for Unifi Controller and define them in file 'default_ports.conf'.

conf/default_ports.conf

@@ -60,6 +60,81 @@ standard_ipsec_nat_t=4500
 standard_http_ports="80,443"
 standard_mailuser_ports="587,465,110,995,143,993"
 
+
+# - UniFi - Ports Used
+# -
+# - see: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Ports-Used
+# -
+# - see: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Ports-Used
+# -
+# - In version 4.5.2 and later, users can also define the port assigned to STUN services,
+# - for scenarios where two or more separate UniFi instances are desired on the
+# - same controller machine.
+# -
+# - unifi_stun_port=3478 # UDP port used for STUN
+# -                      # Open Port from controller to Unifi APs
+# -
+# -
+# - Ubiquity Networks uses port 10001/UDP for its AirControl
+# - management discovery protocol
+# -
+# -    unifi_aircontroll_port=10001
+# -
+# -
+# - Since v3.2.9+ and v4.6.0+, two more ports are being reserved for device redirector.
+# - There is no need to open firewall for these ports on controller. However, on
+# - controller, avoid to use these ports:
+# -
+# -    port 8881 for redirector port for wireless clients
+# -    port 8882 for redirector port for wired clients
+# -
+# -
+# - For AP-EDU Broadcasts:
+# -
+# -    UDP ports 5656-5699
+# -
+# -
+# - Local IN Ports
+# - ==============
+# -
+# -    TCP
+# -    ===
+# -    TCP 8080         used for device and controller communication.
+# -    TCP 8443         used for controller GUI/API as seen in a web browser
+# -    TCP 8880         used for HTTP portal redirection.
+# -    TCP 8843         used for HTTPS portal redirection.
+# -    TCP 6789         used for UniFi mobile speed test.
+# -    TCP 27117        used for local-bound database communication.
+# -
+# -    UDP
+# -    ====
+# -    UDP 3478         used for STUN.
+# -    UDP 5514         used for remote syslog capture.
+# -    UDP 5656-5699    used by AP-EDU broadcasting.
+# -    UDP 10001        used for device discovery
+# -    UDP 1900         used for "Make controller discoverable on L2 network" in controller settings.
+# -
+# -
+# - OUT Ports Required for UniFi Remote Access
+# - ==========================================
+# -
+# -    TCP
+# -    ===
+# -    TCP 8883         used for Remote Access service.
+# -    TCP 443          used for Remote Access service.
+# -
+# -    UDP
+# -    ===
+# -    UDP 3478         used for STUN.
+# -    UDP 443          used for Remote Access service.
+# -
+standard_unifi_tcp_ctrl_in_ports="8080,8443,8880,8843,6789,27117"
+standard_unifi_udp_ctrl_in_ports="3478,5514,5656:5699,10001,1900"
+
+standard_unifi_tcp_ctrl_out_ports="443,8883"
+standard_unifi_udp_ctrl_out_ports="443,3478"
+
+
 # - BigBlueButton Video Conference Service
 # -
 standard_bigbluebutton_tcp_ports="$standard_http_ports"

conf/main_ipv4.conf.sample

@@ -1103,31 +1103,28 @@ remote_console_port=5900
 # - Ubiquiti Unifi
 # ======
 
-# - By default, the UniFi controller will operate on the following ports:
+# - UniFi - Ports Used
 # -
-# -    unifi_http_port=8080 (port for UAP to inform controller)
-# -    unifi_https_port=8443 (port for controller GUI / API, as seen in web browser)
-# -    unifi_portal_http_port=8880 (port for HTTP portal redirect - Hotspot)
-# -    unifi_portal_https_port=8843 (port for HTTPS portal redirect - Hotspot)
-# -    unifi_http_port=6789 (port used for throughput measurement)
-# -    unifi_db_port=27117 (local-bound port for DB server)
+# - see: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Ports-Used
 # -
+# - see: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Ports-Used
 # -
-# - In version 4.5.2 and later, users can also define the port assigned to STUN services, 
-# - for scenarios where two or more separate UniFi instances are desired on the 
+# - In version 4.5.2 and later, users can also define the port assigned to STUN services,
+# - for scenarios where two or more separate UniFi instances are desired on the
 # - same controller machine.
 # -
 # - unifi_stun_port=3478 # UDP port used for STUN
 # -                      # Open Port from controller to Unifi APs
 # -
-# - Ubiquity Networks uses port 10001/UDP for its AirControl 
+# -
+# - Ubiquity Networks uses port 10001/UDP for its AirControl
 # - management discovery protocol
 # -
 # -    unifi_aircontroll_port=10001
 # -
 # -
-# - Since v3.2.9+ and v4.6.0+, two more ports are being reserved for device redirector. 
-# - There is no need to open firewall for these ports on controller. However, on 
+# - Since v3.2.9+ and v4.6.0+, two more ports are being reserved for device redirector.
+# - There is no need to open firewall for these ports on controller. However, on
 # - controller, avoid to use these ports:
 # -
 # -    port 8881 for redirector port for wireless clients
@@ -1138,9 +1135,47 @@ remote_console_port=5900
 # -
 # -    UDP ports 5656-5699
 # -
-unify_tcp_ports="8080,8443,8880,8843,6789,27117"
-unify_udp_ports="3478"
-unify_broadcast_udp_ports="10001,5656:5699"
+# -
+# - Local IN Ports
+# - ==============
+# -
+# -    TCP
+# -    ===
+# -    TCP 8080         used for device and controller communication.
+# -    TCP 8443         used for controller GUI/API as seen in a web browser
+# -    TCP 8880         used for HTTP portal redirection.
+# -    TCP 8843         used for HTTPS portal redirection.
+# -    TCP 6789         used for UniFi mobile speed test.
+# -    TCP 27117        used for local-bound database communication.
+# -
+# -    UDP
+# -    ====
+# -    UDP 3478         used for STUN.
+# -    UDP 5514         used for remote syslog capture.
+# -    UDP 5656-5699    used by AP-EDU broadcasting.
+# -    UDP 10001        used for device discovery
+# -    UDP 1900         used for "Make controller discoverable on L2 network" in controller settings.
+# -
+# -
+# - OUT Ports Required for UniFi Remote Access
+# - ==========================================
+# -
+# -    TCP
+# -    ===
+# -    TCP 8883         used for Remote Access service.
+# -    TCP 443          used for Remote Access service.
+# -
+# -    UDP
+# -    ===
+# -    UDP 3478         used for STUN.
+# -    UDP 443          used for Remote Access service.
+# -
+unifi_tcp_ctrl_in_ports="$standard_unifi_tcp_ctrl_in_ports"
+unifi_udp_ctrl_in_ports="$standard_unifi_udp_ctrl_in_ports"
+
+unifi_tcp_ctrl_out_ports="$standard_unifi_tcp_ctrl_out_ports"
+unifi_udp_ctrl_out_ports="$standard_unifi_udp_ctrl_out_ports"
+
 
 # - Unifi Controller at gateway?
 # -

conf/main_ipv6.conf.sample

@@ -1080,32 +1080,28 @@ remote_console_port=5900
 # - Ubiquiti Unifi
 # ======
 
-# - By default, the UniFi controller will operate on the following ports:
+# - UniFi - Ports Used
 # -
-# -    unifi_http_port=8080 (port for UAP to inform controller)
-# -    unifi_https_port=8443 (port for controller GUI / API, as seen in web browser)
-# -    unifi_portal_http_port=8880 (port for HTTP portal redirect)
-# -    unifi_portal_https_port=8843 (port for HTTPS portal redirect)
-# -    unifi_http_port=6789 (port used for throughput measurement)
-# -    unifi_db_port=27117 (local-bound port for DB server)
+# - see: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Ports-Used
 # -
+# - see: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Ports-Used
 # -
-# - In version 4.5.2 and later, users can also define the port assigned to STUN services, 
-# - for scenarios where two or more separate UniFi instances are desired on the 
+# - In version 4.5.2 and later, users can also define the port assigned to STUN services,
+# - for scenarios where two or more separate UniFi instances are desired on the
 # - same controller machine.
 # -
 # - unifi_stun_port=3478 # UDP port used for STUN
 # -                      # Open Port from controller to Unifi APs
 # -
 # -
-# - Ubiquity Networks uses port 10001/UDP for its AirControl 
+# - Ubiquity Networks uses port 10001/UDP for its AirControl
 # - management discovery protocol
 # -
 # -    unifi_aircontroll_port=10001
 # -
 # -
-# - Since v3.2.9+ and v4.6.0+, two more ports are being reserved for device redirector. 
-# - There is no need to open firewall for these ports on controller. However, on 
+# - Since v3.2.9+ and v4.6.0+, two more ports are being reserved for device redirector.
+# - There is no need to open firewall for these ports on controller. However, on
 # - controller, avoid to use these ports:
 # -
 # -    port 8881 for redirector port for wireless clients
@@ -1116,9 +1112,47 @@ remote_console_port=5900
 # -
 # -    UDP ports 5656-5699
 # -
-unify_tcp_ports="8080,8443,8880,8843,6789,27117"
-unify_udp_ports="3478"
-unify_broadcast_udp_ports="10001,5656:5699"
+# -
+# - Local IN Ports
+# - ==============
+# -
+# -    TCP
+# -    ===
+# -    TCP 8080         used for device and controller communication.
+# -    TCP 8443         used for controller GUI/API as seen in a web browser
+# -    TCP 8880         used for HTTP portal redirection.
+# -    TCP 8843         used for HTTPS portal redirection.
+# -    TCP 6789         used for UniFi mobile speed test.
+# -    TCP 27117        used for local-bound database communication.
+# -
+# -    UDP
+# -    ====
+# -    UDP 3478         used for STUN.
+# -    UDP 5514         used for remote syslog capture.
+# -    UDP 5656-5699    used by AP-EDU broadcasting.
+# -    UDP 10001        used for device discovery
+# -    UDP 1900         used for "Make controller discoverable on L2 network" in controller settings.
+# -
+# -
+# - OUT Ports Required for UniFi Remote Access
+# - ==========================================
+# -
+# -    TCP
+# -    ===
+# -    TCP 8883         used for Remote Access service.
+# -    TCP 443          used for Remote Access service.
+# -
+# -    UDP
+# -    ===
+# -    UDP 3478         used for STUN.
+# -    UDP 443          used for Remote Access service.
+# -
+unifi_tcp_ctrl_in_ports="$standard_unifi_tcp_ctrl_in_ports"
+unifi_udp_ctrl_in_ports="$standard_unifi_udp_ctrl_in_ports"
+
+unifi_tcp_ctrl_out_ports="$standard_unifi_tcp_ctrl_out_ports"
+unifi_udp_ctrl_out_ports="$standard_unifi_udp_ctrl_out_ports"
+
 
 # - Unifi Controller at gateway?
 # -