Ubiquiti UniFi – Ports Used

This article shows what UDP and TCP ports are used by the UniFi Network application by default. The information applies to both Network applications hosted on UniFi OS Consoles, such as UniFi Cloud Key (UCK-G2UCK-G2-PLUS, and UC-CK) or UniFi Dream Machine (UDM or UDM-Pro), as well as self-hosted Network applications. 

Note: Make sure to always update your Network application to the latest version.

Local Ingress Ports

ProtocolPort numberUsage
UDP3478Port used for STUN.
UDP5514Port used for remote syslog capture.
TCP8080Port used for device and application communication.
TCP443Port used for application GUI/API as seen in a web browser.Applications hosted on a UniFi OS Console
TCP8443Port used for application GUI/API as seen in a web browser.Applications hosted on Windows/macOS/Linux
TCP8880Port used for HTTP portal redirection.
TCP8843Port used for HTTPS portal redirection.
TCP6789Port used for UniFi mobile speed test.
TCP27117Port used for local-bound database communication.
UDP5656-5699Ports used by AP-EDU broadcasting.
UDP10001Port used for device discovery.
UDP1900Port used for “Make application discoverable on L2 network” in the UniFi Network settings.

Note: Although TCP 22 is not one of the ports UniFi Network operates on by default, it is worth mentioning in this article since it is the port used when UniFi devices or the Network application is accessed via SSH.

Ingress Ports required for L3 management over the internet

Note: These ports need to be open at the gateway/firewall as well as on the UniFi Network application host. This would be achieved by creating port forwards on the gateway/firewall where the application is hosted.

ProtocolPort numberUsage
UDP3478Port used for STUN.
TCP8080Port used for device and application communication.
TCP443Port used for application GUI/API as seen in a web browser.Applications hosted on a UniFi OS Console
TCP8443Port used for application GUI/API as seen in a web browser.Applications hosted on Windows/macOS/Linux
TCP8843Port used for HTTPS portal redirection.
TCP6789Port used for UniFi mobile speed test.

Egress Ports required for UniFi Remote Access

Note: In most cases, these ports will be open and unrestricted by default.

ProtocolPort numberUsage
UDP3478Port used for STUN.
TCP/UDP443Port used for Remote Access service.
TCP8883Port used for Remote Access service.

Changing Default Ports

Changing default port assignments can only be done on self-hosted Network applications (Windows/macOS/Linux). This can be accomplished as follows:

1. Close any instances of the UniFi Network application.

2. Modify the system.properties file, which can be found in the directory <unifi_base>/data/system.properties.

  • For example, if port 8081 was in use and port 8089 was open, you could change it by modifying unifi.shutdown.port=8081 to unifi.shutdown.port=8089

3. Restart the UniFi Network application.

Note: Make sure there are no leading or trailing spaces, comments, or other characters like hash tags (#) on any custom lines. Otherwise, UniFi Network will ignore the customizations.

Source :
https://help.ui.com/hc/en-us/articles/218506997-UniFi-Ports-Used