Netgate SG-1000 microFirewall

Author Topic: Unifi Network Access Issues  (Read 157 times)

0 Members and 1 Guest are viewing this topic.

Offline Atreides

  • Jr. Member
  • **
  • Posts: 59
  • Karma: +0/-0
    • View Profile
Unifi Network Access Issues
« on: February 03, 2018, 08:02:02 pm »
I'm having a serious problem with getting my Unifi devices to connect out. I'm running a controller in a FreeBSD jail in subnet 172.20.40.1/24, which seems to be working sufficiently.

I have a unifi switch 8 150w, as well as two Unifi APs. The UniFi devices are in 172.20.70.1/24, and they have been assigned static IP address using DHCP.

IPHostnameDescription
172.20.70.2unifi1Unifi AP
172.20.70.3unifi2Unifi AP
172.20.70.4unifiswitchUnifi Switch

I'm not sure if it is a network issue or something on the Unifi end, but my Unifi APs are unable to access the internet, and are unable to ping the controller.

I can SSH into the UniFi devices, and have checked what they're using for DNS, and it seems to be correct.

Code: [Select]
$ cat /etc/resolv.conf

search my.domain.tld
nameserver 172.20.70.1

I was able to get my switch to connect to the controller using
Code: [Select]
set-inform http://172.20.40.20:8080/informNow it's connected, but I am unable to SSH into the switch. Maybe I shorld factory reset it?

Here are my firewall rules, I don't know if this is the problem since I had originally set the rules to let them connect anywhere and it still wasn't working.



Has anyone else had success with UniFi switches and pfSense?

Online mais_um

  • Full Member
  • ***
  • Posts: 249
  • Karma: +4/-0
    • View Profile
Re: Unifi Network Access Issues
« Reply #1 on: February 04, 2018, 07:43:47 am »
Hi

You have to provide a little more info about controller network pfsense rules on the LAN (LILAN0 or LILAN1 the 172.20.40.0 net one), VLANs and the switch config or part of it.

Don't know if you have to add a roule in the 172.20.40.0 net to allow APs IPs.

I have different setup with Unifi. Controller and the APs IPs have LAN net or a Management net. The wifi networks have a SSID in LAN net without VLAN and a GUEST network with VLAN. Rules on the Guest net is identical to your Uni net rules except the no need to add allow controller IP.
pfSense:
ASRock -> Wolfdale1333-D667 (2GB TeamElite Ram)
Marvell 88SA8040 Sata to CF(Sandisk 4GB) Controller
NIC's: RTL8100E (Internal ) and Intel® PRO/1000 PT Dual (Intel 82571GB)

Offline V3lcr0

  • Full Member
  • ***
  • Posts: 228
  • Karma: +11/-0
    • View Profile
Re: Unifi Network Access Issues
« Reply #2 on: February 04, 2018, 11:28:21 am »
Things that tripped me with Unifi APs before were:

1) Make sure your clients firewall is off...I couldn't access my AP when using a Mac unless I turned off my Mac firewall(I have read similar issues with a PC firewall)
2) Unifi doesn't work well on VLANs i.e. controller and AP need to be on a non VLAN and on the same L2(same IP interface)

Also explore their CloudKey pretty slick and despite the name doesn't require you to access it via the "Cloud"....

Good luck....

« Last Edit: February 04, 2018, 11:40:23 am by V3lcr0 »