Beambox requires your UniFi controller to be remotely accessible. This cannot be a local-only controller, or a cloud access account. This is important, as our integrator has to be able to reach your controller at all times to authorise your guests.


For most of our customers, the easiest way to do this is by port forwarding your existing Cloud Key or UDM hardware.

port-forwarding.wan.png

If you don't have a hardware controller, our main installation guide shares some other controller options.

Port forwarding your Cloud Key

  1. To get started, head to Settings > Advanced Features > Advanced Gateway Settings > Port Forwarding on your UniFi controller.

  2. Fill in these settings..

  • Name: Controller

  • Enable Forward Rule: turn this on when ready to activate this rule

  • Interface: Both

  • From: Anywhere or Limited

  • Port: 443

  • Forward IP: 192.168.1.30 (This should be the local I.P you use to reach your controller interface)

  • Forward Port: 8443

  • Protocol: TCP

  • Logging: Optional

Once you have port forwarded successfully, you will be able to reach your controller using the format https://YOUR_PUBLIC_IP:8443.

Port forwarding your UDM or UDM Pro

  1. To get started, head to Settings > Advanced Features > Advanced Gateway Settings > Port Forwarding on your UniFi controller.

  2. Fill in these settings..

  • Name: Controller

  • Enable Forward Rule: turn this on when ready to activate this rule

  • Interface: Both (UDM Pro only)

  • From: Anywhere or Limited

  • Port: 443

  • Forward IP: 192.168.1.10 (This should be the local I.P you use to reach your controller interface)

  • Forward Port: 443

  • Protocol: TCP

  • Logging: Optional

Once you have port forwarded successfully, you will be able to reach your controller using the format https://YOUR_PUBLIC_IP:443.

Setting your WAN Local rule

On UDM Pros, you must also create a 'WLAN Local' firewall rule to match.

On the new controller interface, navigate to Settings > Traffic & Security > Global Threat Management > Firewall.

Firstly, in the 'Groups' section, create a new group with the following configuration.

  • Type: Port Group

  • Port: 443

Once created, head back to the Firewall page and create a new rule with the following configuration...

  • Type: Internet Local

  • Enabled: Yes

  • Rule Applied: Before Predefined Rules

  • Action: Accept

  • IPv4 Protocol: TCP

Before you save, scroll down to the 'Destination' tab and set the following configuration..

  • Destination Type: Address/Port Group

  • IPv4 Address Group: Any

  • Port Group: Controller (The one we created earlier)

You can now save and test your controller URL.

Note: For additional security, you can optionally set up the 'Source' tab in the Firewall rule settings to define specific I.P addresses or MAC addresses that can access the controller remotely.

Did this answer your question?