![unifi controller port unifi controller port](https://i.ytimg.com/vi/HG5pFi1b_r0/maxresdefault.jpg)
This assumes your pfsense is doing nat, and you will have to setup port forwards for the 元 adoption ports as well. If you do not control the dhcp server that provides IP to the network your AP will sit on - then the dhcp method of 元 adoption would be out, etc.
![unifi controller port unifi controller port](https://images-na.ssl-images-amazon.com/images/I/71D92vF7uAL._SL1000_.jpg)
And your 元 adoption IP/FQDN you use will have to point to the pfsense wan IP. If that pfsense wan network is rfc1918, and AP is on this wan network your going to have to turn off the block rfc1918 rule as well on the wan. This leads to the assumption that there is something else providing dhcp to those devices and pfsense wan. Your diagram as drawn, since you don't show internet anywhere - has me assume that the AP is on the wan of pfsense, and your servers are behind pfsense (since you want to isolate them). This network that the AP is on, will your AP point back to pfsense IP on the network as its gateway? Or is there dhcp on that network pointing to something else as the gateway. Which would be the 2 I showed, nothing more.Īlso you don't show in your diagram. Putting the AP and Controller on their same L2 network - so you don't have to worry about 元 adoption or firewall rules or port forwards that allow for that.īut if you insist on putting the AP and Unifi controller on different L2 networks, the follow the guide I linked to for 元 adoption, it also lists the firewall rules you would have to allow for. I would suggest the best learning/testing you could do would be just that. Nor does your controller running on a proxmox have anything to do with what vlan you put the controller on. Zero to do with how many other vlans might in the building or make up some local network. Put your controller and your AP on the same L2. None which has anything to do with what I said. So to be complete - here is my devices (home site) and then my son's site in same controller
![unifi controller port unifi controller port](https://tuananh.org/img/unifi-port-forward.png)
I have those rules setup on mine because my sons unifi device his usg and is flexHD are it his house. If not you need to look into the unifi 元 adoption docs. Your controller likes to be on the same L2 to find devices and adopt them. Or just put your unifi devices and controller on their own vlan, different than your servers vlan and other networks/vlans. That is has nothing to do with the vlans your wireless network (ssid) would be on - this makes it much easier to manage. Why would you not just put the AP management network on the same L2 as your servers - behind pfsense. If your controller is on a different L2 than your unifi devices - you do have to do 元 adoption for them to show up in the controller. These are the only 2 ports that are needed. I manage my sons setup with my controller behind pfsense.