Great news! The Free Tier is back and accepting new users.

Learn how to get started
Open Markdown

How to enable UPnP on a UniFi Controller

If you’re managing a UniFi network and running into issues with devices not communicating properly, especially things like gaming consoles, IP phones, or some smart home gear, UPnP might be your answer.

This guide breaks down how to enable UPnP on your UniFi Controller.

Let's dive in !!

Before we dive in, please don't self-host your UniFi Controller if you take care of client networks. Sooner or later this will cause issues! It's fine for home users, but definitely not recommended for IT service businesses and MSPs. If you want secure, reliable and a scalable hosting solution check out UniHosted.

What is UPnP?

UPnP stands for Universal Plug and Play. It’s a network protocol that allows devices on your LAN to automatically configure port forwarding on your router or gateway. Basically, it saves you from manually setting up port rules.

Let’s say your PlayStation needs to open a few ports to chat with its network services. Without UPnP, you'd have to log into your router and manually forward those ports. With UPnP, the console does that on its own.

Why enable UPnP?

You don’t always need UPnP. But in many cases, it’s a massive convenience. Here are a few real-world examples where it helps:

  • Gaming consoles: Xbox, PlayStation, and Nintendo systems often struggle with NAT issues without UPnP.
  • VoIP systems: Phones using SIP often need ports opened for media and signaling.
  • Smart home devices: Cameras or hubs sometimes need to punch through your firewall.
  • P2P applications: Some file-sharing or streaming tools use random ports and expect to open them dynamically.

The flip side? If not controlled, UPnP can be a security risk. Devices can open ports that they shouldn’t, leaving you exposed. So use it wisely.

What do you need to enable UPnP?

This process assumes you’re using a UniFi gateway (like a USG, UDM, UDM Pro, or UXG). You’ll also need access to your UniFi Controller, which could be hosted locally or in the cloud.

If you’re using UniHosted, the controller is already online and backed up. Just log in and follow along.

Step-by-step: How to enable UPnP in UniFi Controller

UniFi has two versions of its interface floating around, classic (aka “legacy”) and the new settings layout. We’ll cover both.

For the new settings layout

If your controller is running UniFi OS and you've updated in the last few years, you’re probably on the new layout. Here's how to do it:

  1. Log in to your UniFi Controller Open your browser and go to your controller’s IP or the UniFi Cloud Portal (https://unifi.ui.com). Sign in.

  2. Go to Settings On the left menu, scroll to the bottom and click Settings.

  3. Click on “Advanced Features” This section contains some deeper options like system-level toggles, IGMP, and UPnP.

  4. Scroll to “Advanced Gateway Settings” You’ll find UPnP controls here, provided you have a UniFi Gateway on this network.

  5. Toggle “Enable UPnP” You’ll see a switch labeled Enable UPnP. Turn it on.

  6. Enable “Allow UPnP Port Mapping” (optional) This lets internal devices open ports as needed. If you’re using UPnP, this is usually what you want.

  7. Click Apply Don’t forget this part. Changes won’t take effect until you apply them.

Done. You’re good to go.

For the classic settings layout

Still running the older UI? No problem. Here’s how it works:

  1. Go to Settings In the old interface, this is in the bottom left corner.

  2. Click “Services” Then find UPnP in the tabs.

  3. Enable UPnP Tick the checkbox to turn it on.

  4. Allow Port Mapping Make sure this is enabled too.

  5. Save As always, hit save. Your devices can now start negotiating port mappings with the gateway.

How to check if UPnP is working

Once enabled, you might want to verify that it’s actually working. Here’s how:

  • Log into your UniFi Controller
  • Go to Devices > [Your Gateway]
  • Under Insights or Settings, look for active port forwards or UPnP activity

If you see a list of devices with ports mapped, UPnP is doing its thing.

Alternatively, you can check from a device side. On a PlayStation, for example, run the network test. It should show “NAT Type 2” if UPnP is working properly.

Security concerns with UPnP

UPnP opens up your gateway to dynamic port mapping. That’s helpful, but dangerous if misused. Devices inside your network could open ports to the internet that you didn’t expect.

Here’s what you can do to make UPnP safer:

  • Use it only when needed: Don’t just leave it on permanently. Disable it if your devices don’t need it anymore.
  • Separate VLANs: Don’t allow smart devices or guests on the same VLAN that has UPnP access.
  • Monitor: Check your controller now and then for strange port mappings.

If you want even tighter control, you might be better off disabling UPnP and manually configuring port forwards. It takes more work but reduces risk.

Common UPnP issues in UniFi and how to fix them

Even with UPnP enabled, things can still go wrong. Here are a few common problems and how to solve them:

“Double NAT” error

This happens when your UniFi Gateway is behind another router. Only one layer can handle NAT properly. If both your ISP modem and UniFi gateway are doing NAT, UPnP won’t work right.

Fix: Put your ISP modem in bridge mode, or set up DMZ forwarding to the UniFi gateway.

Devices not mapping ports

Sometimes a device just doesn’t request the port mappings it needs.

Fix: Make sure the device supports UPnP and that it’s on the same VLAN as your UniFi gateway.

UPnP enabled but nothing shows up

You turned it on, but the dashboard shows zero UPnP activity.

Fix: Reboot the device trying to use UPnP. Also try restarting the UniFi gateway.

Use cases where UPnP really shines

Here are some practical setups where UPnP saves time:

  • Gaming console in a shared home Rather than forwarding ports every time a new console joins the network, UPnP does it automatically.

  • VoIP setup in a small office SIP-based phones sometimes struggle without UPnP. Let them map their media ports as needed.

  • Plex media server Plex uses dynamic ports for remote access. If UPnP is enabled, you don’t need to open anything manually.

  • Remote desktop apps or peer-to-peer software Some remote access tools use dynamic ports and expect UPnP to be active.

Should you always use UPnP?

Not necessarily.

It’s handy and works well when you trust your network devices. But in more secure environments, or if you’re managing networks for clients, it’s better to handle port forwards manually or isolate UPnP use on a dedicated VLAN.

In short: if you’re running a home network, UPnP can save you a lot of trouble. If you’re running a business network, be more cautious.

Final thoughts

UPnP can make your UniFi network a lot smoother, especially when dealing with consumer electronics and services that need dynamic ports. It’s easy to enable from the UniFi Controller, just a few toggles and you’re set. But like anything that opens your firewall, use it with care.

If you’re running multiple sites or want someone else to handle UPnP, VLANs, firewall rules, and all the other tweaks, consider letting us at Unihosted take care of your UniFi controller. We keep it online, updated, and secured so you don’t have to think about it.