What is the right way to do this -
There is an main on premise Unifi server/controller running at 192.168.99.10. I need to allow remote owner Unifi gear in to see the controller for normal operation.
Here are the ports Unifi has identified as required. - that all makes sense.
https://help.ubnt.com/hc/en-us/articles/218506997-UniFi-Ports-Used
Should I create a NAT rule that points in-bound traffic (destination to the server) to those ports to that server address?
Is there any reason to create filter rules (TCP and UDP) to open up those ports?
It is ether one or the other but not both right? Thanks for any explanation.