I’ve been noticing how many devices have been opening up holes and ports in my network because I have UPnP enabled, and doing it in a fairly insecure fashion. I’m trying to clean this up and ended up turning off UPnP to limit devices from building their own port forwarding rules. However, the unintended consequence is that HA seems to be dependent somewhat on UPnP. Has anyone else run into this issue and found a workaround or another option? Also, outside of discovery of devices, are there other things I sacrifice with UPnP disabled as far as HA is concerned (or ESPHome, since I’m running a fair bit of those devices as well). Thanks!
I never enable UPnP because it will do exactly what you’ve noticed: It takes away your control of your network security.
For additional security I have split my network into several VLANs with firewall-rules controlling the flow of data between the VLANs and also have configured mDNS repeaters between the IoT-VLAN and the HA-server.
Most discoveries and integrations work out of the box for me.
There are a few integrations that are not auto-discovered so they require to be manually configured but that’s just a few.
I don’t see any dependency of HA and UPnP.
That’s excellent to know, thank you!