Usually the Ubiquiti Dream Machine Pro units are managed from the UI.COM interface.
However for external captive portals, it is a requirement to be able to access them via the WAN.
Here's how:
1) Create a new firewall rule
Create a new rule with these settings (two screenshots):
Lower part of screen:
The port group is simply ports 443 and 8443
IMPORTANT: Initially we recommend having action "Accept" on ALL protocols etc. When you have successfully connected, you can then look at locking down access to the desired external IPs.
2) Assign the rule
Then go to WAN LOCAL and add the rule you created above:
Click SAVE
You should now be able to access the controller via the external IP.