Connecting to Security Center from a Remote Client Workstation - To connect remote clients to a single Security Center server from the internet, you must configure your network to allow proper communication between the client software and the server. - Security Center 5.9 - 5.13

Product
Security Center
Version
5.13
5.12
5.11
5.10
5.9
Language
English
Last updated
2023-08-25

Connecting to Security Center from a remote client workstation

To connect remote clients to a single Security Center server from the internet, you must configure your network to allow proper communication between the client software and the server.

Before you begin

Exposing Security Center to the internet is strongly discouraged without hardening your system first. Before exposing your system, implement the advanced security level described in the Security Center Hardening Guide to help protect your system from internet threats. Alternatively, use a trusted VPN for remote connections.

If the Capabilities of your Default network in the Security Center Network view has been changed from Unicast TCP, your configuration might not be compatible with this procedure.

What you should know

This topic is written for certified network technicians and IT support personnel. Readers must be familiar with the network hosting Security Center and have experience working with the associated network peripherals.
IMPORTANT: This procedure is only intended for single-server deployments. If more than one server is listed in your Server Admin, you might require additional steps that are outside the scope of this topic.

Procedure

  1. On the Security Center network, log on to the internet-connected router and enable port forwarding:
    NOTE: Each router is slightly different. For the precise location and instructions, consult the documentation for your router.
    1. On the router, navigate to the Port Forwarding section.
    2. Enable forwarding of the following default ports:
      • TCP 5500 for client connections
      • TCP 554, 560, and 960 for live and playback video
      • TCP 443 if you are using OpenID or SAML

      TCP port 960 applies to new installations of Security Center 5.8 and later. In Security Center 5.6 and 5.7, TCP port 5004 was used instead. If any of your Security Center ports have been customized, you must modify this configuration accordingly. For more information on the ports required by Security Center, refer to Default ports used by Security Center.

    3. For the local destination, enter the internal IP address of the main server.
    4. Apply your changes.
  2. On the Security Center server, open Windows Firewall with Advanced Security.
  3. Ensure that the Windows Firewall is configured to allow inbound connections on TCP port 554, 560, 5004, and 5500.
    NOTE: If you allowed Security Center to create firewall rules automatically during installation, no additional configuration is needed.
  4. Configure the Security Center for remote access:
    1. Open Server Admin and select the main server.
    2. Under Network, populate the Public address field with the public IP address of your internet-connected router, and enable Proxy.
      NOTE: The external IP address of your router is available on the router’s configuration web page. For the precise location, consult the documentation for your router.
    3. Click Save.
    Remote connectivity is now enabled. When connecting remotely with Security Desk or Config Tool, enter the external IP address of your router in the Directory field.