Default ports used by Security Center 5.12 - Familiarize yourself with the default network ports that must be opened to allow proper communication between the core systems and modules of Security Center. - Security Center 5.12

Product
Security Center
Content type
Version
5.12
Language
English
Last updated
2024-09-27

Default ports used by Security Center 5.12

Familiarize yourself with the default network ports that must be opened to allow proper communication between the core systems and modules of Security Center.

Information about firewalls

During the Security Center installation, you are given the option of allowing Security Center to create firewall rules for its applications. If you select this option, all Security Center applications are added as exceptions to the internal Windows firewall. However, you still must ensure that all the ports used by Security Center are open on your network.
IMPORTANT: Exposing Security Center to the internet is strongly discouraged without hardening your system first. Before exposing your system, implement the advanced security level described in the Security Center Hardening Guide to help protect your system from internet threats. Alternatively, use a trusted VPN for remote connections.

Ports used by core applications in Security Center

The following table lists the default network ports that must be opened to allow proper communication between the core applications and services in Security Center.

For a visual representation of the ports, see the Security Center Network Diagram - Platform.

Port usage Inbound port Outbound port Protocol Executable file
Directory
Server connections TCP 5500   TLS 1.2 Genetec.Directory.exe
Client connections   TCP 5500 TLS 1.2 SecurityDesk.exe

ConfigTool.exe
Config Tool
Communication with Directory   TCP 5500 TLS 1.2 GenetecServer.exe
Map download requests to Map Manager   TCP 8012 HTTPS GenetecMapManager.exe
  • Communication with Authentication role
  • Communication with GTAP for Genetec Advantage validation and feedback
   TCP 443 HTTPS

TLS 1.2

 ConfigTool.exe
Security Desk
Communication with Directory   TCP 5500 TLS 1.2 GenetecServer.exe
Map download requests to Map Manager   TCP 8012 HTTPS GenetecMapManager.exe
Communication with Authentication role   TCP 443 HTTPS

TLS 1.2

 SecurityDesk.exe
SDK
Communication between SDK application and Directory   TCP 5500 TLS 1.2 GenetecServer.exe
Map download requests to Map Manager   TCP 8012 HTTPS GenetecMapManager.exe
Active Directory
Active Directory with no SSL   TCP 389 HTTP GenetecActiveDirectory.exe
Active Directory with SSL   TCP 636 HTTPS GenetecActiveDirectory.exe
Global catalog with no SSL   TCP 3268 HTTP GenetecActiveDirectory.exe
Global catalog with SSL   TCP 3269 HTTPS GenetecActiveDirectory.exe
All roles
Communication between expansion server and Directory
NOTE: Previously port 4502. If port 4502 was the server port before upgrading from 5.3 or earlier, 4502 remains the server port after the upgrade.
 TCP 5500 TCP 5500 Genetec Inc. proprietary protocol GenetecServer.exe
Communication between Server Admin and REST1 TCP 80 TCP 80 HTTP GenetecInterface.exe
Secured REST access or Authentication role (OIDC/SAML2)1 TCP 443 TCP 443 HTTPS GenetecInterface.exe

GenetecAuth.exe
Connections to the SQL Database Engine hosted on another server.

Only required for roles that must connect to a database on another server. Not required if SQL Server is running on the same machine or if the role has no database.

   TCP 1433 Microsoft® Tabular Data Stream Protocol (TDS) Role-dependent
Connections to the SQL Server Browser service for SQL Server connection information.

Only required for roles that must connect to a named database instance on another server. Not required for roles configured to connect to their database using a specific port.

   UDP 1434 Microsoft SQL Server Resolution Protocol (SSRP) Role-dependent
Map Manager
Requests for map download from client applications1 TCP 8012   HTTPS GenetecMapManager.exe
Mobile Server
Communication from Mobile app to Mobile Server TCP 80, 443   HTTPS GenetecMobileRole.exe

GenetecMobileAgent.exe
Communication from Mobile Server to Media Gateway   TCP 80, 443 HTTPS GenetecMobileRole.exe

GenetecMobileAgent.exe
Adding mobile devices to an Archiver for video streaming and storage TCP 9000-10000   HTTP GenetecMobileRole.exe

GenetecMobileAgent.exe
Record Caching Service
Non-secured REST communication with Record Caching Service1 TCP 80 TCP 80 HTTP GenetecIngestion.exe
Secured REST access or Authentication role1 TCP 443 TCP 443 HTTPS GenetecIngestion.exe
Unit Assistant
Communication with devices TCP 5500 TCP 5500 Genetec Inc. proprietary protocol GenetecUnitAssistantRole.exe
Wearable Camera Manager
Communication with Axis SCU   TCP 48830 Genetec Clearance™ protocol GenetecBwcManagerRole.exe
Communication with Axis SCU (multiple roles on same server)   TCP 48831, 48832, 48833 Clearance protocol GenetecBwcAgentService.exe
Web App Server
Initial connection between server hosting Web App Server role and browser used for Genetec™ Web App
NOTE: Redirected to HTTPS port after initial connection.
 TCP 80 TCP 80 HTTP Genetec.WebApp.Console.exe
  • Connection between server hosting Web App Server role and browser used for Genetec Web App
  • Secured REST access or Authentication role1
TCP 443 TCP 443 HTTPS Genetec.WebApp.Console.exe
Genetec Web App stream requests to Media Gateway   TCP 443 HTTPS Genetec.WebApp.Console.exe
Web Client Server
Initial connection between server hosting Web Client Server role and browser used for Security Center Web Client
NOTE: Redirected to HTTPS port after initial connection.
 TCP 80 TCP 80 HTTP GenetecWebClient.exe
  • Connection between server hosting the Web Client Server role and the browser used for Security Center Web Client
  • Secured REST/Server Admin/ Authentication role communication1
TCP 443 TCP 443 HTTPS GenetecWebClient.exe
Security Center Web Client video requests to Media Gateway   TCP 443 HTTPS GenetecWebClient.exe
Genetec™ Update Service (GUS)
Communication between GUS Sidecar and GUS TCP 4596 TCP 4596 N/A GenetecUpdaterService.Sidecar.exe
Deprecated. Previously used to access the GUS web page. Redirects to TCP 4595 in the latest GUS version1 TCP 4594   N/A GenetecUpdateService.exe
Secure communication with the GUS web page, and other GUS servers1 TCP 4595 TCP 4595 HTTPS GenetecUpdateService.exe
Communication with Microsoft Azure and Genetec Inc.1 TCP 443 TCP 443 HTTPS GenetecUpdateService.exe

GenetecUpdaterService.Sidecar.exe
SQL Server
Connections to the SQL Database Engine from roles on other servers TCP 1433   Microsoft Tabular Data Stream Protocol (TDS) sqlservr.exe
Connections to the SQL Server Browser service for SQL Server connection information UDP 1434   Microsoft SQL Server Resolution Protocol (SSRP) sqlbrowser.exe
System Availability Monitor Agent (SAMA)
Communication with Security Center (Legacy)1   TCP 4592 HTTP Genetec.HealthMonitor.Agent.exe
Communication with Security Center servers1   TCP 443 HTTPS Genetec.HealthMonitor.Agent.exe
Connection to the Health Service in the cloud1   TCP 443 HTTPS Genetec.HealthMonitor.Agent.exe

1 These ports use Windows System components to handle HTTP requests. Microsoft components using http.sys require the following rule: dir="in" protocol="6" lport="<SPECIFY PORT USED HERE: CAN BE 80, 443, or CUSTOM>" binary="System".

2 TCP port 960 applies to new installations of Security Center 5.8 and later. In Security Center 5.6 and 5.7, TCP port 5004 was used instead of TCP port 960. Therefore, any system upgraded to 5.12 through 5.6 or 5.7 continues to use TCP port 5004.

Parent topic: Default ports used by Security Center 5.12

Ports used by AutoVu applications in Security Center

The following tables lists the default network ports that must be opened to allow proper communication between Security Center and external AutoVu™ components when AutoVu is enabled in your system.

For a visual representation of the ports, see the Security Center Network Diagram - ALPR.

IMPORTANT: Exposing the AutoVu system to the internet is strongly discouraged without hardening your system first. Before exposing your system, implement the advanced security level described in the Security Center Hardening Guide to help protect your system from internet-based threats.
Port usage Inbound port Outbound port Protocol Executable file
Sharp unit
SSH port for SharpOS 14 (optional) TCP 22   HTTP Sharp unit

Video port (Security Center extension HTTP)

Communication port (HTTP for SharpOS 12.7 and lower)

 TCP 80   HTTP Sharp unit
Secure port (LPM protocol, video, Genetec protocol) TCP 443   HTTPS Sharp unit
RTSP stream requests TCP 554

UDP 554

   RTSP Sharp unit
Appliance discovery service UDP 2728   UDP Sharp unit
RDP access port (optional) TCP 3389   TCP Sharp unit
Silverlight ports and image feed service (for Sharp models earlier than SharpV) TCP 4502-4534   HTTP Sharp unit
Control port (Mobile installation) TCP 4545   HTTP Sharp unit
Discovery port UDP 5000   UDP Sharp unit
Control port (Fixed installation) TCP 8001   HTTP Sharp unit
Cloud (PIP)   TCP 443 PIP Sharp unit
Syslog (on demand)   UDP 514   Sharp unit
LPM protocol communication   TCP 10001 HTTPS Sharp unit
Extensions
FTP file upload. Only used when the FTP extension is configured.   TCP 21 FTP Sharp unit
HTTP file upload. Only used when the HTTP extension is configured.   Any port HTTP\HTTPS Sharp unit
ALPR Manager
Genetec Patroller™ communication and fixed Sharp units (not used for LPM protocol connections) TCP 8731   HTTP GenetecLicensePlateManager.exe
LPM protocol listening port TCP 10001   HTTPS GenetecLicensePlateManager.exe
Secure communication port for DataExporter   TCP 443 HTTPS GenetecLicensePlateManager.exe
Fixed Sharp unit discovery   UDP 5000 N/A GenetecLicensePlateManager.exe
RabbitMQ communication port when used by DataExporter (optional)   TCP 5671 HTTPS GenetecLicensePlateManager.exe
Sharp control port (used for Live connections, not LPM protocol connections)   TCP 8001 HTTP GenetecLicensePlateManager.exe
Communication with Pay-by-Plate Sync plugin   TCP 8787 HTTP GenetecLicensePlateManager.exe
  TCP 8788 HTTPS GenetecLicensePlateManager.exe
Archiver1
Default Media Router RTSP port TCP 554   RTSP GenetecArchiverAgent32.exe
Default Archiver port TCP 555   RTSP GenetecArchiverAgent32.exe
Patroller (in-vehicle computer)
Communication with mobile Sharp units TCP 4545   HTTP Patroller.exe
Time synchronization service for Sharp units TCP 4546   SNTP Patroller.exe
Communication with Simple Host TCP 8001   HTTP Patroller.exe
Communication with Pay-by-Plate Sync plugin TCP 8787   HTTP Patroller.exe
Communication with Curb Sense and Plate Link   TCP 443 HTTPS Patroller.exe
Communication with mobile Sharp units   TCP 4545 HTTPS Patroller.exe
Sharp camera discovery   UDP 5000 UDP Patroller.exe

PatrollerConfigTool.exe
ALPR Manager connection   TCP 8731 HTTP and message-level encryption Patroller.exe
Pay-by-Plate Sync
Communication with Free-Flow and Patroller TCP 8787   HTTP GenetecPlugin.exe for Pay-by-Plate Sync
Secure communication with Free-Flow TCP 8788   HTTPS GenetecPlugin.exe for Pay-by-Plate Sync
Communication with Free-Flow and Patroller   TCP 8787 HTTP GenetecPlugin.exe for ALPR Manager
Secure communication with Free-Flow   TCP 8788 HTTPS GenetecPlugin.exe for ALPR Manager

1 You can also add a SharpV to Security Center as a standard video unit using separate Archiver and Media Router roles. For more information on adding a video unit, see Ports used by Omnicast applications in Security Center.

Parent topic: Default ports used by Security Center 5.12

Ports used by Omnicast applications in Security Center

The following table lists the default network ports that must be opened to allow proper communication between Security Center and external IP video devices when Omnicast™ is enabled in your system.

For a visual representation of the ports, see the Security Center Network Diagram - Video.

Port usage Inbound port Outbound port Protocol Executable file
Archiver
Communication with Cloud Storage   TCP 804, 4434 HTTPS

TLS 1.2

 GenetecArchiverAgent32.exe
Communication with Media Router   TCP 554 RTSP over TLS when secure communication enabled GenetecArchiverAgent32.exe
Live and playback stream requests TCP 5551   RTSP over TLS when secure communication enabled GenetecArchiverAgent32.exe
Edge playback stream requests TCP 6051   RTSP GenetecVideoUnitControl32.exe
Mobile device streaming through the Mobile Server   TCP 9000-10000 HTTP GenetecVideoUnitControl32.exe
Communication between the primary Archiver and backup servers TCP 5500 TCP 5500 TLS 1.2 GenetecArchiver.exe

GenetecArchiverAgent32.exe

GenetecVideoUnitControl32.exe
Telnet console connection requests TCP 56021   Telnet GenetecArchiverAgent32.exe
Live unicast stream requests from IP cameras UDP 15000–199992   SRTP when using encryption in transit from Archiver or in transit and at rest GenetecVideoUnitControl32.exe
Live video and audio multicast stream requests UDP 47806, 47807 UDP 47806, 47807 SRTP when using encryption in transit from Archiver or in transit and at rest GenetecArchiverAgent32.exe

GenetecVideoUnitControl32.exe
Connection to the Wearable Camera Manager API TCP 48831-48833      
Vendor-specific ports for cameras TCP & UDP TCP

Common ports include:

  • TCP 80
  • TCP 443
  • TCP 554
  • TCP 322
  • TCP 80: HTTP
  • TCP 443: HTTPS
  • TCP 554: RTSP
  • TCP 322: RTSP over TLS when secure communication enabled
 GenetecVideoUnitControl32.exe
Redirector
Live and playback stream requests TCP 560   RTSP over TLS when secure communication enabled GenetecRedirector.exe
Communication with Media Router (Security Center Federation™)   TCP 554 RTSP over TLS when secure communication enabled GenetecRedirector.exe
Communication with Archiver   TCP 555 RTSP over TLS when secure communication enabled GenetecRedirector.exe
Communication with Auxiliary Archiver   TCP 558 RTSP over TLS when secure communication enabled GenetecRedirector.exe
Cloud playback requests   TCP 5704 RTSP over TLS when secure communication enabled GenetecRedirector.exe
Edge playback stream requests   TCP 605 RTSP over TLS when secure communication enabled GenetecRedirector.exe
Communication with Privacy Protector™   TCP 754 RTSP over TLS when secure communication enabled GenetecRedirector.exe
Stream requests to other redirectors   TCP 560 RTSP over TLS when secure communication enabled GenetecRedirector.exe
Media transmission to client applications TCP 9603 UDP 6000-6500

TCP 9603

SRTP when using encryption in transit from Archiver or in transit and at rest GenetecRedirector.exe
Media transmission to other redirectors UDP 8000–12000 UDP 8000–12000 SRTP when using encryption in transit from Archiver or in transit and at rest GenetecRedirector.exe
Live video and audio multicast stream requests UDP 47806, 47807 UDP 47806, 47807 SRTP when using encryption in transit from Archiver or in transit and at rest GenetecRedirector.exe
Live video multicast stream request (Security Center Federation™) UDP 65246 UDP 65246 SRTP when using encryption in transit from Archiver or in transit and at rest GenetecRedirector.exe
Auxiliary Archiver
Live and playback stream requests TCP 558   RTSP over TLS when secure communication enabled GenetecAuxiliaryArchiver.exe
Unicast media stream requests UDP 6000-6500   SRTP when using encryption in transit from Archiver or in transit and at rest GenetecAuxiliaryArchiver.exe
Live video and audio multicast stream requests UDP 47806, 47807   SRTP when using encryption in transit from Archiver or in transit and at rest GenetecAuxiliaryArchiver.exe
Live video multicast stream requests (Security Center Federation™) UDP 65246   SRTP when using encryption in transit from Archiver or in transit and at rest GenetecAuxiliaryArchiver.exe
Live stream requests   TCP 554, 555, 560 RTSP over TLS when secure communication enabled GenetecAuxiliaryArchiver.exe
Media transmission   TCP 9603 SRTP when using encryption in transit from Archiver or in transit and at rest GenetecAuxiliaryArchiver.exe
Cloud Playback
Live and playback stream requests from within Security Center TCP 570   RTSP over TLS when secure communication enabled GenetecCloudPlaybackRole.exe

GenetecCloudPlaybackAgent.exe
Communication with Cloud Storage   TCP 80, 443 TLS 1.2 GenetecCloudPlaybackRole.exe

GenetecCloudPlaybackAgent.exe
Media Router
Live and playback stream requests TCP 554   RTSP over TLS when secure communication enabled GenetecMediaRouter.exe
Federated Media Router stream requests   TCP 554 RTSP over TLS when secure communication enabled GenetecMediaRouter.exe
Communication with redirectors TCP 5500 TCP 5500 TLS 1.2 GenetecMediaRouter.exe
Media Gateway
Live and playback stream requests from RTSP clients TCP 654   RTSP over TLS when secure communication enabled Genetec.MediaGateway.exe
Live and playback stream requests from Mobile, Web Client, or Web App TCP 80, 443  
  • TCP 80: HTTP
  • TCP 443: HTTPS
 Genetec.MediaGateway.exe
Communication between the Media Gateway agents and the Media Gateway role TCP 5500 TCP 5500 TLS 1.2 Genetec.MediaGateway.exe
Live video unicast stream requests UDP 6000-6500   SRTP when using encryption in transit and at rest Genetec.MediaComponent32.exe
Live video and audio multicast stream requests UDP 47806, 47807 UDP 51914 SRTP when using encryption in transit from Archiver or in transit and at rest Genetec.MediaComponent32.exe
Live video multicast streaming (Security Center Federation™) UDP 65246   SRTP when using encryption in transit from Archiver or in transit and at rest Genetec.MediaComponent32.exe
Live and playback stream requests   TCP 554, 555, 558, 560, 605 RTSP over TLS when secure communication enabled Genetec.MediaComponent32.exe
Media transmission   TCP 9603 SRTP when using encryption in transit from Archiver or in transit and at rest GenetecAuxiliaryArchiver.exe
Cloud playback requests   TCP 5704 RTSP over TLS when secure communication enabled Genetec.MediaComponent32.exe
Security Center Federation™
Connection to remote Security Center systems   TCP 5500 TLS 1.2 GenetecSecurityCenterFederation.exe
Live and playback stream requests TCP 554, 560, 9603 TCP 554, 560, 9603 RTSP over TLS when secure communication enabled Genetec.Media Component32.exe
Security Desk
Unicast UDP live stream requests UDP 6000–6200   SRTP when using encryption in transit from Archiver or in transit and at rest SecurityDesk.exe

Genetec.MediaComponent32.exe
Live video and audio multicast stream requests UDP 47806, 47807   SRTP when using encryption in transit from Archiver or in transit and at rest SecurityDesk.exe

Genetec.MediaComponent32.exe
Live video multicast stream requests (Security Center Federation™) UDP 65246   SRTP when using encryption in transit from Archiver or in transit and at rest SecurityDesk.exe

Genetec.MediaComponent32.exe
Live and playback stream requests from RTSP clients   TCP 554, 555, 558, 560, 605 RTSP over TLS when secure communication enabled SecurityDesk.exe

Genetec.MediaComponent32.exe
Media transmission   TCP 9603 SRTP when using encryption in transit from Archiver or in transit and at rest SecurityDesk.exe

Genetec.MediaComponent32.exe
Cloud playback requests   TCP 5704 RTSP over TLS when secure communication enabled SecurityDesk.exe

Genetec.MediaComponent32.exe
Config Tool
Unicast UDP live stream requests UDP 6000–6200   SRTP when using encryption in transit from Archiver or in transit and at rest ConfigTool.exe

Genetec.MediaComponent32.exe
Live video and audio multicast stream requests UDP 47806, 47807   SRTP when using encryption in transit from Archiver or in transit and at rest ConfigTool.exe

Genetec.MediaComponent32.exe
Live video multicast stream requests (Security Center Federation™) UDP 65246   SRTP when using encryption in transit from Archiver or in transit and at rest ConfigTool.exe

Genetec.MediaComponent32.exe
Live and playback stream requests from RTSP clients   TCP 554, 555, 560 RTSP over TLS when secure communication enabled ConfigTool.exe

Genetec.MediaComponent32.exe
Media transmission   TCP 9603 SRTP when using encryption in transit from Archiver or in transit and at rest ConfigTool.exe

Genetec.MediaComponent32.exe
Unit discovery with the Unit enrollment tool   Vendor-specific TCP and UDP ports Vendor-specific ConfigTool.exe

Genetec.MediaComponent32.exe
Cloud Storage reporting and configuration   TCP 804, 4434 HTTP ConfigTool.exe
SQL Server
Incoming connections to the SQL Database Engine from the Media Router, Auxiliary Archiver, and Directory. TCP 1433   Microsoft Tabular Data Stream Protocol (TDS) sqlservr.exe
Incoming connections to the SQL Server Browser service for SQL Server connection information UDP 1434   Microsoft SQL Server Resolution Protocol (SSRP) sqlbrowser.exe

1 Applies to servers hosting one Archiver role. If multiple Archiver roles are hosted on the same server, each additional role uses the next free port.

2 You can have multiple Archiver agents on the same server. Each Archiver agent assigns a unique UDP port to each video unit that it controls. To ensure that the UDP port assignment on a server is unique, each additional Archiver agent on the same server adds 5000 to its starting UDP port number. For example, the first Archiver agent uses ports 15000-19999, the second one uses ports 20000-24999, the third one uses ports 25000-29999, and so on.
NOTE: You can manually assign live streaming reception UDP ports from the Resource tab of the Archiver role.

3 TCP port 960 applies to new installations of Security Center 5.8 and later. In Security Center 5.6 and 5.7, TCP port 5004 was used instead of TCP port 960. Therefore, any system upgraded to 5.12 through 5.6 or 5.7 continues to use TCP port 5004.

4 In the context of Cloud Storage, ports TCP 80, 443, and 570 are only used when Cloud Storage is enabled.

Parent topic: Default ports used by Security Center 5.12

Ports used by KiwiVision modules in Security Center

The following tables list the default network ports that must be opened to allow proper communication between Security Center and external IP video devices when KiwiVision™ is enabled in your system.

For a visual representation of the ports, see the Security Center Network Diagram - KiwiVision.

KiwiVision Privacy Protector™ and KiwiVision Camera Integrity Monitor modules

Port usage Inbound port Outbound port Protocol Executable file
Live stream requests TCP 754   RTSP over TLS when using Secure communication Genetec.MediaProcessor.exe
Live video unicast stream requests UDP 7000-7500   SRTP when using encryption in transit from Archiver or in transit and at rest Genetec.MediaProcessor.exe
Live video multicast stream requests UDP 47806 UDP 47806 SRTP when using encryption in transit from Archiver or in transit and at rest Genetec.MediaProcessor.exe
Live video multicast stream requests (Security Center Federation™) UDP 65246 UDP 65246 SRTP when using encryption in transit from Archiver or in transit and at rest Genetec.MediaProcessor.exe
Live and playback stream requests   TCP 554, 555, 560 RTSP over TLS when using Secure communication Genetec.MediaProcessor.exe
Media transmission   TCP 9601 SRTP when using encryption in transit from Archiver or in transit and at rest Genetec.MediaProcessor.exe
Communication with Directory TCP 5500 TCP 5500 TLS 1.2 Genetec.MediaProcessor.exe

KiwiVision Security video analytics and KiwiVision People Counter modules

Port usage Inbound port Outbound port Protocol Executable file
KiwiVision Manager
Communication with KiwiVision Manager database   TCP 1433 Microsoft Tabular Data Stream Protocol (TDS) GenetecPlugin.exe
  UDP 1434 Microsoft SQL Server Resolution Protocol (SSRP) GenetecPlugin.exe
Communication with Directory TCP 5500 TCP 5500 TLS 1.2 GenetecPlugin.exe
KiwiVision Analyzer
Live video unicast stream requests UDP 6000–6500   SRTP when using encryption in transit from Archiver or in transit and at rest GenetecPlugin.exe Genetec.MediaComponent32.exe
Live video multicast stream requests UDP 47806   SRTP when using encryption in transit from Archiver or in transit and at rest GenetecPlugin.exe Genetec.MediaComponent32.exe
Live video multicast stream requests (Security Center Federation™) UDP 65246   SRTP when using encryption in transit from Archiver or in transit and at rest GenetecPlugin.exe Genetec.MediaComponent32.exe
Live and playback stream requests   TCP 554, 560, 9601 RTSP over TLS when using Secure communication GenetecPlugin.exe Genetec.MediaComponent32.exe
Communication with KiwiVision Manager database   TCP 1433 Microsoft Tabular Data Stream Protocol (TDS) GenetecPlugin.exe
  UDP 1434 Microsoft SQL Server Resolution Protocol (SSRP) GenetecPlugin.exe
Communication with Directory TCP 5500 TCP 5500 TLS 1.2 GenetecPlugin.exe
SQL Server
Incoming connections to the SQL Database Engine from KiwiVision Manager and Analyzer roles on other servers TCP 1433   Microsoft Tabular Data Stream Protocol (TDS) sqlservr.exe
Incoming connections to the SQL Server Browser service for SQL Server connection information UDP 1434   Microsoft SQL Server Resolution Protocol (SSRP) sqlbrowser.exe

1 TCP port 960 applies to new installations of Security Center 5.8 and later. In Security Center 5.6 and 5.7, TCP port 5004 was used instead of TCP port 960. Therefore, any system upgraded to 5.12 through 5.6 or 5.7 continues to use TCP port 5004.

Parent topic: Default ports used by Security Center 5.12

Ports used by Synergis applications in Security Center

The following table lists the default network ports that must be opened to allow proper communication between Security Center and external IP access control devices when Synergis™ is enabled in your system.

For a visual representation of the ports, see the Security Center Network Diagram - Access control.
Port usage Inbound port Outbound port Protocol Executable file
Access Manager
Synergis extension - discovery   UDP 2000 Genetec Inc. proprietary protocol GenetecAccessManager.exe
Secure communication with Synergis units and HID units   TCP 443 HTTPS

TLS 1.2

 GenetecAccessManager.exe
HID extension - FTP data and command1 TCP 20 TCP 21 FTP GenetecAccessManager.exe
HID extension - SSH1   TCP 22 SSH GenetecAccessManager.exe
HID extension - Telnet1   TCP 23 Telnet GenetecAccessManager.exe
HID extension - HTTP communication   TCP 80 HTTP GenetecAccessManager.exe
HID extension - VertX OPIN protocol   TCP 4050/44332
  • TCP 4050: Proprietary
  • TCP 4433: HTTPS

    TLS 1.2

 GenetecAccessManager.exe
HID extension - VertX discovery3 UDP 4070 UDP 4070 N/A GenetecAccessManager.exe
Remote syslog server4 UDP 514   N/A GenetecAccessManager.exe
Global Cardholder Synchronizer
Connection to sharing host   TCP 5500 TLS 1.2 GenetecGlobalCardholderManagement.exe
Mobile Credential Manager
Secure communication (HTTPS) with the portal of the mobile credential provider
NOTE: Security Desk, Config Tool, and the Mobile Credential Manager role all need access to the following URLs:

https://api.origo.hidglobal.com

https://ma.api.assaabloy.com/credential-management/

  TCP 443 HTTPS

TLS 1.2

 GenetecMobileCredentialManager.exe

1 Not used if HID units are configured with Secure mode. As a best practice, enable secure mode on all HID units.

2 Legacy HID units or EVO units running a firmware version earlier than 3.7 use port 4050. HID EVO units running in secure mode with firmware 3.7 and later user port 4433.

3 The discovery port of an HID unit is fixed at 4070. After it is discovered, the unit is assigned to an Access Manager that uses the ports shown in the previous table to control it.

For more information about initial HID hardware setup, download the documentation from http://www.HIDglobal.com.

4 Starting in Security Center 5.10.1.0, this port is no longer enabled by default.

Parent topic: Default ports used by Security Center 5.12
Browse

Ports used by intrusion-detection applications in Security Center

Default network ports must be opened to allow proper communication between Security Center and intrusion panels through intrusion panel extensions.

For the list of ports required for your intrusion detection system, refer to the following:
Parent topic: Default ports used by Security Center 5.12

Ports used by Sipelia modules in Security Center

For proper communication between Security Center and external IP video devices when Sipelia™ is enabled in your system, you must open the default network ports.

Default ports for Sipelia Server

IMPORTANT: When configuring ports, ensure that the ports are open and not used by another application on the same workstation. For example, if Sipelia Server is installed on the same machine that hosts the Genetec™ Server, you can’t use a port that is already used by Security Center or another application.
Port usage Inbound port Outbound port Protocol Description
SIP port UDP 5060   SIP The port used to enable the SIP protocol on Sipelia Server. The SIP port is the basis of all SIP communication in Sipelia. The default value is 5060. Every SIP endpoint, such as softphones and SIP intercoms, that needs to connect to the Sipelia Server must have this port value in their respective configurations.
SIP trunks port UDP 5060   SIP The port used by the SIP trunk to communicate with the Sipelia Server. Because SIP trunks are SIP servers, the default value is 5060.

SIP trunks are needed if you have a device that is connected to an external IP PBX, and you want to connect this device to Sipelia.

SIP TCP port TCP 5060   SIP The port used by Sipelia for SIP communication over TCP. This value must be in the configuration of every SIP endpoint that needs to connect to the Sipelia Server using TCP.

TCP for SIP communication is disabled by default.
SIP secure port TCP 5061   SIP (TLS) The port that Sipelia uses for secure connections. You must configure TLS in Config Tool to display the secure port. You can use a softphone or an intercom to connect to your SIP server in TLS.
NOTE: The SIP device must trust the Server Admin certificate.
Session transfer port TCP 8202   TLS The port that Sipelia Server uses to download recordings of call sessions to the Call report task in Security Desk. The default value is 8202. If there are issues with this port number, you can enter another applicable value.
UDP port range UDP 20000 to 20500 UDP 20000 to 20500 RTP The port range for the User Datagram Protocol (UDP). Different SIP clients use the UDP ports to send and receive communication data. The default range is from 20000 to 20500. Change the default settings only if Sipelia logs any port-related issues about making or receiving calls with Security Desk.

The UDP port range used by Sipelia Server is set with the MinimumPortRange and MaximumPortRange properties found in C:\ProgramData\Genetec Sipelia\SipServer\SipServer.config.

NOTE: Depending on the intercom device configuration, other outbound ports can be used.

The executable file for Sipelia Server ports is GenetecPlugin32.exe.

Default ports for Sipelia Client

IMPORTANT: When configuring ports, make sure that the ports are open and that they aren’t being used by another application on the same workstation.
Port usage Inbound port Outbound port Protocol Description
SIP port   UDP 5060 SIP The port used to enable the SIP protocol on Sipelia™ Client. This port is used for all basic SIP protocol communication.

The default value is 5060. This value is retrieved from the Sipelia Server and can’t be changed on the Client side.
SIP TCP port   TCP 5060 SIP  
SIP secure port   TCP 5061 SIP (TLS)  
Session transfer port   TCP 8202 TLS  
UDP port range UDP 20000 to 20500 UDP 20000 to 20500 SIP or RTP The port range for the User Datagram Protocol (UDP). Different SIP clients use the UDP ports to send and receive communication data. The default range is from 20000 to 20500. Change the default settings only if Sipelia logs any port-related issues about making or receiving calls with Security Desk.

You can change the UDP port range by clicking Options > Sipelia > Advanced in Security Desk.

The executable file for Sipelia Client ports is SecurityDesk.exe.

Default ports for Sipelia Gateway role

Port usage Inbound port Outbound port Protocol Description
WebRTC port range   UDP 49152 to 65535 WebRTC The WebRTC protocol uses the default dynamic port range of Windows servers. The default range is from 49152 to 65535.

The WebRTC port range used by Sipelia Gateway is set with the Min.PortRange and Max.PortRange properties found in C:\ProgramData\Genetec Sipelia\CallService.appsettings.json

STUN servers   UDP 443, 3478, 19302 STUN If your mobile phone or Web App communicates with the server through a NAT, the following UDP ports and URLs need to be reachable from the Sipelia Gateway server:
  • stun:turn.video.geneteccloud.com:443
  • stun:stun.freeswitch.org:3478
  • stun:stun.l.google.com:19302
  • stun:global.stun.twilio.com:3478
TURN server   UDP 80 (depends on the provider) TURN If your mobile phone or Web App communicates with the server through the internet without a VPN, configure a TURN server to be reachable from the Sipelia Gateway. Sipelia doesn’t provide a TURN server by default. You must obtain a TURN account and configure it by clicking System > Roles > Sipelia Gateway > Properties in Config Tool.
Web API port 7550   HTTPS The port used by the Mobile Server and Web App Server to communicate with the Sipelia Gateway. The default value is 7550. This value can be changed in C:\ProgramData\Genetec Sipelia\WebApi.appsettings.json.

The executable file for Sipelia Gateway ports is GenetecPlugin.exe.

Parent topic: Default ports used by Security Center 5.12