Which firewall ports are used in Security Center 5.8?
Answer: There are many ports used Security Center. Because Security Center is a unified platform that integrates all of Genetec™ products, the list of ports is quite extensive. As a result, it is recommended to familiarize yourself with the ports used by the various core systems and modules of Security Center.
Firewall ports used by core applications in Security Center
For Security Center to work properly, you need to create firewall rules to allow proper communication between the various services.
The following table lists the default network ports used by core applications in Security Center. To view the network diagram, click here.
Application | Inbound | Outbound | Port usage |
---|---|---|---|
Directory | TCP 5500 | Client connections | |
Client applications (Security Desk, Config Tool, SDK) | TCP 5500 | Genetec™ Server/Directory communication | |
TCP 8012 | Map download requests to Map Manager (HTTPS) | ||
Client applications (Config Tool) | TCP 443 | Communication with GTAP for Genetec™ Advantage validation and feedback (HTTPS) | |
Client applications (Security Desk, Config Tool) | TCP 443 | Secured communication with the portal of the mobile credential provider (HTTPS) | |
All roles (new installation) | TCP 5500 | TCP 5500 | Genetec™ Server/Directory communication |
TCP 4502 | TCP 4502 | Genetec™ Server communication (backward compatibility with Security Center 5.3 and earlier) | |
TCP 80 | TCP 80 | REST/Server Admin communication (HTTP) | |
TCP 443 | TCP 443 | Secured REST/Server Admin communication (HTTPS) | |
All roles (upgraded from 5.3 and earlier) | TCP 4502 | TCP 4502 | If 4502 was the server port before the upgrade, then 4502
remains the server port after the upgrade, and 4503 is used for backward
compatibility. If another port was used as server port before the upgrade, then that same port is kept as server port after the upgrade. 4502 is then used for backward compatibility, and 4503 is not necessary. |
TCP 4503 | TCP 4503 | ||
Intrusion Manager | TCP 3001 | TCP 3001 | Communication with Bosch intrusion panels |
Map Manager | TCP 8012 | Map download requests from client application (HTTPS) | |
Mobile Server | TCP 443 | Communication from mobile clients. | |
Genetec™ Update Service (GUS) | TCP 4595 | TCP 4595 | Communication with other GUS servers |
TCP 443 | TCP 443 | Communication with Azure and Genetec Inc. (HTTPS) | |
System Availability Monitor Agent (SAMA) | TCP 4592 | Connection from Security Center servers | |
TCP 443 | Connection to the Health Service in the Cloud (HTTPS) |
Firewall ports used by AutoVu™ applications in Security Center
When AutoVu™ is enabled in your system, you need to create additional firewall rules to allow proper communication between Security Center and external AutoVu™ components.
The following table lists the default network ports used by AutoVu™ applications in Security Center. To view the network diagram, click here.
Application | Inbound | Outbound | Port usage |
---|---|---|---|
LPR Manager | UDP 5000 | Fixed Sharp unit discovery | |
TCP 8731 | Fixed Sharp units and Genetec Patroller™ installations | ||
TCP 8787 | Pay-by-Plate (plugin installed separately) | ||
TCP 8832 | Updater service | ||
TCP 9001 | LPM protocol listening port | ||
TCP 8001 | Sharp control port (used for Live connections, not LPM protocol connections). | ||
TCP 2323 | Sharp unit configuration (HTTP) | ||
Flexreader™ (Sharp unit) | TCP 80 | Video port (Security Center extension HTTP) | |
TCP 443 | Video port (Security Center extension HTTPS) | ||
TCP 2323 | Extension configuration service (HTTP) | ||
TCP 4502-4534 | Silverlight ports and image feed service (for Sharp models earlier than SharpV) | ||
TCP 4545 | Control port (Mobile installation) | ||
UDP 5000 | Discovery port | ||
TCP 8001 | Control port (Fixed installation) | ||
TCP 21 | FTP file upload | ||
TCP 8666 | Communication with Updater Service | ||
Portal Server (Sharp unit) | TCP 80 | Communication port (HTTP) | |
TCP 443 | Secure communication port (HTTPS) | ||
Updater service (Sharp unit and in-vehicle computer) | TCP 8666 | Communication with Flexreader™ (greetings only) | |
TCP 8889 | TCP 8899 | Communication with Genetec Patroller™ Updater | |
TCP 8832 | Communication with LPR Manager | ||
Genetec Patroller™ (in-vehicle computer) | TCP 4546 | Communication with Time server | |
TCP 8001 | Communication with Simple Host | ||
UDP 5000 | Sharp camera discovery | ||
TCP 8666 | Communication with Updater Service (greetings only) | ||
TCP 8731 | LPR Manager connection |
Firewall ports used by Omnicast™ applications in Security Center
When Omnicast™ is enabled in your system, you need to create additional firewall rules to allow proper communication between Security Center and external IP video devices.
The following table lists the default network ports used by Omnicast™ applications in Security Center. To view the network diagram, click here.
Application | Inbound | Outbound | Port usage |
---|---|---|---|
Archiver | TCP 5551 | Live and playback stream requests | |
TCP 6051 | Edge playback stream requests | ||
TCP 56021 | Telnet console connection requests | ||
UDP 6000-6500 | Audio from client applications | ||
UDP 15000–199992 | Live unicast streaming from IP cameras | ||
UDP 47806, 47807 | UDP 47806, 47807 | Live video and audio multicast streaming | |
TCP & UDP | Vendor specific ports for events and IP camera discovery | ||
TCP 80 | HTTP port | ||
TCP 443 | HTTPS port | ||
TCP 554 | RTSP port | ||
Redirector | TCP 560, 9603 | Live and playback stream requests | |
TCP 554 | Communication with Media Router (Security Center Federation™) | ||
TCP 555 | Communication with Archiver | ||
TCP 558 | Communication with Auxiliary Archiver | ||
TCP 560, 9603 | Stream requests to other redirectors | ||
UDP 6000-6500 | Media transmission to client applications | ||
UDP 8000–12000 | UDP 8000–12000 | Media transmission to other redirectors | |
UDP 47806, 47807 | UDP 47806, 47807 | Live video and audio multicast streaming | |
UDP 65246 | UDP 65246 | Live video multicast streaming (Security Center Federation™) | |
Auxiliary Archiver | TCP 558 | Live and playback stream requests | |
UDP 6000-6500 | Unicast media streams | ||
UDP 47806, 47807 | Live video and audio multicast streaming | ||
UDP 65246 | Live video multicast streaming (Security Center Federation™) | ||
TCP 554, 560, 9603 | Playback stream requests | ||
Media Router | TCP 554 | Live and playback stream requests | |
TCP 554 | Federated Media Router stream requests | ||
Media Gateway | TCP 654 | Live and playback stream requests | |
TCP 80, 443 | Incoming stream requests from mobile and web clients | ||
UDP 6000-6500 | Live video unicast streams | ||
UDP 47806, 47807 | UDP 51914 | Live video and audio multicast streaming | |
TCP 554, 560, 9603 | Live and playback video requests | ||
Media processing applications (Privacy Protector™ and Camera integrity monitor) | TCP 754 | Live video requests | |
UDP 7000-7500 | Live video unicast streams | ||
UDP 47806 | Live video multicast streaming | ||
UDP 65246 | Live video multicast streaming (Security Center Federation™) | ||
TCP 554, 560, 9603 | Live and playback video requests | ||
Omnicast™ Federation™ | TCP 5001-5002 | Connection to remote Omnicast™ 4.x systems. | |
Client applications (Security Desk and Config Tool) | UDP 6000–6200 | Unicast media streams | |
UDP 47806, 47807 | Live video and audio multicast streaming | ||
UDP 65246 | Live video multicast streaming (Security Center Federation™) | ||
TCP 554, 560, 9603 | Live and playback video and audio requests | ||
Client application (Config Tool) | Vendor-specific TCP and UDP ports | Unit discovery with the Unit enrollment tool |
1 Applies to servers hosting one Archiver role. If multiple Archiver roles are hosted on the same server, each additional role uses the next free port.
3 TCP port 960 applies to new installations of Security Center 5.8, and upgrades from Security Center 5.5 to 5.8. Systems upgraded from Security Center 5.6 and Security Center 5.7 will continue to use TCP port 5004.
Firewall ports used by Synergis™ applications in Security Center
When Synergis™ is enabled in your system, you need to create additional firewall rules to allow proper communication between Security Center and external IP access control devices.
The following table lists the default network ports used by Synergis™ applications in Security Center. To view the network diagram, click here.
Application | Inbound | Outbound | Port usage |
---|---|---|---|
Access Manager | UDP 2000 | Synergis™ extension - discovery | |
TCP 443 | Secure communication with Synergis™ units and HID units (HTTPS) | ||
TCP 20 | TCP 21 | HID extension - FTP data and command1 | |
TCP 22 | HID extension - SSH1 | ||
TCP 23 | HID extension - Telnet1 | ||
TCP 80 | HID extension - HTTP communication | ||
TCP 4050/44332 | HID extension - VertX OPIN protocol | ||
TCP/UDP 4070 | TCP/UDP 4070 | HID extension - VertX discovery3 | |
TCP/UDP | Vendor-specific ports for events and discovery from IP access control device | ||
Synergis™ Softwire (Synergis™ unit) | TCP 80 | TCP 80 | Communication port (HTTP) |
TCP 443 | TCP 443 | Secure communication port (HTTPS) | |
AutoVu™ SharpV integration (HTTPS) | |||
UDP 2000 | UDP 2000 | Discovery and P2P communication | |
UDP 137 | NetBIOS Name Service (enabled by default) | ||
TCP 3389 | RDP connection (disabled by default) | ||
TCP 9999 | Assa Abloy Aperio IP | ||
TCP 2571 | TCP 2571 | Assa Abloy IP lock (R3 protocol) | |
UDP 5353 | Axis controller discovery (mDNS) | ||
TCP 3001 | TCP 3001 | Mercury or Honeywell communication | |
TCP 1234 | TCP 1234 | Salto Sallis lock communication | |
HID VertX/Edge Legacy and EVO controllers | TCP 21 | FTP command1 | |
TCP 22 | SSH port (EVO only)1 | ||
TCP 23 | Telnet1 | ||
TCP 4050/44332 | VertX OPIN protocol | ||
UDP 4070 | UDP 4070 | VertX discovery |
1 Not required if HID units are configured with Secure mode.
2 Legacy HID units or EVO units running a firmware version earlier than 3.7 use port 4050. HID EVO units running in secure mode with firmware 3.7 and later user port 4433.
3 The discovery port of an HID unit is fixed at 4070. After it is discovered, the unit is assigned to an Access Manager that uses the ports shown in the previous table to control it.
For more information about initial HID hardware setup, download the documentation from http://www.HIDglobal.com.