Which firewall ports are used in Security Center 5.6? - Security Center 5.6

series
Security Center 5.6
revised_modified
2017-08-22

Which firewall ports are used in Security Center 5.6?

Answer: There are many ports used Security Center 5.0 and later. Because Security Center is a unified platform that integrates all of Genetec™ products, the list of ports is quite extensive. As a result, it is recommended to familiarize yourself with the ports used by the various core systems and modules of Security Center.

Ports used by core applications

The following table lists the default network ports used by Security Center applications:

Application Inbound Outbound Port usage
Directory TCP 5500   Client connection
Client applications (Security Desk, Config Tool, SDK)   TCP 5500 Directory connection
  TCP 8012 Map download requests to Map Manager (HTTPS)
Client applications (Config Tool)   TCP 443 Communication with GTAP for Genetec™ Advantage validation and feedback (HTTPS)
All roles (new installation)   TCP 5500 Directory connection
TCP 4502 TCP 4502 Genetec™ Server communication (backward compatibility with Security Center 5.3 and earlier)
TCP 80 TCP 80 REST/Server Admin communication (HTTP)
TCP 443 TCP 443 Secured REST/Server Admin communication (HTTPS)
All roles (upgraded from 5.3 and earlier) TCP 4502 TCP 4502 If 4502 was the server port before the upgrade, then 4502 remains the server port after the upgrade, and 4503 is used for backward compatibility.

If another port was used as server port before the upgrade, then that same port is kept as server port after the upgrade. 4502 is then used for backward compatibility, and 4503 is not necessary.

TCP 4503 TCP 4503
Intrusion Manager TCP 3001 TCP 3001 Communication with Bosch intrusion panels
Map Manager TCP 8012   Map download requests from client application (HTTPS)
Genetec™ Update Service (GUS) TCP 4595 TCP 4595 Communication with other GUS servers
TCP 443 TCP 443 Communication with Azure and Genetec Inc. (HTTPS)
System Availability Monitor Agent (SAMA) TCP 4592   Connection from Security Center servers
  TCP 443 Connection to the Health Service in the Cloud (HTTPS)

Ports used by AutoVu™ applications

The following table lists the default network ports used by AutoVu™ applications:

Application Inbound Outbound Port usage
LPR Manager   UDP 5000 Fixed Sharp unit discovery
TCP 8731   Fixed Sharp units and Patrollers
TCP 8787   Pay-by-Plate (plugin installed separately)
TCP 8832   Updater service
  TCP 8001 Sharp control port
  TCP 2323 Sharp unit configuration (HTTP)
Plate Reader Server (Sharp unit) TCP 80   Video port (Security Center extension HTTP)
TCP 443   Video port (Security Center extension HTTPS)
TCP 2323   Extension configuration service (HTTP)
TCP 4502-4534   Silverlight ports and image feed service (for Sharp models prior to SharpV)
TCP 4545   Control port (Mobile installation)
UDP 5000   Discovery port
TCP 8001   Control port (Fixed installation)
  TCP 21 FTP file upload
  TCP 8666 Communication with Updater Service
Portal Server (Sharp unit) TCP 80   Communication port (HTTP)
TCP 443   Secure communication port (HTTPS)
Updater service (Sharp unit and in-vehicle computer) TCP 8666   Communication with Plate Reader Server (greetings only)
TCP 8889 TCP 8899 Communication with Genetec Patroller™ Updater
  TCP 8832 Communication with LPR Manager
Genetec Patroller™ (in-vehicle computer) TCP 4546   Communication with Time server
TCP 8001   Communication with Simple Host
  UDP 5000 Sharp camera discovery
  TCP 8666 Communication with Updater Service (greetings only)
  TCP 8731 LPR Manager connection

Ports used by Synergis™ applications

The following table lists the default network ports used by Synergis™ applications.

Application Inbound Outbound Port usage
Access Manager   UDP 2000 Synergis™ extension - discovery
  TCP 443 Secure communication with Synergis™ units and HID units (HTTPS)
TCP 20 TCP 21 HID extension - FTP data and command1
  TCP 22 HID extension - SSH1
  TCP 23 HID extension - Telnet1
  TCP 80 HID extension - HTTP communication
  TCP 4050 HID extension - VertX OPIN protocol
TCP/UPD 4070 TCP/UDP 4070 HID extension - VertX discovery2
TCP/UDP   Vendor specific ports for events and discovery from IP access control device
Synergis™ Softwire (Synergis™ unit) TCP 80 TCP 80 Communication port (HTTP)
TCP 443 TCP 443 Secure communication port (HTTPS)
AutoVu™ SharpV integration (HTTPS)
UDP 2000 UDP 2000 Discovery and P2P communication
TCP 3389   RDP connection (disabled by default)
TCP 2571 TCP 2571 Assa Abloy IP lock (R3 protocol)
  UDP 5353 Axis controller discovery (mDNS)
TCP 80 TCP 80 Axis controller communication (HTTP)
TCP 3001 TCP 3001 Mercury/Honeywell communication
TCP 1234 TCP 1234 Salto Sallis lock communication
HID VertX/Edge Legacy and EVO controllers TCP 21   FTP command1
TCP 22   SSH port (EVO only)1
TCP 23   Telnet1
TCP 4050   VertX OPIN protocol
UDP 4070 UDP 4070 VertX discovery

1 Not required if HID units are configured with Secure mode.

2 The discovery port of an HID unit is fixed at 4070. Once it is discovered, the unit is assigned to an Access Manager that uses the ports shown in the table above to control it.

For more information about initial HID hardware setup, download the documentation from http://www.HIDglobal.com.

Ports used by Omnicast™ applications

The following table lists the default network ports used by Omnicast™ applications.

Application Inbound Outbound Port usage
Archiver TCP 555   Live and playback stream requests
TCP 605   Edge playback stream requests
TCP 5602   Telnet console connection requests
UPD 6000-6500   Audio from client applications
UDP 15000–200001   Live unicast streaming from IP cameras
UDP 47806, 47807 UDP 47806, 47807 Live video and audio multicast streaming
TCP & UDP   Vendor specific ports for events and IP camera discovery
  TCP 80 HTTP port
  TCP 443 HTTPS port
  TCP 554 RTSP port
Redirector TCP 560, 5004   Live and playback stream requests
  TCP 554 Communication with Media Router (Security Center Federation™)
  TCP 555 Communication with Archiver
  TCP 558 Communication with Auxiliary Archiver
  TCP 560, 5004 Stream requests to other redirectors
  UPD 6000-6500 Media transmission to client applications
UDP 8000–12000 UDP 8000–12000 Media transmission to other redirectors
UDP 47806, 47807 UDP 47806, 47807 Live video and audio multicast streaming
Auxiliary Archiver TCP 558   Live and playback stream requests
UDP 15000–200001   Live unicast streaming (IP cameras)
UDP 47806, 47807 UDP 47806, 47807 Live video and audio multicast streaming
  TCP 554, 560 Live and playback stream requests
Media Router TCP 554   Live and playback stream requests
  TCP 554 Federated Media Router stream requests
Media Gateway TCP 654   Live and playback stream requests
UDP 6000-6500   Live video unicast streams
UDP 47806 UDP 51914 Live video multicast streaming
Omnicast™ Federation™   TCP 5001-5002 Connection to remote Omnicast™ systems.
Client applications (Security Desk and Config Tool) UDP 6000–6200   Unicast media streams
UDP 47806, 47807   Live video and audio multicast streams
  TCP 554, 560 Live and playback video and audio requests
Client application (Config Tool)   Vendor-specific TCP and UDP ports Unit discovery with the Unit enrollment tool

1 You can have multiple Archiver agents per server. Each Archiver agent assigns a unique UDP port to each video unit it controls. In order to make sure that each UDP port on a server is unique, each new Archiver agent on a server adds 5000 to its start UDP port number. For example, the first Archiver agent uses ports 15000-20000, the second one uses ports 20000-25000, the third one uses ports 25000-30000, and so on.