Connecting to Security Center from a remote client workstation
To connect remote clients to a single Security Center server from the Internet, you must configure your network to allow proper communication between the client software and the server.
Before you begin
Exposing Security Center to the Internet is strongly discouraged without hardening your system first. Before exposing your system, implement the advanced security level described in the Security Center Hardening Guide to help protect your system from Internet threats. Alternatively, use a trusted VPN for remote connections.
If the Capabilities of your Default network in the Security Center Network view has been changed from Unicast TCP, your configuration might not be compatible with this procedure.
What you should know
On the Security
network, log on to the Internet-connected router
and enable port forwarding:
NOTE: Each router will be slightly different. For the precise location and instructions, consult the documentation for your router.
- On the router, navigate to the Port Forwarding section.
Enable forwarding of the following default
- TCP 5500 for client connections
- TCP 554, 560, and 5004 for live and playback video
If any of your Security Center ports have been customized, you must modify this configuration accordingly. For more information on the ports required by Security Center, refer to Which ports are used in Security Center 5.0 and later?.
- For the local destination, enter the internal IP address of the main server.
- Apply your changes.
- On the Security Center server, open Windows Firewall with Advanced Security.
Ensure that the Windows Firewall is configured to allow
inbound connections on TCP port 554, 560, 5004,
NOTE: If you allowed Security Center to create firewall rules automatically during installation, no additional configuration is needed.
Remote connectivity is now enabled. When connecting remotely with Security Desk or Config Tool, enter the external IP address of your router in the Directory field.
- Open Server Admin and select the main server.
Under Network, populate
the Public address field
with the public IP address of your
Internet-connected router, and enable
NOTE: The external IP address of your router is available on the router’s configuration webpage. For the precise location, consult the documentation for your router.
- Click Save.