[KBA-01182] Configuring a Security Center Federation for Use with NAT
This article describes how Security Center should be configured if Network Address Translation (NAT) is enabled on a network used for a Security Center Federation.
The following ports must be open between networks for a Security Center Federation to work:
1. 4502: TCP connection to Security Center
2. 5500: TCP connection to Security Center
3. 554: RTSP video/Media Router (this port may differ depending on configuration)
4. 555: RTSP video/Media Router (this port may differ depending on configuration)
5. 560: Archiver Role (this port may differ depending on configuration)
If the network configuration between the remote (Federation) site and the main site requires the addresses to be translated, the proper network configurations must be set in Security Center:
• Configure the remote (Federation) server so that the local IP address routes video traffic to the NAT IP address
• Routes must be set to both Unicast TCP and Unicast UDP under the capabilities in Config Tool's Network view.
More InformationHere is an example of what is described above:
Remote (federation) site:
- Local IP address = 10.x.x.7
- NAT IP address = 10.y.y.5 (public server IP address)
Set the remote (federation) site's public server IP address (10.y.y.5) on the main site's server (MAIN) under Public Servers.