[KBA-01182] Configuring a Security Center Federation for Use with NAT - Security Center 5.0 - 5.2

series
Security Center 5.0 - 5.2
revised_modified
2013-09-05

[KBA-01182] Configuring a Security Center Federation for Use with NAT

This article describes how Security Center should be configured if Network Address Translation (NAT) is enabled on a network used for a Security Center Federation.

Summary

The following ports must be open between networks for a Security Center Federation to work:

1. 4502: TCP connection to Security Center

2. 5500: TCP connection to Security Center

3. 554: RTSP video/Media Router (this port may differ depending on configuration)

4. 555: RTSP video/Media Router (this port may differ depending on configuration)

5. 560: Archiver Role (this port may differ depending on configuration)

If the network configuration between the remote (Federation) site and the main site requires the addresses to be translated, the proper network configurations must be set in Security Center:

• Configure the remote (Federation) server so that the local IP address routes video traffic to the NAT IP address

• Routes must be set to both Unicast TCP and Unicast UDP under the capabilities in Config Tool's Network view.

More Information

Here is an example of what is described above:

Remote (federation) site:

  • Local IP address = 10.x.x.7
  • NAT IP address = 10.y.y.5 (public server IP address)
Main site:

Set the remote (federation) site's public server IP address (10.y.y.5) on the main site's server (MAIN) under Public Servers.