Versions Compared

Old Version 26

changes.mady.by.user Chad Fay

Saved on

compared with

New Version 27

changes.mady.by.user Chad Fay

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Ethernet Connection and Firewall

...

Configuration:

  1. Connecting to LAN:

    • Use an Ethernet connection with DHCP

...

    • to connect the Smart Hub (ACU) or Single Door Controller (SDC) to the Local Area Network (LAN).

...

  2. Firewall Settings:

    • Configure firewall settings to communicate with the Avigilon Alta system.

...

    • Required outbound ports:

      • TCP port 443

      • UDP port 123

...

  1. Audio and Video Quality for Video Reader Pro and Video Intercom Reader Pro

...

  1. :

    • To ensure optimal audio and video quality,

...

    • allow access to the following outbound UDP ports

...

    • and enable UDP hole-punching

...

    • (or disable symmetric NAT)

...

    • :

      • TCP port 443

      • UDP port 123

      • UDP port 3478

...

      • (TURN/UDP servers

...

      • for connectivity)

      • UDP ports 50000-60000

...

      • (WebRTC)

...

  1. Additional Firewall Considerations:

    • Fortinet firewalls have antivirus software that blocks AWS traffic by default. AWS

...

    • must be whitelisted.

...

    • If using an external DNS server, outbound UDP port 53 must

...

    • be open.

...

  1. Wi-Fi

...

  1. Unlocking from

...

  1. Mobile App:

    • Ensure the ACU/SDC's inbound TCP port 443

...

    • is available

...

    • within the LAN.

    • Inbound port forwarding on the router, firewall, or NAT device is unnecessary.

...

    • HTTPS certificate rewriting or

...

    • TLS/SSL inspection is not allowed.

  2. IP Address

...

  1. and Network Segregation:

    • Avigilon Alta does not provide an IP range or FQDN list of

...

    • hostnames for Basic and Premium licenses. Most hostnames resolve to dynamic IPs and

...

    • change during provisioning and configuration

...

    • updates.

    • To segregate traffic from

...

    • Avigilon controllers,

...

    • enable a DMZ for the controllers

...

    • .

  2. Static Cloud IP

...

  1. for Enterprise Licenses

...

  1. :

    • Avigilon Alta offers a Static Cloud IP

...

    • for organizations with strict network firewall policies

...

    • . This simplifies opening a few IP addresses to allow

...

    • ACU/SDC

...

    • to connect to the cloud.

...

    • The latest version of the Openpath Admin app

...

    • supports provisioning

...

    • ACU/SDC devices behind

...

    • restricted

...

    • firewalls.

Network Security Best Practices for Video Reader / Video Intercom Reader

...

:

  1. Protecting

...

  1. Edge Devices:

    • Install PoE access control readers, like the Video Reader Pro

...

    • and Video Intercom Reader Pro,

...

    • on the unsecured side of a door.

    • To

...

    • prevent attackers from accessing the local network via

...

    • the

...

    • exposed Ethernet port, place it on a

...

    • DMZ

...

    • or perimeter network.

  2. Improving

...

  1. Network Reliability:

    • Set static IPs on both the Video Reader Pro and its Remote ACU(s) to improve reliability during network outages (e.g., router outages).

Information: Recommended upload speeds for 1 Video Reader Pro or Video Intercom Reader Pro.

(Double for each added Video Reader, Video Intercom reader)

Quality:

Low: 1Mb

Medium: 2Mb

High: 8Mb

We recommend more for the Video Intercom Reader Pro because Live streaming and Video Calls require more bandwidth since they can be used simultaneously.