The current Openpath Jira and Confluence instances will be migrated to the MSI On-Premise solution from August 9th-11th, the current platform will be set to read-only and all future usage will be in the Avigilon Instance. Please ensure access to MSI Jira & MSI Confluence, both are accessible through OKTA. For additional information and details please refer to the Atlassian migration page

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 28 Next »

Ethernet Connection and Firewall Configuration

  1. Connecting to LAN:

    • Use an Ethernet connection with DHCP to connect the Smart Hub (ACU) or Single Door Controller (SDC) to the Local Area Network (LAN).

  2. Firewall Settings:

    • Configure firewall settings to communicate with the Avigilon Alta system.

    • Required outbound ports:

      • TCP port 443

      • UDP port 123

  3. Audio and Video Quality for Video Reader Pro and Video Intercom Reader Pro:

    • To ensure optimal audio and video quality, allow access to the following outbound UDP ports and enable UDP hole-punching (or disable symmetric NAT):

      • TCP port 443

      • UDP port 123

      • UDP port 3478 (TURN/UDP servers for connectivity)

      • UDP ports 50000-60000 (WebRTC)

  4. Additional Firewall Considerations:

    • Fortinet firewalls have antivirus software that blocks AWS traffic by default. AWS must be whitelisted.

    • If using an external DNS server, outbound UDP port 53 must be open.

  5. Wi-Fi Unlocking from Mobile App:

    • Ensure the ACU/SDC's inbound TCP port 443 is available within the LAN.

    • Inbound port forwarding on the router, firewall, or NAT device is unnecessary.

    • HTTPS certificate rewriting or TLS/SSL inspection is not allowed.

  6. IP Address and Network Segregation:

    • Avigilon Alta does not provide an IP range or FQDN list of hostnames for Basic and Premium licenses. Most hostnames resolve to dynamic IPs and change during provisioning and configuration updates.

    • To segregate traffic from Avigilon controllers, enable a DMZ for the controllers.

  7. Static Cloud IP for Enterprise Licenses:

    • Avigilon Alta offers a Static Cloud IP for organizations with strict network firewall policies. This simplifies opening a few IP addresses to allow ACU/SDC to connect to the cloud.

    • The latest version of the Openpath Admin app supports provisioning ACU/SDC devices behind restricted firewalls.

Network Security Best Practices for Video Reader / Video Intercom Reader

  1. Protecting Edge Devices:

    • Install PoE access control readers, like the Video Reader Pro and Video Intercom Reader Pro, on the unsecured side of a door.

    • To prevent attackers from accessing the local network via the exposed Ethernet port, place it on a DMZ or perimeter network.

  2. Improving Network Reliability:

    • Set static IPs on both the Video Reader Pro and its Remote ACU(s) to improve reliability during network outages (e.g., router outages).

Information: Recommended upload speeds for 1 Video Reader Pro or Video Intercom Reader Pro.

(Double for each added Video Reader, Video Intercom reader)

Quality:

Low: 1Mb

Medium: 2Mb

High: 8Mb

We recommend more for the Video Intercom Reader Pro because Live streaming and Video Calls require more bandwidth since they can be used simultaneously.

  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.