Bosch Building Technologies

    cancel
    Showing results for 
    Search instead for 
    Did you mean: 

    Which are the ports that must be open within a LAN for all BVMS components?

    In this article we will present some useful examples, Q&A and specific cases in which our customers have requested assistance regarding the ports that must be open within a LAN for all BVMS components

     

    Question 1:

     

    For video streams from the encoders:

    To: Mobile Video Service/Operator Client  |  UDP 1064-65535  |  From: Encoder, VRM

    • Does this port range need to be so large for a smaller system? (e.g. =<40 Cameras + 2x Divar, 3x operator positions) 
    • Is there a way of controlling this port range to reduce the number of open ports between devices?

     

    Answer:

     

    The ports that are going to be used are depended on the applications that are used on the network.

    For example, the Operator Client uses UDP connections for VRM and Encoder (e.g. Port: 1757, 1800 )

    Ports used by BVMS can be found in BVMS Configuration Manual or you can also search by them in the tables at the bottom of this article.

    Server (Listener)

    Protocol

    Inbound ports

    Client (Requester)

    Remark

    VRM + Encoder

    UDP

    1757

    Management Server, Operator Client

    Scan Target Broadcast

    VRM + Encoder

    UDP

    1758

    Management Server, Configuration Client

    Scan Response

    VRM + Encoder

    UDP

    1800

    Management Server, Operator Client

    Scan Target Multicast

     

     

    Question 2:

     

    MVS will be used and there is a port specified in the manual as follows:

    to: Mobile Video Service  |  TCP 2195  | From: Apple Push Notification

    • Is this apple push notification coming from Apple inc. or outbound to Apple?
    • What is the result of not having this port opened?  Will it just be the case that push notifications for mobile devices don’t work?

     

    Answer:

     

    It is a bidirectional transmission because of the TCP port used. 

    TCP : "ports use the Transmission Control Protocol, the most commonly used protocol on the Internet and any TCP/IP network. TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and that packets will be delivered in the same order in which they were sent.”

    If the port 2195 it is not opened or it is blocked, the connection to the devices will be going to be dropped.

    Regarding the iOS push notification, please refer to the following link: https://support.apple.com/en-gb/HT203609

     

    Question 3:

     

     gateway.push.apple.com is also mentioned under the Management Server / Enterprise Management Server ports

    • How the URL is relevant to Management server ?

     

    Answer:

     

    The URL is a DNS specific for the IP and Gateway.

    Management Server

    TCP

    5392

    Operator Client, Configuration Client, Mobile Video Service, BVMS SDK Application

    WCF, gateway.push.apple.com

     

    Question 4:

     

    How does the remote access work from private network with Enterprise System to remote BVMS systems?

     

    Answer:

     

    1. The following image shows an example of remote access from private network with Enterprise System to remote BVMS systems:
    2. Firewall 2 Router Port forwarding
    3. Management Server Port mapping
    4. Operator Client Logon to
    5. Configuration Client Logon to 10 World Wide Web
    6. IP camera / encoder
    7. Enterprise Management Server Enterprise server list
    8. Decoder
    9. DynDNS Server Dynamic naming
    10. World Wide Web

    1_Which are the ports that must be open within a LAN for all BVMS components.png

    To enable the remote access of an Operator Client to devices in a remote network, each device is assigned a public port number in addition to the public network address of the router. For access, Operator Client uses this public port number together with the public network address.

    In the private network the incoming traffic for the public port number is forwarded to the private network address and port number of the corresponding device. You configure the port mapping in Configuration Client for use by Operator Client

     

    Port mapping:

    Port mapping allows remote computers to connect to a specific computer or service within a private local area network (LAN)

    Configure one port forwarding for the BVMS Management Server to utilize port 5322 for both internal and external connections. This is the only port mapping entry that you need to make for the entire system. BVMS port mapping is not required.

     

    🛈 Notice!

    Additionally, the network administrator must configure the port forwarding on the router of the private network. The network administrator must ensure that remote access via these ports is running outside of BVMS environment.

    In the router you must manually configure the port forwarding according to the settings in the port mapping table.

    In order for the units to communicate, the specific ports need to be opened. Otherwise, the communication between the devices is not going to work. Depending on the devices you have, ports need to be opened, as in the tables below.

    Please note that you can find more detailed information in the BVMS Configuration Manual about:

    1. How to configure the port mapping for remote access [page 115, chapter 11.17 Remote Access Settings dialog box (Settings menu)]
    2. The port mapping for the IP addresses of the configured devices in your BVMS.[page 116, chapter 11.17.1 Port Mapping Table dialog box]

     

    Used ports:

    This section lists for all components of BVMS the ports that must be open within a LAN. Do not open these ports to the Internet! For operation via Internet use secure connections like VPN or Remote Access.

    Each table lists the local ports that must be open on the computer where the server is installed or on the router/level 3 switch that is connected to the hardware.

    On a Windows Firewall, configure an Inbound Rule for each open port.

    Allow all outgoing connections for all BVMS software applications.

     

    Example for a simple Inbound Rule in Windows 7 Firewall:

    2_Which are the ports that must be open within a LAN for all BVMS components.png

    Management Server / Enterprise Management Server ports

    Server (Listener)

    Protocol

    Inbound ports

    Client (Requester)

    Remark

    Management Server

    UDP

    123

    Encoder

    TimeServer NTP

    Management Server

    TCP

    5322

    Operator Client

    SSH connection

    Management Server

    TCP

    5389

    ONVIF device

    ONVIF proxy, event
    notification

    Management Server

    TCP

    5390

    Operator Client, Configuration Client

    .NET Remoting

    Management Server

    TCP

    5392

    Operator Client, Configuration Client, Mobile Video Service, BVMS SDK Application

    WCF, gateway.push.apple.com

    Management Server

    TCP

    5393

    Operator Client, VRM, MVS

    Data-Access-Service

    Management Server

    TCP

    5395

    Configuration Client, Operator Client

    User preferences, File transfer

    Management Server

    UDP

    12544

    SNMP client

    BVMS SNMP get port

     

    Video Recording Manager ports

    Server (Listener)

    Protocol

    Inbound ports

    Client (Requester)

    Remark

    VRM

    TCP

    554

    RTSP client

    Retrieve RTSP stream

    VRM

    TCP

    1756

    Management Server, Configuration Client

    via RCP+

    VRM

    UDP

    1757

    Management Server, Operator Client

    Scan Target Broadcast

    VRM

    UDP

    1758

    Management Server, Configuration Client

    Scan Response

    VRM

    UDP

    1800

    Management Server, Operator Client

    Scan Target Multicast

    VRM

    TCP

    80

    Operator Client

    Primary VRM playback via http

    VRM

    TCP

    443

    Operator Client

    Primary VRM playback via https

    VRM

    TCP

    81

    Operator Client

    Secondary VRM playback via http

    VRM

    TCP

    444

    Operator Client

    Secondary VRM playback via http

     

    Mobile Video Service ports

    Server (Listener)

    Protocol

    Inbound ports

    Client (Requester)

    Remark

    Mobile Video
    Service

    TCP

    80

    Management Server, Operator Client,
    Configuration Client, HTML Client,
    Mobile Apps

    Access via https

    Mobile Video
    Service

    TCP

    443

    Management Server, Operator Client,
    Configuration Client, HTML Client,
    Mobile Apps

    Access via https

    Mobile Video
    Service

    TCP

    2195

    Apple Push Notification

    Mac iOS

    Mobile Video
    Service

    UDP

    4064-65535

    Encoder, VRM

    -

    Mobile Video
    Service

    TCP

    5382

    Mobile Video Service mobile provider

    Media stream

    Mobile Video
    Service

    TCP

    5385

    Mobile Video Service mobile provider

    Media stream

    Mobile Video
    Service

    TCP

    5383

    Operator Client

    Media stream

    Mobile Video
    Service

    TCP

    5384

    HTML Client, Mobile Apps

    Media stream

    Mobile Video
    Service

    TCP

    5385

    Mobile Video Service mobile provider

    Media stream

     

    iSCSI Storage System ports
    Configure port forwarding at the connected router for this device.

    Server (Listener)

    Protocol

    Inbound ports

    Client (Requester)

    Remark

    iSCSI storage system

    TCP

    3260

    Encoder, VRM,
    Configuration Client

    -

     

    Bosch Video Streaming Gateway ports

    Server (Listener)

    Protocol

    Inbound ports

    Client (Requester)

    Remark

    Bosch Video
    Streaming
    Gateway

    TCP

    8756-8762

    VRM, Management Server, Configuration Client

    RCP +

    Bosch Video
    Streaming
    Gateway

    TCP

    8080-8086

    VRM, Management Server, Configuration Client, Operator Client

    HTTP

    Bosch Video
    Streaming
    Gateway

    TCP

    8443-8449

    VRM, Management Server, Configuration Client, Operator Client

    HTTPS

    Bosch Video
    Streaming
    Gateway

    TCP

    1757

    VRM Configuration Client

    Scan Target Broadcast

    Bosch Video
    Streaming
    Gateway

    TCP

    1758

    VRM Configuration Client

    Scan Response

    Bosch Video
    Streaming
    Gateway

    TCP

    1800

    VRM Configuration Client

    Scan Target Multicast

    Bosch Video
    Streaming
    Gateway

    UDP

    1064-65535

    Encoder, VRM

    -

     

    ONVIF camera ports
    Configure port forwarding at the connected router for this device

    Server (Listener)

    Protocol

    Inbound ports

    Client (Requester)

    Remark

    ONVIF camera

    TCP

    80

    Management Server, VSG,
    Configuration Client,
    Operator Client

    Access via http

    ONVIF camera

    TCP

    443

    Management Server, VSG,
    Configuration Client,
    Operator Client

    Access via https

    ONVIF camera

    RTSP

    554

    Management Server, VSG,
    Configuration Client,
    Operator Client

    -

     

    BVMS Operator Client / Cameo SDK ports

    Server (Listener)

    Protocol

    Inbound ports

    Client (Requester)

    Remark

    Operator Client

    TCP

    5394

    BVMS SDK Application, BIS

    WCF

    Operator Client

    UDP

    1024-65535

    Encoder, VRM

    Live Streaming

    Operator Client

    TCP

    443

    Encoder

    Remote access, encrypted live view

     

    Encoder ports
    Configure port forwarding at the connected router for this device.

    Server (Listener)

    Protocol

    Inbound ports

    Client (Requester)

    Remark

    Encoder

    TCP

    1756

    Decoder, Management Server, VRM,
    Operator Client, Configuration Client,
    BVMS SDK Application

    via RCP+

    Encoder

    UDP

    1757

    Decoder, Management Server, Operator Client

    Scan Target

    Encoder

    UDP

    1758

    Decoder, Management Server, Operator Client

    Scan Response

    Encoder

    UDP

    1800

    Decoder, Management Server, Operator Client

    Scan Target Multicast

    Encoder

    TCP

    80

    Operator Client, BVMS SDK Application, VSG

    Access via http

    Encoder

    TCP

    443

    Operator Client, BVMS SDK Application, VSG

    Access via https

    Encoder

    UDP

    123

    Management Server, VRM

    SNTP

    Encoder

    UDP

    161

    Management Server, VRM

    SNMP

    Encoder

    TCP

    554

    Operator Client, BVMS SDK Application, VSG

    RTSP streaming

    Encoder

    TCP

    3260

    Encoder (outbound)

    iSCSI recording

     

    Optional encoder ports

    Server (Listener)

    Protocol

    Inbound ports

    Client (Requester)

    Remark

    FTP

    TCP

    21

    -

    -

    SSDP

    UDP

    1900

    -

    -

    UPNP

    UDP

    3702

    -

    -

    SRTSP

    UDP

    9554

    -

    -

    RTSP send

    UDP

    15344, 15345

    -

    -

     

    BVMS Decoder ports
    Configure port forwarding at the connected router for this device.

    Server (Listener)

    Protocol

    Inbound ports

    Client (Requester)

    Remark

    Decoder

    TCP

    1756

    Management Server, Operator Client, Configuration Client, BVMS SDK Application

    via RCP+

    Decoder

    UDP

    1757

    Management Server, Operator Client

    Scan Target

    Decoder

    UDP

    1758

    Management Server, Operator Client

    Scan Response

    Decoder

    UDP

    1800

    Management Server, Operator Client

    Multicast Network Scan Target

    Decoder

    TCP

    80

    Operator Client

    Access via http

    Decoder

    TCP

    443

    Operator Client

    Access via https

    Decoder

    UDP

    1024-65535

    Encoder

    Streaming ports

    Decoder

    UDP

    123

    Management Server, VRM

    SNTP

    Decoder

    UDP

    161

    Management Server, VRM

    SNMP

     

    BRS/DiBos ports

    Server (Listener)

    Protocol

    Inbound ports

    Client (Requester)

    Remark

    DiBos 8.7 / BRS 8.10

    TCP

    808

    Management Server, Configuration Client

    Web Service For DiBos v. 8.7 a patch is needed.

    Alternative:

    BRS/DiBos

    TCP

    135

    Operator Client, Management Server, Configuration Client

    DCOM, used when Web Service does not work or the used DiBos version does not support Web Service Firewall must be disabled

    BRS/DiBos

    UDP

    135

    Operator Client, Management Server, Configuration Client

    DCOM, used when Web Service does not work or the used DiBos version does not support Web Service Firewall must be disabled

     

    DVR ports
    Configure port forwarding at the connected router for this device.

    Server (Listener)

    Protocol

    Inbound ports

    Client (Requester)

    Remark

    DVR

    TCP

    80

    Management Server,
    Configuration Client,
    Operator Client

    Access via http

     

    Barco Monitor Wall

    Server (Listener)

    Protocol

    Inbound ports

    Client (Requester)

    Remark

    Barco Monitor Wall

    TCP

    1756

    Management Server,
    Operator Client,
    Configuration Client,
    BVMS SDK Application

    via RCP+

    Barco Monitor Wall

    UDP

    1757

    Management Server,
    Operator Client

    Scan Target

    Barco Monitor Wall

    UDP

    1758

    Management Server,
    Operator Client

    Scan Response

    Barco Monitor Wall

    UDP

    1800

    Management Server,
    Operator Client

    Multicast Network
    Scan Target

     

    PID, Person Identification ports

    Server (Listener)

    Protocol

    Inbound ports

    Client (Requester)

    Remark

    PID

    TCP

    8443

    Management Server

    Access via https

     

    LPR, BVMS Device Adapter ports

    Server (Listener)

    Protocol

    Inbound ports

    Client (Requester)

    Remark

    BVMS
    Device
    Adapter

    TCP

    32000

    Tattile camera

    VRC

     

    AMS, Access Management System ports

    Server (Listener)

    Protocol

    Inbound ports

    Client (Requester)

    Remark

    AMS

    TCP

    62904

    Management Server

    Access via https

    Version history
    Revision #:
    2 of 2
    Last update:
    a week ago
    Updated by:
     
    Labels (5)
    Contributors
    Icon--AD-black-48x48Icon--address-consumer-data-black-48x48Icon--appointment-black-48x48Icon--back-left-black-48x48Icon--calendar-black-48x48Icon--center-alignedIcon--Checkbox-checkIcon--clock-black-48x48Icon--close-black-48x48Icon--compare-black-48x48Icon--confirmation-black-48x48Icon--dealer-details-black-48x48Icon--delete-black-48x48Icon--delivery-black-48x48Icon--down-black-48x48Icon--download-black-48x48Ic-OverlayAlertIcon--externallink-black-48x48Icon-Filledforward-right_adjustedIcon--grid-view-black-48x48IC_gd_Check-Circle170821_Icons_Community170823_Bosch_Icons170823_Bosch_Icons170821_Icons_CommunityIC-logout170821_Icons_Community170825_Bosch_Icons170821_Icons_CommunityIC-shopping-cart2170821_Icons_CommunityIC-upIC_UserIcon--imageIcon--info-i-black-48x48Icon--left-alignedIcon--Less-minimize-black-48x48Icon-FilledIcon--List-Check-grennIcon--List-Check-blackIcon--List-Cross-blackIcon--list-view-mobile-black-48x48Icon--list-view-black-48x48Icon--More-Maximize-black-48x48Icon--my-product-black-48x48Icon--newsletter-black-48x48Icon--payment-black-48x48Icon--print-black-48x48Icon--promotion-black-48x48Icon--registration-black-48x48Icon--Reset-black-48x48Icon--right-alignedshare-circle1Icon--share-black-48x48Icon--shopping-bag-black-48x48Icon-shopping-cartIcon--start-play-black-48x48Icon--store-locator-black-48x48Ic-OverlayAlertIcon--summary-black-48x48tumblrIcon-FilledvineIc-OverlayAlertwhishlist