Firewall Configuration for Secure Networks

Firewall Configuration for Secure Networks


The Eagle Eye VMS and its bridge hardware is specifically designed to be highly secure and only uses outbound TCP and UDP connections to talk to the cloud.  If you restrict outbound connections on your local firewall, here is the IPv4 and port information you will need.

Outbound Ports for the Eagle Eye Bridge

The following TCP and UDP ports are used by the Eagle Eye Bridge.  All connections are outbound-only, meaning that the bridge connects outbound and never accepts inbound connections (so you do NOT need to set up e.g. NAT rules as a general rule).

80/tcp        # Used to discover video termination endpoints in the cloud

443/tcp    # Used to transfer video to the cloud  (TLS 1.2+)

773/tcp    # Used to transfer video to the cloud (TLS 1.2+)

8081/tcp    # Used to transfer video to the cloud

8082/udp    # Used to transfer video metadata to the cloud

50000-60000/tcp    # Used occasionally to provide remote troubleshooting and maintenance (Secured via SSL)


There can be no proxies or similar application-layer filtration devices between the Eagle Eye Bridge and the Internet, and multicast must be enabled so the bridge can detect cameras (if the bridge and cameras are on the same subnet, generally this isn’t a problem).  UPNP is NOT required (the bridge won’t use it if enabled).

For further information on the ONVIF camera discovery protocol we use, see this article on WS-Discovery.  Web Service Discovery is an OASIS industry standard and generally works without much effort on most internal networks.  You should not need to adjust your firewall to get it to work unless there is additional firewalling between your bridge and cameras
.

Outbound IPs for the Eagle Eye Bridge

Should you need to restrict the Eagle Eye Bridge to a specific set of IP addresses, the following is the list of Eagle Eye IP addresses you should allow in CIDR format:


216.245.88.0/21
192.40.4.0/23
209.94.248.0/26
208.81.96.0/22
199.204.51.0/25
95.168.179.0/27
95.168.182.32/27
95.168.185.64/26
216.245.92.0/24
84.16.229.32/27
84.16.229.160/27
167.248.134.0/23
62.50.13.192/27
89.202.212.160/28
89.202.213.96/28
195.81.42.160/27
195.81.164.160/27
212.23.62.240/28
154.14.108.192/27
61.120.148.0/25
210.248.158.0/24
218.102.54.0/24
167.94.38.0/24
216.245.95.0/24



Outbound Ports for the Eagle Eye Web and Mobile Applications

Independent of the bridge, the Eagle Eye Web and Mobile Applications for PCs, tablets, and phones also need to connect to the cloud to retrieve video, set settings, and so on.  The ports required for this are: 

tcp/80            # HTTP->SSL Redirect Only

tcp/443        # Web user interface

tcp/50000-60000    # Secure video transfer

The IPs are generally the same as for the bridge.

 


    • Related Articles

    • Sony Camera Configuration and Troubleshooting

      This guide illustrates how to configure and troubleshoot Sony camera integration with the Eagle Eye Security Camera System.   Configuration for Sony cameras Adjusting the Streams Image 1:  Main Stream Please ensure that Image 1 matches the following ...

    • Eagle Eye Networks LPR Prerequisites and Configuration

      Eagle Eye Networks LPR Prerequisites and Configuration This feature is only compatible with the following hardware models: 306 306+ 401 420 501 504+ 520 Eagle Eye Networks LPR is available for any ONVIF compatible camera that meets certain ...

    • Eagle Eye Networks Loitering Configuration Guide

      Eagle Eye Networks Loitering Analytic Guide Loitering Analytic Configuration: Loitering Analytics will be configured in the Analytics Tab under Camera Settings. Select Analytics and the Analytics Configuration Tab will Open. Upon enabling, the ...

    • Hikvision DVR/Encoder Configuration Guide

      Requirements: A Laptop computer that you are able to set the IP address on An Ethernet cable A supported Hikvision Encoder/DVR Custom firmware provided by Eagle Eye Networks Internet Explorer Check here to check if your Hikvision DVR/Encoder is ...

    • Eagle Eye Camera Manager - Subnets

      Outbound Ports for the Eagle Eye CameraManager The following TCP and UDP ports are used by the Eagle Eye CameraManager.  All connections are outbound-only, meaning that connections are outbound and never accepts inbound connections (so you do NOT ...