Firewall Configuration for Secure Networks

Firewall Configuration for Secure Networks

The Eagle Eye Cloud VMS and its bridge hardware is specifically designed to be highly secure and only uses utilizes TCP and UDP connections to transmit data to the cloud. If you restrict outbound connections on your local firewall, here is the IPv4 and port information you will need.

There can be no proxies or similar application-layer filtration devices between the Eagle Eye Bridge and the Internet, and multicast must be enabled so the bridge can detect cameras (if the bridge and cameras are on the same subnet, generally this isn’t a problem). UPNP is NOT required (the bridge won’t use it if enabled).

For further information on the ONVIF camera discovery protocol we use, see this article on WS-Discovery. Web Service Discovery is an OASIS industry standard and generally works without much effort on most internal networks. You should not need to adjust your firewall to get it to work unless there are additional firewalls between your bridge and cameras

Outbound Ports for the Eagle Eye Bridge

The following TCP and UDP ports are used by the Eagle Eye Bridge. All connections are outbound-only, meaning that the bridge connects outbound and never accepts inbound connections (generally, you do NOT need to set up NAT rules).

80/TCP                                                 # Used to discover video termination endpoints in the cloud

443/TCP                                              # Used to transfer video to the cloud (TLS 1.2+)

773/TCP                                              # Used to transfer video to the cloud (TLS 1.2+)

8081/TCP                                            # Used to transfer video to the cloud

8082/UDP                                           # Used to transfer video metadata to the cloud

50000-60000/TCP                             # Used occasionally to provide remote troubleshooting and maintenance

                                                                      (Secured via SSL)

Outbound IPs for the Eagle Eye Bridge

Should you need to restrict the Eagle Eye Bridge to a specific set of IP addresses, the following is the list of Eagle Eye IP addresses you should allow, in CIDR format:

Outbound

209.94.248.0/26

208.81.96.0/22

216.245.88.0/21

61.120.148.0/25

210.248.158.0/24

218.102.54.64/26

223.197.211.0/25

199.204.51.0/25

84.16.229.32/27

62.50.13.192/27

89.202.212.160/28

195.81.42.160/27

195.81.164.160/27

212.23.62.240/28

89.202.213.96/28

37.58.51.0/25

95.168.179.0/27

84.16.229.160/27

95.168.182.32/27

95.168.185.64/26

167.248.134.0/23

167.94.38.0/23

167.94.228.0/23

192.40.4.0/23

199.45.160.0/22

Also ensure that your Firewall has our DNS sites whitelisted as well. Those sites are as follows:

*.eagleeyenetworks.com

*.plumv.com

*.eencloud.com

---

Outbound Ports for the Eagle Eye Web and Mobile Applications

Independent of the bridge, the Eagle Eye Web and Mobile Applications for PCs, tablets, and phones also need to connect to the cloud to retrieve video, set settings, and so on. The ports required for this are:

80/TCP                                     # HTTP -> SSL Redirect Only

443/TCP                                   # Web user interface

      

50000-60000/TCP                # Secure video transfer

The IP addresses are generally the same as for the bridge.

---

Outbound Ports for CameraDirect

Camera Direct uses the following TCP ports. All connections are outbound-only, meaning that connections are outbound and never accept inbound connections (so you do NOT need to set up e.g. NAT rules as a general rule).

80/TCP                                # Used to discover video termination endpoints in the cloud

443/TCP                              # Used to discover video termination endpoints in the cloud

8181/TCP                            # Used to transfer video to the cloud

Eagle Eye Camera Direct Subnets

Camera Direct

dispatch1v1.eagleeyenetworks.com (167.248.134.73)

dispatch2v1.cameramanager.com  (167.248.135.100)

dispatch2v1.eagleeyenetworks.com (167.248.135.100)

192.40.4.124

192.40.5.26

Apart from these, the IP’s which are used by “Outbound IPs for the Eagle Eye Bridge”, also need to be allowed.

For support please email: support@een.com 

or give us a call at: 512-473-0501

Eagle Eye Knowledge Base

US: +1-512-473-0501 

EU: 31 (0) 20 26 10 460

ASIA PACIFIC: 81-3-686-5527

#1 In Cloud Media Video Surveillance Worldwide

Copyright Eagle Eye Networks. All rights reserved.

• Related Articles

• Adjusting Network settings on an Eagle Eye Bridge/CMVR -- Setting a Static IP

  Adjusting Network Settings on Eagle Eye Networks Bridge/CMVR Devices By default, all of our devices are set up for DHCP on the WAN and the CamLAN. In order to reconfigure these settings we recommend you connect a keyboard and monitor. The steps below ...

• Eagle Eye Camera Manager - Subnets

  Outbound Ports for the Eagle Eye CameraManager The following TCP and UDP ports are used by the Eagle Eye CameraManager. All connections are outbound-only, meaning that connections are outbound and never accepts inbound connections (so you do NOT need ...

• DS200: Display Station Setup Guide

  DS200 Setup Guide Quick notes: If you do not have the login information for the device please boot into safety mode to reset the password. To boot into this hold both shifts and reboot the unit. This will prompt you to set a password for the device ...

• Hikvision Camera Configuration Guide

  Hikvision Camera Configuration Guide This guide illustrates how to configure Hikvision cameras for integration with the Eagle Eye Security Camera System. It may be necessary to use Microsoft Edge in Internet Explorer mode or to use Safari on a MAC to ...

• Eagle Eye Networks LPR Prerequisites and Configuration

  Eagle Eye Networks LPR Prerequisites and Configuration This feature is compatible with the following hardware models: 306 306+ 401 420 501 504+ 520 Eagle Eye Networks LPR is available for any ONVIF compatible camera that meets certain requirements. ...