Knowledge Base

Milestone Knowledge base

Welcome to the Milestone Knowledge Base!

We have created a Knowledge Base to address common questions and issues involving XProtect® software. We are constantly expanding the Knowledge Base and hope that you will find it to be your primary tool in solving XProtect related issues.

To make solving your problem even easier, multiple search options are available. Knowledge Base articles can be filtered according to product name, product version, issue area, free text search and you can also enter the Knowledge Base article number if you know which one you need.

KB 214 : About accessing recordings in XProtect clients over the Internet
KB Area: Configuration



You have successfully installed and configured your XProtect® Enterprise, XProtect® Professional, XProtect® Express, XProtect® Essential or XProtect® Go software, and you can also log in with XProtect® Smart Client from your Recording Server or other computers on the same local area network (LAN). Now, you want to access the system from home or on the road over the Internet.


There are two steps to enable Internet access for the majority of installations. First, enable Internet access in the Management Application. Second, configure your router to forward XProtect Smart Client traffic to your server.


Enable Internet access


1. Launch the Management Application on your Recording Server from Start > All Programs > Milestone > XProtect Management Application or by right-clicking on the Recording Server icon in your notification tray and selecting Open Management Application


2. Expand the Advanced Configuration node on the left and select Server Access.


3. Check the box labeled Internet Access.


4. Enter your Internet address which will either be your public IP address, or a fully qualified domain name such as

You can find the correct public IP address by visiting a website like in a web browser. If you do not have a static IP address,you may instead want to register with a dynamic DNS provider such as These services integrate with most routers, and when the router gets a new IP address, it will notify the dynamic DNS provider so that “” always points to your network for example. If you have a static IP address, you may still prefer to use DNS instead of an IP address in this field. If you have control over the DNS records for a domain you own, you can add a new “A” record pointing to your static IP address. If you choose this route, enter that record here as the Internet Address.


5. Enter your Internet port. While this can be just about any number between 1 and 65,535, it should normally be the same as the Local Port value.


Configure Port Forwarding


Configuring port forwarding is out of the scope of Milestone support; however, there are plenty of resources online if you need further assistance beyond the following general instructions.

In order to reach a computer on a private network from another network separated by the public internet (accessing your home network from work for example), the router at the location of the XProtect® installation will need to be configured to forward inbound traffic on a designated port to the internal IP address of your XProtect server. For XProtect Enterprise, XProtect Professional, XProtect Express, XProtect Essential or XProtect Go, the following ports should be forwarded:


•TCP port 80 – This is the default port your XProtect installation will listen on for XProtect Smart Client or XProtect® Remote Client connections, and when those clients request video, the requests will be made over this port.


•TCP port 1237 (optional) – This is the port the Event Server listens on. If you use maps, or alarm lists then you will need to forward this port.


•TCP port 9001 (optional) – This is the port XProtect® Transact listens on for client connections. This only needs to be forwarded if you use XProtect Transact to view and record point of sales transactions, or if you use XProtect Transact in conjunction with XProtect® Analytics to record license plates or other events of interest.


•TCP port 8081 (optional) – XProtect® Mobile server listens on this port for connections from XProtect Mobile clients running on smart phones or tablets. If you have the XProtect Mobile server installed, you should forward this port to allow remote access from XProtect Mobile clients.

Note: You may encounter a router which translates the source address of an inbound connection in addition to the destination address. When this happens, the connection appears to originate from within the same network since the source address of the connection is the LAN IP address of your router. This is unsupported by XProtect software since the software must determine whether you are a “local” or “outside” user, and will be unable to view video over the Internet.



This KB Applies to the following Milestone products:

  • XProtect Enterprise
  • XProtect Essential
  • XProtect Professional
  • XProtect Go
  • XProtect Express

Please rate this KB article:

Additional resources

Partners, please remember to log in to view partner support resources.


Partner Support