You have successfully installed and configured your XProtect® Enterprise, XProtect® Professional, XProtect® Express, XProtect® Essential or XProtect® Go software, and you can also log in with XProtect® Smart Client from your Recording Server or other computers on the same local area network (LAN). Now, you want to access the system from home or on the road over the Internet.
There are two steps to enable Internet access for the majority of installations. First, enable Internet access in the Management Application. Second, configure your router to forward XProtect Smart Client traffic to your server.
Enable Internet access
1. Launch the Management Application on your Recording Server from Start > All Programs > Milestone > XProtect Management Application or by right-clicking on the Recording Server icon in your notification tray and selecting Open Management Application…
2. Expand the Advanced Configuration node on the left and select Server Access.
3. Check the box labeled Internet Access.
4. Enter your Internet address which will either be your public IP address, or a fully qualified domain name such as xprotect.mydomain.com.
You can find the correct public IP address by visiting a website like www.whatismyip.com in a web browser. If you do not have a static IP address,you may instead want to register with a dynamic DNS provider such as www.dyndns.com. These services integrate with most routers, and when the router gets a new IP address, it will notify the dynamic DNS provider so that “xprotect.dyndns.com” always points to your network for example. If you have a static IP address, you may still prefer to use DNS instead of an IP address in this field. If you have control over the DNS records for a domain you own, you can add a new “A” record pointing to your static IP address. If you choose this route, enter that record here as the Internet Address.
5. Enter your Internet port. While this can be just about any number between 1 and 65,535, it should normally be the same as the Local Port value.
Configure Port Forwarding
Configuring port forwarding is out of the scope of Milestone support; however, there are plenty of resources online if you need further assistance beyond the following general instructions.
In order to reach a computer on a private network from another network separated by the public internet (accessing your home network from work for example), the router at the location of the XProtect® installation will need to be configured to forward inbound traffic on a designated port to the internal IP address of your XProtect server. For XProtect Enterprise, XProtect Professional, XProtect Express, XProtect Essential or XProtect Go, the following ports should be forwarded:
•TCP port 80 – This is the default port your XProtect installation will listen on for XProtect Smart Client or XProtect® Remote Client connections, and when those clients request video, the requests will be made over this port.
•TCP port 1237 (optional) – This is the port the Event Server listens on. If you use maps, or alarm lists then you will need to forward this port.
•TCP port 9001 (optional) – This is the port XProtect® Transact listens on for client connections. This only needs to be forwarded if you use XProtect Transact to view and record point of sales transactions, or if you use XProtect Transact in conjunction with XProtect® Analytics to record license plates or other events of interest.
•TCP port 8081 (optional) – XProtect® Mobile server listens on this port for connections from XProtect Mobile clients running on smart phones or tablets. If you have the XProtect Mobile server installed, you should forward this port to allow remote access from XProtect Mobile clients.
Note: You may encounter a router which translates the source address of an inbound connection in addition to the destination address. When this happens, the connection appears to originate from within the same network since the source address of the connection is the LAN IP address of your router. This is unsupported by XProtect software since the software must determine whether you are a “local” or “outside” user, and will be unable to view video over the Internet.