All XProtect components and the ports needed by them are listed in individual sections below. To ensure, for example, that the firewall blocks only unwanted traffic, you need to specify the ports that the system uses. You should only enable these ports. The lists also include the ports used for local processes.
They are arranged in two groups:
If nothing else is mentioned, ports for server components must be opened for inbound connections, and ports for client components must be opened for outbound connections.
Do keep in mind that server components can act as clients to other server components as well.
The port numbers are the default numbers, but this can be changed. Contact Milestone Support, if you need to change ports that are not configurable through the Management Client.
Server components (inbound connections)
Each of the following sections list the ports which need to be opened for a particular service. In order to figure out which ports need to be opened on a particular computer, you need to consider all services running on this computer.
Management Server service and related processes
Port number |
Protocol |
Process |
Connections from... |
Purpose |
|---|---|---|---|---|
80 |
HTTP |
IIS |
All XProtect components |
Main communication, for example, authentication and configurations. |
443 |
HTTPS |
IIS |
XProtect Smart Client and the Management Client |
Authentication of basic users. |
6473 |
TCP |
Management Server service |
Management Server Manager tray icon, local connection only. |
Showing status and managing the service. |
7475 |
TCP |
Management Server service |
Windows SNMP Service |
Communication with the SNMP extension agent. Do not use the port for other purposes even if your system does not apply SNMP. In XProtect 2014 systems or older, the port number was 6475. |
8080 |
TCP |
Management server |
Local connection only. |
Communication between internal processes on the server. |
9993 |
TCP |
Management Server service |
Recording Server services |
Authentication, configuration, token exchange. |
12345 |
TCP |
Management Server service |
XProtect Smart Client |
Communication between the system and Matrix recipients. You can change the port number in the Management Client. |
SQL Server service
Port number |
Protocol |
Process |
Connections from... |
Purpose |
|---|---|---|---|---|
1433 |
TCP |
SQL Server |
Management Server service |
Storing and retrieving configurations. |
1433 |
TCP |
SQL Server |
Event Server service |
Storing and retrieving events. |
1433 |
TCP |
SQL Server |
Log Server service |
Storing and retrieving log entries. |
Data Collector service
Port number |
Protocol |
Process |
Connections from... |
Purpose |
|---|---|---|---|---|
7609 |
HTTP |
IIS |
On the Management Server computer: Data Collector services on all other servers. On other computers: Data Collector service on the Management Server. |
System Monitor. |
Event Server service
Port number |
Protocol |
Process |
Connections from... |
Purpose |
|---|---|---|---|---|
1234 |
TCP/UDP |
Event Server Service |
Any server sending generic events to your XProtect system. |
Listening for generic events from external systems or devices. Only if the relevant data source is enabled. |
1235 |
TCP |
Event Server service |
Any server sending generic events to your XProtect system. |
Listening for generic events from external systems or devices. Only if the relevant data source is enabled. |
9090 |
TCP |
Event Server service |
Any system or device that sends analytics events to your XProtect system. |
Listening for analytics events from external systems or devices. Only relevant if the Analytics Events feature is enabled. |
22331 |
TCP |
Event Server service |
XProtect Smart Client and the Management Client |
Configuration, events, alarms, and map data. |
22333 |
TCP |
Event Server service |
MIP Plug-ins and applications. |
MIP messaging. |
Recording Server service
Port number |
Protocol |
Process |
Connections from... |
Purpose |
|---|---|---|---|---|
25 |
SMTP |
Recording Server Service |
Cameras, encoders, and I/O devices. |
Listening for event messages from devices. The port is disabled per default. |
5210 |
TCP |
Recording Server Service |
Failover recording servers. |
Merging of databases after a failover recording server had been running. |
5432 |
TCP |
Recording Server Service |
Cameras, encoders, and I/O devices. |
Listening for event messages from devices. |
7474 |
TCP |
Recording Server Service |
Windows SNMP service |
Communication with the SNMP extension agent. Do not use the port for other purposes even if your system does not apply SNMP. In XProtect 2014 systems or older, the port number was 6474. |
7563 |
TCP |
Recording Server Service |
XProtect Smart Client, Management Client |
Retrieving video and audio streams, PTZ commands. |
8966 |
TCP |
Recording Server Service |
Recording Server Manager tray icon, local connection only. |
Showing status and managing the service. |
11000 |
TCP |
Recording Server Service |
Failover recording servers |
Polling the state of recording servers. |
65101 |
UDP |
Recording Server service |
Local connection only |
Listening for event notifications from the drivers. |
Note that in addition to the inbound connections to the Recording Server service listed above, the Recording Server service establishes outbound connections to the cameras.
Failover Server service and Failover Recording Server service
Port number |
Protocol |
Process |
Connections from... |
Purpose |
|---|---|---|---|---|
25 |
SMTP |
Recording Server Service |
Cameras, encoders, and I/O devices. |
Listening for event messages from devices. The port is disabled per default. |
5210 |
TCP |
Recording Server Service |
Failover recording servers |
Merging of databases after a failover recording server had been running. |
5432 |
TCP |
Recording Server Service |
Cameras, encoders, and I/O devices. |
Listening for event messages from devices. |
7474 |
TCP |
Recording Server Service |
Windows SNMP service |
Communication with the SNMP extension agent. Do not use the port for other purposes even if your system does not apply SNMP. |
7563 |
TCP |
Recording Server Service |
XProtect Smart Client |
Retrieving video and audio streams, PTZ commands. |
8844 |
UDP |
Failover recording servers |
Local connection only. |
Communication between the servers. |
8966 |
TCP |
Failover Recording Server Service |
Failover Recording Server Manager tray icon, local connection only. |
Showing status and managing the service. |
8967 |
TCP |
Failover Server Service |
Failover Server Manager tray icon, local connection only. |
Showing status and managing the service. |
8990 |
TCP |
Failover Server Service |
Management Server service |
Monitoring the status of the Failover Server service. |
Note that in addition to the inbound connections to the Failover Recording Server service listed above, the Recording Server service establishes outbound connections to the cameras.
Mobile Server service
Port number |
Protocol |
Process |
Connections from... |
Purpose |
|---|---|---|---|---|
8000 |
TCP |
Mobile Server service |
Mobil Server Manager tray icon, local connection only. |
SysTray application. |
8081 |
HTTP |
Mobile Server service |
Mobile clients, Web clients, and Management Client. |
Sending data streams; video and audio. |
8082 |
HTTPS |
Mobile Server service |
Mobile clients and Web clients. |
Sending data streams; video and audio. |
LPR Server service
Port number |
Protocol |
Process |
Connections from... |
Purpose |
|---|---|---|---|---|
22334 |
TCP |
LPR Server Service |
Event server |
Retrieving recognized license plates and server status. In order to connect, the Event server must have the LPR plug-in installed. |
22334 |
TCP |
LPR Server Service |
LPR Server Manager tray icon, local connection only. |
SysTray application |
Milestone ONVIF Bridge service
Port number |
Protocol |
Process |
Connections from... |
Purpose |
|---|---|---|---|---|
580 |
TCP |
ONVIF Bridge Service |
ONVIF clients |
Authentication and requests for video stream configuration. |
554 |
RTSP |
RTSP Service |
ONVIF clients |
Streaming of requested video to ONVIF clients. |
XProtect DLNA Server service
Port number |
Protocol |
Process |
Connections from... |
Purpose |
|---|---|---|---|---|
9100 |
HTTP |
DLNA Server Service |
DLNA device |
Device discovery and providing DLNA channels configuration. Requests for video streams. |
9200 |
HTTP |
DLNA Server Service |
DLNA device |
Streaming of requested video to DLNA devices. |
Screen Recorder service
Port number |
Protocol |
Process |
Connections from... |
Purpose |
|---|---|---|---|---|
52111 |
TCP |
XProtect Screen Recorder |
Recording Server Service |
Provides video from a monitor. It appears and acts in the same way as a camera on the recording server. You can change the port number in the Management Client. |
Cameras, encoders, and I/O devices
Inbound connections
Port number |
Protocol |
Connections from... |
Purpose |
|---|---|---|---|
80 |
TCP |
Recording servers and failover recording servers |
Authentication, configuration, and data streams; video and audio. |
443 |
HTTPS |
Recording servers and failover recording servers |
Authentication, configuration, and data streams; video and audio. |
554 |
RTSP |
Recording servers and failover recording servers |
Data streams; video and audio. |
Outbound connections
Port number |
Protocol |
Connections to... |
Purpose |
|---|---|---|---|
25 |
SMTP |
Recording servers and failover recording servers |
Sending event notifications (deprecated). |
5432 |
TCP |
Recording servers and failover recording servers |
Sending event notifications. |
Note that only a few camera models are able to establish outbound connections.
Client components (outbound connections)
XProtect Smart Client, XProtect Management Client, Milestone Mobile server
Port number |
Protocol |
Connections to... |
Purpose |
|---|---|---|---|
80 |
HTTP |
Management server service |
Authentication |
443 |
HTTPS |
Management server service |
Authentication of basic users. |
7563 |
TCP |
Recording server service |
Retrieving video and audio streams, PTZ commands. |
22331 |
TCP |
Event Server service |
Alarms. |
Web Client, Milestone Mobile client
Port number |
Protocol |
Connections to... |
Purpose |
|---|---|---|---|
8081 |
HTTP |
Milestone Mobile server |
Retrieving video and audio streams. |
8082 |
HTTPS |
Milestone Mobile server |
Retrieving video and audio streams. |
© 2018 Milestone Systems A/S