Setting up Milestone ONVIF Bridge security controls

Milestone ONVIF Bridge enforces user authorization of ONVIF clients. This controls the ONVIF client’s ability to access cameras, and the types of operations the ONVIF clients can perform. For example, whether ONVIF clients can use pan-tilt-zoom (PTZ) controls on cameras.

Milestone recommends that you create and add a dedicated user account for the Milestone ONVIF Bridge, and for each ONVIF client, as follows:

1. Create a basic user in the Management Client, or a Windows user.
2. In the Management Client, assign the user to a role that can access cameras, and specify permissions for the ONVIF Bridges security group on the Overall Security tab for the role.
3. Assign the user to the Milestone ONVIF Bridge during installation, and in the Management Client for each ONVIF client afterward.

Milestone ONVIF Bridge allows ONVIF clients only to request and receive video streams from cameras. ONVIF clients cannot configure settings in the XProtect VMS system or the Milestone ONVIF Bridge.

As a security precaution, Milestone recommends that you install the ONVIF Bridge server in a demilitarized zone (DMZ). If you install the bridge in a DMZ, you must also configure port forwarding for the internal and external IP addresses.

© 2018 Milestone Systems A/S