Cisco Firewall Configuration Guide
The Firewall Configuration Guide provides information about how to configure supported firewalls to enable streaming to Pixellot.
All encoders use various internet ports to communicate with Pixellot, all of which need to be made open to outgoing communication.
These ports are:
Port # | Protocol | Purpose | Application |
443* | TCP+UDP | Remote Management/video streaming | https, agent |
123* | TCP | Clock synchronization | NTP-clock sync |
2088* | UDP | Video streaming backup | ZIXI broadcaster |
5672* | TCP+UDP | Graphics, Watermarks, etc. | Scoreboard Graphics Generation |
5678* | TCP+UDP | Backend ZIXI broadcasts | ZIXI broadcaster |
One or more of these ports may be blocked by the Fortinet firewall which is located on your network. If the firewall is active on the network, these ports would need to be opened by an IT/network technician.
For best results, it is recommended that you are running a stream when checking your network, as the encoder will be actively attempting to make the necessary connections.
Steps:
- Create Service Objects for all ports
- Add Service Objects to Service Object Group
- Create a Network Object which has Subnet or IP for Pixellot CPU
- Add Network Object to Inside or DMZ interface ACL using Service Object Group as Service
From the Services Tab, click ‘Add’ and select ‘Service Object’
Add Service Object for each required Pixellot port, give Object an intuitive name for easy recognition click OK after entering data for each one.
On the Services tab, click ‘Add’ and select ‘Service Group’
Select each newly created Object and Add them to ‘Members in Group’, Make sure the Group Name is intuitive for easy recognition, Click ‘OK’
Right-click on the correct internal interface and click ‘Add Access Rule’
Choose ‘Permit’ – For Source choose IP Address or Subnet of Pixellot CPU
For Service Choose newly created Service Group – Click ‘OK’ then ‘Apply’ to Save the Configuration