Palo Alto Firewall Configuration Guide
The Firewall Configuration Guide provides information about how to configure supported firewalls to enable streaming to Pixellot.
All encoders use various internet ports to communicate with Pixellot, all of which need to be made open to outgoing communication.
These ports are:
Port # | Protocol | Purpose | Application |
443* | TCP+UDP | Remote Management/video streaming | https, agent |
123* | TCP | Clock synchronization | NTP-clock sync |
2088* | UDP | Video streaming backup | ZIXI broadcaster |
5672* | TCP+UDP | Graphics, Watermarks, etc. | Scoreboard Graphics Generation |
5678* | TCP+UDP | Backend ZIXI broadcasts | ZIXI broadcaster |
One or more of these ports may be blocked by the Fortinet firewall which is located on your network. If the firewall is active on the network, these ports would need to be opened by an IT/network technician.
For best results, it is recommended that you are running a stream when checking your network, as the encoder will be actively attempting to make the necessary connections.
Steps:
- Create Services for all ports
- Add Services to the Service Group
- Create Addresses used by Pixellot CPU and add them to the Address Group
- Add Policy on Inside or DMZ interface using Service Group as Service and Address Group as Source
From the Objects Tab, select ‘Services’ and click ‘Add’, enter the Name, Protocol, and Destination port for each of the required Pixellot Ports, and click OK after each service entry.
Select ‘Service Groups’ from the left column and click ‘Add’ – Click ‘Add’ in the Service Group box and add all of the Services created in the last step, Give it a Name then click ‘OK’
Select Addresses from the Left Column and click ‘Add’ Enter a friendly name, IP, and subnet notation of each Pixellot PC, and click OK after each PC entry
Select Address Groups from Left Column – Click ‘Add’ – select each CPU from the last step, click ‘OK’
Select ‘Policies’ from the upper tabs - Click ‘Add’
In the General Tab, enter a Friendly Name
In the Source Tab, click ‘Add’ to Select the appropriate Source Zone and click ‘Add’ to select the Address Group created above.
Select ‘Service Groups’ from the left Column and click ‘Add’ – Click ‘Add’ in the Service Group box and add all of the Services created in last step, Give it a Name then click ‘OK’
Select Addresses from the Left Column and click ‘Add’ enter a friendly name, IP and subnet notation of each Pixellot PC, click OK after each PC entry
Select Address Groups from Left Column – Click ‘Add’ – select each CPU from last step, click ‘OK’
Select ‘Policies’ from the upper tabs - Click ‘Add’
In the General Tab, enter a Friendly Name
In the Source Tab, click ‘Add’ to Select the appropriate Source Zone and click ‘Add’ to select the Address Group created above.
Right click on correct internal interface and click ‘Add Access Rule’
Choose ‘Permit’ – For Source choose IP Address or Subnet of Pixellot CPU
For Service Choose newly created Service Group – Click ‘OK’ then ‘Apply’ to Save the Configuration