Important Note: This topic is for those who must manually configure their firewall as a result of using strict network security policies, or for general information about firewall requirements for their system.
In general, most firewalls automatically prompt users to “allow” access to the network resources and automatically configures most routers for direct remote viewing.
While firewalls are useful in protecting access to your PC, they hinder the performance of Commander if not configured properly.In order for you to view cameras in your home or business and for remote viewing access, you need to allow firewall access to Logitech Alert Commander and the Logitech Alert cameras. Allowing firewall access typically involves adding rules to allow required network ports, or allowing all network traffic from a specified application. In addition to opening necessary network ports, firewalls and content filters should be configured to not interfere with the networking communication needed by Commander.
Logitech Alert Commander uses two networks. First, Commander software connects to each of your Cameras via your HomePlug powerline network and other LAN network. The cameras depend on a DHCP server on the local network to get an IP address. Most routers are setup with a DHCP server enabled by default for the local network.
Communication between the cameras and the Commander software also uses UPnP (Universal Plug and Play), which must be allowed. Some software firewalls use a separate rule to control UPnP traffic. The other ports used for controlling the camera and receiving video are outbound ports that must also be allowed. (Usually, most firewalls don’t block outbound traffic).
Second, Commander software and camera firmware connect to the Internet to provide you with Live video viewing access, email notifications when motion is detected, and the ability to automatically check for updates, etc. Commander and the cameras use two common protocols to communicate — HTTP and XMPP.
Troubleshooting Note: XMPP also happens to be used in some Instant Messaging (IM) software such as Google Talk. If a firewall is trying to block all IM communication, it will likely also block remote viewing and control.
Network Ports for Logitech Alert Commander and Cameras
Inbound Camera Network Ports
|
Description |
Ports Required |
|
DHCP Client |
UDP: 67 |
|
UPnP Discovery |
UDP: 1900 |
|
Local Camera Control |
TCP: 5222, 50000-65000 |
|
Bandwidth Test |
TCP: Dynamic / available |
|
Local File Transfer |
TCP: 5800 |
|
Local Media Streaming |
TCP: 554 |
Outbound Camera Network Ports
|
Description |
Ports Required |
|
DHCP Client |
UDP: 68 |
|
Online Web Services |
TCP: 80, 443 |
|
Online Camera Control |
TCP: 4530 |
|
Online Media Streaming |
TCP: 80, 1935 |
|
HomePlugAV |
HomePlugAV raw ethernet protocol |
|
Response to inbound request |
TCP/UDP: the source port of the request |
Inbound Commander Network Ports
|
Description |
Ports Required |
|
DHCP Client |
UDP: 67 |
|
UPnP Discovery |
UDP: 1900 |
|
Firmware Update |
TCP: Dynamic / available |
Outbound Commander Network Ports
|
Description |
Ports Required |
|
DHCP Client |
UDP: 68 |
|
Online Web Services |
TCP: 80, 443 |
|
HomePlugAV |
HomePlugAV raw ethernet protocol |
|
Camera Connection |
(see inbound camera network ports) |
|
Response to inbound request |
TCP/UDP: the source port of the request |
The ability of Logitech Alert Commander or a camera to communicate with the Internet also effects the connection with Live and Web/Mobile Commander. Video is sent to Logitech web servers from which the remote client receives the video.
If there are multiple routers, hardware firewalls and software firewalls in between the camera and the Internet, then they all must be configured to allow the traffic needed for viewing.
When viewing video remotely, Commander at the remote location might also need to be configured to allow inbound and outbound permissions, especially if there is a hardware or software firewall blocking its access to the Internet.
There are no inbound traffic requirements, but there are some outbound traffic requirements (usually most firewalls don’t block outbound traffic). In addition, streaming video may also be blocked in some business settings. So check with your network administrator.
By design, firewalls and Internet filters attempt to control communications on both the internal camera network and your Internet connection. This is not a problem if you configure them correctly. Remember, it is common to have more than one software firewall installed on a PC. A router also acts as a hardware firewall in between the PC and the Internet.
Note that the outbound requirements to the Internet would mean that any software firewalls would have to allow the traffic, as well as any and all hardware firewalls and routers on the way from the PC to the Internet. Outbound traffic to the Internet, in general, is usually not blocked, especially for home users. (In fact, most consumer routers don’t let you configure outbound firewall rules other than filtering out specified IP addresses or ports). However, in a corporate or business environment, it is possible that outbound traffic is blocked except for specified ports.