Define public address and port, Assign local ip ranges, Hardware and remote servers – Milestone XProtect Advanced VMS 2014 User Manual

Milestone XProtect

®

Advanced

VMS 2014

Administrator's Manual

www.milestonesys.com

74

Management Client elements

When an access client, such as an XProtect Smart Client, connects to a surveillance system, an
amount of initial data communication, including the exchange of contact addresses, is shared in the
background. This happens automatically, and is completely transparent to the users.

Clients may connect from the local network as well as from the Internet, and in both cases the
surveillance system must provide suitable addresses so the clients can get access to live and
recorded video from the recording servers:



When clients connect locally, the surveillance system should reply with local addresses and
port numbers.



When clients connect from the Internet, the surveillance system should reply with the recording
server's public address, that is the address of the firewall or NAT (Network Address
Translation) router, and often also a different port number. The address and the port can then
be forwarded to the server's local address and port.

To provide access to the surveillance system from outside a NAT (Network Address
Translation) firewall, you can use public addresses and port forwarding. This allows clients
from outside the firewall to connect to recording servers without using VPN (Virtual Private
Network). Each recording server (and failover recording server) can be mapped to a specific
port and the port can be forwarded through the firewall to the server's internal address.

Define public address and port

1. To enable public access, select the Enable public access check box.

2. Define the recording server's public address. Enter the address of the firewall or NAT router so

clients that access the surveillance system from the Internet can connect to the recording
servers.

3. Specify a public port number. It is always a good idea that port numbers used on the firewall or

NAT router are different from the ones used locally.

If you use public access, configure the firewall or NAT router so requests sent to the public address
and port are forwarded to the local address and port of relevant recording servers.

Assign local IP ranges

You define a list of local IP ranges which the surveillance system should recognize as coming from a
local network.



On the Network tab, click Configure.

Hardware and remote servers

About hardware

Hardware represents either:



the physical unit that connects directly to the recording server of the surveillance system via
IP, for example a camera, a video encoder, an I/O module or