Reference: Ports required by Avigilon Ava and Avigilon Alta cloud-native cameras
Last modified: Wednesday November 15, 2023.
Understand the incoming and outbound connections needed by Avigilon Ava and Avigilon Alta cloud-native cameras.
These cameras have a single Ethernet interface on which different services can be enabled or disabled.
In addition, rules on your firewall device can be used to limit access to the camera, and from the camera to other systems. This could be done either for external locations, or to provide network separation within your network.
External connections
The Avigilon Ava and Avigilon Alta cloud-native cameras make outbound connections to the Alta Cloud:
- To UDP port 443 on *.aware.avasecurity.com
- To UDP port 443 on *.alta.avigilon.com
- To TCP port 443 on *.aware.avasecurity.com
- To TCP port 443 on *.alta.avigilon.com
- To TCP port 443 on *.dmp.avasecurity.com
- To TCP port 443 on *.motorolasolutions.com
In addition, for Smart Path™ media to be directly routable, connections are required:
- From UDP ports 32768-65535 on the cloud-native cameras
- To UDP port 1024-65535 on any potential IP address of a user’s machine or phone
If these UDP connections are blocked at an external firewall, then Smart Path will still find the optimal path for users within the network, but not for external users. A longer, slower path using TCP is found for external users.
To resolve names, the camera may also make outbound connections to DNS as configured in the camera user interface or provided over DHCP. The addresses and ports used for this depends on the configuration used.
Connections with local devices
To allow the Avigilon Ava and Avigilon Alta cloud-native cameras to send webhooks to other systems on the local network, they need to be able to communicate with those devices.
Outbound TCP connections from cloud-native cameras
To connect to a device, the Avigilon Ava and Avigilon Alta cloud-native cameras makes outbound connections to it. The port numbers used may differ from these depending on the configuration of the device. Typically the following ports are used:
- TCP to port 443 for encrypted connections.
- TCP to port 80 for unencrypted connections.
Outbound UDP connections on cloud-native cameras
| Port | Protocol | Description |
|---|---|---|
| 68 | DHCP | DHCP client, used to connect to network DHCP server. |
| 32768 - 65535 | RTP, Smart Path | Used for media connections between Avigilon Ava cloud cameras, and clients. |
Local connections to cloud-native cameras
The cloud-native cameras also provide additional services for local access to the device, or for local streaming of video over RTSP.
Inbound TCP connections to cloud-native cameras
| Port | Protocol | Description |
|---|---|---|
| 22 | SSH/SCP* | Used for retrieval of diagnostics and debugging. Encrypted, authentication via user credentials. |
| 80 | HTTP | Redirects to HTTPS. |
| 322 | RTSPS** | Used for Real-Time Streaming of video over TLS/SSL. |
| 443 | HTTPS | Web interface. Encrypted, authentication via user credentials. |
| 554 | RTSP** | Used for Real-Time Streaming of video. |
*By default, this port is open, but can be closed from within the Aware Cloud or cloud-native camera user interfaces.
**RTSP or RTSPS connections must first be enabled from Aware Cloud before you can use Real-time Streaming Protocol to view video from the cloud-native camera across the local network.
Inbound UDP connections to cloud-native cameras
To aid with discovery of devices, cloud-native cameras respond to mDNS queries.
| Port | Protocol | Description |
|---|---|---|
| 5353 | mDNS | mDNS service for allowing device discovery. |
