Reference: Ports required by Alta Cloud Connectors

Last modified: Wednesday November 15, 2023.

Understand the incoming and outbound connections needed by Alta Cloud Connectors.

Alta Cloud Connectors can have multiple network interfaces, and different services can be enabled or disabled on each.

In addition, rules on your firewall device can be used to limit access to the system, and from the system to other systems. This could be done either for external locations, or to provide network separation within your network.

External connections

The Alta Cloud Connector makes outbound connections to the Alta Cloud:

  • To UDP port 443 on *.aware.avasecurity.com
  • To UDP port 443 on *.alta.avigilon.com
  • To TCP port 443 on *.aware.avasecurity.com
  • To TCP port 443 on *.alta.avigilon.com
  • To TCP port 443 on *.dmp.avasecurity.com
  • To TCP port 443 on *.ava.uk
  • To TCP port 443 on *.motorolasolutions.com

In addition, for Smart Path™ media to be directly routable, connections are required:

  • From UDP ports 32768-65535 on the Cloud Connector
  • To UDP port 1024-65535 on any potential IP address of a user’s machine or phone

If these connections are blocked at an external firewall, then Smart Path finds the optimal path for users within the network, but not for external users. A longer, slower path will be found for external users.

To resolve names, Aware may also make outbound connections to DNS as configured in the Aware user interface or provided over DHCP. The addresses and ports used for this depends on the configuration used.

Connections with local devices

To allow the Cloud Connector to connect to cameras, access control systems and other systems on the local network, it needs to be able to communicate with those devices. It can also provide additional network functionality such as DHCP and NTP for those devices.

Outbound TCP connections from Cloud Connectors

To connect to a device, the Cloud Connector makes outbound connections to it. The port numbers used may differ from these depending on the configuration of the device. Typically the following ports are used:

  • TCP to port 443 for encrypted connections.
  • TCP to port 80 for unencrypted connections.
  • TCP to port 554 for RTSP

Incoming UDP connections to Cloud Connectors

The Cloud Connector can provide additional network services on one or more interfaces.

Table 1 – Incoming UDP connections to Cloud Connectors

Port Protocol Description Enabled by
69 DHCP DHCP server, used to provide DHCP addresses to other devices on this network. DHCP Server
32768 - 65535 RTP Used for media connections from cameras. Cameras

Outbound UDP connections from Cloud Connectors

The Cloud Connectors make Onvif discovery protocol probes to UDP port 3702.

Local connections to Cloud Connectors

Inbound TCP connections to Cloud Connectors

The Cloud Connectors also provide additional services for local access to the device, or for local streaming of video over RTSP.

Table 2 – Incoming TCP connections

Port Protocol Description Enabled by
22 SSH/SCP Use for retrieval of diagnostics and debugging. Encrypted, authentication via user credentials. SSH*
80 HTTP Redirects to HTTPS UI*
322 RTSPS Used for Real-Time Streaming of video over TLS/SSL. RTSPS**
443 HTTPS Web interface. Encrypted, authentication via user credentials. UI*
554 RTSP Used for Real-Time Streaming of video. RTSP**

* By default, these ports are open, but can be closed from within the Aware user interface.

** By default, these ports are closed, but can be opened from within the Aware user interface to enable RTSP streaming.

Inbound UDP connections to Cloud Connectors

To aid with discovery of devices, the Cloud Connector responds to mDNS queries.

Table 3 – Incoming UDP connections

Port Protocol Description Enabled by
5353 mDNS mDNS service for allowing device discovery. ICMP (Ping)