MOBOTIX CLOUD - Secure Firerwall Configuration

Firewall Configuration for Secure Networks

The MOBOTIX CLOUD VMS and its bridge hardware is specifically designed to be highly secure and only uses outbound TCP and UDP connections to talk to the cloud. If you restrict outbound connections on your local firewall, here is the IPv4 and port information you will need.

Outbound Ports for the MOBOTIX CLOUD Bridge

The following TCP and UDP ports are used by the MOBOTIX CLOUD Bridge. All connections are outbound-only, meaning that the bridge connects outbound and never accepts inbound connections (so you do NOT need to set up e.g. NAT rules as a general rule).

  • 80/tcp # Used to discover video termination endpoints in the cloud
  • 443/tcp # Used to transfer video to the cloud (TLS 1.2+)
  • 773/tcp # Used to transfer video to the cloud (TLS 1.2+)
  • 8081/tcp # Used to transfer video to the cloud
  • 8082/udp # Used to transfer video metadata to the cloud
  • 50000-60000/tcp # Used occasionally to provide remote troubleshooting and maintenance (Secured via SSL)

Proxies:

There can be no proxies or similar application-layer filtration devices between the MOBOTIX CLOUD Bridge and the Internet, and multicast must be enabled so the bridge can detect cameras (if the bridge and cameras are on the same subnet, generally this isn’t a problem). UPNP is NOT required (the bridge won’t use it if enabled).

Outbound IPs for the MOBOTIX Cloud Bridge

Should you need to restrict the MOBOTIX CLOUD Bridge to a specific set of IP addresses, the following is the list of MOBOTIX CLOUD IP addresses you should allow in CIDR format:

MOBOTIX CLOUD VMS

  • 192.40.4.0/23
  • 209.94.248.0/26
  • 208.81.96.0/22
  • 61.120.148.0/25
  • 210.248.158.0/24
  • 218.102.54.0/24
  • 199.204.51.0/25
  • 84.16.229.32/27
  • 84.16.229.160/27
  • 95.168.179.0/27
  • 95.168.182.32/27
  • 95.168.185.64/26
  • 130.250.6.128/27
  • 37.58.51.0/25
  • 216.245.88.0/21

Outbound Ports for the MOBOTIX CLOUD Web and MOBOTIX CLOUD APP

Independent of the bridge, the MOBOTIX CLOUD Web and Mobile Applications for PCs, tablets, and phones also need to connect to the cloud to retrieve video, set settings, and so on. The ports required for this are:

  • tcp/80 # HTTP->SSL Redirect Only
  • tcp/443 # Web user interface
  • tcp/50000-60000 # Secure video transfer

The IPs are generally the same as for the bridge.