Tag: Firewall

Categories
Knowledge Support Support exacqVision Enterprise Products Uncategorized

Windows Firewall Rules to prevent Failover / Failback function issues

By default VFBA uses port 28774 and TCP to communicate with EM and the Server from the Spare NVR. Rules need to be configured for outbound and inbound firewall rules on the SPARE server for failback to work as expected.

To check the settings Open up Windows  Defender Firewall with Advanced Security and click on Inbound Rules on the SPARE server.

Look for a rule allowing communication on port 28774, if you do not see this in the list, then click on New Rule in the upper right hand corner in the Actions section.

Select Port and click on Next.

Select Port 28774.

Click on Next and Select Allow the connection.

Make sure all three boxes are checked.

Click on Next.
In the Name box type a name for this rule. I.E.- VFBA or evFailover, and click Finish.

Repeat this action for Outbound Rules on port 28774. It is neccessary to have both INBOUND and OUTBOUND rules configured on port 28774 on the SPARE server.

After configuring the inbound and outbound rules you can check the status by doing the following:

Open up task manager and click on the Performance Tab>Open Resource Monitor

Look at the Network Tab and under Listening Ports, verify it says Allowed and Not restricted.

Once any changes were made it is recommended that we restart the SPARE server and EM services and then check EM failover to see if the process can succeed. In some cases it may be necessary to whitelist vfba.exe and ExacqVision program components (core.exe, edvrclient.exe, including .ps and .psi file types & ExacqVision Enterprise System Manager components) when Antivirus software is in use within the configuration of your Antivirus program.

Categories
Knowledge Support Cloudvue Documentation Support Categories Products

Cloudvue – Default Ports

Description

The following is a list of firewall settings for ports and domains used by Cloudvue that may need to be either opened or white listed  to ensure devices are able to reach the cloud.

Products

  • Cloudvue C2C
  • Cloudvue Gateway
  • Cloudvue Manager

Default Ports

PortDescriptionProduct(s)
80Hypertext Transfer Protocol (HTTP)Cloudvue Local
Cloudvue Gateway Cameras
123Network Time Protocol (NTP))Cloudvue Gateway
443Hypertext Transfer Protocol Secure (HTTPS / TLS 1.2 or higher)Cloudvue Gateway
Cloudvue Web
Cloudvue Manager
7627Secure Shell (SSH) secure logins Tunneling and port forwarding (Optional)Cloudvue Gateway
Cloudvue Gateway Cameras
Cloudvue C2C
8000People/Vehicle DetectionCloudvue Gateway
Cloudvue C2C

Domains

In certain situation is may be necessary to whitelist the following domains

  • *.cloudvue.com
  • *.blob.core.windows.net
  • *.google.com

The Windows blob core domain contains multiple IP address, so be sure there is not a firewall rule blocking any of them.
Access to google.com is only required when putting a C2C into Cloudvue Mode.

URLS

URLEnvironmentDescription
https://s12storagedev.blob.core.windows.netAllData Center List when converting a C2C to cloud mode (initial setup of C2C Only)
analytics.cloudvue.com:8000AllPeople/Vehicle Detection analytics
tunnel.cloudvue.com:7627AllSSH secure logins, Tunneling, and port forwarding (Optional)
https://messaging.cloudvue.com/NA – North AmericaDevice communication with cloud services (Cloudvue)
https://s12archives02.blob.core.windows.net
https://s12archives03.blob.core.windows.net
https://s12archive004.blob.core.windows.net		NA – North AmericaArchive uploads, HLS streaming , Hyperview
https://preview-inbound.cloudvue.comNA – North AmericaStream preview
https://uk-messaging.cloudvue.comUK – EMEADevice communication with cloud services (Cloudvue)
https://s12archiveukprod001.blob.core.windows.net
https://s12archiveukprod002.blob.core.windows.net		UK – EMEAArchive uploads, HLS streaming , Hyperview
https://uk-preview-inbound.cloudvue.comUK – EMEAStream preview
https://au-messaging.cloudvue.comAU – AustraliaDevice communication with cloud services (Cloudvue)
https://s12archiveauprod001.blob.core.windows.net
https://s12archiveauprod002.blob.core.windows.net		AU – AustraliaArchive uploads, HLS streaming , Hyperview
https://au-preview-inbound.cloudvue.comAU – AustraliaStream preview
Categories
Knowledge Support exacqVision Enterprise Support Categories

Unexpected Results When Updating Groups or Users in exacqVision Enterprise Manager

Description 

Customer was getting odd results when trying to edit the name of either a group or username in EM.

Product 

  • exacqVision Enterprise Manager 21.06
  • exacqVision Enterprise Manager 22.09

Steps to Reproduce 

From the EM dashboard access either Users or GroupsSelect an existing user or group Click the pencil icon to edit Change the name of the group or change either the first or last name of a userClick Apply

Expected Results 

The change is saved, and you are returned to either the group or users page

Actual Results 

The save fails and returns the following

Solution

It was discovered that REST POST and PUT operations were being blocked by firewall and once exceptions were made EM began working normally.

Categories
Knowledge Support Support exacqVision Webservice

ExacqVision Web Server Relay Service Issue

Description

How to diagnose if the Fast Reverse Proxy Client (FRPC) is the source of issues with the ExacqVision Web Server relay service.

Product

ExacqVision Web Server

Troubleshooting FRPC

FRPC provides a proxy service for Relay Connections used by ExacqVision Web Server. This eliminates the need for firewall configuration and prevents exposing the NVR directly to inbound internet traffic via port forwarding by creating a unique public relay URL.

Some antivirus software may identify this client as a threat and will block, remove, or prevent the installation of FRPC.

This usually manifests itself with issues either in initial setup of the relay service or when existing relay services stop working.

To confirm, check the ExacqVision Web Server logs for entries similar to the following:<br><br>

2021-06-15T10:02:51.215-0400  error  failed to launch relay proxy client: file: frpc.exe not found

<br><br>Next confirm that FRPC is present in the appropriate install folder.

The default install locations are:

Windows
C:\Program Files\exacqVision\WebService\bin\frpc.exe

Linux
/usr/local/exacq/webservice/bin/frpc

Note:  In some cases users may need to add relay.exacq.net to the allow list in their firewall.


Related Articles

See also: Using Antivirus Software with ExacqVision

Categories
Knowledge Support Support exacqVision Server Categories Products

The camera is showing connected but not streaming videos

If the camera is connected to ExacqVision Server and showing connected on the add IP camera page but not streaming videos and showing acquiring video. That means the RTSP streaming port may need to be opened on the Firewall, normally 554

Categories
Knowledge Support Support exacqVision Enterprise Categories Products

Enterprise Manager Outbound Firewall Rules on Restricted Networks

Issue

Accessing our licensing server from Enterprise Manager on a restricted network will require an exception to the outbound firewall rules.  Please add exacq.com and port 443 to the outbound firewall rules to open access.

<br>

Version Affected

All.

<br>