Meraki Firewall Settings

AAB
Just browsing

Meraki Firewall Settings

Hi,

We have a Meraki MX100, and we have set a firewall settings on Layer 3 and enable specific ports and lastly deny others. I have a mobile app Hik connect and view IP camera in other offices. But after Firewall settings we are unable to view ip camera video. Can anyone tell me the port number which i should enable and view through mobile apps.

 

Regards

Palash

Palash
8 REPLIES 8
BrechtSchamp
Kind of a big deal

Do you have an exact model for the camera?

Hik Vision NVR Model: DS-7616NI-E1

HIk Vision IP Camera Model: DS-2CD1230 and DS-2CD1331-I

 

 

Palash
PhilipDAth
Kind of a big deal
Kind of a big deal

You should ask the people you got the camera from what the firewall requirements are.

I'd have a look at the manual that came with the camera, differnet brands and different models even can use completely different ports. 

 

Most use RTSP or HTTP but some vendors use non standard ports for these. 

I have already asked the people who delivered the camera and suggested the ports (8000,554,8200) are allow and we did it but we can't view my mobile through HIk Connect Software. But If I allow all in firewall settings then we can access.

Palash
BrechtSchamp
Kind of a big deal

Although the documentation is not very clear I find 80, 8000 and 554 here:

https://www.hikvision.com/ueditor/net/upload/2015-06-10/3b56a0c6-f61c-4381-866e-dc49e5c30c88.pdf

and here:

http://specsheets.dvs.co.uk/Hik%20connect%20-DVS.pdf

 

For local access from another subnet in your network it's those ports that you'll have to open up.

 

For remote access from the internet, there are two options:

  • Either you setup port forwarding for those ports. Note that forwarding port 80 means that the MX's local web page may not work anymore. You could use an alternative port as they do in the first pdf (they use 8008 instead).
  • Or you setup 1:1 NAT if you have a free WAN IP. Make sure you close off the firewall and only open up those three ports.

If there's a NAT router in front of the MX you'll need to configure forwarding in that too.

I'm having the same problem, Truvision NVR for cameras inside our office network. Within the last 3-4 months we are no longer able to access these cameras over the internet from outside our office (LTE, Home Internet, Public Wifi). Port 554 (RTSP) seems to not be passing. The NVR requires port 80, 8000 and 554 to be forwarded from the internet and we have not changed this in years. I set up a second router with OpenWRT on another IP in our static block from the ISP and moved the NVR to that and it worked great. Something is definitely wrong with the Meraki router in this situation.

Hi cgunz410,

 

I was also facing the same issue so we have changed the port 80 (listen port ) becuase we were not getting response back on that port.

So, my suggestion is you can change the public port and send the traffic on port 80.

 

 

port forwarding rule

 

source ip = any , source port= 81 ( for example 81. you can set any free except 80), Dest IP= NVR IP , Dest Port= 80

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels