Firewall rules for Uplink cameras

Owned by Daniel Parshin
Last updated: Aug 06, 2024
1 min read

Suppose you would like to set up firewall rules on your router to allow camera traffic but block other unwanted traffic. In that case, you will need to enable exceptions for certain domain names required for camera connectivity to Cloud VMS.

First, let’s see how the camera is communicating with VMS. Please note, {vsaas-endpoint} is the default endpoint of the web client used by your Cloud VMS deployment, for example, abc.cloud-vms.com

  1. When the camera is added, it connects to the provisioning server:
    camera.vxg.io
    port: 443

    protocol: TCP

  2. The camera sends the API request by HTTPS to the endpoint:
    https://api.uplink.{vsaas-endpoint}/api/ws-endpoint
    port: 443
    protocol: TCP

  3. The camera gets the domain name of the container, for example: 
    84b795deaeddb6924600.uplink.{vsaas-endpoint}
    port: 443
    protocol: TCP

  4. The camera connects for video transfer to
    deefec8c90c7fb84ec01.uplink.{vsaas-endpoint}
    port: 443

    protocol: WS/TCP

So to white-list the camera traffic, please create the following exceptions in your firewall:

  • *.uplink.{vsaas-endpoint}

  • camera.vxg.io