12-27-2016 09:43 AM
I'm pretty new the the PA universe with my prior firewall experiences being cisco 5505ASA and SonicWall TZ215. I have all the basics working along with the GP VPN. The final service i need to get working is external viewing of our surveillance cameras.
On my previous TZ firewall I was port forwarding to each of the NVR units (LTS Securtity I think Hikvision is the OEM) . Each unit has a "Server" port and a RTSP Port (8010/8510) as an example for NVR 10. Since I already had the VPN setup I thought it would be easier and more secure to just run the VPN on the phone and allow the app to access the NVRs through it. This doesn't completely work.
When I add a NVR "Device" in the NVMS7000 app the icon is highlighted which indicates it can see the unit but when I try and view any camera data.
Given the ping times I'm getting I think the issue is probably from the encrytion of the video traffic through the tunnel so it may not be a fixable problem? I did some searching but couldn't find any best practices for setting up remote security viewing. Should I use port forwarding as I did before? Thanks!
-Ralph
12-27-2016 03:07 PM
Hello and welcome!
I would start with the monitor tab and check teh logs to see if there are any blocks. What i have found is sometimes you'll open an app on its default ports and the non-PAN is using something else. i.e. http over port 8080.
The logs are the best place to start.
Regards,
12-28-2016 06:42 AM - edited 12-28-2016 06:46 AM
Like @OtakarKlier already stated you likely are missing a rule that would allow those ports to your VPN users since they aren't standard. I would start by looking at the logs to make sure what ports it's trying to access but you will likely need a rule that allows your VPN zone to access ports 8010 and 8510 to your NVR units.
To add to this, you absolutely should NOT be port forwarding security equipment. Setup your VPN and the access rules properly and monitor them from your VPN access. Accessing any device through a port forward really can't/shouldn't be used at all anymore. There is no reason why you can't access the VPN and access them through that; ever modern device made has a way to initiate a VPN connection.
01-04-2017 03:28 PM
I have a little more information, which kind of changes the question at hand. I discovered that some of the NVRs do work as expected though the VPN. I have seven units total and three are a newer model (LTN8932-P16) where as the older models (LTN8816-P16) do not. I can log into the older models and see the camera output in thumbnail view but no "Live View" video can be seen for them.
These models all have the latest firmware available on the LTS website and I've looked at all the settings side-by-side and don't see any that aren't the same. I took one of the old units and changed it's IP and Ports to match one of the working units and it still couldn't stream live video so it doesn't seem to be an IP/Gateway/Port issue.
I'm still going to look into the app rule as the embedded codec or whatever streams the video may be different betweem machines to the point the firewall may be blocking the old while allowing the newer. I'm also going to contact LTS and see if they can offer anything useful.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
