Port requirements for Genetec Cloudlink appliances

2025-12-03Last updated

To enable communication between Genetec Cloudlink appliances and Security Center SaaS, you must open specific network ports.

Security Center SaaS in US datacenter

The following network ports must be open for datacenters in the US.

Outbound port Endpoint domain Required by Port usage
UDP 123 Network Time Protocol (NTP) servers are selected from the following sources (highest priority to lowest priority):
  1. Manual NTP configuration in the appliance portal.
  2. DHCP
  3. Default NTP servers:
    • time1.google.com
    • time2.google.com
    • time3.google.com
    • time4.google.com
    • pool.ntp.org
 Edge OS Connection to an NTP server.
ICMP ping 8.8.8.8 Edge OS Diagnostics to indicate if the appliance can reach a global, public endpoint.
UDP 53 DNS servers are selected from the following sources (highest to lowest priority).
  1. Manual DNS configuration in the appliance portal.
  2. DHCP
  3. Default DNS servers:
    • 1.1.1.1
    • 8.8.8.8
    • 1.0.0.1
    • 8.8.4.4
 Edge OS Connection to a DNS server.
TCP 443 Wildcards:

*.genetec.cloud

*.genetec.com

Recommended:

eastus2.firmwarerepository.edge.genetec.cloud

login.genetec.com

 Edge OS Connection between Genetec Cloudlink and Security Center SaaS.
TCP 443 
global.azure-devices-provisioning.net
genetec-dm-hub-prod-eus2-0.azure-devices.net 
edgeosprodeus2appstore.azurecr.io 
edgeosprodeus2appstore.eastus2.data.azurecr.io
edgeosprodeus2appstore.southcentralus.data.azurecr.io
prod0eus2fwimages.blob.core.windows.net
prod0eus2devicesmgmt.blob.core.windows.net
prod0eus2devicesdiags.blob.core.windows.net
 Edge OS Connection between Genetec Cloudlink and Security Center SaaS.
TCP 443 Wildcard:

*.genetec.cloud

Recommended:

eastus2.video.genetec.cloud

eastus2.tds.genetec.cloud

 Video Connection for video streaming, playback, and recording.
TCP 443 
eastus2-3.in.applicationinsights.azure.com
eastus2.livediagnostics.monitor.azure.com

tds1eastus2horizon.blob.core.windows.net 
tds2eastus2horizon.blob.core.windows.net 
tds3eastus2horizon.blob.core.windows.net 
tds4eastus2horizon.blob.core.windows.net 
tds5eastus2horizon.blob.core.windows.net 
tds6eastus2horizon.blob.core.windows.net 
tds7eastus2horizon.blob.core.windows.net 
tds8eastus2horizon.blob.core.windows.net 

eus2scsaas01.blob.core.windows.net 
eus2scsaas02.blob.core.windows.net 
eus2scsaas03.blob.core.windows.net 
eus2scsaas04.blob.core.windows.net 
eus2scsaas05.blob.core.windows.net 
eus2scsaas06.blob.core.windows.net 
eus2scsaas07.blob.core.windows.net 
eus2scsaas08.blob.core.windows.net 
eus2scsaas09.blob.core.windows.net 
eus2scsaas10.blob.core.windows.net 
eus2scsaas11.blob.core.windows.net 
eus2scsaas12.blob.core.windows.net 
eus2scsaas13.blob.core.windows.net 
eus2scsaas14.blob.core.windows.net 
eus2scsaas15.blob.core.windows.net 
eus2scsaas16.blob.core.windows.net
 Video Connection for load balancing and resiliency.
TCP 1935
Important:
Ensure that you include the Cloud Security Center Virtual Machine associated with your system in your allowlist.

Wildcard:

*.gsc-cloud.com

Recommended:

{YourClientSpecificSCVirtualMachines}.gsc-cloud.com

 Video Interactive Connectivity Establishment (ICE) TCP in Web Real-Time Communication (WebRTC) for live streaming.
UDP 3478

TCP 3478

UDP 443

TCP 443

UDP 80

TCP 80

 Wildcards:

*.genetec.cloud

stun.relay.metered.ca

global.relay.metered.ca

Recommended:

turn.video.geneteccloud.com

stun.relay.metered.ca

global.relay.metered.ca

 Video Traversal Using Relays around NAT (TURN) server and Session Traversal Utilities for NAT (STUN) servers for live WebRTC video streaming.
TCP 2624
Important:
Ensure that you include the Cloud Security Center Virtual Machine associated with your system in your allowlist.

Wildcard:

*.gsc-cloud.com

Recommended:

{YourClientSpecificSCVirtualMachines}.gsc-cloud.com

 Intrusion Connection for intrusion.
TCP 443 
*.geneteccloud.com

serbusnwskuumgkdlgi.servicebus.windows.net
evhubnwskuumgkdlgi.servicebus.windows.net
evhubbacknwskuumgkdlgi.servicebus.windows.net
storsyncnwskuumgkdlgi.blob.core.windows.net
storhealnwskuumgkdlgi.blob.core.windows.net
storgatwnwskuumgkdlgi.blob.core.windows.net

google.com
 Access control Connection between Genetec Cloudlink and Security Center SaaS.
TCP 443 
serbusbrbjvsf44a7rk.servicebus.windows.net
evhubbrbjvsf44a7rk.servicebus.windows.net
evhubbackbrbjvsf44a7rk.servicebus.windows.net
storsyncbrbjvsf44a7rk.blob.core.windows.net
storhealbrbjvsf44a7rk.blob.core.windows.net
storgatwbrbjvsf44a7rk.blob.core.windows.net
 Access control Connection to Synergis.

Security Center SaaS in Canadian datacenter

The following network ports must be open for datacenters in Canada.

Outbound port Endpoint domain Required by Port usage
UDP 123 Network Time Protocol (NTP) servers are selected from the following sources (highest priority to lowest priority):
  1. Manual NTP configuration in the appliance portal.
  2. DHCP
  3. Default NTP servers:
    • time1.google.com
    • time2.google.com
    • time3.google.com
    • time4.google.com
    • pool.ntp.org
 Edge OS Connection to an NTP server.
ICMP ping 8.8.8.8 Edge OS Diagnostics to indicate if the appliance can reach a global, public endpoint.
UDP 53 DNS servers are selected from the following sources (highest to lowest priority).
  1. Manual DNS configuration in the appliance portal.
  2. DHCP
  3. Default DNS servers:
    • 1.1.1.1
    • 8.8.8.8
    • 1.0.0.1
    • 8.8.4.4
 Edge OS Connection to a DNS server.
TCP 443 Wildcards:

*.genetec.cloud

*.genetec.com

Recommended:

centralca.firmwarerepository.edge.genetec.cloud

login.genetec.com

 Edge OS Connection between Genetec Cloudlink and Security Center SaaS.
TCP 443 
global.azure-devices-provisioning.net
genetec-dm-hub-prod-cca-0.azure-devices.net 
edgeosprodccaappstore.azurecr.io 
edgeosprodccaappstore.canadacentral.data.azurecr.io 
prod0ccafwimages.blob.core.windows.net 
prod0ccadevicesmgmt.blob.core.windows.net
prod0ccadevicesdiags.blob.core.windows.net
 Edge OS Connection between Genetec Cloudlink and Security Center SaaS.
TCP 443 Wildcard:

*.genetec.cloud

Recommended:

centralca.video.genetec.cloud cancentral.tds.genetec.cloud

 Video Connection for video streaming, playback, and recording.
TCP 443 
eastus2-3.in.applicationinsights.azure.com
eastus2.livediagnostics.monitor.azure.com

tds1cancentralhrz.blob.core.windows.net 
tds2cancentralhrz.blob.core.windows.net 
tds3cancentralhrz.blob.core.windows.net 
tds4cancentralhrz.blob.core.windows.net 
tds5cancentralhrz.blob.core.windows.net 
tds6cancentralhrz.blob.core.windows.net 
tds7cancentralhrz.blob.core.windows.net 
tds8cancentralhrz.blob.core.windows.net 

cacscsaas01.blob.core.windows.net 
cacscsaas02.blob.core.windows.net 
cacscsaas03.blob.core.windows.net 
cacscsaas04.blob.core.windows.net 
cacscsaas05.blob.core.windows.net 
cacscsaas06.blob.core.windows.net 
cacscsaas07.blob.core.windows.net 
cacscsaas08.blob.core.windows.net 
cacscsaas09.blob.core.windows.net 
cacscsaas10.blob.core.windows.net 
cacscsaas11.blob.core.windows.net 
cacscsaas12.blob.core.windows.net 
cacscsaas13.blob.core.windows.net 
cacscsaas14.blob.core.windows.net 
cacscsaas15.blob.core.windows.net 
cacscsaas16.blob.core.windows.net
 Video Connection for load balancing and resiliency.
TCP 1935
Important:
Ensure that you include the Cloud Security Center Virtual Machine associated with your system in your allowlist.

Wildcard:

*.gsc-cloud.com

Recommended:

{YourClientSpecificSCVirtualMachines}.gsc-cloud.com

 Video Interactive Connectivity Establishment (ICE) TCP in Web Real-Time Communication (WebRTC) for live streaming.
UDP 3478

TCP 3478

UDP 443

TCP 443

UDP 80

TCP 80

 Wildcards:

*.genetec.cloud

stun.relay.metered.ca

global.relay.metered.ca

Recommended:

turn.video.geneteccloud.com

stun.relay.metered.ca

global.relay.metered.ca

 Video Traversal Using Relays around NAT (TURN) server and Session Traversal Utilities for NAT (STUN) servers for live WebRTC video streaming.
TCP 2624
Important:
Ensure that you include the Cloud Security Center Virtual Machine associated with your system in your allowlist.

Wildcard:

*.gsc-cloud.com

Recommended:

{YourClientSpecificSCVirtualMachines}.gsc-cloud.com

 Intrusion Connection for intrusion.
TCP 443 
*.geneteccloud.com

serbusnwskuumgkdlgi.servicebus.windows.net
evhubnwskuumgkdlgi.servicebus.windows.net
evhubbacknwskuumgkdlgi.servicebus.windows.net
storsyncnwskuumgkdlgi.blob.core.windows.net
storhealnwskuumgkdlgi.blob.core.windows.net
storgatwnwskuumgkdlgi.blob.core.windows.net

google.com
 Access control Connection between Genetec Cloudlink and Security Center SaaS.
TCP 443 
serbusbm4qutho3syfc.servicebus.windows.net
evhubbm4qutho3syfc.servicebus.windows.net
evhubbackbm4qutho3syfc.servicebus.windows.net
storsyncbm4qutho3syfc.blob.core.windows.net
storhealbm4qutho3syfc.blob.core.windows.net
storgatwbm4qutho3syfc.blob.core.windows.net
 Access control Connection to Synergis.

Security Center SaaS in Australian datacenter

The following network ports must be open for datacenters in Australia.

Outbound port Endpoint domain Required by Port usage
UDP 123 Network Time Protocol (NTP) servers are selected from the following sources (highest priority to lowest priority):
  1. Manual NTP configuration in the appliance portal.
  2. DHCP
  3. Default NTP servers:
    • time1.google.com
    • time2.google.com
    • time3.google.com
    • time4.google.com
    • pool.ntp.org
 Edge OS Connection to an NTP server.
ICMP ping 8.8.8.8 Edge OS Diagnostics to indicate if the appliance can reach a global, public endpoint.
UDP 53 DNS servers are selected from the following sources (highest to lowest priority).
  1. Manual DNS configuration in the appliance portal.
  2. DHCP
  3. Default DNS servers:
    • 1.1.1.1
    • 8.8.8.8
    • 1.0.0.1
    • 8.8.4.4
 Edge OS Connection to a DNS server.
TCP 443 Wildcards:

*.genetec.cloud

*.genetec.com

Recommended:

eastau.firmwarerepository.edge.genetec.cloud

login.genetec.com

 Edge OS Connection between Genetec Cloudlink and Security Center SaaS.
TCP 443 
global.azure-devices-provisioning.net
genetec-dm-hub-prod-eau-0.azure-devices.net 
edgeosprodeauappstore.azurecr.io 
edgeosprodeauappstore.australiaeast.data.azurecr.io 
prod0eaufwimages.blob.core.windows.net
prod0eaudevicesmgmt.blob.core.windows.net
prod0eaudevicesdiags.blob.core.windows.net
 Edge OS Connection between Genetec Cloudlink and Security Center SaaS.
TCP 443 Wildcard:

*.genetec.cloud

Recommended:

eastau.video.genetec.cloud australiaeast.tds.genetec.cloud

 Video Connection for video streaming, playback, and recording.
TCP 443 
eastus2-3.in.applicationinsights.azure.com
eastus2.livediagnostics.monitor.azure.com

tds1astleasthrz.blob.core.windows.net 
tds2astleasthrz.blob.core.windows.net 
tds3astleasthrz.blob.core.windows.net 
tds4astleasthrz.blob.core.windows.net 
tds5astleasthrz.blob.core.windows.net 
tds6astleasthrz.blob.core.windows.net 
tds7astleasthrz.blob.core.windows.net 
tds8astleasthrz.blob.core.windows.net 

auescsaas01.blob.core.windows.net 
auescsaas02.blob.core.windows.net 
auescsaas03.blob.core.windows.net 
auescsaas04.blob.core.windows.net 
auescsaas05.blob.core.windows.net 
auescsaas06.blob.core.windows.net 
auescsaas07.blob.core.windows.net 
auescsaas08.blob.core.windows.net 
auescsaas09.blob.core.windows.net 
auescsaas10.blob.core.windows.net 
auescsaas11.blob.core.windows.net 
auescsaas12.blob.core.windows.net 
auescsaas13.blob.core.windows.net 
auescsaas14.blob.core.windows.net 
auescsaas15.blob.core.windows.net
 Video Connection for load balancing and resiliency.
TCP 1935
Important:
Ensure that you include the Cloud Security Center Virtual Machine associated with your system in your allowlist.

Wildcard:

*.gsc-cloud.com

Recommended:

{YourClientSpecificSCVirtualMachines}.gsc-cloud.com

 Video Interactive Connectivity Establishment (ICE) TCP in Web Real-Time Communication (WebRTC) for live streaming.
UDP 3478

TCP 3478

UDP 443

TCP 443

UDP 80

TCP 80

 Wildcards:

*.genetec.cloud

stun.relay.metered.ca

global.relay.metered.ca

Recommended:

turn.video.geneteccloud.com

stun.relay.metered.ca

global.relay.metered.ca

 Video Traversal Using Relays around NAT (TURN) server and Session Traversal Utilities for NAT (STUN) servers for live WebRTC video streaming.
TCP 2624
Important:
Ensure that you include the Cloud Security Center Virtual Machine associated with your system in your allowlist.

Wildcard:

*.gsc-cloud.com

Recommended:

{YourClientSpecificSCVirtualMachines}.gsc-cloud.com

 Intrusion Connection for intrusion.
TCP 443 
*.geneteccloud.com

serbusnwskuumgkdlgi.servicebus.windows.net
evhubnwskuumgkdlgi.servicebus.windows.net
evhubbacknwskuumgkdlgi.servicebus.windows.net
storsyncnwskuumgkdlgi.blob.core.windows.net
storhealnwskuumgkdlgi.blob.core.windows.net
storgatwnwskuumgkdlgi.blob.core.windows.net

google.com
 Access control Connection between Genetec Cloudlink and Security Center SaaS.
TCP 443 
serbusd5ikjp5levj7i.servicebus.windows.net
evhubd5ikjp5levj7i.servicebus.windows.net
evhubbackd5ikjp5levj7i.servicebus.windows.net
storsyncd5ikjp5levj7i.blob.core.windows.net
storheald5ikjp5levj7i.blob.core.windows.net
storgatwd5ikjp5levj7i.blob.core.windows.net
 Access control Connection to Synergis.

Security Center SaaS in European datacenter

The following network ports must be open for datacenters in Europe.

Outbound port Endpoint domain Required by Port usage
UDP 123 Network Time Protocol (NTP) servers are selected from the following sources (highest priority to lowest priority):
  1. Manual NTP configuration in the appliance portal.
  2. DHCP
  3. Default NTP servers:
    • time1.google.com
    • time2.google.com
    • time3.google.com
    • time4.google.com
    • pool.ntp.org
 Edge OS Connection to an NTP server.
ICMP ping 8.8.8.8 Edge OS Diagnostics to indicate if the appliance can reach a global, public endpoint.
UDP 53 DNS servers are selected from the following sources (highest to lowest priority).
  1. Manual DNS configuration in the appliance portal.
  2. DHCP
  3. Default DNS servers:
    • 1.1.1.1
    • 8.8.8.8
    • 1.0.0.1
    • 8.8.4.4
 Edge OS Connection to a DNS server.
TCP 443 Wildcards:

*.genetec.cloud

*.genetec.com

Recommended:

westeu.firmwarerepository.edge.genetec.cloud

login.genetec.com

 Edge OS Connection between Genetec Cloudlink and Security Center SaaS.
TCP 443 
global.azure-devices-provisioning.net
genetec-dm-hub-prod-weu-0.azure-devices.net 
edgeosprodweuappstore.azurecr.io 
edgeosprodweuappstore.westeurope.data.azurecr.io 
edgeosprodweuappstore.northeurope.data.azurecr.io 
prod0weufwimages.blob.core.windows.net 
prod0weudevicesmgmt.blob.core.windows.net
prod0weudevicesdiags.blob.core.windows.net
 Edge OS Connection between Genetec Cloudlink and Security Center SaaS.
TCP 443 Wildcard:

*.genetec.cloud

Recommended:

westeu.video.genetec.cloud westeurope.tds.genetec.cloud

 Video Connection for video streaming, playback, and recording.
TCP 443 
eastus2-3.in.applicationinsights.azure.com
eastus2.livediagnostics.monitor.azure.com

tds1westeuhorizon.blob.core.windows.net 
tds2westeuhorizon.blob.core.windows.net 
tds3westeuhorizon.blob.core.windows.net 
tds4westeuhorizon.blob.core.windows.net 
tds5westeuhorizon.blob.core.windows.net 
tds6westeuhorizon.blob.core.windows.net 
tds7westeuhorizon.blob.core.windows.net 
tds8westeuhorizon.blob.core.windows.net 

weuscsaas01.blob.core.windows.net 
weuscsaas02.blob.core.windows.net 
weuscsaas03.blob.core.windows.net 
weuscsaas04.blob.core.windows.net 
weuscsaas05.blob.core.windows.net 
weuscsaas06.blob.core.windows.net 
weuscsaas07.blob.core.windows.net 
weuscsaas08.blob.core.windows.net 
weuscsaas09.blob.core.windows.net 
weuscsaas10.blob.core.windows.net 
weuscsaas11.blob.core.windows.net 
weuscsaas12.blob.core.windows.net 
weuscsaas13.blob.core.windows.net 
weuscsaas14.blob.core.windows.net 
weuscsaas15.blob.core.windows.net 
weuscsaas16.blob.core.windows.net
 Video Connection for load balancing and resiliency.
TCP 1935
Important:
Ensure that you include the Cloud Security Center Virtual Machine associated with your system in your allowlist.

Wildcard:

*.gsc-cloud.com

Recommended:

{YourClientSpecificSCVirtualMachines}.gsc-cloud.com

 Video Interactive Connectivity Establishment (ICE) TCP in Web Real-Time Communication (WebRTC) for live streaming.
UDP 3478

TCP 3478

UDP 443

TCP 443

UDP 80

TCP 80

 Wildcards:

*.genetec.cloud

stun.relay.metered.ca

global.relay.metered.ca

Recommended:

turn.video.geneteccloud.com

stun.relay.metered.ca

global.relay.metered.ca

 Video Traversal Using Relays around NAT (TURN) server and Session Traversal Utilities for NAT (STUN) servers for live WebRTC video streaming.
TCP 2624
Important:
Ensure that you include the Cloud Security Center Virtual Machine associated with your system in your allowlist.

Wildcard:

*.gsc-cloud.com

Recommended:

{YourClientSpecificSCVirtualMachines}.gsc-cloud.com

 Intrusion Connection for intrusion.
TCP 443 
*.geneteccloud.com

serbusnwskuumgkdlgi.servicebus.windows.net
evhubnwskuumgkdlgi.servicebus.windows.net
evhubbacknwskuumgkdlgi.servicebus.windows.net
storsyncnwskuumgkdlgi.blob.core.windows.net
storhealnwskuumgkdlgi.blob.core.windows.net
storgatwnwskuumgkdlgi.blob.core.windows.net

google.com
 Access control Connection between Genetec Cloudlink and Security Center SaaS.
TCP 443 
serbusmese6xxndjusg.servicebus.windows.net
evhubmese6xxndjusg.servicebus.windows.net
evhubbackmese6xxndjusg.servicebus.windows.net
storsyncmese6xxndjusg.blob.core.windows.net
storhealmese6xxndjusg.blob.core.windows.net
storgatwmese6xxndjusg.blob.core.windows.net
 Access control Connection to Synergis.

Security Center SaaS in Korean datacenter

The following network ports must be open for datacenters in Korea.

Outbound port Endpoint domain Required by Port usage
UDP 123 Network Time Protocol (NTP) servers are selected from the following sources (highest priority to lowest priority):
  1. Manual NTP configuration in the appliance portal.
  2. DHCP
  3. Default NTP servers:
    • time1.google.com
    • time2.google.com
    • time3.google.com
    • time4.google.com
    • pool.ntp.org
 Edge OS Connection to an NTP server.
ICMP ping 8.8.8.8 Edge OS Diagnostics to indicate if the appliance can reach a global, public endpoint.
UDP 53 DNS servers are selected from the following sources (highest to lowest priority).
  1. Manual DNS configuration in the appliance portal.
  2. DHCP
  3. Default DNS servers:
    • 1.1.1.1
    • 8.8.8.8
    • 1.0.0.1
    • 8.8.4.4
 Edge OS Connection to a DNS server.
TCP 443 Wildcards:

*.genetec.cloud

*.genetec.com

Recommended:

centralkr.firmwarerepository.edge.genetec.cloud

login.genetec.com

 Edge OS Connection between Genetec Cloudlink and Security Center SaaS.
TCP 443 
global.azure-devices-provisioning.net
genetec-dm-hub-prod-ckr-0.azure-devices.net
edgeosprodckrappstore.azurecr.io
edgeosprodckrappstore.koreacentral.data.azurecr.io
prod0ckrfwimages.blob.core.windows.net
prod0ckrdevicesmgmt.blob.core.windows.net
prod0ckrdevicesdiags.blob.core.windows.net
 Edge OS Connection between Genetec Cloudlink and Security Center SaaS.
TCP 443 Wildcard:

*.genetec.cloud

Recommended:

centralca.video.genetec.cloud cancentral.tds.genetec.cloud

 Video Connection for video streaming, playback, and recording.
TCP 443 
eastus2-3.in.applicationinsights.azure.com
eastus2.livediagnostics.monitor.azure.com

tds1cancentralhrz.blob.core.windows.net 
tds2cancentralhrz.blob.core.windows.net 
tds3cancentralhrz.blob.core.windows.net 
tds4cancentralhrz.blob.core.windows.net 
tds5cancentralhrz.blob.core.windows.net 
tds6cancentralhrz.blob.core.windows.net 
tds7cancentralhrz.blob.core.windows.net 
tds8cancentralhrz.blob.core.windows.net 

cacscsaas01.blob.core.windows.net 
cacscsaas02.blob.core.windows.net 
cacscsaas03.blob.core.windows.net 
cacscsaas04.blob.core.windows.net 
cacscsaas05.blob.core.windows.net 
cacscsaas06.blob.core.windows.net 
cacscsaas07.blob.core.windows.net 
cacscsaas08.blob.core.windows.net 
cacscsaas09.blob.core.windows.net 
cacscsaas10.blob.core.windows.net 
cacscsaas11.blob.core.windows.net 
cacscsaas12.blob.core.windows.net 
cacscsaas13.blob.core.windows.net 
cacscsaas14.blob.core.windows.net 
cacscsaas15.blob.core.windows.net 
cacscsaas16.blob.core.windows.net
 Video Connection for load balancing and resiliency.
TCP 1935
Important:
Ensure that you include the Cloud Security Center Virtual Machine associated with your system in your allowlist.

Wildcard:

*.gsc-cloud.com

Recommended:

{YourClientSpecificSCVirtualMachines}.gsc-cloud.com

 Video Interactive Connectivity Establishment (ICE) TCP in Web Real-Time Communication (WebRTC) for live streaming.
UDP 3478

TCP 3478

UDP 443

TCP 443

UDP 80

TCP 80

 Wildcards:

*.genetec.cloud

stun.relay.metered.ca

global.relay.metered.ca

Recommended:

turn.video.geneteccloud.com

stun.relay.metered.ca

global.relay.metered.ca

 Video Traversal Using Relays around NAT (TURN) server and Session Traversal Utilities for NAT (STUN) servers for live WebRTC video streaming.
TCP 2624
Important:
Ensure that you include the Cloud Security Center Virtual Machine associated with your system in your allowlist.

Wildcard:

*.gsc-cloud.com

Recommended:

{YourClientSpecificSCVirtualMachines}.gsc-cloud.com

 Intrusion Connection for intrusion.
TCP 443 google.com

Wildcard:

*.geneteccloud.com

 Access control Connection between Genetec Cloudlink and Security Center SaaS.
TCP 443 
serbusmzzgywtnmm45w.servicebus.windows.net
evhubmzzgywtnmm45w.servicebus.windows.net
evhubbackmzzgywtnmm45w.servicebus.windows.net
storsyncmzzgywtnmm45w.blob.core.windows.net
storhealmzzgywtnmm45w.blob.core.windows.net
storgatwmzzgywtnmm45w.blob.core.windows.net
 Access control Connection to Synergis.

Security Center SaaS in UK datacenter

The following network ports must be open for datacenters in the UK.

Outbound port Endpoint domain Required by Port usage
UDP 123 Network Time Protocol (NTP) servers are selected from the following sources (highest priority to lowest priority):
  1. Manual NTP configuration in the appliance portal.
  2. DHCP
  3. Default NTP servers:
    • time1.google.com
    • time2.google.com
    • time3.google.com
    • time4.google.com
    • pool.ntp.org
 Edge OS Connection to an NTP server.
ICMP ping 8.8.8.8 Edge OS Diagnostics to indicate if the appliance can reach a global, public endpoint.
UDP 53 DNS servers are selected from the following sources (highest to lowest priority).
  1. Manual DNS configuration in the appliance portal.
  2. DHCP
  3. Default DNS servers:
    • 1.1.1.1
    • 8.8.8.8
    • 1.0.0.1
    • 8.8.4.4
 Edge OS Connection to a DNS server.
TCP 443 Wildcards:

*.genetec.cloud

*.genetec.com

Recommended:

southuk.firmwarerepository.edge.genetec.cloud

login.genetec.com

 Edge OS Connection between Genetec Cloudlink and Security Center SaaS.
TCP 443 
global.azure-devices-provisioning.net
genetec-dm-hub-prod-suk-0.azure-devices.net
edgeosprodsukappstore.azurecr.io
edgeosprodsukappstore.uksouth.data.azurecr.io
prod0sukfwimages.blob.core.windows.net
prod0sukdevicesmgmt.blob.core.windows.net
prod0sukdevicesdiags.blob.core.windows.net
 Edge OS Connection between Genetec Cloudlink and Security Center SaaS.
TCP 443 Wildcard:

*.genetec.cloud

Recommended:

centralca.video.genetec.cloud cancentral.tds.genetec.cloud

 Video Connection for video streaming, playback, and recording.
TCP 443 
eastus2-3.in.applicationinsights.azure.com
eastus2.livediagnostics.monitor.azure.com

tds1cancentralhrz.blob.core.windows.net 
tds2cancentralhrz.blob.core.windows.net 
tds3cancentralhrz.blob.core.windows.net 
tds4cancentralhrz.blob.core.windows.net 
tds5cancentralhrz.blob.core.windows.net 
tds6cancentralhrz.blob.core.windows.net 
tds7cancentralhrz.blob.core.windows.net 
tds8cancentralhrz.blob.core.windows.net 

cacscsaas01.blob.core.windows.net 
cacscsaas02.blob.core.windows.net 
cacscsaas03.blob.core.windows.net 
cacscsaas04.blob.core.windows.net 
cacscsaas05.blob.core.windows.net 
cacscsaas06.blob.core.windows.net 
cacscsaas07.blob.core.windows.net 
cacscsaas08.blob.core.windows.net 
cacscsaas09.blob.core.windows.net 
cacscsaas10.blob.core.windows.net 
cacscsaas11.blob.core.windows.net 
cacscsaas12.blob.core.windows.net 
cacscsaas13.blob.core.windows.net 
cacscsaas14.blob.core.windows.net 
cacscsaas15.blob.core.windows.net 
cacscsaas16.blob.core.windows.net
 Video Connection for load balancing and resiliency.
TCP 1935
Important:
Ensure that you include the Cloud Security Center Virtual Machine associated with your system in your allowlist.

Wildcard:

*.gsc-cloud.com

Recommended:

{YourClientSpecificSCVirtualMachines}.gsc-cloud.com

 Video Interactive Connectivity Establishment (ICE) TCP in Web Real-Time Communication (WebRTC) for live streaming.
UDP 3478

TCP 3478

UDP 443

TCP 443

UDP 80

TCP 80

 Wildcards:

*.genetec.cloud

stun.relay.metered.ca

global.relay.metered.ca

Recommended:

turn.video.geneteccloud.com

stun.relay.metered.ca

global.relay.metered.ca

 Video Traversal Using Relays around NAT (TURN) server and Session Traversal Utilities for NAT (STUN) servers for live WebRTC video streaming.
TCP 2624
Important:
Ensure that you include the Cloud Security Center Virtual Machine associated with your system in your allowlist.

Wildcard:

*.gsc-cloud.com

Recommended:

{YourClientSpecificSCVirtualMachines}.gsc-cloud.com

 Intrusion Connection for intrusion.
TCP 443 google.com

Wildcard:

*.geneteccloud.com

 Access control Connection between Genetec Cloudlink and Security Center SaaS.
TCP 443 
serbussjrfguy7ssisi.servicebus.windows.net
evhubsjrfguy7ssisi.servicebus.windows.net
evhubbacksjrfguy7ssisi.servicebus.windows.net
storsyncsjrfguy7ssisi.blob.core.windows.net
storhealsjrfguy7ssisi.blob.core.windows.net
storgatwsjrfguy7ssisi.blob.core.windows.net
 Access control Connection to Synergis.

Network communication with cameras

For video, the following ports must be open for local cameras. Opening these ports ensures that the Cloudlink appliance can connect to the cameras, manage them, and stream video.

Inbound port Outbound port Port usage
TCP 443

TCP 80

 Camera connections

HTTPS on port 443 is preferred. Cloudlink appliances only fall back to HTTP on port 80 if secure communication isn’t available.
TCP 554 RTSP for video requests.
UDP 3702 Camera discovery requests on 239.255.255.250 (multicast).
UDP 10000 to 10599 Real-Time Transport Protocol (RTP) and Real-time Transport Control Protocol (RTCP) communication from cameras to the Cloudlink appliance.
UDP 5353 UDP 5353 Camera discovery.
UDP 20000 Camera discovery responses.

Network communication with intrusion panels

Open the following ports to enable communication between intrusion panels and the Intrusion app (Genetec Intrusion Bridge) on Cloudlink appliances. The ports allow the appliance to connect to panels and exchange events and commands.

Inbound port Outbound port Port usage
TCP 2624 Connecting the Intrusion app (Genetec™ Intrusion Bridge) on the Cloudlink appliance to the Genetec™ Intrusion Protocol extension in Security Center SaaS.
TCP 7700 The default port for sending and receiving commands between Bosch intrusion panels and the Intrusion app (Genetec Intrusion Bridge) on the appliance.