Mobile Video - DEMS - EL4 - Firewall Ports and Antivirus Exceptions


Issue

Evidence Library 4 Web anti-virus and exclusions required to run all services properly

Environment

EL4 all versions

Resolution

Firewall:
Check if  Windows Firewall is enabled. If enabled, ask customer if it is possible to disable it temporarily for testing purposes. If the firewall is required to be enabled, ensure the ports listed below are excluded. The executable files for each WGV service can also be excluded in the firewall.

AntiVirus:
Check to see if any antivirus software is installed. If an antivirus software is installed, ask the customer if it can be disabled temporarily for testing.
IMPORTANT: Some Antivirus programs have multiple services running. Eensure they are all stopped.
Each executable files for WGV services can also be excluded.

Antivirus Exclusions:

  • Directory where import.sdf files and WGV Certificate are located:
    • Usually C:\Program Data\Watchguard
  • Directories where WGV software is installed:
    • Usually C:\Program Files\Watchguard Video and C:\Program Files (x86)\Watchguard Video
  • Also, the same software directories on workstations (where the Transfer Agent and Transfer Service are installed)
    • This can be done via group policy if the Antivirus is centrally managed.
  • All Video Storage locations:
    • Import
    • Export
    • Wireless.Staging
    • Case
    • Atlas.Staging
    • Jobqueue.Staging
    • all Final Video storage locations
  • If possible Exclude the Evidence Library URL and the Certificate Ports used by Evidence Library 4 Web


On the Workstation:

  • Client Browser (EL WEB)
    • HTTP 80
    • HTTPS 443*, 9031
    • TIP: 443 could be different if Watch Commander is installed; check IIS
  • Transfer Agent
    • HTTP 8020
    • HTTPS 443, 9034
    • TCP 9026, 9029
  • Transfer Service
    • HTTP 8020
    • HTTPS 443
    • TCP 135-139, 445, 9026, 9028, 9029, 9042, 9048


On the Server:

  • Security Token Service
    • HTTP 389, 8020
  • Hosted Service
    • TCP 9026-9050
  • Wireless Import Service
    • TCP 20, 21, 5001, 9045
    • INFO: Wireless Import could be assigned to either network adapter.
    • INFO: Transfer Stations could be assigned to either network adapter.
  • Publishing Service
    • TCP 9051
  • Transcode Service
    • TCP 9050
  • SQL
    • 1433, 1434
  • Ports used by Watch Commander
    • Watch Commander
      • HTTPS 443
      • TIP: Check IIS
      • TCP 10001-10101, 25820
    • Wowza
      • TCP 8086
  • MDC application (4RE Mobile App)
    • TCP 25820
    • UDP 25810, 25843, 25845, 25847, 25855


Other Ports

  • Well-Known Ports used by Microsoft Windows
    • TCP 135-139, 445