What do I need to configure in my firewall to allow access to AXIS Secure Remote Access?
If you are having problems enabling AXIS Secure Remote Access due to restrictive firewalls or other network security implementation, consider the following:
AXIS Secure Remote Access does not support proxy that requires authentication. A workaround could be to allow cameras (AXIS Companion) and AXIS Camera Station server (AXIS Camera Station) to bypass authentication.
Each time a client or a camera makes an outbound connection through the router, the router will give that connection a random external port which is used for hole punching. It is not possible to predict which port will be used.
For AXIS Companion 3 and AXIS Camera Station:
- The network needs to allow outbound traffic on ports 80 and 443 for Secure Remote Access to work
- The mediator servers use dynamic IP addresses – The mediator server URLs are:
accws01.accws.axis.com
accws02.accws.axis.com
accws03.accws.axis.com
us-us.accws.axis.com
usaccws01.accws.axis.com
usaccws02.accws.axis.com
us-sra-oauth.axis.com
se-eu.accws.axis.com
se-sra-oauth.axis.com
se-ap.accws.axis.com
acsapi.axis.com
gateway.api.axis.com
- The site service URL is also accessed via port 80:
http://accws.se.axis.com
P2P:
Server-side: Cameras (AXIS Companion)/server (AXIS Camera Station) need to be able to get out on Port 80 & 443 (outbound)
Client-side network: outbound 80 & 443
Connection using Web proxy/4G: P2P will not work and communication is relayed through the mediator servers.
Use of dynamic ports may prevent hole punching/P2P
- For countries with special fire walls (e.g.: Dubai and China) Secure remote access will not work as they cannot reach the turn servers (where ISPs restrict internet traffic, with restricted internet)
- Some proxies may block certain protocols, require certificates, or cut connections after a while and may not work with AXIS Secure Remote Access
For more information about AXIS Secure Remote Access, see:
https://www.axis.com/gb/en/technologies/axis-secure-remote-access
https://www.axis.com/files/whitepaper/wp_remote_access_73041_en_1903_lo.pdf
For AXIS Companion 4:
- The following URLs are used by the Communication Agent that is installed on all cameras/recorder in AXIS Companion 4:
https://*.axis.com/*
wss://*.axis.com/*
https://*.axis.cloud/*
In some cases:
amazonaws.com
Outbound ports used:
For cloud service requests:
443 (HTTPS)
For P2P:
34500 (UDP)
80 (TCP)