Network Requirements
This section covers the IT and Security information for System Galaxy.
System Galaxy Security Notes
The System Galaxy Installer Program will automatically “open” ports for the services and databases in the Windows® Firewall Exceptions for System Galaxy services and during Steps 2 and 3 of the installation.
NOTICE: if you are installing a standalone computer and no clients will connect, then you should manually edit the firewall to close any ports that are not used in this case. See notes below.
NOTICE: port 3001 is used for communication to Galaxy controllers and must be open to interoperate with panels..
NOTICE: you may need to manually open required ports for any 3rd Party applications in the Firewall or in any port blocking applications
NOTICE: network switches or routers must also meet port requirements.
The following ports and applications must be unblocked for System Galaxy:
-
If using idProducer Badging Solution, you need to make sure both SpecsID service and Connection service automatically start/run when the computer reboots/restarts. If the computer is slow to start-up the Galaxy GCS Services, you may need to configure a Delayed Start in the idProducer services properties .
(
SG Firewall Exceptions Table
The table below lists default ports and program exceptions that System Galaxy requires to support operation.
|
Open/Allow * † ‡ |
Who uses it |
Where to open it … |
|
|
sqlservr.exe |
SQL Express Server |
On the computer running SQL Server - only if clients need to make ODBC connections |
|
|
sqlbrowser.exe |
SQL Server Browser |
On the computer running SQL Server - only if clients need to make ODBC connections |
|
|
3001 |
GCS Event Service |
On any computer running the GCS Event Service. SG panel connections required. |
|
|
3001 |
GCS Comm Service |
On any computer running GCS Comm Service. SG panel connections required. |
|
|
4000 |
GCS Comm Service |
On any computer running GCS Comm Service. GCS service connection required. |
|
|
4001 |
GCS DBWriter Service |
On the computer running the GCS DBWriter Service. GCS service connection required. |
|
|
4002 |
GCS Gateway Service |
On the computer running the GCS Gateway Service. GCS service connection required. |
|
|
4003 |
GCS Event Service |
On any computer running the GCS Event Service. GCS service connection required. |
|
|
4004 |
GCS Alarm Panel Service |
On the computer running the GCS Alarm Panel Service. GCS connection required. |
|
|
4005 (only used for comm betwn redundant event svrs) |
GCS Event Service |
On the computer running the GCS Event Service. Listening port for Event Service-to-Event Service communications; only used in case of running redundant event servers. |
|
|
5010 |
GCS Gateway Service |
On the computer running the GCS Gateway Service; GCS service connection required. |
|
|
8000/8443 HTTP / HTTPS (Default) |
GCS Web API Service |
On any computer running the GCS API Service; GCS connection required to support API-based applications (e.g. idProducer, Mobile Apps, Video API plugins, etc.). If you are not running any API-based apps, then this service can be disabled and closed. |
|
|
Integrated Software - Firewall exceptions for 3rd Party software that integrates with System Galaxy (SG) |
|||
|
4747, 4748, 4749 |
Card Exchange 7; open ports on client workstations that supports badge enrollment & printing. |
||
|
81 or 443 (default) |
idProducer Badging Solution (port changes may be recommended to avoid conflicts) |
||
|
9108 |
Invixium IXM-WEB Biometric Enrollment |
||
|
1433, 42100*, 11011*, |
IDEMIA Client and Reader Ports (MorphoManager/BioBridge). * Ports 42100 & 11011 use TCP/TLS. |
||
|
* Managing Ports & Services: During Step-3, the installer automatically opens default ports and configures essential services to start “automatic”. Verify these ports are successfully opened and the services are running. Ensure these ports are open on the appropriate switches/routers. † Close any ports that are unnecessarily exposed and stop any duplicate services. Only one copy of DBWriter, Client Gateway, Web API can be running system wide. Typically, only one copy of the GCS Comm Service and GCS Event Service is deployed on the main communication/event server. The only exception is if you are installing multiple GCS Event or Auxiliary Comm Severs to support globally distributed panels on an Auxiliary Comm Server, Aux. Event Server, or Redundant Event Servers. ‡ The idProducer and GCS Web API Services can be configured to use different port number than the default(s). If you change the IP Port Numbers, you must also update the appSettings file to match and restart all the services to pick up the changes. |
|||
()
DVR/NVR Known Firewall Exceptions Table
The table below provides the port numbers known to be default ports for the listed products at time of initial integration development.
|
PORT |
Service/Device |
PORT |
|
|
6808 |
Discovery |
81 |
ONSSI / OCULARIS (default) |
|
9871 |
Discovery 2 |
80 |
Salient |
|
2000 |
Discovery 3 and .NET, G3 Embed. H264 & Lenux, and E-series |
80 |
Milestone |
|
2000 |
OpenEye E-series, X-series |
38880 |
Avigilon |
|
2000 |
Toshiba Surveillix |
22609 |
ExacqVision |
|
4000 |
Honeywell Fusion (4000 may be reserved for SG) |
9002 |
Pelco / Endrua |
|
|
|
8085 |
LENSEC Web-based VMS Solution (1) |
()