Skip to main content
All CollectionsTechnical Documents & FAQ's
Network Readiness Guide for Gateways
Network Readiness Guide for Gateways

This is designed to go over the network readiness a network must undergo for optimal performance of the system and operation of the gateway.

Updated over 11 months ago

Arcules is designed to make a minimal footprint on your network infrastructure, and requires a few rules to be put in place to allow us to access your gateways, with permission, as well as to apply updates to the Arcules Software, and the operating system. Some minor changes may be required on the customer’s side to ensure all of these criteria are met.

Physical Gateway Requirements

Specifications (Dimensions are Width x Depth x Height)

Micro Form Factor Gateways - 1.42"x7.01"x7.17"

Dell OptiPlex 5090 Micro Core i3 3 GHz - SSD 256 GB RAM 16GB

Small Form Factor Gateways - 3.65"x11.42"x11.53"

Dell Optiplex 3050 SFF Core i5 3.4 GHz - SSD 512 GB RAM 8GB

Rack Form Factor Gateways* - 1U Rack Space, 23.45" Deep

Refurbished Dell PowerEdge R430 4-Port

Micro and Small Form Factor Gateways require an HDMI or Display Port connection for a monitor. Rack Form Factors require VGA connections.

*Rack Form Factor Gateways come with Dell Ready Rails for installation to a standard 4 post rack.

Installation

Gateways should be unboxed, installed, and attached to power and network prior to attempting to add the gateway to your organization, or contacting Customer Care for assistance. A USB Keyboard and monitor are required to set a Static IP Address on the gateway.

Network Architecture recommendations can be found in this Knowledge Base Article: Recommended Network Architectures

For easiest installation, the gateway should be on the network with access to the cameras, and the internet.

Network Adapters

Micro Form Factors and Small Form Factors have a single network adapter.

Rack Form Factors come with multiple NIC's, but will require Customer Care assistance to utilize more than one NIC in order to reach a second network (i.e. NIC 1 is Internet Facing, NIC 2 is on a segregated camera network). Rack Form Factors cannot be configured for load balancing or redundancy over the network adapters.

Guidelines and Notes

Certificates

  • Arcules will only validate against trusted certificate authorities, and not self signed certificates when communicating via the public internet. If you have questions around this please reach out to our security and compliance team.

Multi-ISP Environments

  • When the Arcules system lives within an environment that contains multiple ISP's, a firewall rule should be implemented to ensure all Arcules traffic goes over the same ISP, with the fastest ISP speed. Load balancing this traffic can affect the performance of live video feeds and gateway uploads.

Firewall Settings

  • All firewall rules are for Outbound traffic only. No Inbound Ports should need to be opened. We have designed this in order to provide maximum security, with minimal rules.

  • All network traffic concerning customer data is encrypted both at rest and in flight to ensure data integrity and security.

  • Arcules recommends using domain names over IP addresses when configuring Allow listing for outbound traffic. We cannot guarantee they will not change IP Addresses in the future.

  • This is also the reason why Arcules does not provide an IP address as a replacement for the domain name. If an IP address of a domain is required, using a ping or nslookup through your DNS of choice will give you the current IP Address of the domain(s).

SSL/TLS Deep Packet Inspection

  • Arcules does not support network appliances running deep packet inspection on our traffic. This can cause certificate issues, and trust issues with our traffic’s encryption, and will have a detrimental effect on the operation of the Arcules system.

Proxy Servers

  • Arcules does not support network appliances functioning as proxy servers for internet traffic.

Camera Protocol Configuration

  • Currently, Arcules requires a camera to have both HTTP and HTTPS enabled for successful connection to the Arcules Gateway Device.

Gateway Device Rules

The following domains and ports must be opened in order for the Arcules Gateway to be able to function, pull down updates, and report home for proactive monitoring.

These domains and ports must be opened so that each Gateway has access to these endpoints.

Domain Name

Purpose

Protocol

Port

*.arcules.com

API Services

UDP/TCP/HTTPS,WSS

443

*.cloud.google.com

Google Services

TCP/HTTPS

443

*.googleapis.com

Google Services

TCP/HTTPS

443

*.googleusercontent.com

Google Services

TCP/HTTPS

443

*.ubuntu.com

OS Updates

TCP/HTTPS,HTTP,UDP/NTP

443, 80, 123

*.launchpad.net

OS Updates

TCP/HTTPS,HTTP

443, 80

*.snapcraft.io

OS Updates

TCP/HTTPS,HTTP

443, 80

*.snapcraftcontent.com

OS Updates

TCP/HTTPS

443

*.canonical.com

OS Updates

TCP/HTTPS,HTTP

443, 80

*.gcr.io

Arcules Image Repository

TCP/HTTPS

443

*.docker.io

Core Image Repository

TCP/HTTPS

443

*.docker.com

Core Image Repository

TCP/HTTPS

443

rcss-production.arcules.com

Remote Support

TCP/SSH

2222

*

Speed Test

TCP/HTTPS

8080

*

Online/Offline Detection

ICMP

*.pool.ntp.org

Network Time Protocol

UDP

123

8.8.8.8 & <Insert own DNS here>

Domain Name Services

TCP & UDP

53

Client Network Rules

These client rules will allow for any system accessing the Arcules platform seamless usage. Any Inbound Ports associated to the requests would be client specified by the Client’s Operating System. Local Live / Local Playback feature requires clients to communicate directly to the cloud using UDP on Port 443. You cannot use Local Live / Local Playback if the client needs to go through proxies.

Domain

Usage

Protocol

Outbound Ports

API Services

UDP/TCP/HTTPS,WSS

443

*.arcules.com

Remote Device Access

TCP

4200 - 4250

*.intercom.com

Support And Chat

TCP/HTTPS/WSS

443

*.split.io

Early release Features

TCP/HTTPS/WSS

443

<Insert own DNS here>

Domain Name Services

TCP & UDP

53

Internal Network Service Rules

All of these requirements are only within your local network, and no external application of these rules are required. Due to the wide range of drivers we support, some devices and cameras may operate differently than listed below, but this captures the most universal information.

Connection Type

Purpose

Protocols

Ports

SERVER

For emergency offline viewing

TCP/HTTP,WS

9000/443

CLIENT

ONVIF Communication (Camera)

TCP/SOAP

~80, 443

CLIENT

Video Stream (Camera)

TCP/RTSP

~554

CLIENT

File Transfer

TCP/FTP

~21

CLIENT

Video or Audio Data

UDP/RTP

~10000-20000

CLIENT/SERVER

Auto Discovery

UDP/mDNS

5353

CLIENT/SERVER

Auto Discovery

UDP/uPNP

1900

CLIENT

Auto Discovery

TCP/HTTP

~80

CLIENT/SERVER

Auto Discovery

UDP/ONVIF

3702

CLIENT/SERVER

Local Live Viewing

UDP/RTP

20000 - 24999

CLIENT

Signaling and File Transfer

TCP/HTTP,

HTTPS

80,443

Note '~' Indicates the typical port that this operates on, and can be changed by the installer.

Optional Firmware Rule (Axis Cameras Only)

Domain

Purpose

Protocols

Ports

*.axis.com

Firmware Updates for Axis hardware

TCP/HTTPS

443

Did this answer your question?