Articles in this section

Networking Ports & Endpoints Requirements / Best Practices

  • Updated
Follow

To ensure the reliable operation of Videon devices, including with the use of LiveEdge Cloud Control, your network must allow access to specific endpoints, ports, and services. This guide outlines the required configurations and best practices for firewall and DNS settings.

 

Table of Contents:

  1. Required Endpoints & Ports
  2. DNS Recommendations
  3. Firewall Best Practices
  4. DHCP/Static Best Practices
  5. Additional Notes

 

Required Endpoints & Ports

The following endpoints must be accessible for Videon devices to function correctly:

Service Endpoint / Domain Port(s) Protocol Purpose / Notes
Encoder local web UI LAN IP of the encoder (e.g. 192.168.x.x / DHCP reservation). No public DNS; access is device-local on the subnet. 80 TCP/HTTP (Client → encoder) Primary local web server for the encoder's browser-based UI.
Encoder local REST API Same as above 2020, 8091* TCP/HTTP (Client → encoder)

Port 2020 is the local REST API used by the web UI and related on-device functions (subset of API surface).

*Port 8091 is for additional local REST API endpoints. Supported on Max-series encoders only; omit if the device is not a Max model.
MQTT (AWS IoT Core) a3di2u0bk63rob-ats.iot.amazonaws.com 443, 8443*, 8883* MQTT (TLS) Used for device communication with AWS IoT Core. Do not restrict by IP.
*These ports are used as fallbacks depending on network configuration. Port 443 is preferred, but 8443 and 8883 may be used in restrictive environments.
LiveEdge Cloud Control videoncloud.com 443 HTTPS Enables remote management and monitoring of devices. Do not restrict by IP.
LiveEdge Cloud Control API api.videoncloud.com 443 HTTPS Enables remote API commands of devices. Do not restrict by IP.
Download Logs from Device via LiveEdge Cloud api-devices-devicelogsbucketce8d3ab0-lxnnsjk85q9eg.s3.amazonaws.com 443 HTTPS Ensures debug logs can be properly uploaded to AWS S3. Do not restrict by IP.
Device Time Sync (NTP) pool.ntp.org 123 UDP Ensures accurate device timekeeping.
Firmware Updates LiveEdge® Max: releases.videonlabs.com
LiveEdge® Node: releases.videon-central.com 		443 HTTPS Required for downloading firmware updates.
Docker Containers

Google's DNS servers:

8.8.8.8 & 8.8.4.4

 53 DNS (UDP/TCP)

Used as the default backup DNS servers for Docker image pulls and container-level DNS resolution.

For Node devices, before firmware version V12.0.0, Docker could only use Google's DNS servers for downloading images and resolving hostnames inside containers. This requirement remained in place until the DNS configuration parameter was exposed in the Docker Container creation UI.

 

DNS Recommendations

Reliable DNS resolution is critical for endpoint access. We recommend using one of the following public DNS providers:

  • Google DNS8.8.8.88.8.4.4
  • Cloudflare DNS1.1.1.1

These providers are known for high availability and fast resolution times.

 

Firewall Best Practices

To ensure uninterrupted device operation, follow these firewall configuration guidelines:

✅ Allow Outbound Traffic

  • Allow outbound connections on the ports listed above.
  • Ensure UDP port 123 is open for NTP time synchronization.

🚫 Do Not Restrict AWS Endpoints by IP

⚠️ Important: AWS services use dynamic IP ranges that change frequently and vary by region. Restricting access by IP address will likely cause connectivity issues.

Instead, allow access based on domain names.

🔁 Monitor for Failures

If firmware updates or Cloud Control features fail, it may indicate:

  • Blocked access to required domains
  • DNS resolution issues
  • Firewall restrictions on outbound traffic

⚠️ Warning: If endpoints like AWS S3 are blocked, TCP-based services (such as log uploads) will continue retrying. This can lead to network congestion and buffer growth, especially in constrained environments. Ensure these domains are not silently dropped or filtered.

 

DHCP/Static Best Practices

⚠️ When to Use a Static IP

If your Videon device may be powered on before the network’s DHCP server is fully online — or if the DHCP server may be unavailable at times — we strongly recommend assigning the device a static IP address.

This ensures:

  • The device does not fall back to a link-local IP (e.g., 169.254.x.x)
  • Network services like Cloud Controlfirmware updates, and log uploads remain functional
  • You avoid unpredictable behavior during startup or reconnection

📦 Special Note for 2Go Kit Users

If you're using a cellular-bonded 2Go kit, this recommendation is especially important.

These kits often operate in mobile or temporary network environments, where:

  • DHCP servers may not be present or may take time to initialize
  • Devices may boot before the network is fully established

In these cases, assigning a static IP address to your Videon device helps ensure reliable connectivity and prevents issues caused by fallback IP behavior.

✅ Best Practice Summary

  • Use DHCP in stable, always-on network environments
  • Use a static IP when:
    • The device may boot before the network is ready
    • The network lacks a reliable DHCP server
    • You're deploying in mobile or ad-hoc setups (e.g., 2Go kits)

Additional Notes

  • Videon devices rely on AWS IoT Core for secure communication. Ensure your network policies support TLS over port 443.
  • Time synchronization is essential for secure MQTT connections. If NTP is blocked, devices may fail to authenticate.
  • If your organization uses a proxy or deep packet inspection, ensure that TLS traffic to the listed domains is not intercepted or altered.

Related articles