Professional Documents
Culture Documents
CCURE 9000 Istar Port Assignments
CCURE 9000 Istar Port Assignments
Port Assignments
The port assignments in this document are valid for C·CURE 9000 2.70, iSTAR Ultra family firmware v6.6.0, iSTAR Pro
firmware v5.2.x, and the iSTAR Edge/eX firmware v6.2.x. This document also provides port information for C·CURE 9000
integrations. The main purpose of this port document is to help customers in setting up firewall. This document does not list
ports using internally by each device.
Ports are listed by the device that has the port open.
8200-1413-01 D2
Table of Contents
IP-ACM v1 ......................................................................................................................................................................... 12
IP-ACM v2 ......................................................................................................................................................................... 12
SQL Server........................................................................................................................................................................ 13
ICU .................................................................................................................................................................................... 14
2
C•CURE 9000 Server (victor Application Server)
3
C•CURE 9000 Server (victor Application Server (vAS))
Port/ Protocol Direction Initiator Process/ Description
Range Service
8005 TCP Inbound Windows System Trace Viewer URI System Trace Viewer URI
Listening
8006 TCP Inbound Windows Remote Hardware Interface List URI Remote Hardware Interface List URI
Listening
8042- TCP Inbound EMC Autostart EMC AutoStart For EMC AutoStart failover/redundancy
8045 Listening
8080 TCP Inbound Client Tomcat6.exe Communication from Assa Abloy DSR to C·CURE server.
Listening
8085 TCP Inbound Client Auto Update CCURE9000 software Auto Update for clients and SAS
Listening from MAS
8985 TCP Inbound iSTAR/vAS Base address of driver service location = Server
Listening Base for drivers for iSTAR, VideoEdge, Intellex, etc. used
to drive communication
8995 TCP Inbound SAS Installation, upgrade and repair operations For MAS and SAS installation, upgrade and repair
Listening on MAS and SAS communication between MAS and SAS, only required
when SAS needs to be installed. MAS listens, SASs
initiates the communication.
8996 TCP Inbound Client Crossfire service of web client session location = vAS, Traffic Direction from vAS = inbound,
Listening Connection Initiate from 9000 Client. For clients to
access C·CURE from web.
8997 TCP Inbound Client Admin / Monitor Client stream location = vAS, Traffic Direction from vAS = inbound,
Listening Connection Initiate from 9000 Client. Client access to
administrative or monitor station of C·CURE
8998 TCP Inbound Client Crossfire service of HTTP client session location = vAS, Traffic Direction from vAS = inbound,
Listening Connection Initiate from 9000 Client. For HTTP of
crossfire for client session
8999 TCP Inbound Client Crossfire service of TCP client session location = vAS, Traffic Direction from vAS = inbound,
Listening Connection Initiate from 9000 Client. For crossfire
service of TCO client session.
8999 TCP Inbound MAS and SAS Installation, upgrade and repair operations For MAS and SAS installation, upgrade and repair
Listening on MAS and SAS communication between MAS and SAS
9090 TCP Inbound DSR CrossFireAssaAbloyDriverService Communication from C·CURE to DSR server.
Listening
9701 TCP Inbound iSTAR Ultra LightTPD.exe iSTAR Ultra download firmware.
Listening
4
C•CURE 9000 Server (victor Application Server (vAS))
Port/ Protocol Direction Initiator Process/ Description
Range Service
27000 TCP Inbound vAS TycoESS License software Location = vAS, traffic direction from vAS = inbound,
Listening Connection initiate from vAS/9000 Client. Used for
verifying licenses with Software House.
Services and applications that utilize TycoESS are vAS,
CCURE9000License.exe, LicenseManager.exe and
Crossfire Framework Service
27010 UDP Inbound vAS TycoESS – License Vendor Daemon For multiple licenses. Services and applications that
Listening utilize TycoESS are vAS, CCURE9000License.exe,
LicenseManager.exe and Crossfire Framework Service.
28001 TCP Inbound iSTAR iSTAR eX/Edge/Ultra Fast personnel location = vAS, traffic direction from vAS = inbound,
Listening download connection Connection initiate from encrypted iSTAR panels
28002 TCP Inbound iSTAR iSTAR eX/Edge firmware download location = vAS, traffic direction from vAS = inbound,
Listening Connection initiate from encrypted iSTAR panels
28003 TCP Inbound iSTAR iSTAR eX/Edge/Ultra Used by host to location = vAS, traffic direction from vAS = inbound,
Listening accept eX or Edge request for certificate Connection initiate from encrypted iSTAR panels
signing
28004 TCP Inbound iSTAR Encrypted iSTAR Ultra SQL Lite database location = encrypted iSTAR Panels, traffic direction from
Listening download vAS = outbound, connection initiate from vAS
28010 TCP Inbound iSTAR Host port for incoming encrypted iSTAR Port used by Stunnel on server for incoming iSTAR panel
Listening connections connection. Stunnel is the secure encrypted wrapper for
communication between CCURE9000 server and iSTAR
panels.
28016 TCP Inbound iSTAR Ultra Panel uploads personnel database file to Host port for encrypted uploading SQLite personnel
Listening host database file.
5
iSTAR Edge/eX
iSTAR Edge/eX
Port/ Protocol Direction Initiator Process/ Description
Range Service
Inbound Web connection used for diagnostic website. Port is closed in FIPS mode. Only
80 TCP Listening Web HTTP necessary for diagnostics
Inbound iSTAR
1999 TCP Listening members, ICU Configuration iSTAR port for incoming ICU requests.
Inbound PC running iWATCH connection port. Not open by default, but can be enabled via webpage
2008 TCP Listening iWatch iWATCH diag settings.
Encrypted
Inbound iSTAR
28003 TCP Listening members encryption Used to accept signed certificate for encryption.
Inbound encrypted
28009 TCP Listening iSTAR Cluster member iSTAR port for incoming encrypted member requests
This port number is generated during bootup and is the stunnel communication
1025 - iSTAR to C·CURE for CCURE9000 server [port 28010 (stunnel)]. Stunnel is the secure encrypted
5000 TCP Outbound iSTAR Edge/eX communication wrapper for communication between CCURE9000 server and iSTAR panels.
Inbound
2001 UDP Listening ICU discovery iSTAR port for ICU broadcasts
Windows DNS, a function of the Windows operating system on the iSTAR which
Inbound resolves domain names. This port cannot be closed, but is not part of the iSTAR
1025 UDP Listening vAS Windows DNS function. Customer can block this port via network firewall.
Inbound Protocol for collecting and organizing information about managed devices on IP
161 UDP Listening vAS SNMP networks and for modifying that information to change device behavior.
Inbound NetBIOS Name Service. This is a function of Windows and cannot be closed, but is
137 UDP Listening vAS Netbios-NS not required for iSTAR operation.
NETBIOS Datagram Service. This is a function of Windows and cannot be closed,
Inbound but is not required for iSTAR operation. Customer can block this port via network
138 UDP Listening vAS Netbios-DS firewall.
6
iSTAR Pro
iSTAR Pro
Port/ Protocol Direction Initiator Process/ Description
Range Service
Inbound Web connection used for diagnostic website. Port is closed in FIPS mode. Only
80 TCP Listening Web HTTP necessary for diagnostics
iSTAR
Inbound members, iSTAR master port for incoming non-encrypted member connections, plus incoming
1999 TCP Listening ICU Master ICU requests
Inbound PC running iWATCH connection port. Not open by default, but can be enabled via webpage
2008 TCP Listening iWatch iWATCH diag settings
Inbound
2001 UDP Listening ICU discovery iSTAR port for ICU broadcasts
SNMP
Inbound Protocol for collecting and organizing information about managed devices on IP
161 UDP Listening vAS SNMP networks and for modifying that information to change device behavior.
Windows DNS, a function of the Windows operating system on the iSTAR which
Inbound resolves domain names. This port cannot be closed, but is not part of the iSTAR
1025 UDP Listening vAS Windows DNS function. Customer can block this port via network firewall.
1025 - TCP Outbound iSTAR Pro iSTAR to C·CURE This port number is generated during bootup.
5000 communication
7
iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra LT
iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra LT (Note: iSTAR Ultra SE Pro Mode doesn’t support encryption.)
Inbound Protocol for collecting and organizing information about managed devices on
161 UDP Listening vAS SNMP IP networks and for modifying that information to change device behavior.
Inbound Secure web connection used for diagnostic website. Port is closed in FIPS
443 TCP Listening Web HTTPs mode. Only necessary for diagnostics
Non-encrypted
Inbound iSTAR members, iSTAR master port for incoming non-encrypted member connections, plus
1999 TCP Listening ICU Master incoming ICU requests.
Inbound
2001 UDP Listening ICU discovery iSTAR port for ICU broadcasts
Inbound iWATCH connection port. Not open by default, but can be enabled via
2008 TCP Listening PC running iWatch iWATCH webpage diag settings
Inbound
2900 TCP Listening IP-ACM Communication iSTAR Ultra GCM listening port for IPACM proprietary encrypted connection
Inbound iSTAR Ultra GCM listening port for IPACM2 SSL encrypted connection with
2901 TCP Listening IP-ACM2 Communication default certificate/key.
Inbound iSTAR Ultra GCM listening port for IPACM2 SSL encrypted connection with
2902 TCP Listening IP-ACM2 Communication default certificate/key.
Inbound Encrypted iSTAR
28003 TCP Listening members encryption Used to accept signed certificate for encryption.
Inbound
28009 TCP Listening Encrypted iSTAR iSTAR Member iSTAR Ultra incoming encrypted member connection port
This port number is generated during boot up and is the stunnel
communication for CCURE9000 server [port 28010 (stunnel)]. Stunnel is the
30000- iSTAR to C·CURE secure encrypted wrapper for communication between CCURE9000 server
61000 TCP Outbound iSTAR Ultra/SE/LT communication and iSTAR panels.
8
iSTAR Ultra Video
VideoEdge VideoEdge victor Client UDP Default VideoEdge UDP port range (for victor
Client 32200-38199 UDP Outbound server communication client connections)
VideoEdge Outbound VideoEdge veAutoDiscMDNS - Discovery of devices, close
Client 32200-38199 UDP server AD discovery after setup
VideoEdge Outbound
VideoEdge veAutoDiscScan - Discovery of devices, close
Client
32200-38199 UDP server AD discovery after setup
10
iSTAR Ultra Video
Destination Port/ Protocol Direction Initiator Process/ Description
System Range Service
VideoEdge
VideoEdge veAutoDiscSSDP - Discovery of devices, close
server
Client 32200-38199 UDP Outbound AD discovery after setup
VideoEdge VideoEdge
Client 32200-38199 UDP Outbound server UPnP VideoEdgeupnpn
VideoEdge
VideoEdge veAutoDiscSSD - Discovery of devices, close
server
Client 32200-38199 UDP Outbound AD discovery after setup
VideoEdge VideoEdge veAutoDiscWSDi - Discovery of devices, close
Client 32200-38199 UDP Outbound server AD discovery after setup
VideoEdge VideoEdge
Client/Camera 6000-7999 UDP Outbound server RTP/RTCP RTP/RTCP
VideoEdge VideoEdge
Client/Camera 9000-9511 UDP Outbound server Multicast multicast port range
Remote
Transcoding and
Failover NVR 9000-9128 TCP Outbound NVR Failover Remote Transcoding and Failover
Inbound
iSTAR Ultra 2001 UDP Listening ICU discovery iSTAR port for ICU broadcast
Inbound PC running
iSTAR Ultra 2008 TCP Listening iWatch iWATCH iWATCH connection port
Inbound Encrypted iSTAR Ultra incoming encrypted member
iSTAR Ultra 28009 TCP Listening iSTAR iSTAR Member connection port
Encrypted
Inbound iSTAR Ultra Used to accept signing for certificate for
iSTAR Ultra 28003 TCP Listening members Certificate signing encryption
11
IP-ACM v1
IP-ACM
Port/ Protocol Direction Initiator Process/ Description
Range Service
Inbound
80 TCP Listening Web HTTP Web connection used for configuration and diagnostics.
IP-ACM v2
IP-ACM2
Port/ Protocol Direction Initiator Process/ Description
Range Service
Inbound
443 TCP Listening Web HTTPS Secure Web connection used for configuration and diagnostics.
Innometriks Readers
Innometriks
Destination Port/ Protocol Direction Initiator Process/ Description
System Range Service
Inbound Communication between ID Server and
Panel Server 5002, 5050 TCP Listening vAS PanelServer.exe C·CURE panel, as well as to GCM.
Enrollment Inbound Enrollment Port used for incoming enrollments from
Server 8000 TCP Listening Server EnrollmentServer.exe C·CURE FICAM client.
12
SQL Server
13
ICU
14
Other Components
5002 TCP Inbound vAS ISC Controller communication ISC Controller communication,
Listening alternative 6002 port. ISC is not
supported in C·CURE 9000 v2.30 or
ISC later.
5003 TCP Inbound vAS ISC Controller communication ISC Controller communication,
Listening alternative 6003 port. ISC is not
supported in C·CURE 9000 v2.30 or
ISC later.
5025 TCP Inbound vAS ISC Point Change Port ISC Point Change Port. ISC is not
Listening supported in C·CURE 9000 v2.30 or
ISC later.
5026 TCP Inbound vAS ISC Version Attendance Port ISC Version Attendance Port. ISC is
Listening not supported in C·CURE 9000 v2.30
ISC or later.
5900 TCP Inbound everRun client VNC with Linux VMs Stratus Redundancy solution everRun
Listening communication for
everRun server failover/redundancy
7800 UDP Inbound vAS Bosch Bosch receiver port
Listening
Bosch
7900 UDP Inbound vAS Bosch Bosch receiver port
Listening
Bosch
8080-8081 TCP Inbound everRun client everRun eAC Stratus Redundancy solution everRun
Listening eAC communication for
everRun server failover/redundancy
9090 TCP Inbound vAS CrossFireAssaAbloyDriverService Communication from C·CURE to DSR
Listening server.
Assa Abloy DSR
10001- TCP Inbound DSC serial serial DSC serial through Lantronix and
10002 Listening through Lantronix Simplex 4100U serial through
and Simplex Lantronix
4100U serial
Lantronix through Lantronix
22609 TCP Inbound vAS HDVR Admin/Line/Alarm Port HDVR Admin/Line/Alarm Port
Listening
HDVR
17
47808 UDP Inbound vAS MZX MZX fire detection integration
Listening
MZX
10001 - TCP Inbound vAS Galaxy Honeywell Galaxy Panel
Honeywell 10002 Listening
Galaxy panel
3072 TCP Inbound vAS ITV2 ITV2 – DSC PowerSeries Neo
DSC Listening
PowerSeries
5001 TCP Inbound vAS TOA TOA Intercom server
Listening
TOA Server
3001 TCP Inbound vAS Commend Commend Intercom server
Commend Listening
Server
2004-2005 TCP Inbound vAS KONE Elevator KONE Elevator
Listening
KONE Elevator
45303, UDP Inbound vAS Otis Elevator Otis Elevator
45307, Listening
45308,
46307,
46308,
Otis Elevator 47307
ThyssenKrupp 8038-8041 UDP Inbound vAS ThyssenKrupp Elevator ThyssenKrupp Elevator
Elevator Listening
Elpas 1001 TCP Inbound vAS Elpas Elpas real time location
Listening
Schindler 4040, 5050 TCP Inbound vAS Schindler Elevator Schindler Elevator
Elevator Listening
CEM CDC 30000 TCP Inbound vAS CEM CEM Access Control
Server Listening
18
Entrapass 8801 TCP Inbound vAS Entrapass Entrapass Access Control
Server Listening
3VR Recorder 8080 TCP Inbound vAS 3VR 3VR video recorder
Listening
Bosch Recorder 80 TCP Inbound vAS Bosch Video Bosch video recorder
Listening
Matrix 8016 TCP Inbound vAS Matrix Video Matrix video recorder
Recorder Listening
Dedicated 80 TCP Inbound vAS Dedicated Micro Dedicated Micro video recorder
Micro Recorder Listening
The trademarks, logos, and service marks displayed on this document are registered in the United States [or other countries]. Any misuse of the trademarks is strictly prohibited and Tyco will
aggressively enforce its intellectual property rights to the fullest extent of the law, including pursuit of criminal prosecution wherever necessary. All trademarks not owned by Tyco are the
property of their respective owners, and are used with permission or allowed under applicable laws.
Product offerings and specifications are subject to change without notice. Actual products may vary from photos. Not all products include all features. Availability varies by region; contact
your sales representative.
19