HikCentral Professional

Communication Matrix
© 2023 Hangzhou Hikvision Digital Technology Co., Ltd. All rights reserved.
This Document (hereinafter referred to be “the Document”) is the property of Hangzhou Hikvision
Digital Technology Co., Ltd. or its affiliates (hereinafter referred to as “Hikvision”), and it cannot be
reproduced, changed, translated, or distributed, partially or wholly, by any means, without the prior
written permission of Hikvision. Unless otherwise expressly stated herein, Hikvision does not make
any warranties, guarantees or representations, express or implied, regarding to the Document, any
information contained herein.

About this Document

Pictures, charts, images and all other information hereinafter are for description and explanation
only. The information contained in the Document is subject to change, without notice, due to
updates or other reasons.
Please use this Document with the guidance and assistance of professionals trained in supporting
the Product.

LEGAL DISCLAIMER
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE DOCUMENT IS PROVIDED "AS IS"
AND “WITH ALL FAULTS AND ERRORS”. HIKVISION MAKES NO REPRESENTATIONS OR WARRANTIES,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. IN NO EVENT WILL HIKVISION BE
LIABLE FOR ANY SPECIAL, CONSEQUENTIAL, INCIDENTAL, OR INDIRECT DAMAGES INCLUDING,
AMONG OTHERS, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, OR LOSS OF
DATA, CORRUPTION OF SYSTEMS, OR LOSS OF DOCUMENTATION, WHETHER BASED ON BREACH OF
CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, IN CONNECTION WITH THE USE OF
THE DOCUMENT, EVEN IF HIKVISION HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR
LOSS.
 NAT Mapping Required for Destination
Destination Port Number Destination Port Enabled by Default
Source Device Source IP Address Source Port Number Destination Device Destination IP Address Protocol Port Description Port Authentication Mode Encryption Mode Version Special Scenario
(Listening) Configurable (Yes/No) (Yes/No)
(Yes/No)
HikCentral Professional Management Service

Used for Web Client, Control Client,

Web Client, Control Client, IP address of the PC running the User Name & RSA2048/SHA256/AES
1025-65535 SYS SYS IP Address 80 TCP and Mobile Client accessing in HTTP Yes Yes Yes All versions
Mobile Client client Password 256
protocol.

Used for Web Client, Control Client,

Web Client, Control Client, IP address of the PC running the User Name &
1025-65535 SYS SYS IP Address 443 TCP and Mobile Client accessing in Yes Yes TLS Yes V1.1 and later
Mobile Client client Password
HTTPS protocol.

Used for Web Client, Control Client,

and Mobile Client accessing in
Web Client, Control Client, IP address of the PC running the User Name & RSA2048/SHA256/AES
1025-65536 SYS SYS IP Address 18001 to 18020 TCP HTTPS protocol when the the number Yes Yes Yes V2.4 and later
Mobile Client client Password 256 over TLS
of people who need attendance is
more than 300.

Centralized Deployment: System Management Service (SYS)

Third-Party System Third-Party System IP Address 1025-65535 SYS SYS IP Address 15300 TCP Used for receiving generic events. Yes Yes None None No V1.1 and later

Third-Party System Third-Party System IP Address 1025-65535 SYS SYS IP Address 15300 UDP Used for receiving generic events. Yes Yes None None No V1.1 and later

Third-Party System Third-Party System IP Address 1025-65535 SYS SYS IP Address 15310 TCP Used for receiving generic events. Yes Yes None None No V2.2 and later

Third-Party System Third-Party System IP Address 1025-65535 SYS SYS IP Address 15443 TCP Used for receiving generic events. Yes Yes None None No V2.2 and later

Used for Remote Site registration to User Name &

Remote Site Remote Site IP Address 1025-65535 SYS SYS IP Address 14200 TCP Yes Yes AES256 No V1.1 and later
the Central System. Password

Used for receiving alarm from ISUP User Name &

ISUP Device ISUP Device IP Address 1025-65535 SYS SYS IP Address 7332 TCP Yes Yes SHA256/AES128 Yes V1.4 and later
devices. Password

Used for receiving alarm from ISUP

devices (Make sure the function of User Name &
ISUP Device ISUP Device IP Address 1025-65535 SYS SYS IP Address 7334 UDP Yes Yes SHA256/AES128 No V1.4 and later
Allow ISUP of Earlier Version is Password
enabled).

Used for receiving registration from User Name &

ISUP Device ISUP Device IP Address 1025-65535 SYS SYS IP Address 7660 TCP Yes Yes SHA256/AES128 Yes V1.4 and later
ISUP devices. Password

Used for transferring files with

User Name &
ISUP Device IP Address of ISUP Device 1025-65535 SYS SYS IP Address 8555 TCP devices and downloading pictures Yes Yes SHA256/AES128 Yes V2.2 and later
Password
from devices.

Listener port for listening the alarms

User Name &
Guidance Terminal Guidance Terminal IP Address 1025-65535 SYS SYS IP Address 8686 TCP of guidance Yes Yes SHA256/AES128 Yes V2.1 and later
Password
terminal.

Web Client, Control Client,

SYS Server (System
IP address of the PC running the
Management Service), ISUP The port should be mapped for
client, SYS Server IP Address, or 1025-65535 SYS SYS IP Address 6011 TCP Used for the picture storage. Yes Yes AK & SK None Yes V2.1
Device (Encoding Device, multi-channel scenes.
Device IP Address
Access Control Device, On-
Board Device), Nginx

Web Client, Control Client，

SYS Server (System
Management Service), Device
IP address of the PC running the
(IP Speaker, Digital Signage
client, SYS Server IP Address, or 1025-65535 SYS SYS IP Address 6203 TCP Used for the object storage. Yes Yes AK & SK None Yes V2.1
Terminal, Smart Wall), Nginx,
Device IP Address
Digital Signage Module,
Broadcast Module, Evidence
Management Module

Used for getting stream from ISUP Security Certificate RSA2048/SHA256/AES

Streaming Server Streaming Server IP Address 1025-65535 SYS SYS IP Address 7661 TCP Yes Yes Yes V1.4 and later
device via Streaming Server. Authentication 256

Signaling port for getting Security Certificate

Streaming Server Streaming Server IP Address 1025-65535 SYS SYS IP Address 7662 TCP Yes Yes AES256 No V2.1
information of IP speakers. Authentication

Used for transferring audio files

Security Certificate
Streaming Server IP Address of Streaming Server 1025-65535 SYS SYS IP Address 7664 TCP between the streaming server and the No No AES256 No V2.2 and later
Authentication
platform.

IP speaker accessing via IP Address of IP speaker Listener port for the registration of IP
User Name &
Hikvision private speaker accessing via Hikvision private 1025-65535 SYS SYS IP Address 8877 TCP speakers accessing via Hikvision Yes Yes MD5 No V2.1
Password
protocol speaker protocol private speaker protocol.

IP speaker accessing via IP Address of IP speaker Used for transmitting the audio data
User Name &
Hikvision private speaker accessing via Hikvision private 1025-65535 SYS SYS IP Address 10015 TCP of IP speakers accessing via Yes Yes MD5 No V2.1
Password
protocol speaker protocol Hikvision private speaker protocol.

Used for calling back the ISUP Security Certificate RSA2048/SHA256/AES

pStor Server pStor Server IP Address 1025-65535 SYS SYS IP Address 27661 TCP No No No V2.1
signaling. Authentication 256

Digital Signage

IP Address of Digital Signage Used for upgrading digital signage User Name &
Digital Signage Terminal 1025-65535 SYS SYS IP Address 6470 TCP Yes No None No V2.1
Terminal terminals in version 3.1 or below. Password

Used for releasing programs to

IP Address of Digital Signage User Name &
Digital Signage Terminal 1025-65535 SYS SYS IP Address 6471 TCP digital signage terminals in version Yes No None No V2.1
Terminal Password
3.1 or below.

IP Address of Digital Signage Used for uploading materials to the User Name &
Digital Signage Terminal 1025-65535 SYS SYS IP Address 9980 TCP Yes No None No V2.0 and later
Terminal server. Password

3rd Party Device Access Gateway

3rd Party Devices and

Enable these ports on the
Hikvision Devices Accessing 3rd Party Device 3rd Party Device Access Alarm listen port for third-party User Name &
ONVIF Device IP Address 1025-65535 8087 TCP Yes No None No All versions Firewall when the devices share
the System by Open Network Access Gateway GatewayIP Address devices. Password
a LAN with the SYS.
Video Interface Protocol

Streaming Gateway (SG)

IP address of the PC running the IP address of the server Used for getting stream for live view Security Certificate
Web Client, Control Client 1025-65535 Streaming Gateway 554 TCP Yes Yes RSA2048/AES256 Yes All versions
client running Streaming Gateway (real-time streaming port). Authentication

IP address of the PC running the IP address of the server Used for getting stream for Google Security Certificate
Web Client 1025-65535 Streaming Gateway 559 TCP Yes Yes RSA2048/AES256 Yes All versions
client running Streaming Gateway Chrome, Firefox, or Safari. Authentication

IP address of the server Used for getting stream from ISUP

ISUP Device ISUP Device IP Address 1025-65535 Streaming Gateway 16000 TCP Yes Yes None None No V1.4 and later
running Streaming Gateway device via plugin.

IP address of the PC running the IP address of the server Used for getting stream for live view, Security Certificate
OpenAPI Client 1025-65535 Streaming Gateway 83 TCP Yes Yes RSA2048/AES256 Yes V2.3 and later
client running Streaming Gateway playback (HLS streaming port). Authentication

IP address of the PC running the IP address of the server Used for getting stream for live view Security Certificate
OpenAPI Client 1025-65535 Streaming Gateway 1935 TCP Yes Yes RSA2048/AES256 Yes V2.3 and later
client running Streaming Gateway (RTMP streaming port). Authentication

IP address of the server Used for editing configuration for Security Certificate
SYS SYS IP Address 1025-65535 Streaming Gateway 6678 TCP Yes No TLS Yes All versions
running Streaming Gateway Streaming Server. Authentication

IP address of the server Used for uploading audio files by

ISUP Device IP Address of ISUP Device 1025-65535 Streaming Gateway 16001 TCP Yes Yes None None No V2.1
running Streaming Gateway device.

IP address of the server

ISUP Device IP Address of ISUP Device 1025-65535 Streaming Gateway 16003 TCP Broadcasting port for pushing audio Yes Yes None None No V2.2 and later
running Streaming Gateway

Streaming Server (SMS)

Used for Streaming Service to get

IP address of the PC running the IP address of the Streaming Security Certificate
Web Client, Control Client 1025-65535 Streaming Server 554 TCP stream for live view (real-time Yes Yes RSA2048/AES256 Yes All versions
client Server Authentication
streaming port).

IP address of the PC running the IP address of the Streaming Used for getting stream for Google Security Certificate
Web Client 1025-65535 Streaming Server 559 TCP Yes Yes RSA2048/AES256 Yes All versions
client Server Chrome, Firefox, or Safari. Authentication

IP address of the Streaming Used for getting stream from ISUP

ISUP Device ISUP Device IP Address 1025-65535 Streaming Server 16000 TCP Yes Yes None None No V1.4 and later
Server device via plugin.

IP address of the server Used for uploading audio files by

ISUP Device IP Address of ISUP Device 1025-65535 Streaming Server 16001 TCP Yes Yes None None No V2.1 and later
running Streaming Gateway device.

IP address of the server

ISUP Device IP Address of ISUP Device 1025-65535 Streaming Server 16003 TCP Broadcasting port for pushing audio. Yes Yes None None No V2.2 and later
running Streaming Gateway

No: The platform can access the

IP address of the Streaming Used for editing configuration of Streaming Server Security Certificate
SYS SYS IP Address 1025-65535 Streaming Server 6678 TCP Yes TLS Yes All versions
Server Streaming Server. Yes: The platform cannot access Authentication
the Streaming Server

IP address of the PC running the IP address of the server Used for getting stream for live view Security Certificate
OpenAPI Client 1025-65535 Streaming Server 83 TCP YES YES RSA2048/AES256 Yes V2.3 and later
client running Streaming Server 、play back (HLS streaming port). Authentication

IP address of the PC running the IP address of the server Used for getting stream for live view Security Certificate
OpenAPI Client 1025-65535 Streaming Server 1935 TCP YES YES RSA2048/AES256 Yes V2.3 and later
client running Streaming Server (RTMP streaming port). Authentication

pStor Service

Start listening after installing the

The port should be mapped for
N/A N/A 1025-65535 pStor Server pStor Server IP Address 6022 TCP pStor server. Used for applying No Yes AK & SK None No V1.4 and later
multi-channel scenes.
recording schedule.

Start listening after installing the

The port should be mapped for
N/A N/A 1025-65535 pStor Server pStor Server IP Address 6027 TCP pStor server. Used for writing video No Yes AK & SK None No V1.4 and later
multi-channel scenes.
data.

Start listening after installing the

The port should be mapped for
N/A N/A 1025-65535 pStor Server pStor Server IP Address 6112 TCP pStor server. Used for uploading No Yes AK & SK SSL No V1.4 and later
multi-channel scenes.
data via HTTPS.

Start listening after installing the

The port should be mapped for
SYS SYS IP Address 1025-65535 pStor Server pStor Server IP Address 6111 TCP pStor server. Redirection port for No Yes AK & SK SSL No V1.4 and later
multi-channel scenes.
uploading data via HTTPS.

Start listening after installing the

The port should be mapped for
N/A N/A 1025-65535 pStor Server pStor Server IP Address 6041 TCP pStor server. Used for uploading No Yes AK & SK None No V1.4 and later
multi-channel scenes.
data via HTTP.

Start listening after installing the

The port should be mapped for
N/A N/A 1025-65535 pStor Server pStor Server IP Address 6011 TCP pStor server. Redirection port for No Yes AK & SK None No V1.4 and later
multi-channel scenes.
uploading data via HTTP.

Start listening after installing the

The port should be mapped for
N/A N/A 1025-65535 pStor Server pStor Server IP Address 6114 TCP pStor server. Used for downloading No Yes AK & SK SSL No V1.4 and later
multi-channel scenes.
data via HTTPS.

Start listening after installing the

The port should be mapped for
N/A N/A 1025-65535 pStor Server pStor Server IP Address 6113 TCP pStor server. Redirection port for No Yes AK & SK SSL No V1.4 and later
multi-channel scenes.
downloading data via HTTPS.

Start listening after installing the

The port should be mapped for
N/A N/A 1025-65535 pStor Server pStor Server IP Address 6040 TCP pStor server. Used for downloading No Yes AK & SK None No V1.4 and later
multi-channel scenes.
data via HTTP.

Start listening after installing the

The port should be mapped for
SYS SYS IP Address 1025-65535 pStor Server pStor Server IP Address 6120 TCP pStor server. Redirection port for No Yes AK & SK None No V1.4 and later
multi-channel scenes.
downloading data via HTTP.

Start listening after installing the

The port should be mapped for
N/A N/A 1025-65535 pStor Server pStor Server IP Address 6045 TCP pStor server. Used for transmitting No Yes AK & SK None No V1.4 and later
multi-channel scenes.
object data.

Start listening after installing the

The port should be mapped for
N/A N/A 1025-65535 pStor Server pStor Server IP Address 6037 TCP pStor server. Used for transmitting No Yes AK & SK None No V1.4 and later
multi-channel scenes.
video data.

Start listening after installing the

The port should be mapped for
N/A N/A 1025-65535 pStor Server pStor Server IP Address 6036 TCP pStor server. Used for transmitting No Yes AK & SK None No V1.4 and later
multi-channel scenes.
video data.

Start listening after installing the

The port should be mapped for
SYS SYS IP Address 1025-65535 pStor Server pStor Server IP Address 6060 TCP pStor server. Used for transmitting No Yes AK & SK None No V1.4 and later
multi-channel scenes.
web data.

Start listening after installing the

The port should be mapped for
N/A N/A 1025-65535 pStor Server pStor Server IP Address 6098 TCP pStor server. Used for playing media No Yes AK & SK None No V1.4 and later
multi-channel scenes.
data from Stream Media Server.

Start listening after installing the

The port should be mapped for
N/A N/A 1025-65535 pStor Server pStor Server IP Address 6042 TCP pStor server. Used for forwarding No Yes AK & SK None No V1.4 and later
multi-channel scenes.
video data.

Start listening after installing the

The port should be mapped for
N/A N/A 1025-65535 pStor Server pStor Server IP Address 6038 TCP pStor server. Used for forwarding No Yes AK & SK None No V1.4 and later
multi-channel scenes.
video data.

Start listening after installing the

The port should be mapped for
N/A N/A 1025-65535 pStor Server pStor Server IP Address 6044 TCP pStor server. Used for forwarding No Yes AK & SK None No V1.4 and later
multi-channel scenes.
object data.

Start listening after installing the

pStor server. Used for forwarding The port should be mapped for
N/A N/A 1025-65535 pStor Server pStor Server IP Address 6039 TCP No Yes AK & SK None No V1.4 and later
video data. multi-channel scenes.

Start listening after installing the

The port should be mapped for
N/A N/A 1025-65535 pStor Server pStor Server IP Address 6046 TCP pStor server. Used for transmitting No Yes AK & SK None No V1.4 and later
multi-channel scenes.
RESTful data of object storage.

Start listening after installing the

The port should be mapped for
N/A N/A 1025-65535 pStor Server pStor Server IP Address 6201 TCP pStor server. Communication port for No Yes AK & SK None No V1.4 and later
multi-channel scenes.
object storage.

Start listening after installing the User Name & The port should be mapped for
SYS SYS IP Address 1025-65535 pStor Server pStor Server IP Address 6021 TCP No Yes None No V1.4 and later
pStor server. Used for login. Password multi-channel scenes.

pStor Cluster Service

Start listening after installing the

IP address of the PC running the IP address of the server SAC. Used for accessing pStor Cluster User Name &
Web Client 1025-65535 pStor Cluster Service 9012 TCP Yes No RSA No V1.6 and later
client running pStor Cluster Service Service via the web browser such as Password
IE, Chrome, Firefox, etc.

Start listening after installing the

IP address of the PC running the IP address of the server SAC. Signaling gateway port used for
Web Client, Control Client 1025-65535 pStor Cluster Service 6300 TCP Yes No AK & SK HMAC/SHA256 No V1.6 and later
client running pStor Cluster Service accessing pStor Cluster Service from
SYS.

BeeAgent

BeeAgent Server in Listen port for Service Manager after

SYS Server SYS Server IP Address 1025-65535 BeeAgent Server IP Address 8208 TCP Yes No SK TLS Yes V1.5 and later
Database encrypted transmission enabled.

Used for BeeAgent service

IP Address of BeeAgent Server In BeeAgent Server in management in database to
BeeAgent Server In SYS 1025-65535 BeeAgent Server IP Address 9208 TCP No Yes SK None No V2.2 and later
SYS Database communicate with BeeAgent service
management in SYS
Postgres
User Name &
SYS Server SYS Server IP Address 1025-65535 Postgres Server Postgres Server IP Address 5432 TCP Access Postgres Server Port Yes Yes TLS No V2.2 and later
Password