Port Forwarding Simplified
-----------------------------------
Affected Roles: Administrator
Last Edit: July 29, 2024
-----------------------------------
What is Port Forwarding?
When using a mobile application to connect with your VMAX® standalone recording unit or with your DW Spectrum® server, you may be asking, “Why am I able to see my cameras on my mobile application when I’m onsite, but not when I’m away? I have an Internet connection. Shouldn’t it work?”
When it comes to networking, computers need to verify that information is sent and received successfully when communicating data information – your camera video, for example. However, computers also need special permission to communicate this information through security walls. This is where port forwarding becomes important.
This document will outline the basics of networking to give you a better understanding of port forwarding.
**DISCLAIMER: Port forwarding requires the management of settings within a router’s network configurations. If you have any questions or require assistance with setting up port forwarding on your consumer router, Firewall, or SonicWall, please contact your Internet Service Provider (ISP), the router manufacturer, or Network Administrator for support.
Digital Watchdog Technical Support cannot assist with adjusting your router configuration.
**NOTE: Before port forwarding can be attempted, the DVR or NVR will need to be set up on the Local Area Network (LAN) first. Please consult the user manual or the Digital Watchdog Knowledge Base for more information on the network setup for your recording unit.
LAN and WAN Addresses
Each device on your network uses an IP Address which is used to identify itself among all of the other devices within that same network. The two different types of IPv4 Addresses that are used are a Local IP Address and a Public IP Address.
- Local Area Network (LAN) Address – this address is assigned by your router, allowing each local device within your network to identify and communicate with each other. This address type will only allow internal devices to communicate with each other.
- Example: 192.168.1.2 or 10.0.0.2
- Public Area Network (WAN) Address – this address is provided by your Internet Service Provider (ISP), allowing outside networks to identify and communicate with your network through a broadband connection – also known as the Internet. This address type is used when communicating with networks that are external to your network.
- Example: 47.180.64.226
In order for your recording unit to send camera video streams to your mobile device when you are using an Internet connection outside of your own network (such as mobile data networks, external Wi-Fi connections, etc.), special permissions must be set.
Port Forwarding Sets Permissions
It is easier to explain what port forwarding actually does if you picture it as a postal service. Imagine that you want to send a letter to a friend that lives in an apartment building, requesting your camera video.
To send the letter, you would need to address the letter to your friend by his name and to his building. In this example, the letter is a data request, your home and his apartment building are two different local networks, and your friend is a recording unit.
After sending the letter (data payload/request), the postal carrier (ISP) looks at where it is coming from and where it is being sent to out in the world (Public Address).
Once it arrives at its destination, it is stopped by a security guard (router firewall). Being that your friend’s building (router network) is selective about what it lets in, for security reasons, the request is denied if the security is not notified to allow such messages specifically to and from your friend (recording device). However, if there is advanced notice provided to the security (through port forwarding), the request will be permitted in and a reply (your video) can be sent back to the requesting device.
In more practical terms, a data request is sent from your device (phone, computer, tablet, etc.) through the network that you are connected to, the data request is sent specifically to the other network where your recording unit is located (identified by a Public IP Address or DDNS Address), then is permitted through the router firewall before being delivered to your recording unit. Once received, the recording unit can respond back to your device with your camera video.
If there is no port forwarding rule in place on your router at the time of the data request, the router’s firewall will filter out the incoming request, along with any other unwelcome traffic.
Port Forwarding in Practice
Custom settings in your router called “Port Forwarding Rules” will need to be created for remote connection over a WAN (Internet). If you prefer to DIY, there are different self-help guides and websites online that will walk you through the process. For example, PortForward.com (https://portforward.com/router.htm) has a variety of guides available for different router manufacturers and models.
**NOTE: If you are unfamiliar with router networking, we recommend that you contact your Internet Service Provider (ISP) or camera Installer for assistance.
To create Port Forwarding Rules, you will need to use a computer connected to the same local network as your recording unit.
You will also want to have the recording unit’s Local IP Address, Gateway Address, and the Web Port on-hand, as the port rule is specified by device.
To set up Port Forwarding, you will need to access your router’s user interface on a local computer. Use the Gateway address found in the recording unit’s Network settings. In our example, we are using 192.168.1.1 as the Gateway address.
On a local computer, enter the Gateway address into the address bar of a web browser. For example, we have entered “http://192.168.1.1”.
By connecting with the Gateway address of the router, a prompt will display asking for the router’s login information. This information is most commonly found physically on the router. Enter the login information to access the router.
**NOTE: The login information is not the same as your Wi-Fi login information.
Depending on the router, this next step may be found in a different location in the router interface (as router layout varies by manufacturer and model).
Locate the Port Forwarding section of the router.
In our example, this function is found under the Applications & Gaming > Advanced Routing section.
**NOTE: Depending on the router, Port Forwarding may also be referred to as “Pinholes”, “Single-Port”, or “Port Range Forwarding”.
The information required to create a port forwarding rule varies depending on the router.
The port number in the rule should be the same value as the Web Port found on the recording unit’s Network menu. In our example, we are using port number 80.
**NOTE: For DW Spectrum® IPVMS servers, the default port is Port 7001. For a list of additional recommended ports of DW Spectrum, please consult DW Spectrum - FQDN or Allowlist for DW Cloud Access.
The IP Address used in the rule is the recording unit’s Local IP Address, obtained during the IP Detect setup process.
In our example, we are using 192.168.1.102.
When entering the requested information to the router, be sure to use both the UDP and TCP protocols, then Save the settings to apply the Port Forwarding rule.
If your recording unit is also using a TCP/IP Port, create another rule and repeat the port forwarding process for the TCP/IP Port value.
Checking Port Forwarding Status
Once the Port Forwarding rule has been created, you can test the port status to make sure that external communication is working.
Visit CanYouSeeMe (https://canyouseeme.org) or another port checking website of your choosing. In the Port to Check box, enter the port value that you created the Port Forwarding Rule for in the router. Then click Check Port.
This site pulls the Public IP Address of the router and allows you to test port forwarding rules. You will want your port to show successfully open. If the status shows an error or failure, make sure that your recording unit is still communicating over the LAN, that there are not typos in the Port Forwarding Rule, or if there is another device that is also using the same port value as your recording unit.
**NOTE: If you create a port rule for your recording unit and there is another device that is also using the same port value (AT&T routers, another recording unit, etc. use Port 80 by default), this may create a port conflict, blocking connection. The recommended fix for this is to change the port value of the recording unit (typically in the Network settings) and update the port rule to match the new value.