Ports used by Synergis™ applications in Security Center

When Synergis™ is enabled in your system, you need to create additional firewall rules to allow proper communication between Security Center and external IP access control devices.

IMPORTANT: Exposing Security Center to the Internet is strongly discouraged without hardening your system first. Before exposing your system, implement the advanced security level described in the Security Center Hardening Guide to help protect your system from Internet threats. Alternatively, use a trusted VPN for remote connections.

The following table lists the default network ports used by Synergis™ applications in Security Center. To view the network diagram, click here.

Application Inbound Outbound Port usage
Access Manager   UDP 2000 Synergis™ extension - discovery
  TCP 443 Secure communication with Synergis™ units and HID units (HTTPS)
TCP 20 TCP 21 HID extension - FTP data and command1
  TCP 22 HID extension - SSH1
  TCP 23 HID extension - Telnet1
  TCP 80 HID extension - HTTP communication
  TCP 4050/44332 HID extension - VertX OPIN protocol
TCP/UDP 4070 TCP/UDP 4070 HID extension - VertX discovery3
TCP/UDP   Vendor-specific ports for events and discovery from IP access control device
Synergis™ Softwire (Synergis™ unit) TCP 80 TCP 80 Communication port (HTTP)
TCP 443 TCP 443 Secure communication port (HTTPS)
AutoVu™ SharpV integration (HTTPS)
UDP 2000 UDP 2000 Discovery and P2P communication
UDP 137   NetBIOS Name Service (enabled by default)
TCP 3389   RDP connection (disabled by default)
  TCP 9999 Assa Abloy Aperio IP
TCP 2571 TCP 2571 Assa Abloy IP lock (R3 protocol)
  UDP 5353 Axis controller discovery (mDNS)
TCP 3001 TCP 3001 Mercury or Honeywell communication
TCP 1234 TCP 1234 Salto Sallis lock communication
HID VertX/Edge Legacy and EVO controllers TCP 21   FTP command1
TCP 22   SSH port (EVO only)1
TCP 23   Telnet1
TCP 4050/44332   VertX OPIN protocol
UDP 4070 UDP 4070 VertX discovery

1 Not required if HID units are configured with Secure mode.

2 Legacy HID units or EVO units running a firmware version earlier than 3.7 use port 4050. HID EVO units running in secure mode with firmware 3.7 and later user port 4433.

3 The discovery port of an HID unit is fixed at 4070. Once it is discovered, the unit is assigned to an Access Manager that uses the ports shown in the table above to control it.

For more information about initial HID hardware setup, download the documentation from http://www.HIDglobal.com.