Firewall Exceptions

Firewall Exceptions

The Nirovision Server requires access to the Internet for reasons including:

  • Remote management (updates, reboots, etc.)

  • Push notifications when alarms are triggered.

  • Model syncing for cross-site recognition.

  • Remote playback of video events.

Similarly, Doorkeeper requires access to the internet for:

  • Checking in and out.

  • Remote management (updates, reboots, etc.).

  • Model syncing.

Server Ports required to be open for outbound traffic

  • [443 TCP] - This is the most fundamental requirement for the server to talk to various web endpoints using TLS (https://).

  • [10516 TCP] - For health and logging.

  • [123 UDP] - For NTP time synchronisation.

  • [53 UDP] - For DNS name resolution.

Domains that should be whitelisted

  • [*.nirovision.com]

  • [*.balena-cloud.com]

  • [*.docker.com]

  • [*.docker.io]

  • [*.agent.datadoghq.com]

  • [notion.so/nirovision/*]

Inbound traffic

No inbound ports are required. Our devices establish a VPN connection from the device to our backend server, these are initiated by the client, not our server. So if traffic on port 443 can leave the device, we will be able to connect to the device. We don't establish a connection from our backend servers to the device.

Doorkeeper customers should also whitelist

Server ports required to be open for the Network Optix integration

  • [Port 7001] is required for our server to access the cameras' RTSP stream.

  • [Port 5000] is required for us to push metadata back to Nx Witness


If your device is on our MDM service

Apple devices:

For iOS and macOS devices, you are required to keep the connection to APNs open. Your Apple devices must be able to connect to the entire 17.0.0.0/8 address block, which is assigned to Apple, on the following ports.

  • [5223 TCP] - This is used to communicate with APNs.
  • [443 & 2197 TCP] - This is used to send notifications to APNs.

For more information refer to Hexnode’s Architecture for Apple devices.

Android devices:

The following ports are required and need to be opened.

  • [443 TCP] - Communications for enrolling and managing devices.
  • [5228, 5229, and 5230] - The standard FCM ports and services.

The IP ranges to be whitelisted can be found in the below-mentioned links:

For more information refer to Hexnode’s Architecture for Android devices.


    • Related Articles

    • Edit Check-ins

      When someone checks in (or out) using Doorkeeper, a digital record is created in the Nirovision system, including check-in and check-out times, location, temperature/BAC and survey answers and files (if available). Records also include a status, to ...

    • Top 5 reasons for offline Doorkeeper

      There are a few common reasons for Doorkeeper to be offline. If you see an offline Doorkeeper in the Devices section of the Nirovision web app ?️, this document can help you diagnose the reason. ? A good place to start is to update the Doorkeeper ...

    • MYOB integration

      Simplify your payroll process from start to finish by integrating Nirovision with MYOB. When this integration is enabled, employees clock on and off with a quick face check via a Doorkeeper Pro kiosk. Timesheets are automatically created, and that ...

    • Employment Hero Payroll integration

      When this integration is enabled, employees clock on and off with a quick face check via a Doorkeeper Pro kiosk. Timesheets are automatically created, and that data is sent to Employment Hero - Payroll to apply rounding rules and all payroll related ...