Brivo Access
Administrators
Configuration
Emergency Scenarios
Getting Started with Emergency Scenarios
Creating an Emergency Scenario
Initiating an Emergency Scenario
Clearing an Emergency Scenario
Activating a Group-based Lockout
Excluding a Group from Lockdown
How to Configure a Global Lockdown
How to Configure a Global Egress
Account Settings
Enable Multi-factor Authentication
Reset Multi-factor Authentication
Shared Access Setup & Group Sharing
Managing Account Settings
Setting up Multi-factor Authentication
Setting a custom Logo for BMP
Using your Multi-factor Authentication Recovery Code
Expire Unused Credential
What is Remote Access?
Enabling Facial Authentication
Configuring Personnel Control
Enabling COVID-19 Self Screening
Using Multi-factor Authentication
How can you change the time zone for a Brivo Access account?
Site Settings
Schedules & Holidays
Notifications
Create a Notification
Cellular Reference Chart
Creating a Monitored Device Notification
Device Filters for Devices and Valid Access Notifications
Custom Fields
Commands
Credentials
Add Cards
Managing the Card Bank
Assigning a License Plate Credential to a User
Adding Cards - Swipe to Enroll
Issuing a Brivo Mobile Pass or Wallet Pass
Managing Brivo Wallet Pass
Adding Cards - Bulk Upload
Managing Unknown Cards
How to use faceprint credentials
Creating a Brivo Door Station faceprint credential
Data Explorer
Data Explorer: Daily Active Users by Site
Introduction to Data Explorer
Data Explorer: Activity by Site
Data Explorer: Adding and Removing Visual Elements
Data Explorer - People counting by door over a specific date range with granularity options
Devices
Elevator Floor Control
Applying a Schedule to an Elevators & Floors
Applying a Door Override
Applying a Schedule to a Door
Setting the Arming Mode of an Alula Panel
Using Device Status
Events
Global View
Integrations
Realpage
Enabling RealPage Integration
Fetching units for Realpage
Disabling the Realpage Integration
Fetching residents for Realpage
Checking residents in Realpage
Eagle Eye
Mindbody
Languages
Occupancy Management
Reports
Running an Existing Report Configuration
Creating a New Report Configuration
Creating a New Report Schedule
Creating a User Report
Running an In/Out Report
List of Report Configurations in Brivo Access
User Image Quality Report
Managing Report Jobs
Users & Groups
Guest Management
Questions about your Guest Invite
How can I get Guest Management
Guest Management FAQ
Configuring Guest Management in Brivo Access
Suspending a User
Modifying Group Permissions
Exporting User Information
Deleting a User in Access
Issuing a PIN Code to a User
Creating a User in Access
Viewing User Recent Activity
Admin Bulk Actions - Deleting, Suspending or Reinstating Users
Creating a Group
Issuing a Card
Using Badge Templates
Video
Custom Video Layout
Viewing Recorded Video
Viewing Live Video - All Sites
Brivo Access Cam Networking Ports
Account Config Tool
Brivo Access Release Notes
How do I reset my password?
Brivo Mobile Pass
Brivo Mobile Pass Release Notes
Non-Brivo Mobile Credentials
Brivo Wallet Pass
Adding an Employee Badge to Apple Wallet
Adding an Employee Badge to Apple Watch
Brivo Wallet Pass - FAQ
Adding an employee badge to Google Wallet
Brivo Mobile Pass FAQ
Favorite a door
Manually redeeming a Brivo Mobile Pass
Adding a widget on Android
Adding a widget on iOS
Opening a unit lock
Create a Brivo Mobile Pass Account
Linking a Brivo Smart Home Account
Enabling a Siri shortcut
Customize a door name
Inviting Guests
I don't see any doors in my Brivo Mobile Pass
Controlling Thermostats
Brivo Wallet Pass Global Availability
Redeeming your Brivo Mobile Pass
Hardware
Brivo Hardware
Brivo Door Station
Configuring a Brivo Door Station
How to setup Intercom for Brivo Door Station
How to use Intercom on a Brivo Door Station
How to setup notifications for Brivo Door Station
How to view Live Video with the Brivo Door Station
How to use Talkdown with the Brivo Door Station
Brivo Door Station FAQ
Brivo Door Station Release Notes
Brivo Smart Readers
Bandwidth Recommendations for Brivo Hardware
Brivo Onsite Server/Brivo Onsite Firmware Release Notes
Uploading Firmware via USB
3rd Party Hardware
Hardware Frequently Asked Questions (FAQ)
Ports and IP Addresses by Product Category
Brivo Access Mobile App
Users
Suspending or reinstating a user in the Brivo Access Mobile App
Issuing a Brivo Mobile Pass in the Brivo Access Mobile App
Issuing a card in the Brivo Access Mobile App
Creating a new user
Assign a user to a group in the Brivo Access Mobile App
Issuing a PIN in the Brivo Access Mobile App
Devices
Applying a schedule to a door
How to activate or deactivate an Emergency Scenario
How to unlock a Door
Account Settings
Brivo Access Mobile App Release Notes
Brivo Smart Home
Properties
Change the Digit Length for Randomly Generated Access Codes
Set Temperature for all Vacant Units
Set a Check Out Time
Manually Send a Pin Code Via Email
Set a Check In Time
Lock all Vacant Units
Change How Long Following Check-out that Codes are Unsynced
Changing a Property's Time Zone
Turn off all Lights in Vacant Units
Schedule Auto-Lockout Time for all Company Properties
Adding a Property
Create Scheduled Access for a Property
Schedule Guest Code Sync
Manually Send a Pin Code Via SMS
Change how long prior to Check-in that codes are synced
Schedule Guest Code Removal Sync
Scenes
Delete a Property Level Scene
Create a Property Level Scene
Activate a Property Level Scene
Edit a Property Level Scene
Users
Delete a Company Level User
Deleting a Property Level User
Adding a Company Level User
Edit a Property Level User
Adding a Property Level User
Creating an Access Schedule for a User
Edit a Company Level User
WiFi
Integrations
Entrata
Brivo - Entrata Integration - Initial Setup in Your Entrata PMS
How to enable an Entrata integration
How to Verify Credentials in your Entrata integration
How to Sync Units in your Entrata integration
How to Create Units in your Entrata integration
How to Sync Residents in your Entrata integration
How to Remove your Entrata integration
Brivo Smart Home/Brivo Access Integration
Manually Refreshing Integrations
BookingSync Integration
CiiRUS Integration
FRS Integration
Guesty Integration
HSAPI Integration
Kigo Integration
LMPM Integration
Lodgix Integration
MRI Integration
MyVR Integration
Real Page Integration
Rent Manager Integration
Streamline Integration
Yardi Integration
Devices
Unpairing a Repeater
Installing a Gateway
Pairing a Honeywell T6 Thermostat
How do I lock the screen on a Honeywell T6 Pro Thermostat?
How do I unlock the screen on a Honeywell T6 Pro Thermostat?
What is the PIN to unlock the screen on a Honeywell T6 Pro Thermostat?
Gateway Install Tips
Unpairing a Lock
Pairing a Lock
Pairing a Repeater
Pairing an Outlet Module
Troubleshooting False Lock Jam Alerts
Brivo Smart Home Release Notes
Brivo Visitor
Admins
Administrator Functions
Administrator Functions Overview
Location Name
Printer Configuration
Email Notifications
Host List
Auto Sign Out
Auto Refresh Host List
Accessing the Configuration Menu
Logging into Brivo Visitor
Configuring Brivo Access for use with Brivo Visitor
Configuring/Disabling Workflows
Reporting
Custom Questions
Document Agreement
Idle Screen Image
Visitors
Getting Started With Brivo Visitor
Brivo Visitor Release Notes
Identity and Access Management
SSO
Identity Connector
Okta
Identity Connector for Okta
BMP Provisioning with Identity Connector for Okta
Configure Identity Connector for Okta
Custom Field Mapping with Identity Connector for Okta
Brivo Wallet Pass Provisioning with Identity Connector for Okta
Azure
Configure Identity Connector for Azure Active Directory
Identity Connector for Azure Active Directory
BMP Provisioning with Identity Connector for Azure Active Directory
Custom Field Mapping with Identity Connector for Azure Active Directory
Brivo Wallet Pass Provisioning with Identity Connector for Azure Active Directory
Identity Connector Release Notes
- All Categories
- Hardware
- Ports and IP Addresses by Product Category
Ports and IP Addresses by Product Category
Updated
by Larry Wile
Ports and IP Addresses by Product Category
This article shows which ports (and for the Brivo Door Station - IP addresses) that need to be available for various Brivo and 3rd party hardware.
Generation 4 Panels (ACS6000, ACS300, ACS100, and ACS-SDC)
ACS6000 and ACS300 control panels
What ports need to be open on the network facing LAN port (firewall rules)?
Protocol | Port | Usage / Application Protocol | IN / OUT |
TCP (WSS/HTTPS) | 443 | Brivo Server Communication | OUT |
What device ports and services are enabled in the control panel on the LAN port?
Protocol | Port | Usage / Application Protocol | IN / OUT |
TCP (WSS/HTTPS) | 443 | Brivo Server Communication | OUT |
NOTE: There are certain configurations for wireless lock gateways that allow for exposure on the LAN port, but they must be configured via the WebCLI.
ACS100 and ACS-SDC control panels
What ports need to be open in your firewall?
Protocol | Port | Usage / Application Protocol | IN / OUT |
TCP (WSS/HTTPS) | 443 | Brivo Server Communication | OUT |
What device ports and services are enabled in the control panel on the LAN port?
Protocol | Port | Usage / Application Protocol | IN / OUT |
TCP (HTTP) | 80/443 | WebCLI | IN |
TCP (WSS/HTTPS) | 443 | Brivo Server Communication | OUT |
Server Information (Generation 4 Panels)
Complete Range: 64.35.160.0/20
Minimum Range: 64.35.160.0/22
Active IP Addresses: 64.35.160.100, 64.35.160.101, 64.35.160.102
Domains: g4data-prod.brivo.com, g4cmd-prod.brivo.com
MTU: 1500
Legacy Panels
ACS5000 and ACS-IPDC control panels
What ports need to be open on the network facing LAN port (firewall rules)?
Protocol | Port | Usage / Application Protocol | IN / OUT |
TCP | 443 | Brivo Server Communication | OUT |
Server Information (Legacy Panels)
Complete Range: 64.35.160.0/20
Minimum Range: 64.35.160.0/22
Active IP Addresses: 64.35.167.109, 64.35.167.110, 64.35.167.111, 64.35.167.112, 64.35.167.113, 64.35.167.114
Domains: b2.brivo.com (Command Server), c2.brivo.com (Data Server)
MTU: 1500
Brivo Door Stations
What ports need to be open on the networking facing LAN port (firewall rules)?
Protocol | Port | Usage / Application Protocol | IN / OUT |
UDP/TCP | 53 | DNS | OUT |
UDP | 123 | NTP | OUT |
TCP | 443 | WebRTC: KVS - HTTPS / WSS | OUT |
UDP | 443 | WebRTC: TURN (Relay) | OUT |
What URLs will the Brivo Door Station communicate with the US?
Port | URL | Protocol/Usage |
443 | access-api.prod.brivo.com | HTTPS (TCP) |
443 | bds.prod.brivo.com | HTTPS (TCP) |
443 | devices.prod.brivo.com | HTTPS (TCP) |
123 | *.pool.ntp.org | NTP (UDP) |
443 | *.credentials.iot.us-east-1.amazonaws.com | HTTPS (TCP) |
443 | kinesisvideo.us-east-1.amazonaws.com | WSS/HTTPS/STUN/TURN (TCP/UDP) |
443 | *.kinesisvideo.us-east-1.amazonaws.com | WSS/HTTPS/STUN/TURN (TCP/UDP) |
What URLs will the Brivo Door Station communicate with in Europe?
Port | URL | Protocol/Usage |
443 | access-api.eu.brivo.com | HTTPS (TCP) |
443 | bds.eu.brivo.com | HTTPS (TCP) |
443 | devices.eu.brivo.com | HTTPS (TCP) |
123 | *.pool.ntp.org | NTP (UDP) |
443 | *.credentials.iot.eu-east-1.amazonaws.com | HTTPS (TCP) |
443 | kinesisvideo.eu-east-1.amazonaws.com | WSS/HTTPS/STUN/TURN (TCP/UDP) |
443 | *.kinesisvideo.eu-east-1.amazonaws.com | WSS/HTTPS/STUN/TURN (TCP/UDP) |
What are some troubleshooting steps for live video on the Brivo Door Station?
General:
- No Live Video or Intermittent Live Video:
- Ensure the BDS has FW 1.0.4 or greater
- Try opening all outbound traffic for the BDS and see if that resolves live video issues. More restrictive rules can be established to meet the desired security posture, but opening up outbound connections helps isolate and resolve issues.
- If advanced firewalls are being deployed, review the notes below on the topic below.
- If the firewall has the ability to monitor dropped and malformed packets, leverage the network tool to evaluate issues with network and firewall rules
- Observe the location of the BDS and live video client. WebRTC will try to establish the best connection for low latency streaming. Local connections may avoid network firewalls, but sometimes there can be firewall rules between VLANS or subnet traffic.
- No Live Video:
- Ensure UDP is enabled on port 443 for the device. It is included in the guidance, but it has been the issue for a few installations.
- Intermittent Live Video:
- Try using Google DNS (8.8.8.8 / 8.8.4.4), some customers have reported intermittent live video when using local DNS. The cause relates to short caching by the local DNS or delays in propagation for Amazon KVS updates.
Brivo recommends starting with a base setup to establish and validate live video before establishing more restrictive firewall rules as required for the installation. The BDS uses WebRTC with Amazon KVS to provide scale and availability, but it means that IP based whitelisting may limit live video capabilities.
- Firewall: Allow all out outbound connections for the BDS
- Some installers have reported using static IPs can make opening outbound connections easier when working with the IT staff for an installation site. Other methods should work, but it improved communication with IT while validating the initial installation.
- DNS: 8.8.8.8 / 8.8.4.4
- NOTE: Next generation firewalls may require use of local DNS or they will redirect queries and analyze them, but testing with 8.8.8.8 / 8.8.4.4 has helped isolate network issues.
Advanced Firewalls:
Firewalls with advanced features can require vendor unique programming and interfere with video services. The impact may be intermittent or less obvious than with legacy firewall rules. Below are some examples of the impacts observed:
URL Filtering:
Filtering capability can vary between network gear vendors, so it is important to ensure the rules are set as required for the specific device. Some vendors might only need a rule with kinesisvideo.us-east-1.amazonaws.com while others would also require *.kinesisvideo.us-east-1.amazonaws.com for subdomains.
Depending on the firewall, the device may build up a cache of associated IPs for URLs which can create disruptions if the filtering initially blocks requests while it does a lookup. Some firewalls will block initial TLS 1.2+ connections, in an attempt to force a reconnection at a lower TLS level where it can inspect the SNI.
Reputation Checking:
Unknown IPs can be rejected until the firewall can build a reputation score or get one from an online service. This delay can cause initial connections to be rejected or timeout. Connections to the Amazon KVS services are particularly impacted.
What does the Brivo Door Station use for Video Services
The BDS uses WebRTC for video streaming capabilities with Amazon KVS for scale and availability. The standard is briefly described below:
WebRTC:
WebRTC (Web Real-Time Communication) is an open framework that enables browsers and mobile applications to communicate directly in real time using audio, video, and data streams without requiring plugins or external software. It uses protocols like STUN, TURN, and ICE to establish peer-to-peer connections, even across NATs and firewalls. WebRTC is used for building applications like video conferencing and live streaming because it minimizes latency and provides a secure, high-quality communication experience. Its support for open standards and cross-platform compatibility makes it a powerful choice for modern real-time communication needs.
Wiki: https://en.wikipedia.org/wiki/WebRTC
Website: https://webrtc.org/
Standard: link
STUN:
STUN (Session Traversal Utilities for NAT) is a protocol that helps devices behind NATs (Network Address Translators) discover their public IP address and port, enabling peer-to-peer communication. It works by sending a request from a client to a STUN server, which responds with the client's public-facing information. This is crucial for establishing direct connections in protocols like WebRTC, as it allows devices to communicate across different network boundaries. While STUN facilitates connectivity, it doesn't handle scenarios where direct communication is impossible—those cases require a TURN server.
RFC 3489: link
TURN:
In WebRTC, TURN (Traversal Using Relays around NAT) is a protocol used to facilitate the transmission of media streams (such as audio and video) between peers in situations where direct peer-to-peer communication is not possible due to restrictive NAT (Network Address Translation) or firewall configurations.
RFC 8656: link
Mercury Control Panels
What ports need to be open on the network facing LAN port (firewall rules)?
Protocol | Port | Usage / Application Protocol | IN / OUT |
TCP | 3001 | MSP2 | OUT |
HTTPS | 443 | WebCLI | OUT |
Server Information (Mercury Panels)
Active IP Addresses: 64.35.160.200, 64.35.160.201, 64.35.160.202
Domains: merc-prod.brivo.com (Data Server), merc-prov.prod.brivo.com (Provisioning Server)
