Network configuration

This topic discusses system ports, traffic flows, configurations, and how the system deals with updates for Axon Fleet 2 software and firmware.

Mobile Data Terminal/Computer (MDT/C)

Hereafter, we'll refer to this as the MDT.

Inbound traffic ports

The Axon View XL installation program creates the following Windows Firewall rules during installation:

  • Inbound Rule: "Fleet GPS"
    Program Allowed: %installdir%\axon-agent.exe
    Protocol and Port: UDP 10110
    Scope: Local subnet
    Currently the GPS port configuration can only be overridden using conf.toml file.
  • Inbound Rule: "Fleet RTP"
    Program Allowed: %installdir%\axon-agent.exe
    Protocol and Port: UDP 5004-6004
    Scope: Local subnet
    Currently RTP (Live View) only uses UDP. The port range can be overridden via conf.toml

The HUD uses service port TCP 18888 bound to localhost for the login flow only. This port is used as long as the authentication flow is executing before closing the connection.

The HUD uses service ports 7777 and 7878 for communication, but these should only be bound to localhost.

Outbound traffic

All outbound traffic is from non-privileged ports above port 1024:

  • To camera ports outlined in the Fleet Cameras section below.
  • To Axon Evidence, port 443
    • Encryption: HTTP/TLS
  • To Axon Evidence, port 80
    • For time synchronization. This is done on an hourly interval using the HTTPDate protocol. Expected volume is 2 KB per hour.
    • Encryption: none
    • Authentication: none

Fleet cameras (front and back)

Open ports

  • TCP 80 (HTTP)
    • Provides a webservice API for use by the Axon View XL application.
    • The webservice does not respond to plaintext requests and does not provide index pages to reduce discoverability.
    • Encryption: Yes for command handling, using Diffie-Hellman with SHA-256 for key exchange and the cipher is AES-256. Bulk data endpoints for pulling media, logs, or pinging the camera are not encrypted.
    • Authentication: None. Assumes cameras are Axon Fleet cameras with specific serial numbers.
  • TCP 554 (RTSP)
    • Provides a streaming server for preview of videos by the Axon View XL application. This endpoint can stream video but cannot issue any commands to the camera.
    • Encryption: None
    • Authentication: None

Outbound traffic

The cameras have outbound traffic for offloading video evidence and for live view over the local area network.

Wireless configuration

Each Fleet vehicle must host an 802.11 wireless network using 5 GHz band because Fleet cameras are not wired to an ethernet network.

Requirements

  • 802.11n @ 5 GHz with a 20 MHz channel width
  • Non-DFS channels required
  • WPA2-PSK security required
  • Unique SSID per vehicle, using only 5 GHz; SSID may be hidden
  • DHCP service on the wireless network

Cradlepoint router considerations

Fleet 2 configuration on the latest generation of Cradlepoint routers:

Cradlepoint R920, R1900

The Wi-Fi selection must not use DFS (Dynamic Frequency Selection) for channel selection. If this is not configured, Fleet 2 cameras may not connect reliably. Ensure the Channel selection method for your Wi-Fi radios is Manual. When selecting a specific channel, don't select channels 52-144; for details, see Cradlepoint's document Configuring Advanced Wi-Fi Settings.

Cradlepoint IBR900

These routers do not have DFS as a configuration option; no configuration setting changes are required.