This article outlines the required ports and provides methods for verifying that Teramind servers and hosts are reachable through your firewall and network configuration.
Note: If testing connectivity within a VPN environment, ensure the VPN is active during the testing process to simulate real-world conditions.
Required Ports and Protocols
Teramind requires the following ports to be accessible through your firewall for the Agent and Master Server to communicate effectively.
Port(s) | Protocol | Purpose | Deployment Notes |
443 | TCP | Used by the Agent to connect to the Master Server. Handles pings, command delivery (troubleshooting, updates), and WebSocket traffic for video recording (async/offline). | Standard for all deployments. Can also be used for the Management Interface. |
80 | TCP | Standard HTTP port for Agent deployment and updates. | Ensure this is open if encountering issues with your self-generated SSL certificate. |
10000 | Proprietary (TLS) | Communication of monitoring configuration and non-video monitoring data between the Agent and Master Server. | On-Premises only (single-node setup). Ports can be assigned separately from the server's settings. |
10000-11000 | TCP | Agent connection to App Server Nodes. | On-Premises only (multi-node setup). |
1000-65535 | UDP | Transmitting audio recording data from the Agent to the Server. | Required if audio recording is enabled. |
OCR Ports: 443, 5432, 9200, 42001, 50051 | Varies | Required for Optical Character Recognition (OCR). Check IPs/ports on the Server settings screen. | On-Premises only. Must be open among Master, OCR database, and OCR mining nodes. |
5985 / 5986 | TCP | Default WinRM ports used when remotely deploying the Agent. 5985 for HTTP, 5986 for HTTPS. | On-Premises only. |
6379 | TCP | Used by Redis on the Master Node. | Required for application nodes to reach the Master Node. |
Other Ports: 389, 465, 111, 2049, etc. | Varies | Ports for integration services: such as LDAP 389 for Active Directory, TCP 465 for SMTP (emails), and TCP 111, 2049 if you are using the NFS service. | Some of these ports are configurable from their respective settings screens on the Dashboard. |
Locating Server Addresses and Ports
Before testing, locate the specific server IPs or hostnames required for your deployment.
Cloud Deployment
The server address and port information is available in the System > Deployment screen, under the Server & Port section:
On-Premise Deployment
Server and port configurations can be viewed and configured on the Dashboard:
Configurations > Settings > Server: To view IPs assigned to various nodes (e.g., OCR, BI) and set management interface ports.
Configurations > Settings > Active Directory: For LDAP hosts/IPs/ports.
Configurations > Settings > SMTP: For SMTP email server and port.
Connectivity Testing Methods
Use one of the following methods to check port reachability from the endpoint (Agent machine) to the Teramind server.
Note: If testing connectivity within a VPN environment, make sure the VPN is active during the testing process to simulate real-world network conditions.
Using the Telnet Client
The Telnet Client must be installed on your Windows machine before use.
In case you never used a Telnet Client before, there are many articles online that shows you how to install and use it.
Cloud Deployments
telnet www.teramind.co 443
telnet rt.teramind.co 443
telnet <serverIP> <port>
For VPN testing, you may use the specific IPs or server names provided in your Teramind account, such as 129.159.72.2 or 141.147.53.206.
The server address and port information is available in the System > Deployment screen, under the Server & Port section:
On-Premise Deployment
telnet <serverIP or hostname> 443
telnet <serverIP or hostname> 10000
Additionally, if you are deploying within a VPN setup, ensure key servers such as 141.147.53.206 and ports like 12316 are reachable to confirm functionality.
You can find your <serverIP or hostname> from the Configurations > Settings > Security screen:
In both cases, if you see a message like the one below, it means service is not running, port is closed by your firewall or there're some networking issues:
telnet: Unable to connect to remote host: Connection refused
Using the Windows PowerShell
This is the recommended method for modern Windows systems. Find more information on Microsoft PowerShell Documentation.
The syntax for PowerShell is:
Test-NetConnection -Computername <serverIP or hostname> -Port <port>
For example:
Test-NetConnection -ComputerName www.acme.com -Port 443
Check the Telnet Client section above to find out where you can find the <serverIP or hostname> and <port>.
When a service is running and a port is open you'll see something like:
>Test-NetConnection -ComputerName www.acme.com -Port 443
ComputerName : www.acme.com
RemoteAddress : 92.122.110.37
RemotePort : 443
InterfaceAlias : Ethernet
SourceAddress : 192.168.0.180
TcpTestSucceeded : True
And when service isn't running or port is closed, you will see a warning message like this:
>Test-NetConnection -ComputerName www.acme.com -Port 10000
WARNING: TCP connect to (92.122.110.37 : 10000) failed
ComputerName : www.acme.com
RemoteAddress : 92.122.110.37
RemotePort : 10000
InterfaceAlias : Ethernet<
SourceAddress : 192.168.0.180
PingSucceeded : True
PingReplyDetails (RTT) : 14 ms
TcpTestSucceeded : False
PowerShell is a task automation and configuration management framework from Microsoft. You can find more information about it on Microsoft PowerShell Documentation.
Using the Curl tool
Use curl to test connectivity for web-based services. The --insecure flag can be used if you are troubleshooting SSL certificate issues.
You can use the following syntax for Curl:
curl --insecure https://<serverIP or hostname>:<port> -verbose
For example:
curl --insecure https:85/195/72/201:15984 -verbose
If the connection is successful, the command will return something like the following result:
MacOS
Using Netcat
For Unix-like operating systems, the nc (Netcat) utility is highly effective for port checking.
The syntax for Netcat is:
nc -zv <serverIP or hostname> <port>
For example:
nc -zv 192.168.1.100 10000
Using Other Clients
You can also use Telnet or something like nmap.