Network ports

This article is about the logical network ports used by the players. For the physical Ethernet ports, see the “Inputs & Outputs” section on the dedicated page of each player model.

Introduction

In computer networking, a port is an endpoint of communication. Physical and wireless connections are terminated at ports of hardware devices. At the software level, within an operating system, a port is a logical construct that identifies a specific process or a type of network service. The software port is always associated with an IP address of a host and the protocol type of the communication.

Network ports provide a multiplexing service for multiple services or multiple communication sessions at one network address. Specific port numbers are commonly reserved to identify specific services. The most commonly used protocols that use ports are the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP).

A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on configurable security rules. It can reside on your local machine, on your router, or as part of your corporate network. Your computer's firewall controls the network traffic in and out of that machine. A network firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet.

Player services

The following logical network ports are used by the players' services:

Type	Port	Service description
TCP	80	HTTP access to the embedded web server (player web interface, HMP Control Center, RPC etc.) of the player.
TCP	443	Secure HTTP (HTTPS) access to the embedded web server of the player. Added in firmware 4.0.0.
TCP	81	WebDAV access to the player content server for publishing from Elementi or other WebDAV clients.
TCP	9802	Secure WebDAV access to the player content server for publishing from Elementi or other WebDAV clients. Added in firmware 4.0.0.
TCP	1234	TCP / HTTP access to the legacy end-point of the Shared Variables Network API. This is not enabled by default. The default port can be freely modified.
TCP, UDP	5684	Secure CoAP access to the Shared Variables Network API. This is not enabled by default. Added in firmware 4.3.0.
TCP, UDP	161	SNMP monitoring. This is not enabled by default.
UDP	68	DHCP to request IP addresses and networking parameters automatically. Disabled when static IP configuration is used.
UDP	123	NTP for internal clock synchronization.
UDP	1900	SSDP / UPnP device discovery. Added in firmware 4.1.0.
UDP	5353	Multicast DNS (Bonjour) device discovery.
TCP, UDP	5355	LLMNR (Windows compatible local name resolution). Added in firmware 4.7.1.

Note:

All the above services can be disabled from Control Center and some are not even enabled by default; the port UDP 123 however remains opened even when NTP is not used.

Network firewall

Network firewalls filter traffic between two or more networks and are positioned on the gateway computers of LANs, WANs, and intranets. A network firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet.

No ports need to be opened on the network firewall for inbound traffic, unless you specifically want to allow remote access to the player. The following standard ports should be opened for outbound traffic from the players towards external destinations:

Type	Port	Service description
TCP	80	HTTP access to external web servers, such as SpinetiX firmware update server, third-party data feeds, etc.
TCP	443	Secure HTTP (HTTPS) access to Cockpit, data feeds, SpinetiX ARYA, Feature Set activation site, and other services on SpinetiX cloud infrastructure, etc.
TCP	8883	MQTT access to SpinetiX cloud infrastructure. Added in firmware 4.4.0.
UDP	123	NTP for internal clock synchronization.

Warning:

Opening or closing ports on the network firewall controls access for ALL devices on that network.

Note:

SpinetiX players can be configured to use an HTTP proxy (with basic username/password authentication) for HTTP traffic, but services like MQTT require the respective port to be opened on the firewall for direct connection from the players.

DSaaS deployment

SpinetiX ARYA™ is a cloud-based visual communication solution, easy to use and accessible from anywhere from a browser from any device and at any time. The DSOS players are using standard network protocols and ports (listed above) to communicate with the SpinetiX cloud.

For networks that have very strict access rules to the Internet, an extended list of services, protocols, ports, and hostnames used by DSOS players and web clients to connect to SpinetiX ARYA™, is provided below.

Server and port list of SpinetiX ARYA™ - version 2025 EU (*see the document revision history here*)

Notes:

All connections are outgoing and initiated by the DSOS player, web client, or Elementi.
Other domains *.services.spinetix.com may be added in the future.
TLS inspection is possible for all services, except for the MQTT and AWS Credential provider services, as these use client-certificate authentication.
IP filtering is not possible as all names resolve to dynamic IP addresses due to round-robin, GeoDNS, and load balancing.
MQTT is not required, yet strongly recommended. If MQTT is not allowed, players work in a degraded mode (Slow Sync) where each request from the cloud can be delayed by up to 5 minutes.
Domains *.amazonaws.com may be moved under *.services.spinetix.com in the future.

Computer firewall

Your computer's firewall controls the network traffic in and out of that machine. It might be restricted or totally available to you and some / all firewall rules might be set through group policies.

Most of the ports detailed above are standard ports, so they should already be opened. If not, to access the player services detailed above, the corresponding ports must be opened for outbound traffic; some of them might also need to be opened for inbound traffic, for instance the ones related to Shared Variables and SNMP monitoring.

Elementi

If Elementi is installed and used, some additional ports might need to be opened, such as:

Type	Port	Service description
TCP	80	HTTP access to external web services like data feeds, external web servers, etc.
TCP	443	Secure HTTP (HTTPS) access for license activation, software update, publishing to ARYA, etc.
TCP	81	Publishing onto the players using WebDAV.
TCP	9802	Publishing onto the players using Secure WebDAV. Added in Elementi 2015.
UDP	1900	Device discovery using SSDP / UPnP. Added in Elementi 2016.
UDP	5353	Device discovery using Multicast DNS (Bonjour).
TCP, UDP	5684	Secure CoAP access to the Shared Variables Network API. This applies to Elementi 2018 X only, and it is not enabled by default.
TCP	1234	TCP / HTTP access to the legacy end-point of the Shared Variables Network API. This applies to Elementi X only, it is not enabled by default, and the default 1234 port can be freely modified.

Note:

Other ports might need to be opened in case of accessing streaming media sources.