Fortinet black logo

Administration Guide

Home FortiRecorder 7.2.0 Administration Guide
7.2.0
7.2.0
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.0
6.0.0
2.7.2
2.7.1
2.7.0
2.6.0

Deployment topology

Deployment topology

Cameras and other devices such as ACS can be deployed in networks that are:

or a combination of them.

Do not plug in your cameras and FortiRecorder yet. Diagrams below are for comparison and planning purposes. Follow the order of steps in Setup.

Caution

If you connected FortiCam cameras too soon, before a DHCP server was available, then they are using a default IP address.The default address will not work with your network. To fix this, unplug the cameras. Later, when indicated in Setup, you will plug them in again. This reboots the cameras and requests a correct IP address from the DHCP server.

Often there is a DHCP server on the LAN already, but if not, you do not need to deploy one. Use the built-in DHCP server on FortiRecorder instead. In their factory default state, FortiCam cameras automatically get network settings from a DHCP server during initial setup. Many third-party cameras require a DHCP server, too. Some third-party cameras have a default static IP address, however; these require you to manually configure the network settings through the camera's native GUI. Later, once connected, optionally cameras can be reconfigured to use a static IP address.

For Wi-Fi cameras, you will temporarily use an Ethernet cable during setup with FortiRecorder. Later, once setup is complete, you will disconnect and move the camera to its location on the Wi-Fi network. Power is then supplied by a PoE injector, not a physical connection through a PoE switch.

For external storage, Chromecast integration, and/or larger, more complex networks, you may need more network connections than the diagrams show, although the designs are similar.

Hybrid with FortiCamera Cloud

FortiCamera Cloud can be used together with FortiRecorder. You can use FortiCamera Cloud to configure most camera settings, and to monitor video from cameras, while FortiRecorder provides video storage and is used to configure remaining camera settings, if any. For details, see Managed by cloud.

This architecture scales well if your organization is adding small locations quickly. Each location can start with a cloud native FortiCam model connected to FortiCamera Cloud, and then later add FortiRecorder when more cameras need local storage, or for advanced features.

Topology is similar to remote networks, but once setup is complete, an administrator or operator usually logs in through FortiCamera Cloud — not FortiRecorder.

Local to FortiRecorder

cameras connected to FortiRecorder through a PoE switch cameras connected to FortiRecorder through a PoE switch

In a simple local deployment, cameras are installed on the same local network as FortiRecorder, with either:

  1. No router or firewall between them

  2. Router or firewall between them, but they do no network address translation (NAT)/port forwarding, such as a FortiGate operating in transparent mode or LANs joined via VPN

Often the switch is connected to a router, and devices connect through it to the Internet. However, this is not required unless you use camera or FortiRecorder features that require an Internet connection. See also Appendix A: Port numbers.

Remote from FortiRecorder

cameras connected to FortiRecorder through a router or firewall

Remote camera deployment is when there is a firewall or router — perhaps many internal networks, or the Internet — between FortiRecorder and the cameras, ACS, and/or administrators and operators. Branch offices often use this design. Devices in your deployment will connect through either:

on the router or firewall.

Caution

To strengthen security, use a VPN — not NAT/port forwarding.

Communications include surveillance video and other sensitive information which could be intercepted or changed if it travels over untrusted networks such as the Internet. Remote access through NAT/port forwarding opens ports and can weaken the strength of your network security. To prevent attackers on the Internet from gaining access to your surveillance system, require authentication, use a firewall to restrict which IP addresses can use your port forward or virtual IP, and scan requests for viruses and hacking attempts.

For larger networks, VPN can be simpler than configuring NAT/port forwarding for many devices, too.

If you require remote access while you are out of the office, you can also use the VPN or VIP/NAT, connecting through the Internet to use the GUI or notification video clips.

Previous
Next

Deployment topology

Cameras and other devices such as ACS can be deployed in networks that are:

or a combination of them.

Do not plug in your cameras and FortiRecorder yet. Diagrams below are for comparison and planning purposes. Follow the order of steps in Setup.

Caution

If you connected FortiCam cameras too soon, before a DHCP server was available, then they are using a default IP address.The default address will not work with your network. To fix this, unplug the cameras. Later, when indicated in Setup, you will plug them in again. This reboots the cameras and requests a correct IP address from the DHCP server.

Often there is a DHCP server on the LAN already, but if not, you do not need to deploy one. Use the built-in DHCP server on FortiRecorder instead. In their factory default state, FortiCam cameras automatically get network settings from a DHCP server during initial setup. Many third-party cameras require a DHCP server, too. Some third-party cameras have a default static IP address, however; these require you to manually configure the network settings through the camera's native GUI. Later, once connected, optionally cameras can be reconfigured to use a static IP address.

For Wi-Fi cameras, you will temporarily use an Ethernet cable during setup with FortiRecorder. Later, once setup is complete, you will disconnect and move the camera to its location on the Wi-Fi network. Power is then supplied by a PoE injector, not a physical connection through a PoE switch.

For external storage, Chromecast integration, and/or larger, more complex networks, you may need more network connections than the diagrams show, although the designs are similar.

Hybrid with FortiCamera Cloud

FortiCamera Cloud can be used together with FortiRecorder. You can use FortiCamera Cloud to configure most camera settings, and to monitor video from cameras, while FortiRecorder provides video storage and is used to configure remaining camera settings, if any. For details, see Managed by cloud.

This architecture scales well if your organization is adding small locations quickly. Each location can start with a cloud native FortiCam model connected to FortiCamera Cloud, and then later add FortiRecorder when more cameras need local storage, or for advanced features.

Topology is similar to remote networks, but once setup is complete, an administrator or operator usually logs in through FortiCamera Cloud — not FortiRecorder.

Local to FortiRecorder

cameras connected to FortiRecorder through a PoE switch cameras connected to FortiRecorder through a PoE switch

In a simple local deployment, cameras are installed on the same local network as FortiRecorder, with either:

  1. No router or firewall between them

  2. Router or firewall between them, but they do no network address translation (NAT)/port forwarding, such as a FortiGate operating in transparent mode or LANs joined via VPN

Often the switch is connected to a router, and devices connect through it to the Internet. However, this is not required unless you use camera or FortiRecorder features that require an Internet connection. See also Appendix A: Port numbers.

Remote from FortiRecorder

cameras connected to FortiRecorder through a router or firewall

Remote camera deployment is when there is a firewall or router — perhaps many internal networks, or the Internet — between FortiRecorder and the cameras, ACS, and/or administrators and operators. Branch offices often use this design. Devices in your deployment will connect through either:

on the router or firewall.

Caution

To strengthen security, use a VPN — not NAT/port forwarding.

Communications include surveillance video and other sensitive information which could be intercepted or changed if it travels over untrusted networks such as the Internet. Remote access through NAT/port forwarding opens ports and can weaken the strength of your network security. To prevent attackers on the Internet from gaining access to your surveillance system, require authentication, use a firewall to restrict which IP addresses can use your port forward or virtual IP, and scan requests for viruses and hacking attempts.

For larger networks, VPN can be simpler than configuring NAT/port forwarding for many devices, too.

If you require remote access while you are out of the office, you can also use the VPN or VIP/NAT, connecting through the Internet to use the GUI or notification video clips.

Previous
Next