Setting up Milestone Open Network Bridge security controls

Milestone Open Network Bridge enforces user authorization of ONVIF clients. This controls the ONVIF client’s ability to access cameras, and the types of operations the ONVIF clients can perform. For example, whether ONVIF clients can use pan-tilt-zoom (PTZ) controls on cameras.

Milestone recommends that you create and add a dedicated user account for the Milestone Open Network Bridge, and for each ONVIF client, as follows:

1. Create a basic user in the Management Client, or a Windows user.
2. In the Management Client, assign the user to a role that can access cameras, and specify permissions for the Milestone Open Network Bridges security group on the Overall Security tab for the role.
3. Assign the user to the Milestone Open Network Bridge during installation, and in the Management Client for each ONVIF client afterward.

All users who should be granted access to Milestone Open Network Bridge server, including those who install Milestone Open Network Bridge, must be added in the Open Network Bridge settings in Management Client.

Milestone Open Network Bridge allows ONVIF clients only to request and receive video streams from cameras. ONVIF clients cannot configure settings in the XProtect VMS system or the Milestone Open Network Bridge.

As a security precaution, Milestone recommends that you install the Milestone Open Network Bridge server in a demilitarized zone (DMZ). If you install the bridge in a DMZ, you must also configure port forwarding for the internal and external IP addresses.