The gateway facilitates communication between the cloud-based security system and on-site devices.

Download the Gateway Installation PDF.

For reference, download the Intel NUC8CCHK/NUC8CCHB Technical Product Specification.

Contents

The following items are included in the box when receiving a gateway.

  • One (1) gateway unit
  • One (1) sticker label containing the System ID
  • One (1) power cord
  • One (1) power adapter
  • Four (4) rubber feet
  • Mounting screws

Only the power and Ethernet ports will be used. Other ports (HDMI and USB) are disabled. 

Hot surface warning  Use caution when handling the gateway. The surface may be hot. Allow the gateway to cool before handling it.

Gateway Installation

Before installing the gateway, make note of its System ID. The System ID is printed on a label affixed to the gateway.

The gateway depends on the network being configured for DHCP. If a static IP address is needed for the gateway, it must be configured through MAC address mapping on the DHCP server.

Connect the Gateway

  1. Connect the gateway to an internet-accessible network. Use the Ethernet port located on the back of the gateway.
    Ethernet connection diagram


    • Proxies are not explicitly supported. If a proxy is implemented, it must be transparent to the gateway and downstream clients (i.e,. does not require any changes to client trusted certificates or configuration changes to use the proxy).

      This port is only used for internet access. Do not connect access controllers to the Ethernet port.

  2. Connect the gateway to power.
    Power connection diagram

  3. Power on the gateway.

After being connected and powered on, the gateway communicates over the internet. All connections that the gateway establishes are outbound. The firewall does not need any ports opened for inbound connections.

Configure the Gateway

  1. In Elements, on the Devices page, add the gateway by selecting Add button.
  2. Enter a Name for the gateway. 
  3. Enter the System ID.
  4. Select Save.

Status

The gateway has a single LED to indicate the status of the gateway.

Single LED Behavior

Status

Fast blinking white

Initialization

Fast blinking red

No network connection or IP address

Double blinking red

System registration service unreachable or no internet connection (IP address assigned)

Blinking yellow

System registration service reachable, not connected to IoT

Alternate blinking red, yellow

Lost connection to IoT Hub

Steady green

Gateway operational

LED off

Gateway powered off

Training video: Gateway LED Status Sequence

Architecture

Application and service connectivity information is provided so that the network may be secured.

High level architecture diagram

Architecture diagram

Security

Limit access to the network by enabling a firewall to secure ports and endpoints.

Communication for the Gateway

Outgoing: HTTPS (TCP 443) and MQTTS (TCP 8883)

Endpoints:

  • deviceregistration.elementssecure.com:443
  • deviceregistration.elementslive.net:443
  • elements-prd-ioth.azure-devices.net:8883
  • elementsprdsa.blob.core.windows.net:443
  • gatewayfirmware.elementssecure.com:443
  • gatewayimages.elementssecure.com:443
Proxies are not explicitly supported. If a proxy is implemented, it must be transparent to the gateway.

Communication for Video

Communication with Milestone services from the Elements gateway is done on following ports:

  • Milestone OnvifServer Default Port: TCP 580
  • Milestone OnvifServer Default Port: TCP 554
  • Milestone Recording Server Default Port: TCP 7563
  • Milestone XProtect Configuration Server: TCP 80, 443

Configure the network infrastructure to allow connections to and from the above addresses on the following ports:

  • stun:global.stun.twilio.com
  • turn:global.turn.twilio.com
  • Port 3478 - Protocol: STUN, TURN UDP
  • Port 443 - Protocol: TURN TLS
  • Ports range 10000 - 60000 - Protocol: UDP/SRTP/SRTC


© Honeywell International Inc. All Rights Reserved.