Machine Vision

Showing results for 
Search instead for 
Did you mean: 

GigE Camera - no image when firewall is turned on


Very simple question. My Gigabit Ethernet camera (Basler)  works perfect when Windows XP (SP2) Firewall is turned OFF. But when Firewall is turned ON, then camera appeared in MAX, but when Snap / Grap button pressed, then timeout occured and no image transferred. What can be wrong? Which firewall ports should be opened for GigE camera?

thanks in advance for any hints,

0 Kudos
Message 1 of 7
Hi Andrey,

It is expected behavior that when the Windows Firewall is turned you will not receive images in certain cases. The reason you can see the camera and configure it but not get images back is because the discovery/control of the GigE Vision protocol is a two-way operation. Since we are sending packets out in that case and they return via the same path the firewall lets them through. However, for the image stream, the packets only flow in one direction and so the firewall does not let them through.

The easiest solution is to use an Intel Pro/1000-based network card and install our High-Performance driver. In this configuration, the image stream is decoded before any software firewalls and so no modification to your firewall settings is needed. Additionally, there is no overhead from the firewall or the network stack.

If you cannot use the High-Performance driver, the next alternative is to disable the firewall on just the network device connected to the camera. The Windows Firewall network settings should have a tab to allow you to selectively disable the firewall on one network device while enabling it for the other. This would be recommended anyways because the firewall would add considerable overhead when streaming from a camera.

Unfortunately there is not an easy way to just open a port or range of ports while keeping the firewall enabled on that device. This is because of the way the GigE Vision protocol was defined, in that the remote port that the image stream comes from on the camera is dynamic and the port on the PC side is also dynamic. The Windows Firewall is not configurable in a manner that can accomodate this configuration.

I hope this is helpful, and let me know if you have any more questions!
Message 2 of 7
Hi, Eric,
Thank you for the answer. Strange, I have Intel(R) PRO/1000 MT Server Adapter and IMAQdx installed. As far as I understand, High-Performance Driver should be the part of IMAQdx. It seems to be installed already. How can I be sure that High-Performance driver is properly used for my network adapter?
I have the next question. Which licenses should be purchased for deployment of application which uses Vision Development Toolkit and IMAQdx for GigE camera to our customers? Looks like two:
p/n 778044-03 Vision Run-Time (285 EUR) and p/n 778413-01 Vision Acquisition Software (380 EUR).
Is it correct?
0 Kudos
Message 3 of 7
Hi Andrey,

With Vision Acquisition 8.2.1 (including IMAQdx 3.0) the installer just installs the High-Performance Driver but does not actually replace the association of any previously installed driver with your Intel Pro/1000 cards. Since Windows XP includes drivers for the Pro/1000 cards already, they should already be associated with a driver from Microsoft or Intel when the installer runs.

We have instructions for changing the driver association in the printed release notes you should have received with Vision Acquisition 8.2.1, but I'll describe them here briefly.
-Go to Device Manager, find the Intel Pro/1000-based card you want to use for GigE Vision
-Right-click and select "Update Driver"
-Select "No, not this time" when asked to connect to Windows Update instead, then click "Next"
-Select "Install from a list or specific location (Advanced)", then click "Next"
-Select "Don't search. I will choose which driver to install", then click "Next"
-You should see "National Instruments GigE Vision Adapter" as one of the driver choices. Select this and click "Next"
-Select "Continue" on the pop-up regarding WHQL signing

Now the device should be using the High Performance driver and IMAQdx will detect and use this automatically.

With regards to your other question, I believe the two parts you listed are the correct ones given the application you wish to deploy.

Please let me know if you have any more questions.

Eric G
Message 4 of 7

Thank you very much, Eric. It works now.



0 Kudos
Message 5 of 7

If you don't have a Intel NIC, and if the camera is on the network with a fixed IP address (i.e. setup a dhcp reservation in the router). You can also open the firewall to that specific IP address :


Control panel > Windows Firewall > Advanced Settings (in the left side panel). This Opens up an mmc window for advanced firewall configuration.
In the left panel, choose Inbound or Outbound rules.
Right panel, click New rule.
In the dialog, choose "custom".
In the left again, go to "Scope." When you add an IP, you can add a range.


Message 6 of 7

Depending on the camera, there will be a Genicam attribute called FirewallTraversal.  To see it, you would need to change the visibility in MAX to Advanced/All Attributes.  If you camera supports it, the value can be changed to TRUE or ON, and then the camera will be able to operate, even when the Firewall is engaged.  Some cameras support it, and others don't.  It's a very useful feature, which makes me sometimes wonder why a vendor would choose to not implement the feature.

Machine Vision, Robotics, Embedded Systems, Surveillance - Custom Imaging Solutions
Message 7 of 7