ONVIF
ONVIF is an open industry standard that defines how IP cameras and video management systems (VMS) communicate with each other, regardless of manufacturer. Before ONVIF, every IP camera brand used its own proprietary protocol — an Axis camera wouldn't talk to a Milestone VMS, and so on. ONVIF standardised the conversation: how cameras are discovered, how their video streams are accessed, and how they're configured. In AV, ONVIF is primarily relevant when IP cameras need to integrate with a VMS, NVR (network video recorder), or Q-SYS camera routing.
controlOpen Standardlow latency, medium latencylocal lancampus
Infrastructure Requirements
- Standard LAN
- WS-Discovery for device discovery (multicast)
- SOAP/HTTP API
Network Ports & Requirements
| Port(s) | Transport | Direction | Purpose | DSCP | Multicast | Config. |
|---|---|---|---|---|---|---|
| 3702 | Multicast | Both | WS-Discovery — cameras broadcast their presence on the network using this multicast address so VMS software and other ONVIF devices can automatically find them. Same VLAN boundary limitations as mDNS — doesn't cross routers without a proxy. | — | 239.255.255.250 | No |
| 80 | TCP | Both | ONVIF API — the VMS or control system sends XML-formatted commands to the camera over HTTP to configure settings, request stream information, and control PTZ movement. The exact port varies by manufacturer. | — | — | Yes |
| 8080 | TCP | Both | ONVIF API — the VMS or control system sends XML-formatted commands to the camera over HTTP to configure settings, request stream information, and control PTZ movement. The exact port varies by manufacturer. | — | — | Yes |
| 443 | TCP | Both | Encrypted ONVIF API (HTTPS) — same as port 80/8080 but with encryption. Used by ONVIF Profile T and newer implementations where security is a priority. | — | — | Yes |
| 554 | TCP | Both | RTSP — used to negotiate the video stream: the VMS tells the camera "I want to receive your video" and they agree on stream parameters before video starts flowing. | — | — | Yes |
| — | UDP | Outbound | RTP video stream — the actual camera video flowing from the camera to the VMS or decoder. Ports are assigned dynamically during the RTSP negotiation, so there's no fixed port number — the camera and receiver agree on a port during setup. | — | — | No |
Gotchas & IT Notes
- ⚠**WS-Discovery (UDP 3702)** is multicast — same VLAN boundary issues as mDNS. Does not cross Layer 3 without a WS-Discovery proxy.
- ⚠RTSP (TCP 554) negotiates the RTP media stream ports dynamically — the actual video UDP ports are assigned during RTSP SETUP. For firewall rules, allow outbound UDP in a broad range (e.g. 1024–65535) from the camera, or use stateful firewall inspection.
- ⚠ONVIF HTTP port (80/8080) varies by manufacturer — check camera web interface for the configured ONVIF service port.
- ⚠For VMS/NVR integration, the VMS typically polls cameras via ONVIF HTTP and pulls RTP streams via RTSP — ensure LAN connectivity between NVR and camera VLAN.
- ⚠Profile T adds HTTPS and encrypted streams — recommended for security-conscious deployments.