Why isn't Camio Box working on my corporate network?

Network problems can be difficult to diagnose until there's at least some connection to the Internet. Here are some candidate problems to check with your network administrator.

Ethernet Port

Are the Ethernet port(s) connected to the correct network(s)?

The Network Interface Card (NIC) inside port (closest to center) of the Box Pro is the primary NIC connected to the WAN/Internet and used for registration using the MAC address printed on the package labeling. So the Ethernet cable that connects to the Internet should use that interior port.

The outside port (closest to the edge) of the Box Pro is the secondary NIC, most often connected to a private camera/NVR LAN. That port is active (blinking) only when configured, and it is not configured by default. See Dual NIC Configuration.

DHCP Filters

The default way to obtain an IP address is via DHCP. But some corporate networks may use DHCP filters that allow only specified MAC addresses to obtain an IP  address. Make sure your network admin either a) allows the MAC addresses of the Box to use DHCP or b) assigns a static IP address to the Box.

DNS Servers

Box uses Google's DNS Servers 8.8.8.8 and 8.8.4.4. If your network blocks those DNS servers and relies on different DNS Servers, then make sure to configure the primary NIC to use your preferred DNS servers.

UDP Filters

Box locates cameras and NVRs on the LAN by looking for MAC addresses recognized by OUI. The Box relies on nmap to scan the LAN and fill the ARP cache with the mappings of MAC to IP address to know the IP address of each video source even if its IP address changes over time. This network scan is optional and obviated by assigning static IP addresses to video sources.

SSL Inspection

If your corporate network uses "SSL Inspection" to monitor encrypted network traffic, then the self-signed intermediate certificates inserted by those tools will be rejected as unsafe man-in-the-middle (MITM) connection attempts. The Box's TLS 1.2 encrypted  outbound connections to these servers will fail.

This tool helps identify whether your network has a true security risk:
https://badssl.com/dashboard/ (recommended by Homeland Security https://www.us-cert.gov/ncas/alerts/TA17-075A) Camio hasn't yet support SSL Inspection due to risks outlined in  https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-inspection.html.  However, please contact us if your corporate network security policies require an option to allow self-signed certificate bundles.
Have more questions? Submit a request

Comments