AXIS I7020 Network Intercom - User manual

Chrome^TM

Firefox^®

Edge^TM

Safari^®

Windows^®

macOS^®

Linux^®

Other operating systems

Show or hide the main menu.

Access the release notes.

Access the product help.

Change the language.

Set light theme or dark theme.

The user menu contains:

• Information about the user who is logged in.

• Change account : Log out from the current account and log in to a new account.

• Log out : Log out from the current account.

The context menu contains:

• Analytics data: Accept to share non-personal browser data.

• Feedback: Share any feedback to help us improve your user experience.

• Legal: View information about cookies and licenses.

• About: View device information, including AXIS OS version and serial number.

• Legacy device interface: Change the device’s web interface to the legacy version.

Upgrade AXIS OS: Upgrade the software on your device. Takes you to the Maintenance page where you can do the upgrade.

NTP settings: View and update the NTP settings. Takes you to the Date and time page where you can change the NTP settings.

Hardening guide: Link to AXIS OS Hardening guide where you can learn more about cybersecurity on Axis devices and best practices.

View details: View and update the list of connected clients. The list shows IP address, protocol, port, state, and PID/process of each connection.

Recordings: View ongoing and filtered recordings and their source. For more information, see Recordings

Shows the storage space where the recording is saved.

Capture mode: A capture mode is a preset configuration that defines how the camera captures images. When you change the capture mode, it can affect many other settings, such as view areas and privacy masks.

Mounting position: The orientation of the image can change depending on how you mount the camera.

Power line frequency: To minimize image flicker, select the frequency your region uses. The American regions usually use 60 Hz. The rest of the world mostly uses 50 Hz. If you're not sure of your region's power line frequency, check with the local authorities.

Rotate: Select the preferred image orientation.

Scene profile: Select a scene profile that suits your surveillance scenario. A scene profile optimizes image settings, including color level, brightness, sharpness, contrast, and local contrast, for a specific environment or purpose.

• Forensic: Suitable for surveillance purposes.

• Indoor: Suitable for indoor environments.

• Outdoor: Suitable for outdoor environments.

• Vivid: Useful for demonstration purposes.

• Traffic overview: Suitable for vehicle traffic monitoring.

Saturation: Use the slider to adjust the color intensity. You can, for example, get a grayscale image.

Contrast: Use the slider to adjust the difference between light and dark.

Brightness: Use the slider to adjust the light intensity. This can make objects easier to see. Brightness is applied after image capture, and doesn’t affect the information in the image. To get more details from a dark area, it’s usually better to increase gain or exposure time.

Sharpness: Use the slider to make objects in the image appear sharper by adjusting the edge contrast. If you increase the sharpness, it may increase the bitrate and the amount of storage space needed as well.

WDR: Turn on to make both bright and dark areas of the image visible.

Local contrast: Use the slider to adjust the contrast of the image. A higher value makes the contrast higher between dark and light areas.

Tone mapping: Use the slider to adjust the amount of tone mapping that is applied to the image. If the value is set to zero, only the standard gamma correction is applied, while a higher value increases the visibility of the darkest and brightest parts in the image.

Light environment:

• Automatic: Automatic identification and compensation for the light source color. This is the recommended setting which can be used in most situations.

• Automatic – outdoors: Automatic identification and compensation for the light source color. This is the recommended setting which can be used in most outdoor situations.

• Custom – indoors: Fixed color adjustment for a room with some artificial light other than fluorescent lighting and good for a normal color temperature around 2800 K.

• Custom – outdoors: Fixed color adjustment for sunny weather conditions with a color temperature around 5500 K.

• Fixed – fluorescent 1: Fixed color adjustment for fluorescent lighting with a color temperature around 4000 K.

• Fixed – fluorescent 2: Fixed color adjustment for fluorescent lighting with a color temperature around 3000 K.

• Fixed – indoors: Fixed color adjustment for a room with some artificial light other than fluorescent lighting and good for a normal color temperature around 2800 K.

• Fixed – outdoors 1: Fixed color adjustment for sunny weather conditions with a color temperature around 5500 K.

• Fixed – outdoors 2: Fixed color adjustment for cloudy weather condition with a color temperature around 6500 K.

• Street light – mercury: Fixed color adjustment for ultraviolet emission in mercury vapor lights common in street lighting.

• Street light – sodium: Fixed color adjustment that compensates for the yellow orange color of sodium vapor lights common in street lighting.

• Hold current: Keep the current settings and do not compensate for light changes.

• Manual: Fix the white balance with the help of a white object. Drag the circle to an object that you want the camera to interpret as white in the live view image. Use the Red balance and Blue balance sliders to adjust the white balance manually.

Exposure mode:

• Automatic: The camera adjusts the aperture, gain, and shutter automatically.

• Automatic aperture: The camera adjusts the aperture and gain automatically. The shutter is fixed.

• Automatic shutter: The camera adjusts the shutter and gain automatically. The aperture is fixed.

• Hold current: Locks the current exposure settings.

• Flicker-free: The camera adjusts the aperture and gain automatically, and uses only the following shutter speeds: 1/50 s (50 Hz) and 1/60 s (60 Hz).

• Flicker-free 50 Hz: The camera adjusts the aperture and gain automatically, and uses the shutter speed 1/50 s.

• Flicker-free 60 Hz: The camera adjusts the aperture and gain automatically, and uses the shutter speed 1/60 s.

• Flicker-reduced: This is the same as flicker-free, but the camera might use shutter speeds faster than 1/100 s (50 Hz) and 1/120 s (60 Hz) for brighter scenes.

• Flicker-reduced 50 Hz: This is the same as flicker-free, but the camera might use shutter speeds faster than 1/100 s for brighter scenes.

• Flicker-reduced 60 Hz: This is the same as flicker-free, but the camera might use shutter speeds faster than 1/120 s for brighter scenes.

• Manual: The aperture, gain, and shutter are fixed.

Exposure zone: Use exposure zones to optimize the exposure in a selected part of the scene, for example, the area in front of an entrance door.

• Automatic: Suitable for most situations.

• Center: Uses a fixed area in the center of the image to calculate the exposure. The area has a fixed size and position in the live view.

• Full: Uses the entire live view to calculate the exposure.

• Upper: Uses an area with a fixed size and position in the upper part of the image to calculate the exposure.

• Lower: Uses an area with a fixed size and position in the lower part of the image to calculate the exposure.

• Left: Uses an area with a fixed size and position in the left part of the image to calculate the exposure.

• Right: Uses an area with a fixed size and position in the right part of the image to calculate the exposure.

• Spot: Uses an area with a fixed size and position in the live view to calculate the exposure.

• Custom: Uses an area in the live view to calculate the exposure. You can adjust the size and position of the area.

Max shutter: Select the shutter speed to provide the best image. Low shutter speeds (longer exposure) might cause motion blur when there is movement, and a too high shutter speed might affect the image quality. Max shutter works with max gain to improve the image.

Max gain: Select the suitable max gain. If you increase the max gain, it improves the visible level of detail in dark images, but also increases the noise level. More noise can also result in increased use of bandwidth and storage. If you set the max gain to a high value, images can differ a lot if the light conditions are very different from day to night. Max gain works with max shutter to improve the image.

Motion-adaptive exposure: Select to reduce motion blur in low-light conditions.

Blur-noise trade-off: Use the slider to adjust the priority between motion blur and noise. If you want to prioritize low bandwidth and have less noise at the expense of details in moving objects, move the slider towards Low noise. If you want to prioritize the preservation of details in moving objects at the expense of noise and bandwidth, move the slider towards Low motion blur.

Lock aperture: Turn on to keep the aperture size set by the Aperture slider. Turn off to allow the camera to automatically adjust the aperture size. You can, for example, lock the aperture for scenes with permanent light conditions.

Aperture: Use the slider to adjust the aperture size, that is, how much light passes through the lens. To allow more light to enter the sensor and thereby produce a brighter image in low-light conditions, move the slider towards Open. An open aperture also reduces the depth of field, which means that objects close to or far from the camera can appear unfocused. To allow more of the image to be in focus, move the slider towards Closed.

Exposure level: Use the slider to adjust the image exposure.

Defog: Turn on to detect the effects of foggy weather and automatically remove them for a clearer image.

Resolution: Select the image resolution suitable for the surveillance scene. A higher resolution increases bandwidth and storage.

Frame rate: To avoid bandwidth problems on the network or reduce storage size, you can limit the frame rate to a fixed amount. If you leave the frame rate at zero, the frame rate is kept at the highest possible rate under the current conditions. A higher frame rate requires more bandwidth and storage capacity.

P-frames: A P-frame is a predicted image that shows only the changes in the image from the previous frame. Enter the desired number of P-frames. The higher the number, the less bandwidth is required. However, if there is network congestion, there could be a noticeable deterioration in the video quality.

Compression: Use the slider to adjust the image compression. High compression results in a lower bitrate and lower image quality. Low compression improves the image quality, but uses more bandwidth and storage when you record.

Signed video: Turn on to add the signed video feature to the video. Signed video protects the video from tampering by adding cryptographic signatures to the video.

• Select the bitrate reduction Strength:

• Off: No bitrate reduction.

• Low: No visible quality degradation in most scenes. This is the default option and it can be used in all types of scenes to reduce the bitrate.

• Medium: Visible effects in some scenes through less noise and a slightly lower level of detail in regions of lower interest, for example, where there’s no movement.

• High: Visible effects in some scenes through less noise and a lower level of detail in regions of lower interest, for example, where there’s no movement. We recommend this level for cloud-connected devices and devices that use local storage.

• Higher: Visible effects in some scenes through less noise and a lower level of detail in regions of lower interest, for example, where there’s no movement.

• Extreme: Visible effects in most scenes. The bitrate is optimized for smallest possible storage.

Optimize for storage: Turn on to minimize the bitrate while maintaining quality. The optimization does not apply to the stream shown in the web client. This can only be used if your VMS supports B-frames. Turning on Optimize for storage also turns on Dynamic GOP.

Dynamic FPS (frames per second): Turn on to allow the bandwidth to vary based on the level of activity in the scene. More activity requires more bandwidth.

Lower limit: Enter a value to adjust the frame rate between minimal fps and the stream default fps based on scene motion. We recommend you to use lower limit in scenes with very little motion, where the fps could drop to 1 or lower.

Dynamic GOP (Group of Pictures): Turn on to dynamically adjust the interval between I-frames based on the level of activity in the scene.

Upper limit: Enter a maximum GOP length, that is, the maximum number of P-frames between two I-frames. An I-frame is a self-contained image frame that is independent of other frames.

• Average: Select to automatically adjust the bitrate over a longer time period and provide the best possible image quality based on the available storage.

• • Click to calculate the target bitrate based on available storage, retention time, and bitrate limit.

  • Target bitrate: Enter desired target bitrate.

  • Retention time: Enter the number of days to keep the recordings.

  • Storage: Shows the estimated storage that can be used for the stream.

  • Maximum bitrate: Turn on to set a bitrate limit.

  • Bitrate limit: Enter a bitrate limit that is higher than the target bitrate.

• Maximum: Select to set a maximum instant bitrate of the stream based on your network bandwidth.

• • Maximum: Enter the maximum bitrate.

• Variable: Select to allow the bitrate to vary based on the level of activity in the scene. More activity requires more bandwidth. We recommend this option for most situations.

Mirror: Turn on to mirror the image.

Include: Turn on to use audio in the video stream.

Source: Select what audio source to use.

Stereo: Turn on to include built-in audio as well as audio from an external microphone.

: Click to add an overlay. Select the type of overlay from the dropdown list:

• Text: Select to show a text that is integrated in the live view image and visible in all views, recordings and snapshots. You can enter your own text, and you can also include pre-configured modifiers to automatically show, for example, time, date, and frame rate.

• • : Click to add the date modifier %F to show yyyy-mm-dd.

  • : Click to add the time modifier %X to show hh:mm:ss (24-hour clock).

  • Modifiers: Click to select any of the modifiers shown in the list to add them to the text box. For example, %a shows the day of the week.

  • Size: Select the desired font size.

  • Appearance: Select the text color and background color, for example, white text on a black background (default).

  • : Select the position of the overlay in the image.

• Image: Select to show a static image superimposed over the video stream. You can use .bmp, .png, .jpeg, or .svg files.

  To upload an image, click Images. Before you upload an image, you can choose to:

• • Scale with resolution: Select to automatically scale the overlay image to fit the video resolution.

  • Use transparency: Select and enter the RGB hexadecimal value for that color. Use the format RRGGBB. Examples of hexadecimal values: FFFFFF for white, 000000 for black, FF0000 for red, 6633FF for blue, and 669900 for green. Only for .bmp images.

• Scene annotation: Select to show a text overlay in the video stream that stays in the same position, even when the camera pans or tilts in another direction. You can choose to only show the overlay within certain zoom levels.

• • : Click to add the date modifier %F to show yyyy-mm-dd.

  • : Click to add the time modifier %X to show hh:mm:ss (24-hour clock).

  • Modifiers: Click to select any of the modifiers shown in the list to add them to the text box. For example, %a shows the day of the week.

  • Size: Select the desired font size.

  • Appearance: Select the text color and background color, for example, white text on a black background (default).

  • : Select the position of the overlay in the image. The overlay is saved and remains in the pan and tilt coordinates of this position.

  • Annotation between zoom levels (%): Set the zoom levels which the overlay will be shown within.

  • Annotation symbol: Select a symbol that appears instead of the overlay when the camera is not within the set zoom levels.

• Streaming indicator: Select to show an animation superimposed over the video stream. The animation indicates that the video stream is live, even if the scene doesn’t contain any motion.

• • Appearance: Select the animation color and background color, for example, red animation on a transparent background (default).

  • Size: Select the desired font size.

  • : Select the position of the overlay in the image.

• Widget: Linegraph: Show a graph chart that displays how a measured value changes over time.

• • Title: Enter a title for the widget.

  • Overlay modifier: Select an overlay modifier as data source. If you have created MQTT overlays, they will be located at the end of the list.

  • : Select the position of the overlay in the image.

  • Size: Select the size of the overlay.

  • Visible on all channels: Turn off to show only on your currently selected channel. Turn on to show on all active channels.

  • Update interval: Choose the time between data updates.

  • Transparency: Set the transparency of the entire overlay.

  • Background transparency: Set the transparency only of the background of the overlay.

  • Points: Turn on to add a point to the graph line when data is updated.

  • X axis

  • • Label: Enter the text label for the x axis.

    • Time window: Enter how long time the data is visualized.

    • Time unit: Enter a time unit for the x axis.

  • Y axis

  • • Label: Enter the text label for the y axis.

    • Dynamic scale: Turn on for the scale to automatically adapt to the data values. Turn off to manually enter values for a fixed scale.

    • Min alarm threshold and Max alarm threshold: These values will add horizontal reference lines to the graph, making it easier to see when the data value becomes too high or too low.

• Widget: Meter: Show a bar chart that displays the most recently measured data value.

• • Title: Enter a title for the widget.

  • Overlay modifier: Select an overlay modifier as data source. If you have created MQTT overlays, they will be located at the end of the list.

  • : Select the position of the overlay in the image.

  • Size: Select the size of the overlay.

  • Visible on all channels: Turn off to show only on your currently selected channel. Turn on to show on all active channels.

  • Update interval: Choose the time between data updates.

  • Transparency: Set the transparency of the entire overlay.

  • Background transparency: Set the transparency only of the background of the overlay.

  • Points: Turn on to add a point to the graph line when data is updated.

  • Y axis

  • • Label: Enter the text label for the y axis.

    • Dynamic scale: Turn on for the scale to automatically adapt to the data values. Turn off to manually enter values for a fixed scale.

    • Min alarm threshold and Max alarm threshold: These values will add horizontal reference lines to the bar chart, making it easier to see when the data value becomes too high or too low.

: Click to create a new privacy mask.

Privacy masks: Click to change the color of all privacy masks, or to delete all privacy masks permanently.

Mask x: Click to rename, disable, or permanently delete the mask.

Click to download the contact list as a json file.

Click to import a contact list (json).

Add contact: Click to add a new contact to the contact list.

First name: Enter the contact’s first name.

Last name: Enter the contact’s last name.

Speed dial: Enter an available speed dial number for the contact. This number is used to call the contact from the device.

SIP address: If you use SIP, enter the contact's IP address or extension.

: Click to make a test call. The call will automatically end when answered.

SIP account: If you use SIP, select the SIP account to use for the call from the device to the contact.

Availability: Select the contact’s availability schedule. If a call is attempted when the contact isn’t available, the call is canceled unless there’s a fallback contact.

Fallback: If applicable, select a fallback contact from the list.

The context menu contains:

Edit contact: Edit the contact’s properties.

Delete contact: Delete the contact.

SIP setup assistant: Click to set up and configure SIP step by step.

Enable SIP: Check this option to make it possible to initiate and receive SIP calls.

Allow incoming calls: Check this option to allow incoming calls from other SIP devices.

• Call handling

• Calling timeout: Set the maximum duration of an attempted call if no one answers.

• Incoming call duration: Set the maximum time an incoming call can last (max 10 min).

• End calls after: Set the maximum time that a call can last (max 60 minutes). Select Infinite call duration if you don’t want to limit the length of a call.

• Ports
• A port number must be between 1024 and 65535.

• SIP port: The network port used for SIP communication. The signaling traffic through this port is non-encrypted. The default port number is 5060. Enter a different port number if required.

• TLS port: The network port used for encrypted SIP communication. The signaling traffic through this port is encrypted with Transport Layer Security (TLS). The default port number is 5061. Enter a different port number if required.

• RTP start port: The network port used for the first RTP media stream in a SIP call. The default start port number is 4000. Some firewalls block RTP traffic on certain port numbers.

• NAT traversal
• Use NAT (Network Address Translation) traversal when the device is located on an private network (LAN) and you want to make it available from outside of that network.
• Note

  For NAT traversal to work, the router must support it. The router must also support UPnP®.

• Each NAT traversal protocol can be used separately or in different combinations depending on the network environment.

• ICE: The ICE (Interactive Connectivity Establishment) protocol increases the chances of finding the most efficient path to successful communication between peer devices. If you also enable STUN and TURN, you improve the ICE protocol’s chances.

• STUN: STUN (Session Traversal Utilities for NAT) is a client-server network protocol that lets the device determine if it is located behind a NAT or firewall, and if so obtain the mapped public IP address and port number allocated for connections to remote hosts. Enter the STUN server address, for example, an IP address.

• TURN: TURN (Traversal Using Relays around NAT) is a protocol that lets a device behind a NAT router or firewall receive incoming data from other hosts over TCP or UDP. Enter the TURN server address and the login information.

• Audio and video

• Audio codec priority: Select at least one audio codec with the desired audio quality for SIP calls. Drag-and-drop to change the priority.

• Note

  The selected codecs must match the call recipient codec, since the recipient codec is decisive when a call is made.

• Audio direction: Select allowed audio directions.

• H.264 packetization mode: Select which packetization mode to use.

• • Auto: (Recommended) The device decides which packetization mode to use.

  • None: No packetization mode is set. This mode is often interpreted as mode 0.

  • 0: Non-interleaved mode.

  • 1: Single NAL unit mode.

• Video direction: Select allowed video directions.

• Additional

• UDP-to-TCP switching: Select to allow calls to switch transport protocols from UDP (User Datagram Protocol) to TCP (Transmission Control Protocol) temporarily. The reason for switching is to avoid fragmentation, and the switch can take place if a request is within 200 bytes of the maximum transmission unit (MTU) or larger than 1300 bytes.

• Allow via rewrite: Select to send the local IP address instead of the router's public IP address.

• Allow contact rewrite: Select to send the local IP address instead of the router's public IP address.

• Register with server every: Set how often you want the device to register with the SIP server for the existing SIP accounts.

• DTMF payload type: Changes the default payload type for DTMF.

• Max retransmissions: Set the maximum number of times the device tries to connect to the SIP server before it stops trying.

• Seconds until failback: Set the number of seconds until the device tries to reconnect to the primary SIP server after it has failed over to a secondary SIP server.

All current SIP accounts are listed under SIP accounts. For registered accounts, the colored circle lets you know the status.

• The account is successfully registered with the SIP server.
• There is a problem with the account. Possible reasons can be authorization failure, that the account credentials are wrong, or that the SIP server can’t find the account.

The peer to peer (default) account is an automatically created account. You can delete it if you create at least one other account and set that account as default. The default account is always used when a VAPIX® Application Programming Interface (API) call is made without specifying which SIP account to call from.

• Add account: Click to create a new SIP account.

• Active: Select to be able to use the account.

• Make default: Select to make this the default account. There must be a default account, and there can only be one default account.

• Answer automatically: Select to automatically answer an incoming call.

• Prioritize IPv6 over IPv4: Select to prioritize IPv6 addresses over IPv4 addresses. This is useful when you connect to peer-to-peer accounts or domain names that resolve in both IPv4 and IPv6 addresses. You can only prioritize IPv6 for domain names that are mapped to IPv6 addresses.

• Name: Enter a descriptive name. This can, for example, be a first and last name, a role, or a location. The name is not unique.

• User ID: Enter the unique extension or phone number assigned to the device.

• Peer-to-peer: Use for direct calls to another SIP device on the local network.

• Registered: Use for calls to SIP devices outside the local network, through a SIP server.

• Domain: If available, enter the public domain name. It will be shown as part of the SIP address when calling other accounts.

• Password: Enter the password associated with the SIP account for authenticating against the SIP server.

• Authentication ID: Enter the authentication ID used for authenticating against the SIP server. If it is the same as the user ID, you don’t need to enter the authentication ID.

• Caller ID: The name which is presented to the recipient of calls from the device.

• Registrar: Enter the IP address for the registrar.

• Transport mode: Select the SIP transport mode for the account: UPD, TCP, or TLS.

• TLS version (only with transport mode TLS): Select the version of TLS to use. Versions v1.2 and v1.3 are the most secure. Automatic selects the most secure version that the system can handle.

• Media encryption (only with transport mode TLS): Select the type of encryption for media (audio and video) in SIP calls.

• Certificate (only with transport mode TLS): Select a certificate.

• Verify server certificate (only with transport mode TLS): Check to verify the server certificate.

• Secondary SIP server: Turn on if you want the device to try to register on a secondary SIP server if registration on the primary SIP server fails.

• SIP secure: Select to use Secure Session Initiation Protocol (SIPS). SIPS uses the TLS transport mode to encrypt traffic.

• Proxies

• • Proxy: Click to add a proxy.

  • Prioritize: If you have added two or more proxies, click to prioritize them.

  • Server address: Enter the IP address of the SIP proxy server.

  • Username: If required, enter the username for the SIP proxy server.

  • Password: If required, enter the password for the SIP proxy server.

• Video

• • View area: Select the view area to use for video calls. If you select none, the native view is used.

  • Resolution: Select the resolution to use for video calls. The resolution affects the required bandwidth.

  • Frame rate: Select the number of frames per second for video calls. The frame rate affects the required bandwidth.

  • H.264 profile: Select the profile to use for video calls.

Add sequence: Click to create a new dual-tone multifrequency (DTMF) sequence. To create a rule that is activated by touch-tone, go to Events > Rules.

Sequence: Enter the characters to activate the rule. Allowed characters: 0–9, A-D, #, and *.

Description: Enter a description of the action to be triggered by the sequence.

Accounts: Select the accounts that will use the DTMF sequence. If you choose peer-to-peer, all peer-to-peer accounts will share the same DTMF sequence.

Protocols

Select the protocols to use for each account. All peer-to-peer accounts share the same protocol settings.

Use RTP (RFC2833): Turn on to allow dual-tone multifrequency (DTMF) signaling, other tone signals and telephony events in RTP packets.

Use SIP INFO (RFC2976): Turn to include the INFO method to the SIP protocol. The INFO method adds optional application layer information, generally related to the session.

SIP account: Select which account to make the test call from.

SIP address: Enter a SIP address and click to make a test call and verify that the account works.

Use access list: Turn on to restrict who can make calls to the device.

• Policy:

• Allow: Select to allow incoming calls only from the sources in the access list.

• Block: Select to block incoming calls from the sources in the access list.

Add source: Click to create a new entry in the access list.

SIP source: Type the caller ID or SIP server address of the source.

User multicast controller: Turn on to activate multicast controller.

Audio codec: Select an audio codec.

Source: Add a new multicast controller source.

• Label: Enter the name of a label that is not already used by a source.

• Source: Enter a source.

• Port: Enter a port.

• Priority: Select a priority.

• Profile: Select a profile.

• SRTP key: Enter an SRTP key.

The context menu contains:

Edit: Edit the multicast controller source.

Delete: Delete the multicast controller source.

Enable call button: Turn on to make it possible to use the call button.

Standby light: Select an option for the built-in light around the call button.

• Auto: The device turns the built-in light on and off based on the surrounding light.

• On: The built-in light is always turned on when the device is in standby mode.

• Off: The built-in light is always turned off when the device is in standby mode.

Recipients: Select or create one or more contacts to call when someone presses the call button. If you add more than one recipient, the call will be placed to all of them at the same time. The maximum number of SIP call recipients is six, while you can have an unlimited number of VMS call recipients.

Fallback: Add a fallback contact from the list in case none of the recipients replies.

Audio

Ringtone: Select the audio clip to play when someone makes a call to the device. Use the slider to adjust the gain.

Ringback tone: Select the audio clip to play when someone makes a call from the device. Use the slider to adjust the gain.

Allow calls in the video management software (VMS): Select to allow calls from the device to the VMS. You can make VMS calls even if SIP is turned off.

Call timeout: Set the maximum duration of an attempted call if no one answers.

Use external OSDP reader: Turn on to use the device with an external reader. Connect the reader to the reader connector.

• Status:

• Connected: The device is connected to the active external reader.

• Connecting: The device is trying to connect to the external reader.

• Not connected: OSDP is turned off.

Reader protocol type: Select the protocol to use for the reader functionality.

• VAPIX reader: Can only be used with an Axis door controller.

• • Protocol: Select HTTPS or HTTP.

  • Door controller address: Enter the IP address for the door controller.

  • User name: Enter the username of the door controller.

  • Password: Enter the password of the door controller.

  • Connect: Click to connect to the door controller.

  • Select reader: Select the entrance reader for the appropriate door.

• OSDP:

• • OSDP address: Enter the OSDP reader address. 0 is the default and most common address for single readers.

• Wiegand:

• • Beeper: Turn on to activate the beeper input.

  • Input for beeper: Select the I/O port used for the beeper.

  • Input used for LED control: Select how many I/O ports to use for controlling LED feedback on the device.

  • Input for LED1/LED2: Select which I/O ports to use for LED input.

  • Idle color: If no I/O port is used to control the LED, you can select a static color to show on the card reader indicator stripe.

  • Color for state low/high: If one I/O port is used for LED control, select the color to show for state low and state high respectively.

  • Idle color/LED1 color/LED2 color/LED1 + LED2 color: If two I/O ports are used for LED control, select the colors to show for idle, LED1, LED2, and LED1 + LED2 respectively.

  • Keypress format: Select how to format the PIN when it’s sent to the access control unit.

  • • FourBit: PIN 1234 is encoded and sent as 0x1 0x2 0x3 0x4. This is the default and most common behaviour.

    • EightBitZeroPadded: PIN 1234 is encoded and sent as 0x01 0x02 0x03 0x04.

    • EightBitInvertPadded: PIN 1234 is encoded and sent as 0xE1 0xD2 0xC3 0xB4.

    • Wiegand26: The PIN is encoded in Wiegand26 format with an 8 bit facility code and a 16 bit id.

    • Wiegand34: The PIN is encoded in a Wiegand34 format with a 16 bit facility code and a 16 bit id.

    • Wiegand37: The PIN is encoded in a Wiegand37 format (H10302) with a 35 bit id.

    • Wiegand37FacilityCode: The PIN is encoded in a Wiegand37 format (H10304) with a 16 bit facility code and a 19 bit id.

  • Facility code: Enter the facility code to be sent. This option is only available for some keypress formats.

Select data format: Select in which format to send card data to the access control unit.

• Raw: Transmits the card data as it is.

• Wiegand26: Encodes the card data in Wiegand26 format with an 8 bit facility code and a 16 bit id.

• Wiegand34: Encodes the card data in Wiegand34 format with a 16 bit facility code and a 16 bit id.

• Wiegand37: Encodes the card data in Wiegand37 format (H10302) with a 35 bit id.

• Wiegand37FacilityCode: Encodes the card data in Wiegand37 format (H10304) with a 16 bit facility code and a 19 bit id.

• Custom: Define your own formatting.

Facility code override mode: Select an option for overriding the facility code.

• Auto: Doesn’t override the facility code, and creates a facility code from the input data auto detection. Either uses the card’s original facility code, or forges it from excess bits of a card number.

• Optional: Uses the facility code from the input data, or overrides with a configured optional value.

• Override: Always overrides with a specified facility code.

Length (0–32): Enter the number of digits in the PIN. If users aren’t required to use a PIN when they use the reader, set the length to 0.

Timeout (seconds, 3–50): Enter the number of seconds that need to pass before the device returns to idle mode when no PIN is received.

Use Entry list: Turn on to use the Entry list functionality.

Use connected door controller: Turn on if the device is already connected to a door controller. If someone presents a credential that doesn’t exist in Entry list, we’ll send the request to the connected door controller. We don’t send credentials that are available in Entry list.

Add credential holder: Click to add a new credential holder.

First name: Enter a first name.

Last name: Enter a last name.

Credential type:

• PIN:

• • PIN: Enter a unique PIN or click Generate to create one automatically.

• Card:

• • UID: Enter the card’s UID and bit length, or click Get latest to fetch the data from the latest card swipe.

Event condition: Select one or more conditions to trigger when the credential holder uses their credential. To set up the resulting action, go to System > Events and create a rule, using the same condition you select here.

Valid from: Select Current device time to activate the credential immediately. Clear to specify when to activate the credential.

Valid to:

• No end date: Credential is valid indefinitely.

• End date: Specify the date and time when the credential becomes invalid.

• Number of times: Specify how many times the credential holder can use the credential. The value in the field reduces as the credential is used, to show the remaining uses.

Notes: Enter optional information.

Suspend: Select to make the credential temporarily invalid.

Noise cancellation: Turn on to improve audio quality by removing background noise.

Input type: Select the type of input, for instance, if it’s internal microphone or line.

Power type: Select power type for your input.

Apply changes: Apply your selection.

Echo cancellation: Turn on to remove echoes during two-way communication.

Separate gain controls: Turn on to adjust the gain separately for the different input types.

Automatic gain control: Turn on to dynamically adapt the gain to changes in the sound.

Gain: Use the slider to change the gain. Click the microphone icon to mute or unmute.

Gain: Use the slider to change the gain. Click the speaker icon to mute or unmute.

Encoding: Select the encoding to use for the input source streaming. You can only choose encoding if audio input is turned on. If audio input is turned off, click Enable audio input to turn it on.

Add clip: Add a new audio clip. You can use .au, .mp3, .opus, .vorbis, .wav files.

Play the audio clip.

Stop playing the audio clip.

The context menu contains:

• Rename: Change the name of the audio clip.

• Create link: Create a URL that, when used, plays the audio clip on the device. Specify the volume and number of times to play the clip.

• Download: Download the audio clip to your computer.

• Delete: Delete the audio clip from the device.

Ongoing recordings: Show all ongoing recordings on the device.

Start a recording on the device.

Choose which storage device to save to.

Stop a recording on the device.

Triggered recordings will end when manually stopped or when the device is shut down.

Continuous recordings will continue until manually stopped. Even if the device is shut down, the recording will continue when the device starts up again.

Play the recording.

Stop playing the recording.

Show or hide information and options about the recording.

Set export range: If you only want to export part of the recording, enter a time span. Note that if you work in a different time zone than the location of the device, the time span is based on the device’s time zone.

Encrypt: Select to set a password for exported recordings. It will not be possible to open the exported file without the password.

Click to delete a recording.

Export: Export the whole or a part of the recording.

Click to filter the recordings.

From: Show recordings done after a certain point in time.

To: Show recordings up until a certain point in time.

Source: Show recordings based on source. The source refers to the sensor.

Event: Show recordings based on events.

Storage: Show recordings based on storage type.

Add app: Install a new app.

Find more apps: Find more apps to install. You will be taken to an overview page of Axis apps.

Allow unsigned apps: Turn on to allow installation of unsigned apps.

Allow root-privileged apps: Turn on to allow apps with root privileges full access to the device.

View the security updates in AXIS OS and ACAP apps.

Use the switch next to the app name to start or stop the app.

Open: Access the app’s settings. The available settings depend on the application. Some applications don’t have any settings.

The context menu can contain one or more of the following options:

• Open-source license: View information about open-source licenses used in the app.

• App log: View a log of the app events. The log is helpful when you contact support.

• Activate license with a key: If the app requires a license, you need to activate it. Use this option if your device doesn’t have internet access.

  If you don’t have a license key, go to axis.com/products/analytics. You need a license code and the Axis product serial number to generate a license key.

• Activate license automatically: If the app requires a license, you need to activate it. Use this option if your device has internet access. You need a license code to activate the license.

• Deactivate the license: Deactivate the license to replace it with another license, for example, when you change from a trial license to a full license. If you deactivate the license, you also remove it from the device.

• Settings: Configure the parameters.

• Delete: Delete the app permanently from the device. If you don’t deactivate the license first, it remains active.

Synchronization: Select an option for the device’s date and time synchronization.

• Automatic date and time (manual NTS KE servers): Synchronize with the secure NTP key establishment servers connected to the DHCP server.

• • Manual NTS KE servers: Enter the IP address of one or two NTP servers. When you use two NTP servers, the device synchronizes and adapts its time based on input from both.

  • Max NTP poll time: Select the maximum amount of time the device should wait before it polls the NTP server to get an updated time.

  • Min NTP poll time: Select the minimum amount of time the device should wait before it polls the NTP server to get an updated time.

• Automatic date and time (NTP servers using DHCP): Synchronize with the NTP servers connected to the DHCP server.

• • Fallback NTP servers: Enter the IP address of one or two fallback servers.

  • Max NTP poll time: Select the maximum amount of time the device should wait before it polls the NTP server to get an updated time.

  • Min NTP poll time: Select the minimum amount of time the device should wait before it polls the NTP server to get an updated time.

• Automatic date and time (manual NTP servers): Synchronize with NTP servers of your choice.

• • Manual NTP servers: Enter the IP address of one or two NTP servers. When you use two NTP servers, the device synchronizes and adapts its time based on input from both.

  • Max NTP poll time: Select the maximum amount of time the device should wait before it polls the NTP server to get an updated time.

  • Min NTP poll time: Select the minimum amount of time the device should wait before it polls the NTP server to get an updated time.

• Custom date and time: Manually set the date and time. Click Get from system to fetch the date and time settings once from your computer or mobile device.

Time zone: Select which time zone to use. Time will automatically adjust to daylight saving time and standard time.

• DHCP: Adopts the time zone of the DHCP server. The device must connected to a DHCP server before you can select this option.

• Manual: Select a time zone from the drop-down list.

• Latitude: Positive values are north of the equator.

• Longitude: Positive values are east of the prime meridian.

• Heading: Enter the compass direction that the device is facing. 0 is due north.

• Label: Enter a descriptive name for the device.

• Save: Click to save your device location.

Interactive device image: Click the buttons in the image to simulate real key presses. This allows you to try out configurations or troubleshoot the hardware without having physical access to the device.

Latest credentials: Shows information about the credentials that were last registered.

Show the latest credentials data.

The context menu contains:

• Reverse UID: Invert the byte order of the UID.

• Revert UID: Revert the byte order of the UID back to the original order.

• Copy to clipboard: Copy the UID.

Check credentials: Enter a UID or a PIN and submit to check the credentials. The system will respond in the same way as if you used the credentials at the device. If both UID and PIN is required, start by entering the UID.

Assign IPv4 automatically: Select to let the network router assign an IP address to the device automatically. We recommend automatic IP (DHCP) for most networks.

IP address: Enter a unique IP address for the device. Static IP addresses can be assigned at random within isolated networks, provided that each address is unique. To avoid conflicts, we recommend you contact your network administrator before you assign a static IP address.

Subnet mask: Enter the subnet mask to define what addresses are inside the local area network. Any address outside the local area network goes through the router.

Router: Enter the IP address of the default router (gateway) used to connect devices that are attached to different networks and network segments.

Fallback to static IP address if DHCP isn’t available: Select if you want to add a static IP address to use as fallback if DHCP is unavailable and can’t assign an IP address automatically.

Assign IPv6 automatically: Select to turn on IPv6 and to let the network router assign an IP address to the device automatically.

Assign hostname automatically: Select to let the network router assign a hostname to the device automatically.

Hostname: Enter the hostname manually to use as an alternative way of accessing the device. The server report and system log use the hostname. Allowed characters are A–Z, a–z, 0–9 and -.

Assign DNS automatically: Select to let the DHCP server assign search domains and DNS server addresses to the device automatically. We recommend automatic DNS (DHCP) for most networks.

Search domains: When you use a hostname that is not fully qualified, click Add search domain and enter a domain in which to search for the hostname the device uses.

DNS servers: Click Add DNS server and enter the IP address of the DNS server. This provides the translation of hostnames to IP addresses on your network.

Allow access through: Select if a user is allowed to connect to the device through the HTTP, HTTPS, or both HTTP and HTTPS protocols.

HTTP port: Enter the HTTP port to use. The device allows port 80 or any port in the range 1024-65535. If you are logged in as an administrator, you can also enter any port in the range 1-1023. If you use a port in this range, you get a warning.

HTTPS port: Enter the HTTPS port to use. The device allows port 443 or any port in the range 1024-65535. If you are logged in as an administrator, you can also enter any port in the range 1-1023. If you use a port in this range, you get a warning.

Certificate: Select a certificate to enable HTTPS for the device.

Bonjour^®: Turn on to allow automatic discovery on the network.

Bonjour name: Enter a friendly name to be visible on the network. The default name is the device name and MAC address.

UPnP^®: Turn on to allow automatic discovery on the network.

UPnP name: Enter a friendly name to be visible on the network. The default name is the device name and MAC address.

WS-Discovery: Turn on to allow automatic discovery on the network.

LLDP and CDP: Turn on to allow automatic discovery on the network. Turning LLDP and CDP off can impact the PoE power negotiation. To resolve any issues with the PoE power negotiation, configure the PoE switch for hardware PoE power negotiation only.

Allow O3C:

• One-click: This is the default setting. Press and hold the control button on the device to connect to an O3C service over the internet. You need to register the device with the O3C service within 24 hours after you press the control button. Otherwise, the device disconnects from the O3C service. Once you register the device, Always is enabled and the device stays connected to the O3C service.

• Always: The device constantly attempts to connect to an O3C service over the internet. Once you register the device, it stays connected to the O3C service. Use this option if the control button on the device is out of reach.

• No: Disables the O3C service.

Proxy settings: If needed, enter the proxy settings to connect to the proxy server.

Host: Enter the proxy server’s address.

Port: Enter the port number used for access.

Login and Password: If needed, enter username and password for the proxy server.

Authentication method:

• Basic: This method is the most compatible authentication scheme for HTTP. It’s less secure than the Digest method because it sends the username and password unencrypted to the server.

• Digest: This method is more secure because it always transfers the password encrypted across the network.

• Auto: This option lets the device select the authentication method depending on the supported methods. It prioritizes the Digest method over the Basic method.

Owner authentication key (OAK): Click Get key to fetch the owner authentication key. This is only possible if the device is connected to the internet without a firewall or proxy.

SNMP: Select the version of SNMP to use.

• v1 and v2c:

• • Read community: Enter the community name that has read-only access to all supported SNMP objects. The default value is public.

  • Write community: Enter the community name that has read or write access to all supported SNMP objects (except read-only objects). The default value is write.

  • Activate traps: Turn on to activate trap reporting. The device uses traps to send messages for important events or status changes to a management system. In the web interface, you can set up traps for SNMP v1 and v2c. Traps are automatically turned off if you change to SNMP v3 or turn off SNMP. If you use SNMP v3, you can set up traps through the SNMP v3 management application.

  • Trap address: Enter the IP address or host name of the management server.

  • Trap community: Enter the community to use when the device sends a trap message to the management system.

  • Traps:

  • • Cold start: Sends a trap message when the device starts.

    • Warm start: Sends a trap message when you change an SNMP setting.

    • Link up: Sends a trap message when a link changes from down to up.

    • Authentication failed: Sends a trap message when an authentication attempt fails.

• v3: SNMP v3 is a more secure version, which provides encryption and secure passwords. To use SNMP v3, we recommend you to activate HTTPS, as the password is then sent through HTTPS. This also prevents unauthorized parties’ access to unencrypted SNMP v1 and v2c traps. If you use SNMP v3, you can set up traps through the SNMP v3 management application.

• • Password for the account “initial”: Enter the SNMP password for the account named “initial”. Although the password can be sent without activating HTTPS, we don’t recommend it. The SNMP v3 password can only be set once, and preferably only when HTTPS is enabled. Once the password is set, the password field is no longer displayed. To set the password again, you must reset the device to factory default settings.

Certificates are used to authenticate devices on a network. The device supports two types of certificates:

• Client/server certificates

  A client/server certificate validates the device’s identity, and can be self-signed or issued by a Certificate Authority (CA). A self-signed certificate offers limited protection and can be used before a CA-issued certificate has been obtained.

• CA certificates

  You can use a CA certificate to authenticate a peer certificate, for example to validate the identity of an authentication server when the device connects to a network protected by IEEE 802.1X. The device has several pre-installed CA certificates.

These formats are supported:

• Certificate formats: .PEM, .CER, and .PFX

• Private key formats: PKCS#1 and PKCS#12

Add certificate : Click to add a certificate.

• More: Show more fields to fill in or select.

• Secure keystore: Select to use Secure element or Trusted Platform Module 2.0 to securely store the private key. For more information on which secure keystore to select, go to help.axis.com/en-us/axis-os#cryptographic-support.

• Key type: Select the default or a different encryption algorithm from the drop-down list to protect the certificate.

The context menu contains:

• Certificate information: View an installed certificate’s properties.

• Delete certificate: Delete the certificate.

• Create certificate signing request: Create a certificate signing request to send to a registration authority to apply for a digital identity certificate.

Secure keystore:

• Secure element (CC EAL6+): Select to use secure element for secure keystore.

• Trusted Platform Module 2.0 (CC EAL4+, FIPS 140-2 Level 2): Select to use TPM 2.0 for secure keystore.

IEEE 802.1x

IEEE 802.1x is an IEEE standard for port-based network admission control providing secure authentication of wired and wireless network devices. IEEE 802.1x is based on EAP (Extensible Authentication Protocol).

To access a network protected by IEEE 802.1x, network devices must authenticate themselves. The authentication is performed by an authentication server, typically a RADIUS server (for example, FreeRADIUS and Microsoft Internet Authentication Server).

IEEE 802.1AE MACsec

IEEE 802.1AE MACsec is an IEEE standard for media access control (MAC) security that defines connectionless data confidentiality and integrity for media access independent protocols.

Certificates

When configured without a CA certificate, server certificate validation is disabled and the device tries to authenticate itself regardless of what network it is connected to.

When using a certificate, in Axis' implementation, the device and the authentication server authenticate themselves with digital certificates using EAP-TLS (Extensible Authentication Protocol - Transport Layer Security).

To allow the device to access a network protected through certificates, you must install a signed client certificate on the device.

Authentication method: Select an EAP type used for authentication.

Client certificate: Select a client certificate to use IEEE 802.1x. The authentication server uses the certificate to validate the client’s identity.

CA certificates: Select CA certificates to validate the authentication server’s identity. When no certificate is selected, the device tries to authenticate itself regardless of what network it is connected to.

EAP identity: Enter the user identity associated with the client certificate.

EAPOL version: Select the EAPOL version that is used in the network switch.

Use IEEE 802.1x: Select to use the IEEE 802.1x protocol.

These settings are only available if you use IEEE 802.1x PEAP-MSCHAPv2 as the authentication method:

• Password: Enter the password for your user identity.

• Peap version: Select the Peap version that is used in the network switch.

• Label: Select 1 to use client EAP encryption; select 2 to use client PEAP encryption. Select the Label that the network switch uses when using Peap version 1.

These settings are only available if you use IEEE 802.1ae MACsec (Static CAK/Pre-Shared Key) as the authentication method:

• Key agreement connectivity association key name: Enter the connectivity association name (CKN). It must be 2 to 64 (divisible by 2) hexadecimal characters. The CKN must be manually configured in the connectivity association and must match on both ends of the link to initially enable MACsec.

• Key agreement connectivity association key: Enter the connectivity association key (CAK). It should be either 32 or 64 hexadecimal characters long. The CAK must be manually configured in the connectivity association and must match on both ends of the link to initially enable MACsec.

Blocking: Turn on to block brute-force attacks. A brute-force attack uses trial-and-error to guess login info or encryption keys.

Blocking period: Enter the number of seconds to block a brute-force attack.

Blocking conditions: Enter the number of authentication failures allowed per second before the block starts. You can set the number of failures allowed both on page level and device level.

Activate: Turn on the firewall.

• Default Policy: Select the default state for the firewall.

• Allow: Allows all connections to the device. This option is set by default.

• Deny: Denies all connections to the device.

To make exceptions to the default policy, you can create rules that allows or denies connections to the device from specific addresses, protocols, and ports.

• Address: Enter an address in IPv4/IPv6 or CIDR format that you want to allow or deny access to.

• Protocol: Select a protocol that you want to allow or deny access to.

• Port: Enter a port number that you want to allow or deny access to. You can add a port number between 1 and 65535.

• Policy: Select the policy of the rule.

: Click to create another rule.

• Add rules: Click to add the rules that you have defined.

• Time in seconds: Set a time limit for testing the rules. The default time limit is set to 300 seconds. To activate the rules straight away, set the time to 0 seconds.

• Confirm rules: Confirm the rules and their time limit. If you have set a time limit of more than 1 second, the rules will be active during this time. If you have set the time to 0, the rules will be active straight away.

Pending rules: An overview of the latest tested rules that you are yet to confirm.

Confirm rules: Click to activate the pending rules.

Active rules: An overview of the rules you are currently running on the device.

: Click to delete an active rule.

: Click to delete all rules, both pending and active.

To install test software or other custom software from Axis on the device, you need a custom signed AXIS OS certificate. The certificate verifies that the software is approved by both the device owner and Axis. The software can only run on a specific device which is identified by its unique serial number and chip ID. Only Axis can create custom signed AXIS OS certificates, since Axis holds the key to sign them.

Install: Click to install the certificate. You need to install the certificate before you install the software.

The context menu contains:

• Delete certificate: Delete the certificate.

Add account: Click to add a new account. You can add up to 100 accounts.

Account: Enter a unique account name.

New password: Enter a password for the account. Passwords must be 1 to 64 characters long. Only ASCII printable characters (code 32 to 126) are allowed in the password, for example, letters, numbers, punctuation, and some symbols.

Repeat password: Enter the same password again.

Privileges:

• Administrator: Has full access to all settings. Administrators can also add, update, and remove other accounts.

• Operator: Has access to all settings except:

• • All System settings.

• Viewer: Has access to:

• • Watch and take snapshots of a video stream.

  • Watch and export recordings.

  • Pan, tilt, and zoom; with PTZ account access.

The context menu contains:

Update account: Edit the account properties.

Delete account: Delete the account. You can’t delete the root account.

Allow anonymous viewing: Turn on to allow anyone access the device as a viewer without logging in with an account.

Allow anonymous PTZ operating: Turn on to allow anonymous users to pan, tilt, and zoom the image.

Add SSH account: Click to add a new SSH account.

• Restrict root access: Turn on to restrict functionality that requires root access.

• Enable SSH: Turn on to use SSH service.

Account: Enter a unique account name.

New password: Enter a password for the account. Passwords must be 1 to 64 characters long. Only ASCII printable characters (code 32 to 126) are allowed in the password, for example, letters, numbers, punctuation, and some symbols.

Repeat password: Enter the same password again.

Comment: Enter a comment (optional).

The context menu contains:

Update SSH account: Edit the account properties.

Delete SSH account: Delete the account. You can’t delete the root account.

Add virtual host: Click to add a new virtual host.

Enabled: Select to use this virtual host.

Server name: Enter the name of the server. Only use numbers 0-9, letters A-Z, and hyphen (-).

Port: Enter the port the server is connected to.

Type: Select the type of authentication to use. Select between Basic, Digest, and Open ID.

The context menu contains:

• Update: Update the virtual host.

• Delete: Delete the virtual host.

Disabled: The server is disabled.

Client ID: Enter the OpenID username.

Outgoing Proxy: Enter the proxy address for the OpenID connection to use a proxy server.

Admin claim: Enter a value for the admin role.

Provider URL: Enter the web link for the API endpoint authentication. Format should be https://[insert URL]/.well-known/openid-configuration

Operator claim: Enter a value for the operator role.

Require claim: Enter the data that should be in the token.

Viewer claim: Enter the value for the viewer role.

Remote user: Enter a value to identify remote users. This assists to display the current user in the device’s web interface.

Scopes: Optional scopes that could be part of the token.

Client secret: Enter the OpenID password

Save: Click to save the OpenID values.

Enable OpenID: Turn on to close current connection and allow device authentication from the provider URL.

Add a rule: Create a rule.

Name: Enter a name for the rule.

Wait between actions: Enter the minimum time (hh:mm:ss) that must pass between rule activations. It is useful if the rule is activated by, for example, day-night mode conditions, to avoid that small light changes during sunrise and sunset activate the rule repeatedly.

Condition: Select a condition from the list. A condition must be met for the device to perform an action. If multiple conditions are defined, all of them must be met to trigger the action. For information about specific conditions, see Get started with rules for events.

Use this condition as a trigger: Select to make this first condition function only as a starting trigger. It means that once the rule is activated, it remains active for as long as all the other conditions are met, no matter the state of the first condition. If you don’t select this option, the rule will simply be active whenever all the conditions are met.

Invert this condition: Select if you want the condition to be the opposite of your selection.

Add a condition: Click to add an additional condition.

Action: Select an action from the list and enter its required information. For information about specific actions, see Get started with rules for events.

Add a recipient: Click to add a recipient.

Name: Enter a name for the recipient.

Type: Select from the list:

• FTP

• • Host: Enter the server's IP address or hostname. If you enter a hostname, make sure that a DNS server is specified under System > Network > IPv4 and IPv6.

  • Port: Enter the port number used by the FTP server. The default is 21.

  • Folder: Enter the path to the directory where you want to store files. If this directory doesn’t already exist on the FTP server, you will get an error message when uploading files.

  • Username: Enter the username for the login.

  • Password: Enter the password for the login.

  • Use temporary file name: Select to upload files with temporary, automatically generated filenames. The files get renamed to the desired names when the upload completes. If the upload is aborted/interrupted, you don’t get any corrupt files. However, you probably still get the temporary files. This way you know that all files that have the desired name are correct.

  • Use passive FTP: Under normal circumstances, the product simply requests the target FTP server to open the data connection. The device actively initiates both the FTP control and data connections to the target server. This is normally needed if there is a firewall between the device and the target FTP server.

• HTTP

• • URL: Enter the network address to the HTTP server and the script that will handle the request. For example, http://192.168.254.10/cgi-bin/notify.cgi.

  • Username: Enter the username for the login.

  • Password: Enter the password for the login.

  • Proxy: Turn on and enter the required information if a proxy server must be passed to connect to the HTTP server.

• HTTPS

• • URL: Enter the network address to the HTTPS server and the script that will handle the request. For example, https://192.168.254.10/cgi-bin/notify.cgi.

  • Validate server certificate: Select to validate the certificate that was created by HTTPS server.

  • Username: Enter the username for the login.

  • Password: Enter the password for the login.

  • Proxy: Turn on and enter the required information if a proxy server must be passed to connect to the HTTPS server.

• Network storage

  You can add network storage such as NAS (network-attached storage) and use it as a recipient to store files. The files are stored in the Matroska (MKV) file format.

• • Host: Enter the IP address or hostname for the network storage.

  • Share: Enter the name of the share on the host.

  • Folder: Enter the path to the directory where you want to store files.

  • Username: Enter the username for the login.

  • Password: Enter the password for the login.

• SFTP

• • Host: Enter the server's IP address or hostname. If you enter a hostname, make sure that a DNS server is specified under System > Network > IPv4 and IPv6.

  • Port: Enter the port number used by the SFTP server. The default is 22.

  • Folder: Enter the path to the directory where you want to store files. If this directory doesn’t already exist on the SFTP server, you will get an error message when uploading files.

  • Username: Enter the username for the login.

  • Password: Enter the password for the login.

  • SSH host public key type (MD5): Enter the fingerprint of the remote host’s public key (a 32-digit hexadecimal string). The SFTP client supports SFTP servers using SSH-2 with RSA, DSA, ECDSA, and ED25519 host key types. RSA is the preferred method during negotiation, followed by ECDSA, ED25519, and DSA. Make sure to enter the right MD5 host key that is used by your SFTP server. While the Axis device supports both MD5 and SHA-256 hash keys, we recommend using SHA-256 due to stronger security over MD5. For more information on how to configure an SFTP server with an Axis device, go to the AXIS OS Portal.

  • SSH host public key type (SHA256): Enter the fingerprint of the remote host’s public key (a 43-digit Base64 encoded string). The SFTP client supports SFTP servers using SSH-2 with RSA, DSA, ECDSA, and ED25519 host key types. RSA is the preferred method during negotiation, followed by ECDSA, ED25519, and DSA. Make sure to enter the right MD5 host key that is used by your SFTP server. While the Axis device supports both MD5 and SHA-256 hash keys, we recommend using SHA-256 due to stronger security over MD5. For more information on how to configure an SFTP server with an Axis device, go to the AXIS OS Portal.

  • Use temporary file name: Select to upload files with temporary, automatically generated filenames. The files get renamed to the desired names when the upload completes. If the upload is aborted or interrupted, you don’t get any corrupt files. However, you probably still get the temporary files. This way, you know that all files that have the desired name are correct.

• SIP or VMS:

  SIP: Select to make a SIP call.

  VMS: Select to make a VMS call.

• • From SIP account: Select from the list.

  • To SIP address: Enter the SIP address.

  • Test: Click to test that your call settings works.

• Email

• • Send email to: Enter the email address to send emails to. To enter multiple addresses, use commas to separate them.

  • Send email from: Enter the email address of the sending server.

  • Username: Enter the username for the mail server. Leave this field empty if the mail server does not require authentication.

  • Password: Enter the password for the mail server. Leave this field empty if the mail server does not require authentication.

  • Email server (SMTP): Enter the name of the SMTP server, for example, smtp.gmail.com, smtp.mail.yahoo.com.

  • Port: Enter the port number for the SMTP server, using values in the range 0-65535. The default value is 587.

  • Encryption: To use encryption, select either SSL or TLS.

  • Validate server certificate: If you use encryption, select to validate the identity of the device. The certificate can be self-signed or issued by a Certificate Authority (CA).

  • POP authentication: Turn on to enter the name of the POP server, for example, pop.gmail.com.

  • Note

    Some email providers have security filters that prevent users from receiving or viewing large amount of attachments, from receiving scheduled emails and similar. Check the email provider's security policy to avoid your email account being locked or missing out on your expected emails.

• TCP

• • Host: Enter the server's IP address or hostname. If you enter a hostname, make sure that a DNS server is specified under System > Network > IPv4 and IPv6.

  • Port: Enter the port number used to access the server.

Test: Click to test the setup.

The context menu contains:

View recipient: Click to view all the recipient details.

Copy recipient: Click to copy a recipient. When you copy, you can make changes to the new recipient.

Delete recipient: Click to delete the recipient permanently.

Schedules and pulses can be used as conditions in rules. The list shows all the schedules and pulses currently configured in the product, along with information about their configuration.

Add schedule: Click to create a schedule or pulse.

You can use the manual trigger to manually trigger a rule. The manual trigger can, for example, be used to validate actions during product installation and configuration.

MQTT (Message Queuing Telemetry Transport) is a standard messaging protocol for the Internet of Things (IoT). It was designed for simplified IoT integration and is used in a wide variety of industries to connect remote devices with a small code footprint and minimal network bandwidth. The MQTT client in Axis device software can simplify integration of data and events produced in the device to systems which are not video management software (VMS).

Set up the device as an MQTT client. MQTT communication is based on two entities, the clients and the broker. The clients can send and receive messages. The broker is responsible for routing messages between clients.

You can learn more about MQTT in AXIS OS Portal.

ALPN is a TLS/SSL extension that allows for the selection of an application protocol during the handshake phase of the connection between the client and server. This is used to enable MQTT traffic over the same port that is used for other protocols, such as HTTP. In some cases, there might not be a dedicated port open for MQTT communication. A solution in such cases is to use ALPN to negotiate the use of MQTT as the application protocol on a standard port, allowed by the firewalls.

Connect: Turn on or off the MQTT client.

Status: Shows the current status of the MQTT client.

Broker

Host: Enter the hostname or IP address of the MQTT server.

Protocol: Select which protocol to use.

Port: Enter the port number.

• 1883 is the default value for MQTT over TCP

• 8883 is the default value for MQTT over SSL

• 80 is the default value for MQTT over WebSocket

• 443 is the default value for MQTT over WebSocket Secure

ALPN protocol: Enter the ALPN protocol name provided by your MQTT broker provider. This is only applicable with MQTT over SSL and MQTT over WebSocket Secure.

Username: Enter the username that the client will use to access the server.

Password: Enter a password for the username.

Client ID: Enter a client ID. The client identifier is sent to the server when the client connects to it.

Clean session: Controls the behavior at connection and disconnection time. When selected, the state information is discarded at connect and disconnect.

HTTP proxy: A URL with a maximum length of 255 bytes. You can leave the field empty if you don't want to use an HTTP proxy.

HTTPS proxy: A URL with a maximum length of 255 bytes. You can leave the field empty if you don't want to use an HTTPS proxy.

Keep alive interval: Enables the client to detect when the server is no longer available without having to wait for the long TCP/IP timeout.

Timeout: The time interval in seconds to allow a connect to complete. Default value: 60

Device topic prefix: Used in the default values for the topic in the connect message and LWT message on the MQTT client tab, and in the publication conditions on the MQTT publication tab.

Reconnect automatically: Specifies whether the client should reconnect automatically after a disconnect.

Connect message

Specifies if a message should be sent out when a connection is established.

Send message: Turn on to send messages.

Use default: Turn off to enter your own default message.

Topic: Enter the topic for the default message.

Payload: Enter the content for the default message.

Retain: Select to keep the state of client on this Topic

QoS: Change the QoS layer for the packet flow.

Last Will and Testament message

The Last Will Testament (LWT) lets a client provide a testament along with its credentials when connecting to the broker. If the client disconnects ungracefully at some point later (maybe because his power source died), it can let the broker deliver a message to other clients. This LWT message has the same form as an ordinary message and gets routed via the same mechanics.

Send message: Turn on to send messages.

Use default: Turn off to enter your own default message.

Topic: Enter the topic for the default message.

Payload: Enter the content for the default message.

Retain: Select to keep the state of client on this Topic

QoS: Change the QoS layer for the packet flow.

Use default topic prefix: Select to use the default topic prefix, that is defined in the device topic prefix in the MQTT client tab.

Include topic name: Select to include the topic that describes the condition in the MQTT topic.

Include topic namespaces: Select to include ONVIF topic namespaces in the MQTT topic.

Include serial number: Select to include the device’s serial number in the MQTT payload.

Add condition: Click to add a condition.

Retain: Defines which MQTT messages are sent as retained.

• None: Send all messages as non-retained.

• Property: Send only stateful messages as retained.

• All: Send both stateful and stateless messages as retained.

QoS: Select the desired level for the MQTT publication.

Add subscription: Click to add a new MQTT subscription.

Subscription filter: Enter the MQTT topic that you want to subscribe to.

Use device topic prefix: Add the subscription filter as prefix to the MQTT topic.

Subscription type:

• Stateless: Select to convert MQTT messages into a stateless message.

• Stateful: Select to convert MQTT messages into a condition. The payload is used as the state.

QoS: Select the desired level for the MQTT subscription.

Add overlay modifier: Click to add a new overlay modifier.

Topic filter: Add the MQTT topic that contains the data you want to show in the overlay.

Data field: Specify the key for the message payload that you want to show in the overlay, assuming the message is in JSON format.

• Modifier: Use the resulting modifier when you create the overlay.

• Modifiers that start with #XMP show all of the data received from the topic.

• Modifiers that start with #XMD show the data specified in the data field.

Ignore: Turn on to ignore network storage.

Add network storage: Click to add a network share where you can save recordings.

• Address: Enter the IP address or host name of the host server, typically a NAS (network-attached storage). We recommend you to configure the host to use a fixed IP address (not DHCP since a dynamic IP address can change) or that you use DNS. Windows SMB/CIFS names are not supported.

• Network share: Enter the name of the shared location on the host server. Several Axis devices can use the same network share since each device gets its own folder.

• User: If the server requires a login, enter the username. To log in to a specific domain server, type DOMAIN\username.

• Password: If the server requires a login, enter the password.

• SMB version: Select the SMB storage protocol version to connect to the NAS. If you select Auto, the device tries to negotiate one of the secure versions SMB: 3.02, 3.0, or 2.1. Select 1.0 or 2.0 to connect to older NAS that don’t support higher versions. You can read more about SMB support in Axis devices here.

• Add share without testing: Select to add the network share even if an error is discovered during the connection test. The error can be, for example, that you didn’t enter a password even though the server requires one.

Remove network storage: Click to unmount, unbind, and remove the connection to the network share. This removes all settings for the network share.

Unbind: Click to unbind and disconnect the network share.
Bind: Click to bind and connect the network share.

Unmount: Click to unmount the network share.
Mount: Click to mount the network share.

Write protect: Turn on to stop writing to the network share and protect recordings from being removed. You can’t format a write-protected network share.

Retention time: Select how long to keep recordings, to limit the amount of old recordings, or to comply with regulations regarding data storage. If the network storage becomes full, old recordings are removed before the selected time period passes.

Tools

• Test connection: Test the connection to the network share.

• Format: Format the network share, for example, when you need to quickly erase all data. CIFS is the available file system option.

• Use tool: Click to activate the selected tool.

Unmount: Click to safely remove the SD card.

Write protect: Turn on to stop writing to the SD card and protect recordings from being removed. You can’t format a write-protected SD card.

Autoformat: Turn on to automatically format a newly inserted SD card. It formats the file system into ext4.

Ignore: Turn on to stop storing recordings on the SD card. When you ignore the SD card, the device no longer recognizes that the card exists. The setting is only available to administrators.

Retention time: Select how long to keep recordings to limit the amount of old recordings or comply with data storage regulations. When the SD card is full, it deletes old recordings before their retention time has passed.

Tools

• Check: Check for errors on the SD card.

• Repair: Repair errors in the file system.

• Format: Format the SD card to change the file system and erase all data. You can only format the SD card to the ext4 file system. You need a third-party ext4 driver or application to access the file system from Windows®.

• Encrypt: Use this tool to format the SD card and enable encryption. This erases all data stored on the SD card. Any new data you store on the SD card will be encrypted.

• Decrypt: Use this tool to format the SD card without encryption. This erases all data stored on the SD card. Any new data you store on the SD card will not be encrypted.

• Change password: Change the password required to encrypt the SD card.

• Use tool: Click to activate the selected tool.

Wear trigger: Set a value for the SD card wear level at which you want to trigger an action. The wear level ranges from 0–200%. A new SD card that has never been used has a wear level of 0%. A wear level of 100% indicates that the SD card is close to its expected lifetime. When the wear-level reaches 200%, there is a high risk of the SD card malfunctioning. We recommend setting the wear trigger between 80–90%. This gives you time to download any recordings as well as replace the SD card in time before it potentially wears out. The wear trigger allows you to set up an event and get a notification when the wear level reaches your set value.

Add stream profile: Click to create a new stream profile.

Preview: A preview of the video stream with the stream profile settings you select. The preview updates when you change the settings on the page. If your device has different view areas, you can change the view area in the drop-down in the bottom left corner of the image.

Name: Add a name for your profile.

Description: Add a description of your profile.

Video codec: Select the video codec that should apply for the profile.

Resolution: See Stream for a description of this setting.

Frame rate: See Stream for a description of this setting.

Compression: See Stream for a description of this setting.

Zipstream: See Stream for a description of this setting.

Optimize for storage: See Stream for a description of this setting.

Dynamic FPS: See Stream for a description of this setting.

Dynamic GOP: See Stream for a description of this setting.

Mirror: See Stream for a description of this setting.

GOP length: See Stream for a description of this setting.

Bitrate control: See Stream for a description of this setting.

Include overlays: Select what type of overlays to include. See Overlays for information about how to add overlays.

Include audio: See Stream for a description of this setting.

Add accounts: Click to add a new ONVIF account.

Account: Enter a unique account name.

New password: Enter a password for the account. Passwords must be 1 to 64 characters long. Only ASCII printable characters (code 32 to 126) are allowed in the password, for example, letters, numbers, punctuation, and some symbols.

Repeat password: Enter the same password again.

Role:

• Administrator: Has full access to all settings. Administrators can also add, update, and remove other accounts.

• Operator: Has access to all settings except:

• • All System settings.

  • Adding apps.

• Media account: Allows access to the video stream only.

The context menu contains:

Update account: Edit the account properties.

Delete account: Delete the account. You can’t delete the root account.

Add media profile: Click to add a new ONVIF media profile.

Profile name: Add a name for the media profile.

Video source: Select the video source for your configuration.

• Select configuration: Select a user-defined configuration from the list. The configurations in the drop-down list correspond to the device's video channels, including multiviews, view areas and virtual channels.

Video encoder: Select the video encoding format for your configuration.

• Select configuration: Select a user-defined configuration from the list and adjust the encoding settings. The configurations in the drop-down list act as identifiers/names of the video encoder configuration. Select user 0 to 15 to apply your own settings, or select one of the default users if you want to use predefined settings for a specific encoding format.

Audio source: Select the audio input source for your configuration.

• Select configuration: Select a user-defined configuration from the list and adjust the audio settings. The configurations in the drop-down list correspond to the device's audio inputs. If the device has one audio input, it's user0. If the device has several audio inputs, there will be additional users in the list.

Audio encoder: Select the audio encoding format for your configuration.

• Select configuration: Select a user-defined configuration from the list and adjust the audio encoding settings. The configurations in the drop-down list act as identifiers/names of the audio encoder configuration.

Audio decoder: Select the audio decoding format for your configuration.

• Select configuration: Select a user-defined configuration from the list and adjust the settings. The configurations in the drop-down list act as identifiers/names of the configuration.

Audio output: Select the audio output format for your configuration.

• Select configuration: Select a user-defined configuration from the list and adjust the settings. The configurations in the drop-down list act as identifiers/names of the configuration.

Metadata: Select the metadata to include in your configuration.

• Select configuration: Select a user-defined configuration from the list and adjust the metadata settings. The configurations in the drop-down list act as identifiers/names of the metadata configuration.

PTZ: Select the PTZ settings for your configuration.

• Select configuration: Select a user-defined configuration from the list and adjust the PTZ settings. The configurations in the drop-down list correspond to the device's video channels with PTZ support.

Create: Click to save your settings and create the profile.

Cancel: Click to cancel the configuration and clear all settings.

profile_x: Click on the profile name to open and edit the preconfigured profile.

Producer: The app that produces the metadata. Below the app is a list of the types of metadata the app streams from the device.

Channel: The channel that the app uses. Select to enable the metadata stream. Deselect for compatibility or resource management reasons.

Trigger delay: Enter the minimum time that the tampering conditions must be active before the alarm triggers. This can help prevent false alarms for known conditions that affect the image.

Trigger on dark images: It is very difficult to generate alarms when the camera lens is sprayed, since it is impossible to distinguish that event from other situations where the image turns dark in a similar way, for example, when the lighting conditions change. Turn on this parameter to generate alarms for all cases where the image turns dark. When it’s turned off, the device doesn’t generate any alarm when the image turns dark.

These settings are available for each audio input.

Sound level: Adjust the sound level to a value from 0–100, where 0 is the most sensitive and 100 the least sensitive. Use the activity indicator as a guide when you set the sound level. When you create events, you can use the sound level as a condition. You can choose to trigger an action if the sound level rises above, falls below or passes the set value.

Shock detector: Turn on to generate an alarm if the device is hit by an object or if it is tampered with.

Sensitivity level: Move the slider to adjust the sensitivity level at which the device should generate an alarm. A low value means that the device only generates an alarm if the hit is powerful. A high value means that the device generates an alarm even with mild tampering.

Port

Name: Edit the text to rename the port.

Usage: The default option for the relay port is Door. For devices with indicator icons, turns green when the state changes and the door is unlocked. If you use the relay for something other than a door and don’t want the icon to light up when the state changes, you can select one of the other options for the port.

Direction: indicates that the port is an input port. indicates that it’s an output port. If the port is configurable, you can click the icons to change between input and output.

Normal state: Click for open circuit, and for closed circuit.

Current state: Shows the current state of the port. The input or output is activated when the current state is different from the normal state. An input on the device has an open circuit when it’s disconnected or when there is a voltage above 1 V DC.

Supervised: Turn on to make it possible to detect and trigger actions if someone tampers with the connection to digital I/O devices. In addition to detecting if an input is open or closed, you can also detect if someone has tampered with it (that is, cut or shorted). To supervise the connection requires additional hardware (end-of-line resistors) in the external I/O loop.

Camera pairing

Address: Enter the host name or IP address of the camera.

Username: Enter the username for the camera.

Password: Enter the password for the camera.

Disconnect: Click to disconnect the already connected camera.

Connect: Click to connect the camera.

Reports

• View the device server report: View information about the product status in a pop-up window. The Access Log is automatically included in the Server Report.

• Download the device server report: It creates a .zip file that contains a complete server report text file in UTF–8 format, as well as a snapshot of the current live view image. Always include the server report .zip file when you contact support.

• Download the crash report: Download an archive with detailed information about the server's status. The crash report contains information that is in the server report as well as detailed debug information. This report might contain sensitive information such as network traces. It can take several minutes to generate the report.

Logs

• View the system log: Click to show information about system events such as device startup, warnings, and critical messages.

• View the access log: Click to show all failed attempts to access the device, for example, when a wrong login password is used.

A network trace file can help you troubleshoot problems by recording activity on the network.

Trace time: Select the duration of the trace in seconds or minutes, and click Download.

Server: Click to add a new server.

Host: Enter the hostname or IP address of the server.

Format: Select which syslog message format to use.

• Axis

• RFC 3164

• RFC 5424

Protocol: Select the protocol to use:

• UDP (Default port is 514)

• TCP (Default port is 601)

• TLS (Default port is 6514)

Port: Edit the port number to use a different port.

Severity: Select which messages to send when triggered.

CA certificate set: See the current settings or add a certificate.

Plain config is for advanced users with experience of Axis device configuration. Most parameters can be set and edited from this page.

Restart: Restart the device. This does not affect any of the current settings. Running applications restart automatically.

Restore: Return most settings to the factory default values. Afterwards you must reconfigure the device and apps, reinstall any apps that didn’t come preinstalled, and recreate any events and presets.

Factory default: Return all settings to the factory default values. Afterwards you must reset the IP address to make the device accessible.

AXIS OS upgrade: Upgrade to a new AXIS OS version. New releases can contain improved functionality, bug fixes, and completely new features. We recommend you to always use the latest AXIS OS release. To download the latest release, go to axis.com/support.

• When you upgrade, you can choose between three options:

• Standard upgrade: Upgrade to the new AXIS OS version.

• Factory default: Upgrade and return all settings to the factory default values. When you choose this option, you can’t revert to the previous AXIS OS version after the upgrade.

• Autorollback: Upgrade and confirm the upgrade within the set time. If you don’t confirm, the device reverts to the previous AXIS OS version.

AXIS OS rollback: Revert to the previously installed AXIS OS version.

Steady amber when outgoing call initiated.

Flashes amber when incoming call initiated.

Steady blue for ongoing call.

Steady green when door is open.

Steady green for normal operation.