Results 1 to 5 of 5
  1. #1
    Master Untangler
    Join Date
    Jun 2015
    Location
    NW Arkansas
    Posts
    231

    Default Best practice for IP Cameras on LAN

    Can anyone share their recommendations on how to best handle BANDWIDTH CONTROL (or QOS) for IP Cameras on LAN? Am using a set of WiFi IP Cameras that seem to communicate using RTSP as reported in the SESSIONS tab.

    I've placed all of the IP Cameras on a separate VLAN for security purposes. Have also set all traffic in BANDWIDTH CONTROL from this VLAN with a priority of LOW. Simply because I didn't want that traffic to assume a default MEDIUM traffic priority.

    Is this an OK approach? Should I be removing this rule from BANDWIDTH CONTROL altogether? Is it not necessary if these cameras are on my LAN only and not accessing the WAN?

    Thank you again.

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,935

    Default

    Since you have them on their own VLAN I'd bypass them honestly. Then use a filter rule for any traffic sourced from that VLAN and destined to any WAN block. You'll have full LAN connectivity, but anything in that IP range wouldn't be able to see the internet ever.
    miles267 and sperman like this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Master Untangler
    Join Date
    Jun 2015
    Location
    NW Arkansas
    Posts
    231

    Default

    Quote Originally Posted by sky-knight View Post
    Since you have them on their own VLAN I'd bypass them honestly. Then use a filter rule for any traffic sourced from that VLAN and destined to any WAN block. You'll have full LAN connectivity, but anything in that IP range wouldn't be able to see the internet ever.
    Thank you sky-knight. So I've just created a BYPASS RULE:
    SOURCE INTERFACE = CCTV VLAN
    ACTION = BYPASS

    And a FILTER RULE of:
    SOURCE INTERFACE = CCTV VLAN
    DESTINATION INTERFACE = EXTERNAL
    ACTION = BLOCK

    I had previously been using the FIREWALL app to block my CCTV VLAN from accessing my EXTERNAL interface. But now that I'm bypassing this interface, the firewall wouldn't have seen the traffic requiring the FILTER RULE, correct?

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,935

    Default

    Correct, and you won't have any logs of the filter blocking things.

    One clarification, Destination Interface : External does work, but only if your only Internet connection is on External. If you set that to any-wan instead, you'll never have to worry about fixing things later should the interface that has the Internet on it change.
    miles267 likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Master Untangler
    Join Date
    Jun 2015
    Location
    NW Arkansas
    Posts
    231

    Default

    Thanks again. I've done this per your guidance. Am monitoring. So far, so good.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2