Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16
  1. #11
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,514

    Default

    If you want the cameras on their own switch, and isolated AND you want performance... that's easy...

    Bypass everything to and from the IP network with the cameras on it, and use filter rules to limit access to and from the specific device(s) on the LAN you need.

    Bypassed traffic uses only a tiny fraction of system resources, but you still get the isolation and segmentation required. The UTM should only be scanning Internet bound traffic anyway!
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  2. #12
    Master Untangler deleted_account+152373@untangle.com's Avatar
    Join Date
    Sep 2016
    Location
    Malta
    Posts
    455

    Default

    Quote Originally Posted by homenetwork View Post
    I have quite some secondary or even tertiary switches in my home network.
    ( I mean switch after a switch after the main router/switch ...)
    Do they all need to be managed switches in that case?
    No just the main switch, but there you go SKY-KNIGHT has given you a great and easier way if you are not that much into vlans
    I like to listen. I have learned a great deal from listening carefully. Most people never listen

  3. #13
    Untangler
    Join Date
    Aug 2018
    Posts
    34

    Default

    Quote Originally Posted by sky-knight View Post
    If you want the cameras on their own switch, and isolated AND you want performance... that's easy...

    Bypass everything to and from the IP network with the cameras on it, and use filter rules to limit access to and from the specific device(s) on the LAN you need.

    Bypassed traffic uses only a tiny fraction of system resources, but you still get the isolation and segmentation required. The UTM should only be scanning Internet bound traffic anyway!
    Thanks sky-knight! I think I'm getting there now!

    Referring to my earlier post on my goal/requirements (https://forums.untangle.com/networki...e-network.html), I think the picture below is more or less the design for what I need:
    • Deny access from the IP CAMs to my home-network;
    • Allow access to the IP CAMs from my home-network (for recording and for maintenance)
    • Allow access from the IP CAMs to Internet (for updates/ time-syncing etc.)
    • As little a possible burden on Untangle for internal traffic by bypassing internal traffic;


    Network simple 4.JPG

    One thing however that are still not completely clear for me: Since I 'bypass' all the traffic 'from' and 'to' the IP Cams: will I still be able to monitor any unwanted traffic from (or to ) the IP Camera's somewhere? (unexpected phoning home etc.)
    I think I should be able to since I do not bypass any IP CAM traffic to or from the Internet, right?


    And getting back on topic: I still need to make a decision in the appliance type (u25 vs u25x vs u50).
    Some more reading to do!

  4. #14
    Untangle Ninja Sam Graf's Avatar
    Join Date
    Feb 2016
    Location
    Michigan
    Posts
    1,018

    Default

    Quote Originally Posted by homenetwork View Post
    And getting back on topic: I still need to make a decision in the appliance type (u25 vs u25x vs u50).
    Some more reading to do!
    Just in case you haven't seen this, some good reading:

    https://wiki.untangle.com/index.php/Performance_Guide

  5. #15
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,514

    Default

    Bypass rules are what you make them. You can bypass traffic sourced from 192.168.0.0/16 and destined to 192.168.0.0/16, that will bypass all traffic transiting Untangle coming from any 192.168 network and going to any 192.168 network. It will NOT bypass ANYTHING ELSE, such as any traffic coming from the Internet or going to the Internet.

    Bypassing traffic between LAN segments is an extremely important thing to do for many networks. Untangle is intended to be on the edge, not be involved in the core. Intra-LAN routing is the function of a core router. Untangle can do this, but it does so at an extreme performance cost if the UVM is engaged. That's why we have bypass!

    As far as your appliance choice goes, there is little difference between the u25 and u50 other than interface count. The u25x has a far greater performance value, but a far lower manufacturing quality for the trade. (to date this isn't been a problem as far as I know) There are also other options out there, if you're willing to wander beyond Untangle's official offerings. There's an entire channel of partners with other stuff on the shelf. You can even build something yourself if you're good with hardware. One of the many reasons why Untangle rocks, no vendor lock... ever... you've got all the options in the world.
    Last edited by sky-knight; 08-26-2018 at 12:51 PM.
    jcoehoorn and JasonJoel like this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #16
    Untangler
    Join Date
    Aug 2018
    Posts
    34

    Default

    Quote Originally Posted by sky-knight View Post
    ...
    As far as your appliance choice goes, there is little difference between the u25 and u50 other than interface count. The u25x has a far greater performance value, but a far lower manufacturing quality for the trade. (to date this isn't been a problem as far as I know) There are also other options out there, if you're willing to wander beyond Untangle's official offerings. There's an entire channel of partners with other stuff on the shelf. You can even build something yourself if you're good with hardware. One of the many reasons why Untangle rocks, no vendor lock... ever... you've got all the options in the world.
    I went ahead and bought a u25!
    It is currently being shipped.Thanks for all the help!
    Probably tons of new questions as soon as I start using/configuring
    JasonJoel and jcoehoorn like this.

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2