Blue Iris vlan

[Chapin]

im replacing an NVR with BI.

Currently, my NVR is sequestered with my cams on a vlan that cannot access my main vlan and cannot access the wan.

Should I put my BI on my main vlan or my camera vlan?

I will want to use the BI mobile apps, if this will affect where I install BI.

Do the BI mobile apps work without opening a port and without requiring me to vpn into my network? I’d prefer to not have to start the vpn to use the BI mobile app.

 

[fenderman]

im replacing an NVR with BI.

Currently, my NVR is sequestered with my cams on a vlan that cannot access my main vlan and cannot access the wan.

Should I put my BI on my main vlan or my camera vlan?

I will want to use the BI mobile apps, if this will affect where I install BI.

Do the BI mobile apps work without opening a port and without requiring me to vpn into my network? I’d prefer to not have to start the vpn to use the BI mobile app.

You will need to setup a VPN or open a port just like the NVR. You will have to provide outside access just like you would have to with an NVR. There is a middle ground using ngrok with a password, however, i dont know of a way to make it work with the mobile app and using the ngrok password. You could use the UI3 web interface this way though.

 

[Chapin]

Understood, thanks. Was hoping it could work like my Homeseer and relay through HS cloud servers. Maybe the HS BI plug in will allow this within the HS realm.

If this is the case, should I put BI on my sequestered cam vlan, which I can access from my main vlan or vpn?

 

[fenderman]

Understood, thanks. Was hoping it could work like my Homeseer and relay through HS cloud servers. Maybe the HS BI plug in will allow this within the HS realm.

If this is the case, should I put BI on my sequestered cam vlan, which I can access from my main vlan or vpn?

Relying on someones server presents a multitude of issues including performance and security. Put the BI machine on your camera vlan. Then connect to it whenever you want to.

 

[Chapin]

Got it, thanks.

 

[SouthernYankee]

I use two nic cards in my BI PC. One connects to my ASUS router that allows the PC internet access and the other connects the POE switches that connect to the cameras. This isolates the cameras from the internet. My ASUS router is configured for VPN access.
Yes i am paranoid

 

[fenderman]

I use two nic cards in my BI PC. One connects to my ASUS router that allows the PC internet access and the other connects the POE switches that connect to the cameras. This isolates the cameras from the internet. My ASUS router is configured for VPN access.
Yes i am paranoid

His setup would be even better as the cameras and the blue iris pc are on the same independent vlan and the pc has no access to the primary network.

 

[Chapin]

With BI on the segregated vlan, what do I do for windows and virus updates?

I could create a third vlan for BI that can access cam vlan and also outside, but not my main vlan. That would segregate the BI from my main network and allow it to receive OS and Virus updates.

 

[fenderman]

With BI on the segregated vlan, what do I do for windows and virus updates?

I could create a third vlan for BI that can access cam vlan and also outside, but not my main vlan. That would segregate the BI from my main network and allow it to receive OS and Virus updates.

The vlan would not preclude updates. You have internet access. Thought you don't need updates as the PC will not be directly exposed to the internet

 

[SouthernYankee]

I do not update windows and I do not run virus protection on my BI PC. The only time my BI PC connects to the internet is to manual update BI or a VPN access for the UI3 or the BI android APP.

 

[Chapin]

My segregated vlan has no internet access. I can probable figure out letting BI through for os and virus updates.

I was wondering if I need updates on a closed vlan. Seems like I may not, but am conditioned to keep os and virus up to date.

 

[fenderman]

My segregated vlan has no internet access. I can probable figure out letting BI through for os and virus updates.

I was wondering if I need updates on a closed vlan. Seems like I may not, but am conditioned to keep os and virus up to date.

If you have no internet access on that vlan how do you intend to accomplish remote access.

 

[Chapin]

If you have no internet access on that vlan how do you intend to accomplish remote access.

I can route To it from my main vlan, but nothing on the cam vlan can go out or to my main vlan.

I vpn to my main vlan and can access NVR and ca,eras from there.

 

[fenderman]

I can route To it from my main vlan, but nothing on the cam vlan can go out or to my main vlan.

I vpn to my main vlan and can access NVR and ca,eras from there.

This doesnt make sense. Allow access the internet and keep the vlans segregated.

 

[Chapin]

This doesnt make sense. Allow access the internet and keep the vlans segregated.

I don’t allow my cams to access the internet. The clans are segregated and the cams don’t need/can’t get out. No phoning home for them.

 

[fenderman]

I don’t allow my cams to access the internet. The clans are segregated and the cams don’t need/can’t get out. No phoning home for them.

You dont need to allow the cameras to access the internet. You simply only allow blue iris out.

 

[Chapin]

You dont need to allow the cameras to access the internet. You simply only allow blue iris out.

I’ve done this so far by blocking everything on the cam vlan.

 

[fenderman]

I’ve done this so far by blocking everything on the cam vlan.

Right so simply allow the BI machine

 

[DLONG2]

In a managed network, maybe you could add a firewall rule to block the camera IPs from reaching the WAN or to drop all packets.

 

[Chapin]

My rule blocks all outbound traffic to the wan by default. I will allow the BI through the fw.