DMSS on LAN only with NVR4108-8P-4KS2

Variman

n3wb
Joined
Jan 2, 2021
Messages
6
Reaction score
4
Location
USA
Greetings,

I have a simple three camera ( IPC-T5442T-ZE ) and NVR4108-8P-4KS2 purchased from Andy that I installed over the past few months and now would like to implement some type of real time alert system while I am home. I realize the cameras are on a 10.1.1.XX private network and the NIC connection out of the NVR is 192.168.1.XX and have used SmartPSS on a desktop computer connected to the NVR without issue from time to time as a test, and then disconnect the NVR. I have also connected successfully to DMSS on my phone and have seen the three cameras as a test and then disconnected. My questions are security related.

While I can purchase a wireless access point so that our phones can get alerts VIA DMSS, I still would like our phones to be able to access the internet. Obviously I can connect the NVR to my ISP's switch/router and be done with it, but am I opening up a security risk? Is there some way to air gap/bridge/whatever the NVR network and still provide internet access to our phones? Am I overthinking it as the cameras are on a total different network and the NVR's network is not routable?
At this point I am not looking to access the cameras over a WAN.

Thanks
 

Nolesfan

Getting the hang of it
Joined
Dec 13, 2015
Messages
67
Reaction score
57
You can connect your NVR to your ISP router that you are using now, that will allow you to access the NVR via the DMSS app on your phone or tablet while connected to your wifi. If you are concerned about your cameras accessing the internet/WAN, just create some simple firewall rules that will block the outgoing traffic.
 

Variman

n3wb
Joined
Jan 2, 2021
Messages
6
Reaction score
4
Location
USA
So if my NVR's IP is 192.168.1.10, I just block out going traffic from this IP and I am good to go or do I block the 10.10.1XX camera addresses or both, the more the merrier right? Also, I have read on here somewhere that simply blocking outgoing traffic may not be good enough, hence why I am looking for more of an air gap/bridge way or something like that being that the cameras and NVR never need to go on the internet but the phones do. Again, perhaps I am overthinking it.

I wonder if I can put an access point in the same private network range of 192.168.1.xx and connect the NVR to that AP, create a rule on that AP that allow NO outgoing or incoming WAN traffic and connect that AP to my ISP switch router? I still need a way for the phone to get internet access though.
 
Last edited:

Nolesfan

Getting the hang of it
Joined
Dec 13, 2015
Messages
67
Reaction score
57
I have my 5216 behind my pfsense firewall and have all outgoing traffic blocked.. you would need to block the nvr from outgoing.. 192.168.1.x [ip of your nvr]
 
Top