How to restrict NVR from accessing internet

Joined
Sep 29, 2020
Messages
26
Reaction score
1
Location
USA
Whats the best way to restrict access to the internet for my NVR. I have an Omada network and tried setting the switch ACLs to deny all NVR (on it's separate vlan) access to the primary LAN. Doing so made it so I wasn't able to access the cams as well (with a client on the primary LAN).
 

SpacemanSpiff

Known around here
Joined
Apr 15, 2021
Messages
1,456
Reaction score
2,431
Location
USA
Whats the best way to restrict access to the internet for my NVR. I have an Omada network and tried setting the switch ACLs to deny all NVR (on it's separate vlan) access to the primary LAN. Doing so made it so I wasn't able to access the cams as well (with a client on the primary LAN).
The system I manage has all the cams on their own VLAN. The NVR has multiple network interfaces, interface 1 is on the same VLAN as the cameras in order to record their feeds. Network interface 2 is on the data VLAN which allows key staff to monitor feeds and review footage. The router/firewall blocks all internet-bound traffic from interface 2 from reaching it's destination.

If you NVR has only one network interface, you'd have to get more specific with the ACL to achieve the goal. If the NVR and cameras have their own exclusive IP range, might be easiest to block the range (instead of the VLAN itself) from the Internet.
 
Joined
Sep 29, 2020
Messages
26
Reaction score
1
Location
USA
Thanks for your input.

I did some testing and i am able to access the gdmss app while logged into the openvpn instance. I checked the ip while connected to the vpn and without and both ips were the same. Which would mean that the vpn tunnel isnt working?
 

SpacemanSpiff

Known around here
Joined
Apr 15, 2021
Messages
1,456
Reaction score
2,431
Location
USA
Thanks for your input.

I did some testing and i am able to access the gdmss app while logged into the openvpn instance. I checked the ip while connected to the vpn and without and both ips were the same. Which would mean that the vpn tunnel isnt working?
So you've jumped from restricting access to the Internet for your NVR, to accessing your NVR via VPN. Which is fine, but some additional info would be helpful. Your initial post referred to ACL's you implemented that isolated all camera and NVR traffic to it's own VLAN. Because the ACL's prevented access from the primary VLAN, it would also be the #1 cause for not seeing the NVR when accessing via VPN. Are their any other resources that are normally on the primary VLAN you can try accessing when connected via VPN? Maybe an IP printer or copier web GUI?

Can you verify the 'same IP' reference pertains to the device you are using to test access to the location via VPN (and via the primary VLAN).
 
Last edited:
Top