Blue Iris Vlan on ubiquiti

R

rokito

n3wb
Dec 16, 2014
5
0
I have about 9 cameras on my network managed with Blue iris. I would like to try to make them more secure so I was thinking maybe a vlan on my ubiquiti usg gateway. Is this more secure? recommended? and if so is there a good guide somewhere to get me started?
 
rokito said:
I have about 9 cameras on my network managed with Blue iris. I would like to try to make them more secure so I was thinking maybe a vlan on my ubiquiti usg gateway. Is this more secure? recommended? and if so is there a good guide somewhere to get me started?
Click to expand...

Having a VLAN alone doesn't necessarily make it more secure, you have to have the cameras on a completely separate IP network and only allow traffic in and out of that network that is essential for you to access what is there and from hosts/places that are trusted. Your USG has multiple ports so you could just use one of the ports there and plug another switch and separate the networks this way.

If you tell me in more detail what you want to do I can give you more info.
 
  • Like
Reactions: rokito
VinAU said:
Having a VLAN alone doesn't necessarily make it more secure, you have to have the cameras on a completely separate IP network and only allow traffic in and out of that network that is essential for you to access what is there and from hosts/places that are trusted. Your USG has multiple ports so you could just use one of the ports there and plug another switch and separate the networks this way.

If you tell me in more detail what you want to do I can give you more info.
Click to expand...
Thanks I was wondering if that was true. I'm already using the separate port for my wifes "work from home" stuff
I've never considered it but perhaps I could plug her directly into the second port in the cable router? Her company provided their own device her phone, pc printer anyhow.

So if I have a separate wire plugged into the USG does that mean all of the wiring from there would have to be seperate? OR is the purpose of the second connection just to assign the separate ip addresses. I don't "think" its possible to separate the cabling.
 
There is several «how to» guides on youtube that describes how to setup a vlan. It is super easy :-)

here is two examples:



www.youtube.com

Willie Howe

Willie Howe Technology - Your networking, VoIP, and security experts! Phone: 309.446.0048 Web: https://williehowe.com Email: willie at howex5 dot com
www.youtube.com www.youtube.com
 
  • Like
Reactions: JNDATHP and rokito
We set up a VPN but didn’t create a new VLan. We created a firewall rule to block our cameras to the Internet and turned off upnp in each camera. We tested if the cameras could get to the Internet by setting the time in each camera to an off time and entering a public time server. We found that the cameras couldn’t update their time.

08227906-0E70-436F-A1FC-2FCCEB6F8964.jpeg

69642AF6-271C-4BA5-AB25-D9AB84EED1FD.jpeg

4AEC165A-7677-46E1-9F57-33BBE62A46DC.jpeg
 
Last edited:
  • Like
Reactions: rokito
JNDATHP said:
We set up a VPN but didn’t create a new VLan. We created a firewall rule to block our cameras to the Internet and turned off upnp in each camera. We tested if the cameras could get to the Internet by setting the time in each camera to an off time and entering a public time server. We found that the cameras couldn’t update their time.

View attachment 60815

View attachment 60814

View attachment 60816
Click to expand...
so you can still access blue iris remotely but the cameras are not accessible correct? Now I'll have to look into the vpn.
 
Super helpful.

@JNDATHP .... when you created the firewall rule, was it "wan in" or "lan in"? don't see that in your instructions and not sure i get the difference?
 
Last edited:
When you create the rule, let it provision and then log into your camera and see if it can reach an external time server or if it can check for updated firmware. If it can’t, then you are good to go. The key is to wait for the rule to provision.
 
You must log in or register to reply here.
Top Bottom