Blue Iris Vlan on ubiquiti

rokito

n3wb
Joined
Dec 16, 2014
Messages
5
Reaction score
0
I have about 9 cameras on my network managed with Blue iris. I would like to try to make them more secure so I was thinking maybe a vlan on my ubiquiti usg gateway. Is this more secure? recommended? and if so is there a good guide somewhere to get me started?
 

VinAU

Young grasshopper
Joined
Jun 20, 2019
Messages
60
Reaction score
6
Location
Australia
I have about 9 cameras on my network managed with Blue iris. I would like to try to make them more secure so I was thinking maybe a vlan on my ubiquiti usg gateway. Is this more secure? recommended? and if so is there a good guide somewhere to get me started?
Having a VLAN alone doesn't necessarily make it more secure, you have to have the cameras on a completely separate IP network and only allow traffic in and out of that network that is essential for you to access what is there and from hosts/places that are trusted. Your USG has multiple ports so you could just use one of the ports there and plug another switch and separate the networks this way.

If you tell me in more detail what you want to do I can give you more info.
 

rokito

n3wb
Joined
Dec 16, 2014
Messages
5
Reaction score
0
Having a VLAN alone doesn't necessarily make it more secure, you have to have the cameras on a completely separate IP network and only allow traffic in and out of that network that is essential for you to access what is there and from hosts/places that are trusted. Your USG has multiple ports so you could just use one of the ports there and plug another switch and separate the networks this way.

If you tell me in more detail what you want to do I can give you more info.
Thanks I was wondering if that was true. I'm already using the separate port for my wifes "work from home" stuff
I've never considered it but perhaps I could plug her directly into the second port in the cable router? Her company provided their own device her phone, pc printer anyhow.

So if I have a separate wire plugged into the USG does that mean all of the wiring from there would have to be seperate? OR is the purpose of the second connection just to assign the separate ip addresses. I don't "think" its possible to separate the cabling.
 

keneil01

Getting the hang of it
Joined
Oct 22, 2017
Messages
46
Reaction score
29
Location
Norway
There is several «how to» guides on youtube that describes how to setup a vlan. It is super easy :)

here is two examples:


 
Joined
Oct 16, 2018
Messages
1,659
Reaction score
5,464
Location
Florida, USA
We set up a VPN but didn’t create a new VLan. We created a firewall rule to block our cameras to the Internet and turned off upnp in each camera. We tested if the cameras could get to the Internet by setting the time in each camera to an off time and entering a public time server. We found that the cameras couldn’t update their time.

08227906-0E70-436F-A1FC-2FCCEB6F8964.jpeg

69642AF6-271C-4BA5-AB25-D9AB84EED1FD.jpeg

4AEC165A-7677-46E1-9F57-33BBE62A46DC.jpeg
 
Last edited:

rokito

n3wb
Joined
Dec 16, 2014
Messages
5
Reaction score
0
We set up a VPN but didn’t create a new VLan. We created a firewall rule to block our cameras to the Internet and turned off upnp in each camera. We tested if the cameras could get to the Internet by setting the time in each camera to an off time and entering a public time server. We found that the cameras couldn’t update their time.

View attachment 60815

View attachment 60814

View attachment 60816
so you can still access blue iris remotely but the cameras are not accessible correct? Now I'll have to look into the vpn.
 

tomgru

Young grasshopper
Joined
May 2, 2016
Messages
51
Reaction score
9
Super helpful.

@JNDATHP .... when you created the firewall rule, was it "wan in" or "lan in"? don't see that in your instructions and not sure i get the difference?
 
Last edited:
Joined
Oct 16, 2018
Messages
1,659
Reaction score
5,464
Location
Florida, USA
When you create the rule, let it provision and then log into your camera and see if it can reach an external time server or if it can check for updated firmware. If it can’t, then you are good to go. The key is to wait for the rule to provision.
 
Top