Yes, that would work, but I would make the subnets more dissimilar so you don't get confused about which is which. The only disadvantage to this setup is that you can only access the cameras directly from the BI PC and the cameras can't reach the Internet even if you want them to. I isolate them with a managed switch and firewall and only let my cameras access the Internet for keeping their clocks accurate. You could solve that by running a time (NTP) server on your BI PC.Thank you Southern Yankee. I am not clear on subnet. For example my current nic is 192.168.254.97 so could I make my second nic 192.168.253.97
and then the camera 192.168.253.98
Indeed, you can put your cams on 192.168.253.0/24, everything on "static IP" as that subnet will not have a DHCP server. So cam 1 on 192.168.253.98, cam 2 on 192.168.253.99 and cam 3 on 192.168.253.100. But then nothing behind NIC#2 can talk to anything but the BI server itself (on 192.168.253.97). If you would want to, in case of urgency for example, connect to a cam directly from your 192.168.254.0/24 network, you are either obliged to do teamview on the BI server and take a browser to go to 192.168.253.98, OR you "upgrade" your BI server to route the traffic FROM 192.168.254 subnet TO 192.168.253 subnet (not the inverse).Thank you Southern Yankee. I am not clear on subnet. For example my current nic is 192.168.254.97 so could I make my second nic 192.168.253.97
and then the camera 192.168.253.98
What NTP server software do you use?I also use the bi box as a time server.
If you also run Vpn you are fine.So Fenderman, I am wasting my time putting the cameras on separate NIC on the Bi Server with OpenVPN?
Thanks for the link. Very informative.
My router (Windstream Actiontec T3200) does have built in Firewall but doesn't support VPN. I have OpenVPN installed and using Windows Defender on the BI Server with ports 1194 and 1195. Plan on installing second NIC for unmanaged switch and cameras tomorrow if time permits. Studying about NTP Server right now. I tried setting it up per Configuring a Standalone NtpServer but that method does not appear to be working. Future plan is to get a router with VPN.I would definitely encourage you to add the second NIC and move the wire between the unmanaged switch directly to the BI machine 2nd NIC port. Other ways to do it (like VLANs), but that one is stupid simple and separate your most vulnerable devices (ip cameras) from your regular network PCs and prevent them from making any connections beyond the one you want -> a video stream to the BI machine (just my opinion). VLANs work also, lots of smart people here have those working, but dual-NIC is just about idiot-proof -- both schools of thought have a number of people supporting it on these forums. I haven't setup using VLANs, so I can't speak to whether I find it easier or harder (and even that might depend on the equipment I have on hand wouldn't it?) My limited research did indicate "VLAN hopping" was a potential security risk you might want to ensure your equipment/config wasn't vulnerable to.
Does your router have built-in firewall? I'm a little worried if you are putting BI machine (a windows computer) directly connected to your provider internet connection with their crappy hardware as your only protection, best keep that Windows machine up-to-date, or at least install a software firewall. I believe OpenVPN needs just port 1194 UDP/TCP to be forwarded to BI machine, nothing else (someone will check me on this).