Firewall for NVR w/ 3rd party IP cams

[vladkatz]

Hi,

I have a Lorex NVR with several Cinnado ONVIF wifi cams that need their dedicated Wansview app / AJcloud to be configured.
My security network is in a dedicated subnet, behind a Fortigate firewall.

I now wish to block all WAN communication from that network except for what is necessary for the Lorex system.
Hopefully, the cams will stop uploading data to Wansview / AJcloud while retaining the Lorex NVR configuration.
Could anyone refer me to information on what I should block/allow?

Thanks!

 

[rdwilson]

Assign a static IP addy sequentially-- Easiest to reserve using DHCP
Place IPs in a group
Block group in Fortinet

 

[vladkatz]

Assign a static IP addy sequentially-- Easiest to reserve using DHCP
Place IPs in a group
Block group in Fortinet

Thanks! That's what I did, forgot to update.
Configured the cams through their native app, and once all set - blocked them out.
The clock drifts, but besides that, everything I need seems to work as intended.

 

[rdwilson]

I have a ton of IoT devices on my LAN as part of my home automation. They all lack real-time clocks on the ESP32-based boards. Things were working but there were significant delays and strange behaviors. I ran the problem down to no access to network clocks (NTP) using Wireshark.

I installed an NTP server on a Raspberry Pi for testing purposes. Since I run a pi-hole as my primary DNS server it was simple to point the record to the Raspi. That solved the problem of keeping the clocks in sync.

As a final solution, I configured the NTP daemon on my Edgerouter and pointed the DNS there. Now all devices, including my cameras are happy and in sync without internet access.