How to block my IP cameras from the internet and my local network?

[Mike 19]

I found a easy way to do it.

go to profiles create new group Type IPv4 enter the IP you want blocked hit save.

then go to firewall create new rule type internet out - action drop - source type - port/ip group IPv4 Address group select the one you just made in profiles hit save.

inspired by user Gargoile

 

[OldSurferDude]

I was more concerned about the cameras I have "phoning home" They were very inexpensive, but well manufactured with a lot of great features (human recognition). That's a pretty powerful processor, thus the reasons for my suspicions. (I later learned that these cameras do indeed attempt to contact an unknown IP address)

I created a separate network and my BlueIris software runs on a computer with two NICs. All of the camera network have fixed IP address. I have a dedicated computer running BlueIris (~$250 refurbished on Amazon). I haven't taken the time to ensure that the network is secure, so I don't know if this works or not. I did run into a challenge. The cameras want to access an NTP server to get the time. I resolved this by building my own NTP server from an Arduino with an ethernet interface and a GPS module. I found the NTP Server software for the Arduino online. So for under $20 I have an NTP server.

All is good.

OSD

 

[sebastiantombs]

You can also load NetTime on the BI machine and use it as the NTP server. No Arduino needed that way.

 

[Alaska Country]

You can also load NetTime on the BI machine and use it as the NTP server. No Arduino needed that way.

Like this idea.

What are the steps to add the NTP server to each camera? Assuming that it will be necessary to log into each individual camera and change the Date & Time NTP server to other than "clock.ise.org". Would one use "0.nettime.pool.ntp.org" as the correct camera NTP server for each individual camera? i.e. reuse the same server?

 

[Mike A.]

Yes, each camera needs to be pointed to the NTP server. You'd use the IP of the BI server assuming that's where you installed it. The cams all use the same server IP.

Beyond installing NetTime on the BI Server, you may also need to allow traffic through the Windows firewall on the server over UDP port 123. And check that the native Windows time server hasn't already grabbed port 123. If so, you can disable it.

 

[Alaska Country]

Appreciate the note on updating the firewall. That made it work.

 

[Mike 19]

The two NIC cards will not work for me as everyone's situation is different.

I did try the VLAN and it worked as well but i thought it was a lot more complicated so many rules to make. I didn't think my BI computer should be on the same VLAN as the cameras as it would have no internet then i read that it would be taxing on the router if you had all that data going over two VLANs.

Blocking by IP was the easy route lol

 

[tech_junkie]

The two NIC cards will not work for me as everyone's situation is different.

I did try the VLAN and it worked as well but i thought it was a lot more complicated so many rules to make. I didn't think my BI computer should be on the same VLAN as the cameras as it would have no internet then i read that it would be taxing on the router if you had all that data going over two VLANs.

Blocking by IP was the easy route lol

cameras are going to tax a 1Gb network. But in your case with a 10Gb network, it wouldn't be a burden anyways.

two nics on different ip into the same network works well, however, they should be the same speed or else it would have to buffer to the lower speed which can slow things down.

 

[sebastiantombs]

How many cameras are running that it would "tax" a gig network switch? I'm running 22, mix of 4MP, 2MP and one 8MP, and only see ~200Mb/PS of traffic on the private LAN. Even if you had 44 4MP cameras running I don't think you'd hit 600Mb/PS.

 

[Mike 19]

I was referring to the VLAN taxing the UDM not the NIC cards.

From what i can find there is a huge performance drop with IP cams on VLANs using the UDM Pro.

 

[rwclark73]

Running My cameras on Vlan using UDM pro. I have not noticed a problem with performance with 12 cameras, I think that was some older software on the USG/udm pro.
All cameras are on the same switch and all the ports they are plugged into are set to that Vlan only not all traffic. Made a separate wireless network for that Vlan too. I have three raspberry pies running Camviewer software on them to display on TV's around the house. so everything security related is on one vlan, BI computer, dahua nvr, cameras, and camviewers. Firewall rules are set so I can get to all of them from the main network but they cannot get out of that Vlan unless they are queried from the main.
Security Vlan is also set so it cannot get out of the house. If you plug a computer into that network it has no abilities to get out to the world.

I would try a vlan.

 

[tech_junkie]

How many cameras are running that it would "tax" a gig network switch? I'm running 22, mix of 4MP, 2MP and one 8MP, and only see ~200Mb/PS of traffic on the private LAN. Even if you had 44 4MP cameras running I don't think you'd hit 600Mb/PS.

32 - 8mp @ UHD (3840x2160) 25 fps Is about 880Mb/s w h.264 high quality compression
Then when you have a lot of bandwidth getting used this way, Will your recorder keep up?
32- 8mp with the above settings would need a HDD sustained transfer rate of ~110 MB/s
It is getting near the limits in SATA especially when there is more than 1 remote session in live view and another one searching the recordings
So eventually NVR makers will have to go either SAS (which is the full duplex SATA) with a dual armature HDD, or with lesser performance with NVMe storage .

 

[alastairstevenson]

32 - 8mp @ UHD (3840x2160) 25 fps Is about 880Mb/s w h.264 high quality compression

I'm curious where you get that figure from.
That's about 28Mbps per camera.
None of my Hikvision 8MP cameras allow a bitrate to be configured at over 16,384Kbps.

 

[sebastiantombs]

Why run 25F/ps? 15F/ps is more than enough.

 

[tech_junkie]

I'm curious where you get that figure from.
That's about 28Mbps per camera.
None of my Hikvision 8MP cameras allow a bitrate to be configured at over 16,384Kbps.

but they run a different compression standard: H.265 or h.264 with high compression
you wouldn't get a low compression, high quality in a camera until you start looking into cameras that have a AMD cortex or better processor ($500+ cameras)

 

[alastairstevenson]

32 - 8mp @ UHD (3840x2160) 25 fps Is about 880Mb/s w h.264 high quality compression

OK, so quite different from what you quoted to get that figure. Not h.264

 

[tech_junkie]

OK, so quite different from what you quoted to get that figure. Not h.264

its not going to be exact, because its a calculation.
There are several ways these cams can be set up. Some have certain limitations than others.
The bandwidth varies and there are a lot of combinations.
If you want to anticipate what bandwidth its going to possibly consume, there are several online calculators and none of them are going to give you truly exact numbers, just an approximation.