IP Cam, NVR, and push notifications.

[monoxyde]

So, I understand the whole security and VPN aspect of what I see a lot of you guys preaching. Truth be told, I'm a network engineer.

So, I have a few questions, and maybe someone can answer them?

My Setup (currently have Nest cams, but looking to replace them with a possible NVR).

Router/Firewall: PFSense
Switch: Cisco 2960X (managed 24 port switch)
VLANS: 1 (wired),2 (wireless), 5 (future PoE cams)
OpenVPN setup and configured, it drops into a different subnet than the other 3 networks, but it's considered (wired LAN) for all intents and purposes.

I've created firewall rules so that VLAN 1/2 can talk to 5.

VLAN 5 Firewall Rules:

Block traffic to management ports of FW (ports 22,80,443).
Allow NTP (UDP port 123) to any.
Block all access to internet gateway.

That being said with internet access blocked, is it still possible to get push notifications? Does that run on a specific port? My guess is that if I have the VPN client active on my phone, I can get push notifications, but without it active, can I? My co-worker says he gets push notifications, but I don't think his firewall is setup the same as mine.

 

[jeffshead]

I was wondering the same exact thing. Anybody?

 

[mikeynags]

I can speak from the aspect of running BI and having push notifications go out. TCP 2195 is needed for iOS push notifications and SMS messages are actually delivered via SMTP port 25.


Edit: SMTP can also go out on TCP 465 or 587. Depends on what your ISP allows.

One more edit: the destinations for those listed above will be either Apple (for iOS) or whatever provider you are using for SMTP mail outbound. They won't be sent to the local VPN'd client directly, they'll come into your phone from the Internet.

Sent from my iPhone using Tapatalk

 

[catcamstar]

I can also confirm from Dahua NVR point of view: iOS push notifications are "pushed out" on TCP2195.
My setup is almost identical to yours with vlans.