Nice to know my network is working - cameras blocked

[saltwater]

I'm in the Ubiquity eco-system, have a UDM Pro, a few switches and access points. My UDM Pro was updated a few days ago and I was casually checking the settings page, and then stumbled across triggers. I'm sure the triggers screen wasn't there previously but what it shows are all my cameras trying to access the internet but failing. It gives me some comfort that my blocking rules are in fact working.

 

[Jim I.]

I'm in the Ubiquity eco-system, have a UDM Pro, a few switches and access points. My UDM Pro was updated a few days ago and I was casually checking the settings page, and then stumbled across triggers. I'm sure the triggers screen wasn't there previously but what it shows are all my cameras trying to access the internet but failing. It gives me some comfort that my blocking rules are in fact working.

View attachment 158378

I noticed the same thing on my UDMSE recently. I think that feature was added in a recent update. I'm using Vlans to isolate the cameras, along with a second NIC in the Blue Iris PC. But seeing all those messages coming from the firewall log makes me think I should have set up fake default gateways when configuring the cameras. I'm thinking that would keep the traffic from even reaching the firewall.

 

[SpacemanSpiff]

I noticed the same thing on my UDMSE recently. I think that feature was added in a recent update. I'm using Vlans to isolate the cameras, along with a second NIC in the Blue Iris PC. But seeing all those messages coming from the firewall log makes me think I should have set up fake default gateways when configuring the cameras. I'm thinking that would keep the traffic from even reaching the firewall.

If you already employ VLANs and a dual NIC BI server, you have a couple layers of isolation in place. Fake default gateways will cause unnecessary traffic, I believe you'd be better off leaving the default gateway field blank on the devices you are trying to isolate. If you wish to add another layer, consider adding a rule to your router that blocks the network (or IP range) assigned to your cameras

 

[jihiggs]

my amcrest cameras do the same thing. auto check for firmware is disabled and p2p is disabled on all of them. these are aws servers. pretty shady that amcrest isnt transparent about this.

 

[saltwater]

I was messing with one of my cameras, reverted the Primary & Secondary DNS (from 8.8.8.8 and 8.8.4.4) back to 0.0.0.0 and changed the gateway to 192.168.30.100 (goes nowhere) and yet the camera continued to check both 8.8.8.8 and 8.8.4.4 DNS.

As an aside, I thought I shot myself in the foot because after changing the gateway to a non-existent setting, I then couldn't login to the camera from my other network. I was stumped for about 20 min, thinking I'd have to do a factory reset. Anyway, put my computer onto the same network as the cameras and was able to login and fix things.