Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 6 subscribers
  • Views 8577 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NVR local and VPN access only

J F

Hello

I am running the latest version utm 9.411-3 at home and I have tried all sorts of tricks to get my scenario to work. I have a CCTV NVR _network video recorder_ and some wifi cameras that I want to block them from getting to the internet totally. But I want to have access to them when I am on the local network at home or signed into the VPN and access them from outside the network.

So far I have set the cameras and NVR to static IP.

Then I added them to the exclusion list in the web proxy list so I can bypass the proxy and use the firewall to control them.

In the firewall I set a rules

devices_nvr/cam_ -> any -> Internal_network_/vpn pool -> allow
Devices -> any -> any-> reject
Internal network -> any -> any -> allow

The devices are not accessible from the internet anymore _good_ but when I try to access them after VPN into the network, they are still not accessible.

I also tried to set up a SNAT rule from VPN pool ->any->any

Source translate -> internal _address_

But it still does not work. Any advice would be appreciated.



This thread was automatically locked due to age.
  • 0 in reply to J F

    Hi, JF, and welcome to the UTM Community!

    You didn't say whether your NVR and the cameras are in "Internal (Network)" or on a separate Ethernet segment on a separate NIC.  If they are on a separate NIC, you shouldn't need the Block rules - anything not explicitly allowed is blocked by default.  See #2 in Rulz to understand what other processes can be configured in WebAdmin that will create firewall rules that take precedence over your manually-created ones.

    #2 in Rulz also discusses the connection tracker.  The UTM is a stateful firewall, so responses are accepted automatically to requests that were allowed.  Your rule #3 thus seems redundant to me.

    If you want to pursue your new question, to which Giovani and I already have given some response, please start a new thread with an appropriate title.

    Cheers - Bob

  • 0 in reply to BAlfson

    sorry, yes the NVR and cameras are all on the same network. NVR is 192.168.2.50, cameras 192.168.2.55, .29, .20. 

    Sorry about the redundant questions, I am still trying to learn the UTM and how it acts. I did figure out the VPN last night and got it to work with net masquerading rules and changing a few things. 

  • 0 in reply to J F

    As Bob wisely noted, you should start a new thread with your current issues so we can continue to help you in the right manner.

    Regards - Giovani