I’m a total networking noob but need help.
I have an NVR with PoE ports with which I’ll be connecting wired security cameras. I have an Asus RT-AX88U Pro with VLANing capability. I want to strike a balance between security and usability. My proposed outcome is this:
Have NVR on separate VLAN/subnet from trusted network, where my desktop PC sits. Cameras will plug into NVR get their own NAT’d IPs. I want block internet access from NVR except for certain ports/protocols to allow remote access from mobile app, and to get notifications/camera alerts. I then want ONLY my PC from the trusted network to be able to access the web UI on the NVR.
First, do I create a static route to allow ONLY my PC access to the NVR/camera subnet?
Second, do I use the Network Services Filter feature to allow outbound traffic from the NVR to the Internet to allow mobile remote access, or just enable P2P? My thought is to isolate the NVR from my trusted network so that I can make remote access more convenient as opposed to requiring a VPN.
Help appreciated. Thanks.
You must log in or register to comment.