This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG access CCTV cameras

I have 8 CCTV cameras but as the NVR app is not very good on my Android phone

I use a 3rd party app that has to access each camera individually. I have this currently setup and working with WAF rules, one for each camera. Yesterday on another post I was reading that this not the recommended way to do this but should be using a dnat rule. Is my understanding of this correct.

Thanks in addvance


This thread was automatically locked due to age.
  • WAF is a way to enable a Webbased Page to the WAN. But its limited to certain applications and can destroy the app. 

    DNAT is a Network approach to get a resource in the internet. DO NOT DO THIS. 

    There are plenty of use cases, "Bad people" use DNAT to get into your network, find your Devices and exploit them. 

    Recommend to use VPN and normal firewall rules. 


  • Sorry neglected to say I use the phone app to access the cameras when away from home using DDNS with an encryption certificate. Not sure if this changes your recommendation at all.

Reply Children
  • If the device is reachable, it can be exploited. Thats the main reason.

    Is one of the best examples. It searches for devices like CCTV, reachable from anywhere. And if there is, for example, a public known Vulnerability, you can quickly look for those devices on Shodan and exploit all of those devices. 

    So "reduce the attack surface" as much as you can. 
