Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 1191 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Integrating NVR Cam system to the network.

Can carmack

Hello all

We have 2 different NVR devices integrated to the Sophos XG firewall Lan zone via regular network switch.

Is this type of integration without any VLAN definitions and different Ports is preferable ?

This screens are latest situation of the integration without VLAN and Manageble Switch.

Port1: Default Lan network for overall connection.

Port4: Wan connection

Port5: Direct cable connection from NVR device without any switch.

Port6: Direct cable connection from NVR device without any switch.


I tried to exclude the data flow created by NVR device from the main Lan system (port1) because of intense traffic flow of the NVR device.

As seen on the screens is there there any gap or misconfigured settings seen ?

For example IPv4/netmask settings, exception of alias or bridge definitons..

There is special Port definitions applied in this rule.

As seen in the screen there is large amount of data count flowing through the rule. Is this data -coming from the NVR- create heavy workload to the device ?

All in all

Is this approch correct way to do the job for seperating the networks ?

Thanks all.



This thread was automatically locked due to age.
  • 0

    Hi Can carmack,

    Thank you for reaching out to Sophos Community.

    You may also create a Firewall rule to block each other subnet to make sure there’s no communication between the two networks since both are in the LAN Zone..

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to Erick Jan

    Mr. Erick thanks for your reply.

    Do you advice creating any Alias or Bridge definition  for this setup ?

    Are those ipnet/mask numbers are correct (.254 for example) ?
    Also integrating Managable Switch is the correct way to do this kind of operation ?

  • +1 in reply to Can carmack

    HI,

    Directly connecting the NVR to the Firewall port would be the simplest way to isolate the traffic.

    Adding a Bridge and alias isn’t needed.

    Your goal is to isolate the traffic, binding multiple addresses to a single port (alias) and combining ports(bridging), which will cause the opposite of what you desire.

    For the Subnet mask, this would be okay as long as they’re in a different subnet (/24) and the correct configuration in NVR, additionally adding the firewall rule to explicitly allow only the necessary communication between NVR.

    As for the Manageable switch, this would depend on whether you’ll be implementing other requirements. However, adding this and VLAN will give you more flexibility and control over network segmentation and traffic management.

    But for directly connecting, this would do the job of segregating the traffic.

    For the traffic, kindly do a packet capture/log viewer.

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Unfiltered HTML