Integrating NVR Cam system to the network.

Hello all

We have 2 different NVR devices integrated to the Sophos XG firewall Lan zone via regular network switch.

Is this type of integration without any VLAN definitions and different Ports is preferable ?

This screens are latest situation of the integration without VLAN and Manageble Switch.

Port1: Default Lan network for overall connection.

Port4: Wan connection

Port5: Direct cable connection from NVR device without any switch.

Port6: Direct cable connection from NVR device without any switch.


I tried to exclude the data flow created by NVR device from the main Lan system (port1) because of intense traffic flow of the NVR device.

As seen on the screens is there there any gap or misconfigured settings seen ?

For example IPv4/netmask settings, exception of alias or bridge definitons..

There is special Port definitions applied in this rule.

As seen in the screen there is large amount of data count flowing through the rule. Is this data -coming from the NVR- create heavy workload to the device ?

All in all

Is this approch correct way to do the job for seperating the networks ?

Thanks all.



typo
[edited by: Can carmack at 10:57 AM (GMT -8) on 7 Feb 2024]
Parents Reply
  • HI,

    Directly connecting the NVR to the Firewall port would be the simplest way to isolate the traffic.

    Adding a Bridge and alias isn’t needed.

    Your goal is to isolate the traffic, binding multiple addresses to a single port (alias) and combining ports(bridging), which will cause the opposite of what you desire.

    For the Subnet mask, this would be okay as long as they’re in a different subnet (/24) and the correct configuration in NVR, additionally adding the firewall rule to explicitly allow only the necessary communication between NVR.

    As for the Manageable switch, this would depend on whether you’ll be implementing other requirements. However, adding this and VLAN will give you more flexibility and control over network segmentation and traffic management.

    But for directly connecting, this would do the job of segregating the traffic.

    For the traffic, kindly do a packet capture/log viewer.

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Children
No Data