Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 3 subscribers
  • Views 4849 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IP camera and NVR on 2 different networks

GeorgeGuel

Here is my interface setup

I have an IP camera connected to a POE switch located on the Office Network.

I have an NVR located in a server rack in a different building on the CCTV Network.  in the UTM the CCTV network is Bound to the Control Network. (Network Definition xxx.xxx.5.0/24)

In Static Routing the CCTV Network is Routed to the Control Network Gateway.

I have tried doing a NAT and a DNAT and Firewall rules but I cannot get the IP camera to connect to the NVR. we are also using SSL VPN and users can access the Live Feed once they are logged into the VPN.

Here is a screen shot of firewall rules

Not sure if this is an issue.

I added this Firewall rule

this is what I have currently for NAT

In Network Definitions I setup the IP camera as a Network Host with its IP address.

In Service Definitions I added the Port the Camera is using.

but I can't seem to route the camera from the office network to the NVR on the CCTV network.

any suggestions?

Thanks

George

 

 

 



This thread was automatically locked due to age.
Parents
  • 0

    When you say "the CCTV network is Bound to the Control Network," does that mean the network definition violates #3 in Rulz?

    Firewall rules 19 & 20 would only be necessary if you otherwise are using "Any" instead of "Internet" in later rules.  It's usually clearer to make more-precise Allow rules and avoid explicit Drop rules.

    Why do you need the SNAT in the last picture - what problem did that solve?

    What do you learn from doing #1 in Rulz?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    When you say "the CCTV network is Bound to the Control Network," does that mean the network definition violates #3 in Rulz?

    Firewall rules 19 & 20 would only be necessary if you otherwise are using "Any" instead of "Internet" in later rules.  It's usually clearer to make more-precise Allow rules and avoid explicit Drop rules.

    Why do you need the SNAT in the last picture - what problem did that solve?

    What do you learn from doing #1 in Rulz?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    The CCTV network is bound to the control network.  I don't know about violating RULZ #3. The UTM was setup by a Sophos solution partner when we needed better security of our networks.  and the CCTV network was bound to the control network so VPN users could access the camera NVR by logging into the VPN first.

    Firewall Rules 19, 20 were also setup by the solution partner IT engineer.  He setup the networks, the VLANS SSLVPN and network definitions.  I have made a few changes since then but have not changed any of the original configuration.

    the SNAT allows VPN users to access the Control Network.

    I have checked the Firewall logs and I don't see the cameras IP address.  I can see the NVR in the firewall logs but nothing from the remote camera on the office network.

    after maintaining the UTM For the past 3 years I still feel like a newbie.

    George

  • 0 in reply to GeorgeGuel

    Please show pictures of the Edit of the "CCTV Network" object with 'Advanced' open and of the Host/Network object for the "remote camera." 

    Also, a picture of the Edit of the SSL VPN Profile.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Here is the CCTVNetwork Network Object

    Here is the Host/Network Object for the the Remote Camera

    SSL VPN Profiles: (not sure which one you want to see edits on.

    George

  • 0 in reply to GeorgeGuel

    Let's see what happens if you set 'Interface: <<Any>>' in the "CCTV Network" object.

    Then, see if disabling the SNAT for the "VPN Pool (SSL)" changes any behavior.  If it does, you'll want to look for more Network/Host objects that need the same surgery as I suggested for the "CCTV Network" object.

    Please let us know your results.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML