I’m pretty sure at least two of the routers are as well, maybe all of them.
I want to block the cameras from being accessed from the internet or accessing the internet. I want them to communicate with trusted (for configuration) and the NVR. And then I want the NVR to be able to access the internet
I would create another VLAN just for cameras with appropriate firewall rules. Allow Trusted into this “no-internet” VLAN but nothing to the internet. One way would be to figure out which ports the cameras use so you can add a firewall rule to allow communication to the NVR’s IP. Another way would be to set the NVR on a static IP in the IOT and allow all traffic to it from this camera VLAN, (this is probably the easiest but not the most secure).
As a side note, I try to set as many things that I can on a static IP, it enables the use of firewall rules, also helps with normal monitoring.
As another side note - The Unifi APs support up to 4 VLANs (1 per SSID) - they also support the use of a SSID with multiple passwords which will allow connection to a VLAN depending on which password is used. It’s a new feature and I haven’t used it, so idk how well it works or other issues.
I’m pretty sure at least two of the routers are as well, maybe all of them.
I want to block the cameras from being accessed from the internet or accessing the internet. I want them to communicate with trusted (for configuration) and the NVR. And then I want the NVR to be able to access the internet
I would create another VLAN just for cameras with appropriate firewall rules. Allow Trusted into this “no-internet” VLAN but nothing to the internet. One way would be to figure out which ports the cameras use so you can add a firewall rule to allow communication to the NVR’s IP. Another way would be to set the NVR on a static IP in the IOT and allow all traffic to it from this camera VLAN, (this is probably the easiest but not the most secure).
As a side note, I try to set as many things that I can on a static IP, it enables the use of firewall rules, also helps with normal monitoring.
As another side note - The Unifi APs support up to 4 VLANs (1 per SSID) - they also support the use of a SSID with multiple passwords which will allow connection to a VLAN depending on which password is used. It’s a new feature and I haven’t used it, so idk how well it works or other issues.