Started with wanting to build a NAS and now I’m into homelab territory lol. I need some guidance on if I am overthinking things or if I am on the right path.
I have finally setup a pfsense box and got my main network setup how I like it. I am now trying to get a network setup for my blueiris build and I’m wondering If I am doing this correctly or if there may be a better way.
I have the cameras running through opt1 on pfsense. Different ip range. I have an HP E2620-24 POE (J9624a) switch that I got for cheap off ebay. I would like to run the cameras off that and limit their connectivity to the local network only so the BI box can see them but they cannot get online. I then only want to let the BI box out to the internet to send me alerts/let me view the cameras on the go. I would also like to view the cameras and get alerts at home as well.
What is the best way to achieve each of those?
For the cameras, is it better to use the vlan features in the poe switch and block internet access there? or would it be better to block their IP address at the pfsense level?
For BI reaching the internet, can I get granular control to only let that program poke through? I don’t plan on running anything else off it besides a clean windows install.
This last part may be more appropriate for a different category so please let me know if I should ask somewhere else. is it smart to poke holes through the interfaces to let lan talk to the blue iris pc? or would it be better to have them essentially go out to the internet and do a u-turn back down the other interface?
Also, does anyone have a good recommendation for a guide to these aruba/hp enterprise switches. This is the first time I have used one. I know its powerful but I’m a bit lost going through the webgui. I could use a good read/youtube video on it. I am a pharmacist by trade so all this is just hobby tinkering for me.
Thanks for any advice to help my paranoid self.