I've pseduo-segregated HS3 and other IOT stuff on a NetGear wireless Guest network. The minor issue I am having is that when I am in my house MyHS thinks HS3 is locally accessible and the mobile app connection fails due to the segregation. I can turn off Wi-Fi for mobile apps and use cellular data as a workaround when I am at home. Someday I might try the opensource router firmware to set up VLANs with more customization that should allow me to get around this problem, but thought I'd check for any ideas on stock router firmware. Thanks!
Announcement
Collapse
No announcement yet.
Networking ? - local vs remote MyHS access if HS3 is on Guest network
Collapse
X
-
The Wi-Fi guest network on NetGear is assigned in the same ip range as the primary network, but the traffic is isolated from the primary devices (and from each other). In principle MyHS could have been designed to fall over to the remote connection if local connection times out, but most anyone that cares about isolation will move to a more configurable VLAN setup. I concluded I need to switch to third party firmware like Fresh Tomato or add a Ubiquiti when I have more time to work on this.
In 2018, the FBI had a public service announcement (I-080218-PSA) that advised consumers to "Isolate IoT devices from other network connections", which not is only is difficult to achieve on stock consumer router firmware, but also beyond most people's understanding. The broader FBI advice, which included disabling port forwarding, has merit - for example - I bought a doorbell cam that opened several ports in my router through UPnP - I was really surprised that UPnP was turned on by default in the router and cam, much less that UPnP had a scope beyond the LAN. I turned off UPnP at the router and everything works just fine. I'm hopeful that someday consumer routers will have better options for isolation in the stock firmware - there's only so much time in life to tinker with this stuff!
Comment
-
Agreed. What we need to do as a community is build guidelines of how to install and configure. It would save alot of time and the systems would be alot safer. As my son reminds me though - security is like a group being chased by a bear; you just have to be faster than the slowest person and don't trip.
Comment
-
Originally posted by AllHailJ View PostAgreed. What we need to do as a community is build guidelines of how to install and configure. It would save alot of time and the systems would be alot safer. As my son reminds me though - security is like a group being chased by a bear; you just have to be faster than the slowest person and don't trip.
Comment
-
Originally posted by Tomgru View Post
Agree. Recently purchased Ubiquiti to do this but have been procrastinating due to the effort required
Nothing like a few New Year's resolutions to solve that right? Starting "tomorrow" obviously
Comment
-
Originally posted by RoChess View Post
Yikes, are we related? Got a UDM, AC-Pro, 3x USW-Flex, and a US-8-60W all ready for six week to do the same, but the effort required to run additional CAT cables and configure everything, seemed to set of all the procrastinating triggers.
Nothing like a few New Year's resolutions to solve that right? Starting "tomorrow" obviously
Comment
Comment