How to separated Camera traffic and user data traffic?
Originally,only one Branch (Linkou Branches) used the Surveillance cameras. The traffic at that time was that both the cameras and branch users were connected back to the Taipeihead office (X2 interface) through VPN (Site to Site).
Later, each branch office installed cameras one after another, so the camera's traffic began to increase. The department manager then requested that the traffic to the branch office cameras be separated from the data traffic of end users.
The camera's traffic needs to be redirected to the X1 interface, while end users still use the VPN site-to-site method.
How can I make a policy so that the camera traffic of each branch can be connected back through the X1 interface of the head office?
Answers
I am not 100% sure here, but I think you're saying CCTV systems should have internet access but not site-site VPN? If so:
Create a CCTV zone.
Create a CCTV VLAN. Assign to CCTV Zone.
Configure VLANs on switches to suit.
Do not add the CCTV VLAN to the site-site VPN polices.
Review the rules between the zones LAN, CCTV and WAN to ensure it will allow/block what you want.
Hi ARKWRIGHT
Thank you very much for your reply.
The branch office only installed general PoE cameras. I don’t know if this counts as CCTV.
In order to avoid misunderstandings, I have posted pictures of the Interface settings of Taipei head office and the interface settings of Linkou Branch.
All the required settings in the Interface have been set, and I have also removed the surveillance camera network segment from the VPN policy.
For adding a new policy in Linkou Branch's Firewall, I don't know how to set its Destination.