I am trying to setup my camera vlan using pfsense 2100, Unifi switches and APs and synology DS218+. I have 2 vlans IoT and Cameras, I’m trying to isolate the my cameras on the CAM-vlan and block them from accessing the internet, and I want to use the surveillance station on the Synology which is on the IoT-vlan as it also runs my Plex server. I have set firewall rules in CAM-vlan allowing the Nas (ip address) on IoT-vlan access, but when I try to set the cameras in surveillance station, I am unable to do so. What am I doing wrong and what would be the best way of configuring the system with what I have. I am not an IT person so my apologies if this may seem straight forward to most of you.
Personally, I would setup a rule that controls access to your vlans, if you invert that rule it controls access to the WAN.
On your CAM vlan I would add another rule in before those other two that allows traffic to your NAS and the camera ports. Apart from recording to the NAS, all other traffic on the CAM vlan will be isolated from the other vlans and WAN.
I’d suggest devising a core suite of rules you use on all the vlans and then make minor adjustments or add some exception rules. If you tailor your rules on each interface it can be a bit tricky to know what you did when you look at it 6 months later.
I just used an ethernet port assigned to the camera vlan on the Synology and you can contain all traffic to only that vlan and deny wan acesss.