My current setup:
I have a SRM2600ac router and a couple of Netgear switches, one is a PoE switch for external PoE cameras. Those cameras record to a NVR (BlueIris) internally, those cameras and the NVR don't have a gateway address and they are also are set up in the firewall to be denied access to the internet as well as they are apart of a profile through Safe Access to be denied internet. They are only accessible internally. I also have a Guest wireless for when or if people come over and I will typically put my phone on it. That network is segregated.
I'd like to add a Personal weather station device to the network so that it can report local weather. I don't want it to "potentially" scan my internal network or if it became compromised it wouldn't affect my internal network.
With that said, I'd like the device to go on guest network, but have me be able to access it via the local LAN when on the internal network (faster readings). Is there a way to punch a hole in the firewall so that internal can get to JUST that guest IP? Or can I put it on internal and have it ONLY access internet and not have it be able to scan internal?
I have a SRM2600ac router and a couple of Netgear switches, one is a PoE switch for external PoE cameras. Those cameras record to a NVR (BlueIris) internally, those cameras and the NVR don't have a gateway address and they are also are set up in the firewall to be denied access to the internet as well as they are apart of a profile through Safe Access to be denied internet. They are only accessible internally. I also have a Guest wireless for when or if people come over and I will typically put my phone on it. That network is segregated.
I'd like to add a Personal weather station device to the network so that it can report local weather. I don't want it to "potentially" scan my internal network or if it became compromised it wouldn't affect my internal network.
With that said, I'd like the device to go on guest network, but have me be able to access it via the local LAN when on the internal network (faster readings). Is there a way to punch a hole in the firewall so that internal can get to JUST that guest IP? Or can I put it on internal and have it ONLY access internet and not have it be able to scan internal?