Want IoT (HomeKit) network to be accessible only from outside the network
I don't trust my HomeKit devices, so I put them on their own VLAN.
I provide remote access to the devices through an Apple TV bridge, but I'd like that access to always behave as if it is on a remote network, without allowing any devices on that VLAN to connect to my other VLANs. In other words, even when I'm home, I'd like to access the system as if I'm traveling.
I suspect the MDNS reflector is advertising the addresses of my HomeKit devices to my other VLANs, but since my firewall is blocking them, I'm having some trouble using them.
Is there a way to disable the reflector? Is there a better way to secure this VLAN?
-
@firewalla yep, the rules are set up, but I think that's the problem. The reflector advertises my light switch on a VLAN that's blocked by a rule, so the software says the device isn't reachable. If the advertisement did not do that, then HomeKit could look on the Internet and hit my bridge, which talks to the devices on the VLAN that's blocked from internal communication.
As it stands, it just stalls out. If I drop my Wi-Fi and switch to cellular, then my phone can see my HomeKit devices from outside (via the bridge), but I want to be able to do this while on an internal Wi-Fi network.
Please sign in to leave a comment.
Comments
2 comments