Want IoT (HomeKit) network to be accessible only from outside the network

Follow

Anthony G

• December 19, 2020 15:05

I don't trust my HomeKit devices, so I put them on their own VLAN.

I provide remote access to the devices through an Apple TV bridge, but I'd like that access to always behave as if it is on a remote network, without allowing any devices on that VLAN to connect to my other VLANs. In other words, even when I'm home, I'd like to access the system as if I'm traveling.

I suspect the MDNS reflector is advertising the addresses of my HomeKit devices to my other VLANs, but since my firewall is blocking them, I'm having some trouble using them.

Is there a way to disable the reflector? Is there a better way to secure this VLAN?

0

• 

  Firewalla

  • December 19, 2020 17:27

  The reflectors is just advertising.  What you need is to put a firewall between the VLAN's.  Have you tried to use the rules to block local network segments?  you can do that for both incoming/outgoing traffic.   

  0

  Comment actions Permalink
• 

  Anthony G

  • December 20, 2020 06:32

  @firewalla yep, the rules are set up, but I think that's the problem. The reflector advertises my light switch on a VLAN that's blocked by a rule, so the software says the device isn't reachable. If the advertisement did not do that, then HomeKit could look on the Internet and hit my bridge, which talks to the devices on the VLAN that's blocked from internal communication.

  As it stands, it just stalls out. If I drop my Wi-Fi and switch to cellular, then my phone can see my HomeKit devices from outside (via the bridge), but I want to be able to do this while on an internal Wi-Fi network.

  0

  Comment actions Permalink

Please sign in to leave a comment.