In this article, we will cover some of the networking best practices for Rhombus devices:
Local Area Network
99% of the time, our cameras will work right out of the box. But because every network is unique, and some are more restrictive than others, we’ve provided some of our best practices below to ensure you love the setup experience.
While not required for the system, we recommend creating a dedicated subnet for the cameras. This is mostly to make sure troubleshooting is easier, but it also makes configuring DHCP easier. If access control lists are in place between VLANs, port 8000 must be open to any other VLANs that want to view footage over the LAN. This port should not be opened to the broader internet.
The cameras are pre-configured to obtain their local network configuration (IP, subnet, gateway, etc.) via DHCP. The cameras cannot be assigned a static IP. We recommend configuring a dedicated DHCP pool that is assigned to the dedicated VLAN the cameras are attached to.
If there is a requirement to have fixed IP addresses, this can be done on the DHCP server using DHCP reservations, matching a reserved IP address with a camera’s MAC address.
The cameras all require unfettered access to DNS entries that end with the suffix “rhombussystems.com”. Many networks have started to deploy security solutions that interact with DNS (Cisco Umbrella), which can prevent the cameras from being able to lookup resources inadvertently. We require that all rhombussystems.com DNS lookups be whitelisted.
Our cameras have been designed to look like most other devices on the network, with no special rules typically required. All network traffic is outbound (to the internet), so no inbound port forwarding is required. Standard internet ports and protocols are used (TCP/443, UDP/53, NTP/123), and may need to be enabled if the ports/protocols are not already in use.
Our client and servers also enforce full mutual authenticated TLS, which means any security appliances configured to man- in-the-middle SSL traffic will cause the cameras to drop the connection. We require that any such appliance ignore traffic that includes a SNI header for any rhombussystems.com domain.