Technical document

Limit Camera sending multiple Sessions when running P2P on Draytek Modem

Posted on by CCTVAPP.NET
02
Dec

In some cases, the system uses CAMERA and there is a phenomenon of network flickering when someone opens the app to view the camera (can be inside or outside the system). This happens because CAMERAs send multiple sessions out when running P2P. To overcome this situation, you can use the following method on Modem Draytek:

  • Session limit 500
  • Firewall configuration stipulates that CAMERAs can only access UDP services 8800~9000, and prohibit access to UDP 1025~65535

1. Prepare

Find the MAC address of the CAMERA using specialized software provided by companies such as:

  • Camera Imou, Dahua: ConfigTool
  • Hikvision, Ezviz cameras: SADP
  • KBvision Camera: KB-ConfigTool
  • Xiongmai, J-Tech, PuraTech: Device Manager
  • ….

2. How to do it

A. Fixed IP for CAMERA

Enter LAN >> Bind IP to MAC, find and fix the IP for the Camera’s MAC addresses. Or use the company’s configuration software to set a Static IP for the Camera

B. Create object groups for CAMERA

Create IP Object for CAMERA

Go to Objects Setting >> IP Object, select Index 1

  • Name:                  Name CAMERA
  • Interface:            Select Any
  • Address Type:      Select Single IP
  • Start IP Address: Enter CAMERA IP (for example 192.168.1.10)
  • Press OK

 Do the same for the remaining CAMERA

Group CAMERAS into a Group

Go to Objects Setting >> IP Group, select any index

  • Name:                  Name the group
  • Interface:            Select Any
  • Move IP Objects from “Available IP Objects” table to “Selected IP Objects”
  • Click OK

C. Limit sessions for CAMERA

Go to Bandwidth Management >> Session Limit

  • Select Enable
  • Default Max Session:      Limit the maximum number of Sessions a device can use  (eg 500 sessions)
  • Click OK

D. Create a firewall to limit access for CAMERA

Need to create a rule for the CAMERA group created above

  • Rule 1: allows CAMERAs to access UDP service 8800~9000
  • Rule 2: prohibit CAMERAs from accessing UDP service 1025~65535

Implement

Rule 1: allows CAMERAs to access UDP 8800~9000 service

Go to  Firewall>>IP Filter>> Default Data Filter, select rule 2

  • Check “Check to Enable the Filter Rule”
  • Comments:          Name the rule
  • Direction:             Select LAN/DMZ/RT/VPN →WAN
  • Source IP:            Click Edit to Select CAM Object Group
    • Address Type:      Select Group and Objects
    • IP Group:             Select Group CAM
    • Press Ok
  • Service Type:       Click Edit to configure service
    • Service Type:       Select User defined
    • Destination port:  Select port range from 8800 to 9000
    • Press Ok
  • Filter: Select Pass Imediately
  • Press OK

Rule 2: prohibit CAMERAs from accessing UDP service 1025~65535

Go to  Firewall>>IP Filter>> Default Data Filter, select rule 3

  • Check “Check to Enable the Filter Rule”
  • Comments:   Name the rule
  • Direction:      Select LAN/DMZ/RT/VPN →WAN
  • Source IP:     Click Edit to Select CAM Object Group
    • Address Type:      Select Group and Objects
    • IP Group:             Select Group CAM
    • Press Ok
  • Service Type:       Click Edit to configure service
    • Service Type:       Select User defined
    • Destination port:  Select port range from 1025 to 65535
    • Press Ok
  • Filter: Select Block Imediately
  • Press OK

Article source: https://www.anphat.vn/

Thank you for following the article!!!