Segregation of Helium hotspot miner

I was asked permission to plug a helium hotspot miner on my network.

I agreed on condition I took full control of properly segregating it from my main network, as it’s essentially an IoT device.

Sadly, it does require 2 ports to be opened up to allow other miners to connect and provide proof of coverage and witnessing.

TCP 44158 and for support and firmware updates, need ports 22 and 443 open Outbound.

I plan on setting up its own ssid tied to a vlan and port forward from Wan tcp44158 direct to vlan device IP.

I don’t think I can IP filter the port forward as I could have any number of hotspots connecting. (Among other things but hopefully the hotspot miner has enough security to guard itself)

Anything else I’m missing?

This is the right way. Disable inter vlan routing also and add an internal firewall to deny access to other vlan subnets.

1 Like