Bambu printer users are concerned about executing print jobs that run through the Bambu cloud.
Degree Of Difficulty: medium to high,
There’s a solution if you have a small business or home network capable of using multiple VLANS concurrently.
I have a Ubiquiti Unifi Dream Machine (UDM) configured as follows.
Networks
Network 1: Name “Trusted”. This is the main private network with an IP address range of 192.168.1.0 to 192.168.1.254
Network 2: Name “Untrusted”. This is a VLAN, ID 10. The IP address range is 192.168.10.0 to 192.168.10.254
(Why Trusted and Untrusted? Devices that use poor security will be assigned to the Untrusted network. These are often known as Internet of Things [IoT] devices)
WiFi
Wifi 1: Name “Fred” (or any name you like). The underlying network is Trusted (192.168.1.xxx IP range) This works with 2.4GhZ and 5.0Ghz devices
WiFi 2: Name IoT. The underlying network is Untrusted (192.168.10.xxx range). This works with 2.4GhZ and 5.0Ghz devices
WiFi 3: Name IoT-24. This is identical to IoT which it uses as its base, except that it won’t work with 5.0Ghz devices
(IoT-24 is a copy or subset of IoT configured to use only a 2.4Ghz network, to be assigned to devices requiring a 2.4Ghz network)
Firewall rules
Network traffic can move between all networks and wifi so we have to apply some blocks
Block access from Vlan 10 to main network gateway
Allow access to Vlan 10 from main network
When this is set up and working, a device assigned to the Iot network, including IoT-24, via WiFi or cable, will be blocked from accessing the main network
So if the main network is set up with maximum security, and only trusted devices that are known to be secure are connected to it, the network is protected. Devices of unknown strength of security, such as smart switches, smart speakers, smart globes and WiFi connected 3D printers are assigned to either the IoT network or IoT-24 if it’s a 2.4Ghz only device. Once set up, the firewall rules isolate the IoT devices
My X1C, connected to IoT-24, is isolated from the main network so cloud transactions sail through efficiently without ever knowing that my main secure network exists