![Ubiquiti EdgeRouter Lite [22/58] Firewall policies](/img/pdf.png)
Ubiquiti EdgeRouter Lite [22/58] Firewall policies
![Ubiquiti EdgeRouter Lite [22/58] Firewall policies](/views2/1072898/page22/bg16.png)
19
Chapter 6: Security TabEdgeRouter
™
Lite User Guide
Ubiquiti Networks, Inc.
Chapter 6: Security Tab
The Security tab displays status information about firewall
policies, firewall groups, (Network Address Translation)
rules, and PPTP VPN options. You can also configure these
policies, groups, rules, and options. Any setting marked
with a blue asterisk * is required.
You have four sub-tabs:
Firewall Policies Each firewall policy is a set of rules
applied in the order you specify.
Firewall Groups Create groups defined by IP address,
network address, or port number.
NAT View and create NAT rules.
VPN Configure the EdgeRouter as a PPTP VPN server.
Firewall Policies
A firewall policy is a set of rules with a default action.
Firewall policies are applied before SNAT (Source Network
Address Translation) and after DNAT (Destination Network
Address Translation).
To create a firewall policy:
1. Click the Firewall Groups tab, and create the
applicable firewall groups. See “Firewall Groups” on
page 23 for more information.
2. Click the Firewall Policies tab, and then click Add
Policy. Configure the basic parameters. See the
Add Policy description in the next column for more
information.
3. Configure the details of the firewall policy. See
“Configure the Firewall Policy” on page 20 for
more information.
All/Drop/Reject/Accept
Add Policy To create a new policy, click Add Policy.
The Create New Ruleset screen appears.
Complete the following:
• Name Enter a name for this policy.
• Description Enter keywords to describe this policy.
• Default action All policies have a default action if the
packets do not match any rule. Select the appropriate
default action:
- Drop Packets are blocked with no message.
- Reject Packets are blocked, and an ICMP (Internet
Control Message Protocol) message is sent saying the
destination is unreachable.
- Accept Packets are allowed through the firewall.
Содержание
- Appendix d warranty 1
- General warranty 1
- Chapter 1 2
- Chapter 2 2
- Chapter 3 2
- Chapter 4 2
- Chapter 5 2
- Chapter 6 2
- Chapter 7 2
- Chapter 8 2
- Dashboard tab 2
- Installation 2
- Overview 2
- Routing tab 2
- Security tab 2
- Services tab 2
- Table of contents 2
- Users tab 2
- Using edgeos 2
- Appendix a 3
- Appendix b 3
- Appendix c 3
- Appendix d 3
- Appendix e 3
- Appendix f 3
- Appendix g 3
- Chapter 9 3
- Command line interface 3
- Compliance information 3
- Contact information 3
- Declaration of conformity 3
- Safety notices 3
- Specifications 3
- Toolbox 3
- Warranty 3
- Back panel 4
- Chapter 1 overview 4
- Chapter 1 overview edgeroute 4
- Configuration 4
- Configuration interface 4
- Configuration interface system requirements 4
- Edgeroute 4
- Edgerouter lite 4
- Front panel leds 4
- Front panel ports 4
- Hardware overview 4
- Introduction 4
- Lite model erlite 3 it is part of the edgema 4
- Lite user guide 4
- Microsoft windows xp windows vista windows 7 windows 8 linux or mac os x 4
- Package contents 4
- Platform for more information visit www ubnt com edgemax 4
- Thank you for purchasing the ubiquiti networks 4
- The edgerouter is a router that provides a variety of features including routing security virtual private networking vpn monitoring and management services and quality of service qos for more detailed specifications refer to edgeos on page 48 4
- The intuitive interface allows you to conveniently manage your edgerouter using your web browser see using edgeos on page 5 for more information if you need to configure advanced features or prefer configuration by command line you can use the command line interface cli see command line interface on page 38 for more information 4
- The leds on the left side of each port are not used at this time below is a description of the right led functionality 4
- This user guide is designed to provide instructions about installation of the edgerouter and to provide details about how to use the edgeo 4
- Ubiquiti networks inc 4
- Web browser google chrome mozilla firefox or microsoft internet explorer 8 or above 4
- Cabling requirements 5
- Chapter 2 installation 5
- Installation of the edgerouter lite 5
- Introduction 5
- Mounting template 5
- Terms of use 5
- Wall mounting 5
- Connecting power 6
- Grounding the edgerouter lite optional 6
- Service provider deployment 6
- Typical deployment scenarios 6
- Corporate deployment 7
- Chapter 3 using edgeos 8
- Navigation 8
- Ports and status information 8
- Alerts 9
- Common interface options 9
- System 9
- Toolbox 9
- Welcome 9
- Basic settings 10
- Domain name 10
- Gateway 10
- Host name 10
- Management settings 10
- Name server 10
- Ssh server 10
- Time zone 10
- Back up config 11
- Configuration management device maintenance 11
- Snmp agent 11
- System log 11
- Telnet server 11
- Restart router 12
- Restart shut down router 12
- Restore config 12
- Shut down router 12
- Upgrade system image 12
- Chapter 4 dashboard tab 13
- Firewall 13
- Routes 13
- Services 13
- All ethernet vlan 14
- Distribution 14
- Interfaces 14
- Configure the interface 15
- Chapter 5 routing tab 16
- Ipv6 routing 16
- All static connected rip ospf 17
- Routes 17
- Configure the static route 18
- Gateway 18
- Interface 18
- Black hole 19
- Redistribution 19
- Router 19
- Configure the ospf area 20
- Configure the ospf interface 21
- Interfaces 21
- All drop reject accept 22
- Chapter 6 security tab 22
- Firewall policies 22
- Configure the firewall policy 23
- All address network port 26
- Configuration 26
- Firewall groups 26
- Interfaces 26
- Configure the firewall group 27
- Source nat rules 27
- Add or configure a source nat rule 28
- Add or configure a destination nat rule 29
- Destination nat rules 29
- Pptp server 30
- Chapter 7 services tab 31
- Dhcp server 31
- Configure the dhcp server 32
- Leases 32
- Static mac ip mapping 33
- Details 34
- Dns forwarding 34
- Pppoe server 35
- Chapter 8 users tab 36
- Configure the user 37
- Remote 37
- Chapter 9 toolbox 38
- Discover 39
- Packet capture 39
- Log monitor 40
- Access the cli 41
- Access using a terminal emulator 41
- Appendix a command line interface 41
- Connect to the console port 41
- Overview 41
- Access using ssh 42
- Access using telnet 42
- Access using the edgeos configuration interface 43
- Appendix a command line interface edgeroute 43
- At the password prompt enter the password the default is ubnt 43
- At the top right of the screen click the cli 43
- Button 43
- Change the default password of the ubnt login use the set command as detailed in remove the default user account on page 42 43
- Cli modes 43
- Each tab of the edgeos interface contains cli access 43
- Enter show and press the key to view the settings that you have configured 43
- For example type show interfaces to display the interfaces and their status information 43
- For help with commands you can either press the key or enter show and press the key 43
- Lite user guide 43
- Note the question mark does not display onscreen 43
- Note to enhance security we recommend that you change the default login using at least one of the following options 43
- Operational mode 43
- Set up a new user account preferred option for details go to remove the default user account on page 42 43
- The cli window appears at the login prompt enter the username the default is ubnt 43
- To properly shut down the edgerouter use the shutdown command 43
- Ubiquiti networks inc 43
- Warning use the shutdown command to properly shut down the edgerouter an improper shutdown such as disconnecting the edgerouter from its power supply runs the risk of data corruption 43
- When you first log in the cli is in operational mode press the key to view the available commands 43
- Configuration mode 44
- Configure an interface 44
- Appendix a command line interface edgeroute 45
- Create a firewall rule 45
- Create a firewall rule using the full syntax 45
- Create a new user 45
- Delete the default user account 45
- Lite user guide 45
- Log in with the new user account 45
- Log out of the default user account 45
- Remove the default user account 45
- The plaintext password that you entered is converted to an encrypted password 45
- To create a firewall rule use the set or edit commands both methods are described below in addition use the compare discard up top copy and rename commands 45
- To create the same firewall rule while reducing the amount of repetition in the full syntax use the edit command 45
- To display uncommitted changes use the compare command 45
- To remove the default user account do the following 45
- To undo uncommitted changes use the discard command 45
- Ubiquiti networks inc 45
- Use the set commit save exit and delete commands 45
- Appendix a command line interface edgeroute 46
- Lite user guide 46
- Press the or tab key to display options for the specified edit level 46
- To display the existing firewall rule use the show firewall command 46
- To move up an edit level use the up command 46
- To return to the top edit level use the top command 46
- To show changes within the edit level use the compare command 46
- Ubiquiti networks inc 46
- Appendix a command line interface edgeroute 47
- Lite user guide 47
- To change the name of the new firewall rule use the rename command 47
- To create a new firewall rule from an existing firewall rule use the copy command 47
- Ubiquiti networks inc 47
- Appendix a command line interface edgeroute 48
- Before making changes the administrator saved a backup configuration file with a working ipsec tunnel configuration 48
- Enter save and press the key 48
- Here is an example that uses the commit revisions command 48
- Lite user guide 48
- Manage the configuration file 48
- Note this is a backup if the edgerouter were rebooted it would still boot from the default file config config boot 2 after the administrator deleted the ipsec configuration and was configuring of the openvpn tunnel circumstances changed so that the ipsec tunnel was required again consequently the administrator reverted the edgerouter to its previous configuration with the ipsec tunnel 48
- On the remote tftp server a copy with the hostname and date is saved for each commit 48
- Scenario in the midst of the administrator changing an ipsec tunnel into an openvpn tunnel the administrator had to revert the edgerouter to its previous configuration with the ipsec tunnel 48
- To automatically make a remote backup after every commit use the commit archive configuration option enter location and press the key 48
- Typically you use the save command to save the active configuration to disk config config boot however you can also save the active configuration to a different file or remote server 48
- Ubiquiti networks inc 48
- You can also keep a specified number of revisions of the configuration file on the local disk use the commit revisions configuration option 48
- After viewing the history of system commits you decide to discard the last four commits by admin_5 roll back the system configuration file to commit 4 49
- After you verify that the changes should be saved use the confirm command 49
- Appendix a command line interface edgeroute 49
- For details on the commit revisions option go to manage the configuration file on page 45 49
- Lite user guide 49
- Note the following commands require that the configuration option commit revisions be set first 49
- Now you will see the comment when you use the show system commit command 49
- To add a comment to the commit use the comment command 49
- To display the changes in revision 0 use the show system commit diff command 49
- To display the entire configuration file for revision 0 use the show system commit file command 49
- To roll back to an earlier commit use the show system commit and rollback commands 49
- Ubiquiti networks inc 49
- When you work on a remote router certain changes such as a firewall or nat rule can cut off access to the remote router so you then have to visit the remote router and reboot it to avoid such issues when you make risky changes use the commit confirm command first then use the confirm command to save your changes 49
- You can also specify the number of minutes to wait but you must remember to also use the confirm command otherwise if you forget then you can be surprised by the edgerouter s reboot to its previous configuration 49
- Appendix b specifications 50
- Appendix b specifications edgeroute 50
- Lite user guide 50
- Ubiquiti networks inc 50
- Appendix b specifications edgeroute 51
- Lite user guide 51
- Ubiquiti networks inc 51
- Appendix c safety notices 52
- Electrical safety information 52
- Appendix d warranty 53
- Disclaimer 53
- Limitation of liability 53
- Limited warranty 53
- Returns 53
- Warranty conditions 53
- Appendix e compliance information 55
- Australia and new zealand 55
- Ce marking 55
- Deutsch 55
- English 55
- Industry canada 55
- Japan vcci a 55
- Rohs weee compliance statement 55
- Español 56
- Français 56
- Italiano 56
- Appendix f declaration of conformity 57
- Appendix f declaration of conformity edgeroute 57
- Dansk danish 57
- Deutsch german 57
- Eesti estonian 57
- English 57
- Español spanish 57
- Français french 57
- Italiano italian 57
- Latviski latvian 57
- Lietuviškai lithuanian 57
- Lite user guide 57
- Magyar hungarian 57
- Malti maltese 57
- Nederlands dutch 57
- Norsk norwegian 57
- Polski polish 57
- Português portuguese 57
- Română romanian 57
- Slovensky slovak 57
- Suomi finnish 57
- Svenska swedish 57
- Ubiquiti networks inc 57
- Íslenska icelandic 57
- Česky czech 57
- Ελληνική greek 57
- Appendix g contact information 58
- Online resources 58
- Ubiquiti networks support 58
Похожие устройства
- Ubiquiti EdgeRouter POE Инструкция по эксплуатации
- Buderus LOGALUX L135-L200 Инструкция по эксплуатации
- Ubiquiti EdgeRouter Инструкция по эксплуатации
- Buderus LOGALUX LT135-LT300 Инструкция по эксплуатации
- Ubiquiti EdgeRouter PRO Инструкция по эксплуатации
- Buderus LOGALUX SU400-SU1000 Инструкция по эксплуатации
- Tefal D8213212 Инструкция по эксплуатации
- Ubiquiti AirRouter Инструкция по эксплуатации
- Tefal D2300212 Инструкция по эксплуатации
- Buderus LOGALUX SU160-SU300 Инструкция по эксплуатации
- Ubiquiti AirRouter HP Инструкция по эксплуатации
- Buderus LOGALUX S120 Инструкция по эксплуатации
- Tefal D2300412 Инструкция по эксплуатации
- Ubiquiti TOUGHSwitch PoE Инструкция по эксплуатации
- Buderus LOGAMAX PLUS GB022 Инструкция по эксплуатации
- Tefal D2300512 Инструкция по эксплуатации
- Ubiquiti TOUGHSwitch PoE PRO Инструкция по эксплуатации
- Buderus LOGAMAX U022-24K Инструкция по эксплуатации
- Ubiquiti TOUGHSwitch PoE CARRIER Инструкция по эксплуатации
- Buderus LOGAMAX U024-24K Инструкция по эксплуатации
Скачать
Случайные обсуждения