![Ubiquiti EdgeRouter [23/57] All drop reject accept](/img/pdf.png)
Ubiquiti EdgeRouter [23/57] All drop reject accept
![Ubiquiti EdgeRouter [23/57] All drop reject accept](/views2/1072902/page23/bg17.png)
20
Chapter 5: Security TabEdgeOS
™
User Guide
Ubiquiti Networks, Inc.
Chapter 5: Security Tab
The Security tab displays status information about firewall
policies, firewall groups, (Network Address Translation)
rules, and PPTP VPN options. You can also configure these
policies, groups, rules, and options. Any setting marked
with a blue asterisk * is required.
You have four sub-tabs:
Firewall Policies Each firewall policy is a set of rules
applied in the order you specify.
NAT View and create NAT rules.
Firewall/NAT Groups Create groups defined by IP
address, network address, or port number.
VPN Configure the EdgeRouter as a PPTP VPN server.
Firewall Policies
A firewall policy is a set of rules with a default action.
Firewall policies are applied before SNAT (Source Network
Address Translation) and after DNAT (Destination Network
Address Translation).
To create a firewall policy:
1. Click the Firewall/NAT Groups tab, and create the
applicable firewall groups. See “Firewall/NAT Groups”
on page 28 for more information.
2. Click the Firewall Policies tab, and then click Add
Policy. Configure the basic parameters. See the
Add Policy description in the next column for more
information.
3. Configure the details of the firewall policy. See
“Configure the Firewall Policy” on page 21 for
more information.
All/Drop/Reject/Accept
Add Policy To create a new policy, click Add Policy.
The Create New Ruleset screen appears.
Complete the following:
• Name Enter a name for this policy.
• Description Enter keywords to describe this policy.
• Default action All policies have a default action if the
packets do not match any rule. Select the appropriate
default action:
- Drop Packets are blocked with no message.
- Reject Packets are blocked, and an ICMP (Internet
Control Message Protocol) message is sent saying the
destination is unreachable.
- Accept Packets are allowed through the firewall.
Содержание
- Chapter 1 2
- Chapter 2 2
- Chapter 3 2
- Chapter 4 2
- Chapter 5 2
- Chapter 6 2
- Chapter 7 2
- Chapter 8 2
- Dashboard tab 2
- Overview 2
- Routing tab 2
- Security tab 2
- Services tab 2
- Table of contents 2
- Users tab 2
- Using edgeos 2
- Wizards tab 2
- Appendix a 3
- Appendix b 3
- Chapter 9 3
- Command line interface 3
- Contact information 3
- Toolbox 3
- Chapter 1 overview 4
- Configuration 4
- Configuration interface system requirements 4
- Hardware overview and installation 4
- Introduction 4
- Service provider deployment 4
- Soho deployment 4
- Typical deployment scenarios 4
- Corporate deployment 5
- Chapter 2 using edgeos 6
- Navigation 6
- Ports and status information 6
- Alerts 7
- Common interface options 7
- System 7
- Toolbox 7
- Welcome 7
- Basic settings 8
- Domain name 8
- Gateway 8
- Host name 8
- Management settings 8
- Name server 8
- Ssh server 8
- Time zone 8
- Back up config 9
- Configuration management device maintenance 9
- Snmp agent 9
- System log 9
- Telnet server 9
- Reset config to default 10
- Restart router 10
- Restart shut down router 10
- Restore config 10
- Shut down router 10
- Upgrade system image 10
- Chapter 3 dashboard tab 11
- Firewall 11
- Routes 11
- Services 11
- All ethernet vlan 12
- Distribution 12
- Interfaces 12
- Configure the interface 13
- Configure the vlan 14
- Configure the poe settings 15
- Configure the switch 15
- Poe watchdog 15
- Chapter 4 routing tab 17
- Ipv6 routing 17
- All static connected rip ospf 18
- Routes 18
- Configure the static route 19
- Gateway 19
- Interface 19
- Black hole 20
- Redistribution 20
- Router 20
- Configure the ospf area 21
- Configure the ospf interface 22
- Interfaces 22
- All drop reject accept 23
- Chapter 5 security tab 23
- Firewall policies 23
- Configure the firewall policy 24
- Configuration 27
- Interfaces 27
- Add or configure a source nat rule 28
- Source nat rules 28
- Destination nat rules 29
- Add or configure a destination nat rule 30
- All address network port 31
- Firewall nat groups 31
- Configure the firewall nat group 32
- Pptp server 32
- Chapter 6 services tab 33
- Dhcp server 33
- Configure the dhcp server 34
- Leases 34
- Static mac ip mapping 35
- Details 36
- Dns forwarding 37
- Pppoe server 37
- Chapter 7 users tab 38
- Configure the user 39
- Remote 39
- Chapter 8 wizards tab 40
- Setup wizards 40
- Wan 2lan 40
- Erlite 3 er 8 erpro 8 41
- Internet port eth1 41
- Lan port eth0 41
- Optional secondary lan port eth2 41
- Erpoe 5 42
- Internet port eth1 42
- Lan ports eth2 eth3 and eth4 42
- Optional secondary lan port eth0 42
- Feature wizards 43
- Port forwarding 43
- Port forwarding rules 43
- Set up port forwarding 43
- Set up upnp interfaces 44
- Tcp mss clamping 44
- Chapter 9 toolbox 45
- Discover 46
- Packet capture 46
- Log monitor 47
- Access the cli 48
- Access using a terminal emulator 48
- Appendix a command line interface 48
- Connect to the console port 48
- Overview 48
- Access using ssh 49
- Access using telnet 49
- Access using the edgeos configuration interface 50
- Appendix a command line interface edgeo 50
- At the password prompt enter the password the default is ubnt 50
- At the top right of the screen click the cli 50
- Button 50
- Change the default password of the ubnt login use the set command as detailed in remove the default user account on page 49 50
- Cli modes 50
- Each tab of the edgeos interface contains cli access 50
- Enter show and press the key to view the settings that you have configured 50
- For example type show interfaces to display the interfaces and their status information 50
- For help with commands you can either press the key or enter show and press the key 50
- Note the question mark does not display onscreen 50
- Note to enhance security we recommend that you change the default login using at least one of the following options 50
- Operational mode 50
- Set up a new user account preferred option for details go to remove the default user account on page 49 50
- The cli window appears at the login prompt enter the username the default is ubnt 50
- To properly shut down the edgerouter use the shutdown command 50
- Ubiquiti networks inc 50
- User guide 50
- Warning use the shutdown command to properly shut down the edgerouter an improper shutdown such as disconnecting the edgerouter from its power supply runs the risk of data corruption 50
- When you first log in the cli is in operational mode press the key to view the available commands 50
- Configuration mode 51
- Configure an interface 51
- Appendix a command line interface edgeo 52
- Create a firewall rule 52
- Create a firewall rule using the full syntax 52
- Create a new user 52
- Delete the default user account 52
- Log in with the new user account 52
- Log out of the default user account 52
- Remove the default user account 52
- The plaintext password that you entered is converted to an encrypted password 52
- To create a firewall rule use the set or edit commands both methods are described below in addition use the compare discard up top copy and rename commands 52
- To create the same firewall rule while reducing the amount of repetition in the full syntax use the edit command 52
- To display uncommitted changes use the compare command 52
- To remove the default user account do the following 52
- To undo uncommitted changes use the discard command 52
- Ubiquiti networks inc 52
- Use the set commit save exit and delete commands 52
- User guide 52
- Appendix a command line interface edgeo 53
- Press the or tab key to display options for the specified edit level 53
- To display the existing firewall rule use the show firewall command 53
- To move up an edit level use the up command 53
- To return to the top edit level use the top command 53
- To show changes within the edit level use the compare command 53
- Ubiquiti networks inc 53
- User guide 53
- Appendix a command line interface edgeo 54
- To change the name of the new firewall rule use the rename command 54
- To create a new firewall rule from an existing firewall rule use the copy command 54
- Ubiquiti networks inc 54
- User guide 54
- Appendix a command line interface edgeo 55
- Before making changes the administrator saved a backup configuration file with a working ipsec tunnel configuration 55
- Enter save and press the key 55
- Here is an example that uses the commit revisions command 55
- Manage the configuration file 55
- Note this is a backup if the edgerouter were rebooted it would still boot from the default file config config boot 2 after the administrator deleted the ipsec configuration and was configuring of the openvpn tunnel circumstances changed so that the ipsec tunnel was required again consequently the administrator reverted the edgerouter to its previous configuration with the ipsec tunnel 55
- On the remote tftp server a copy with the hostname and date is saved for each commit 55
- Scenario in the midst of the administrator changing an ipsec tunnel into an openvpn tunnel the administrator had to revert the edgerouter to its previous configuration with the ipsec tunnel 55
- To automatically make a remote backup after every commit use the commit archive configuration option enter location and press the key 55
- Typically you use the save command to save the active configuration to disk config config boot however you can also save the active configuration to a different file or remote server 55
- Ubiquiti networks inc 55
- User guide 55
- You can also keep a specified number of revisions of the configuration file on the local disk use the commit revisions configuration option 55
- After viewing the history of system commits you decide to discard the last four commits by admin_5 roll back the system configuration file to commit 4 56
- After you verify that the changes should be saved use the confirm command 56
- Appendix a command line interface edgeo 56
- For details on the commit revisions option go to manage the configuration file on page 52 56
- Note the following commands require that the configuration option commit revisions be set first 56
- Now you will see the comment when you use the show system commit command 56
- To add a comment to the commit use the comment command 56
- To display the changes in revision 0 use the show system commit diff command 56
- To display the entire configuration file for revision 0 use the show system commit file command 56
- To roll back to an earlier commit use the show system commit and rollback commands 56
- Ubiquiti networks inc 56
- User guide 56
- When you work on a remote router certain changes such as a firewall or nat rule can cut off access to the remote router so you then have to visit the remote router and reboot it to avoid such issues when you make risky changes use the commit confirm command first then use the confirm command to save your changes 56
- You can also specify the number of minutes to wait but you must remember to also use the confirm command otherwise if you forget then you can be surprised by the edgerouter s reboot to its previous configuration 56
- Appendix b contact information 57
- Online resources 57
- Ubiquiti networks support 57
Похожие устройства
- Buderus LOGALUX LT135-LT300 Инструкция по эксплуатации
- Ubiquiti EdgeRouter PRO Инструкция по эксплуатации
- Buderus LOGALUX SU400-SU1000 Инструкция по эксплуатации
- Tefal D8213212 Инструкция по эксплуатации
- Ubiquiti AirRouter Инструкция по эксплуатации
- Tefal D2300212 Инструкция по эксплуатации
- Buderus LOGALUX SU160-SU300 Инструкция по эксплуатации
- Ubiquiti AirRouter HP Инструкция по эксплуатации
- Buderus LOGALUX S120 Инструкция по эксплуатации
- Tefal D2300412 Инструкция по эксплуатации
- Ubiquiti TOUGHSwitch PoE Инструкция по эксплуатации
- Buderus LOGAMAX PLUS GB022 Инструкция по эксплуатации
- Tefal D2300512 Инструкция по эксплуатации
- Ubiquiti TOUGHSwitch PoE PRO Инструкция по эксплуатации
- Buderus LOGAMAX U022-24K Инструкция по эксплуатации
- Ubiquiti TOUGHSwitch PoE CARRIER Инструкция по эксплуатации
- Buderus LOGAMAX U024-24K Инструкция по эксплуатации
- Ubiquiti RB2011UiAS-2HnD-IN Инструкция по эксплуатации
- Buderus LOGANO G211 Инструкция по эксплуатации
- Ubiquiti RB951-2n Инструкция по эксплуатации
Скачать
Случайные обсуждения
Ответы 1
Какие разделы содержит руководство пользователя EdgeOS ™ от Ubiquiti Networks, Inc.?
2 года назад