manualshive.com logo in svg

Ubiquiti ERLite-3, User Manual

The Ubiquiti ERLite-3 is a powerful router designed for small to medium-sized businesses. For a quick setup, download the free Quick Start Manual from our website. This manual provides detailed instructions on setting up and configuring the ERLite-3 for optimal performance. Get your manual at manualshive.com today.

Share
Download
background image

19

Chapter 6: Security Tab

EdgeRouter

 Lite User Guide

 Ubiquiti Networks, Inc.

Chapter 6: Security Tab

The 

Security

 tab displays status information about firewall 

policies, firewall groups, (Network Address Translation) 
rules, and PPTP VPN options. You can also configure these 
policies, groups, rules, and options. Any setting marked 
with a blue asterisk 

*

 is required.

You have four sub-tabs:

Firewall Policies 

Each firewall policy is a set of rules 

applied in the order you specify.

Firewall Groups 

Create groups defined by IP address, 

network address, or port number.

NAT 

View and create NAT rules. 

VPN 

Configure the EdgeRouter as a PPTP VPN server.

Firewall Policies

A firewall policy is a set of rules with a default action. 
Firewall policies are applied before SNAT (Source Network 
Address Translation) and after DNAT (Destination Network 
Address Translation).

To create a firewall policy:

1.  Click the 

Firewall Groups

 tab, and create the 

applicable firewall groups. See 

“Firewall Groups” on 

page 23

 for more information.

2.  Click the 

Firewall Policies

 tab, and then click 

Add 

Policy

. Configure the basic parameters. See the 

Add Policy

 description in the next column for more 

information.

3.  Configure the details of the firewall policy. See 

“Configure the Firewall Policy” on page 20

 for 

more information.

All/Drop/Reject/Accept

Add Policy 

To create a new policy, click 

Add Policy

.

The 

Create New Ruleset

 screen appears.

Complete the following:

• 

Name 

Enter a name for this policy.

• 

Description 

Enter keywords to describe this policy.

• 

Default action 

All policies have a default action if the 

packets do not match any rule. Select the appropriate 
default action:

 

-

Drop 

Packets are blocked with no message.

 

-

Reject 

Packets are blocked, and an ICMP (Internet 

Control Message Protocol) message is sent saying the 
destination is unreachable.

 

-

Accept 

Packets are allowed through the firewall.

Summary of Contents for ERLite-3

Page 1: ...3 Port Router...

Page 2: ...allation of the EdgeRouter Lite 2 Typical Deployment Scenarios 3 Chapter 3 Using EdgeOS 5 Ports and Status Information 5 Navigation 5 Common Interface Options 6 Chapter 4 Dashboard Tab 10 Services 10...

Page 3: ...CLI 38 CLI Modes 40 Appendix B Specifications 47 Appendix C Safety Notices 49 Electrical Safety Information 49 Appendix D Warranty 50 General Warranty 50 Appendix E Compliance Information 51 FCC 51 In...

Page 4: ...ity at 10 100 Mbps Green Link Established at 1000 Mbps Green Flashing Link Activity at 1000 Mbps Chapter 1 Overview Introduction Thank you for purchasing the Ubiquiti Networks EdgeRouter Lite model ER...

Page 5: ...ors the EdgeRouter Lite itself should be housed inside a protective enclosure Terms of Use All Ethernet cabling runs must use CAT5 or above It is the customer s responsibility to follow local country...

Page 6: ...arios that are possible this section highlights a couple of typical deployments Service Provider Deployment Corporate Deployment Service Provider Deployment This scenario uses six EdgeRouter devices 1...

Page 7: ...faces connect to the following Internet DMZ LAN Internet DMZ LAN Firewall Policies Here are the typical steps to follow 1 Configure the appropriate settings on the System tab see System on page 6 for...

Page 8: ...e 33 Change the default password of the ubnt login on the Users Local tab For details go to Configure the User on page 34 Ports and Status Information The Ports image displays the active connections A...

Page 9: ...d Line Interface on page 38 for more information Toolbox At the top right of the screen click the Toolbox button The following network administration and monitoring tools are available Ping on page 35...

Page 10: ...on the Internet holds these mappings in its respective DNS database System name server Enter the IP address of your DNS server example 192 0 2 1 for IPv4 or 2001 db8 1 for IPv6 Click Add New to add ad...

Page 11: ...hat warrant attention The EdgeRouter contains an SNMP agent which does the following Provides an interface for device monitoring using SNMP Communicates with SNMP management applications for network p...

Page 12: ...stem image To update the EdgeRouter with new firmware click Upload a file and locate the new firmware file Then click Choose Please be patient as the firmware update routine can take three to seven mi...

Page 13: ...order Gateway Protocol IBGP Interior Border Gateway Protocol The number of each route type and the total number of routes are displayed Click Routes to display the Routing Routes tab Go to Routes on p...

Page 14: ...eatea New VLAN screen appears VLAN ID The VLAN ID is a unique value assigned to each VLAN at a single device every VLAN ID represents a different VLAN The VLAN ID range is 2 to 4094 Interface Select t...

Page 15: ...quires network settings from a DHCPv4 server Click the Renew button to acquire fresh network settings Use DHCP for IPv6 The interface acquires network settings from a DHCPv6 server Manually define IP...

Page 16: ...n Refer to Name Server on page 7 Dashboard VLAN configuration Refer to Add VLAN on page 11 Dashboard Interface configuration Refer to Configure the Interface on page 12 For IPv6 addresses the EdgeOS C...

Page 17: ...utes from different sources such as static RIP or OSPF the EdgeRouter compares the routes and uses the route with the lowest distance Enable Check the box to enable the route Click Save to apply your...

Page 18: ...tions Click the Actions button to access the following options Config To configure the route click Config Go to the Configure the Static Route section below Delete Delete the route its configuration w...

Page 19: ...ncompatible metrics It must reconcile information from multiple protocols to determine which route to use for a specific destination network You can change the metrics of the distributed protocol to c...

Page 20: ...more network addresses Click Save to apply your changes A table displays the following information about each OSPF Area Click a column heading to sort by that heading Area ID The identification number...

Page 21: ...ssign a cost to the interface Click Save to apply your changes A table displays the following information about each OSPF Interface Click a column heading to sort by that heading Interface The name of...

Page 22: ...ork Address Translation To create a firewall policy 1 Click the Firewall Groups tab and create the applicable firewall groups See Firewall Groups on page 23 for more information 2 Click the Firewall P...

Page 23: ...ancel Delete Policy Remove the policy Configure the Firewall Policy The Ruleset Configuration for _ screen appears You have four tabs available Rules see below Configuration on page 23 Interfaces on p...

Page 24: ...tch packets of all protocols except for the selected protocol Enter a protocol number Enter the port number of the protocol Match packets of this protocol Match all protocols except for this Match pac...

Page 25: ...the appropriate group s you can specify up to two groups maximum in these combinations An address group and port group A network group and port group The packets must match both groups to apply the r...

Page 26: ...he order specified The number of the rule in this order is displayed Packets The number of packets that triggered this rule is displayed Bytes The number of bytes that triggered this rule is displayed...

Page 27: ...oup is displayed Description Enter keywords to describe this group Network Enter the IP address and subnet mask using slash notation network_IP_address subnet_mask_number example 192 0 2 0 24 Click Ad...

Page 28: ...guration screen appears Description Enter keywords to describe this rule Enable Check the box to enable this rule Outbound Interface Select the interface through which the outgoing packets exit the Ed...

Page 29: ...nation NAT Rulesection Save Rule Order To change the rule order click and drag a rule up or down the sequence and then release the rule When you are finished click Save Rule Order Search Allows you to...

Page 30: ...t Address Enter the IP address or network address of the destination You can also enter a range of IP addresses one of them will be used Note If you enter a network address enter the IP address and su...

Page 31: ...ervers to assign IP ranges in different subnets on the different interfaces Add DHCP Server To create a new DHCP server click Add DHCP Server The CreateDHCP Server screen appears Complete the followin...

Page 32: ...ils Go to Details on page 31 Delete Delete the DHCP server its configuration will be removed Disable Disable the DHCP server while keeping its configuration Configure the DHCP Server The DHCPServer sc...

Page 33: ...DHCP clients route all packets to this IP address which is the EdgeRouter s own IP address in most cases DNS The IP address of the DNS server is displayed Status The Enabled Disabled status of the DHC...

Page 34: ...Range Start Enter the starting IP address of the range Range Stop Enter the last IP address of the range Router Enter the default route of the DHCP clients The DHCP clients route all packets to this I...

Page 35: ...Dial In User Service server provides authentication to help secure PPPoE connections Enter the IP address of the RADIUS server RADIUS server key Enter the key shared with the RADIUS server MTU Enter...

Page 36: ...e Select the appropriate permission level Admin The user can make changes to the EdgeRouter configuration Operator The user can view the EdgeRouter configuration but cannot make changes Click Save to...

Page 37: ...Allows you to search for specific text Begin typing there is no need to press enter The results are filtered in real time as soon as you type two or more characters PPTP L2TP PPPOE All Click the appro...

Page 38: ...Packet Capture Log Monitor Ping You can ping other devices on the network directly from the EdgeRouter The Ping tool uses ICMP packets to check the preliminary link quality and packet latency estimati...

Page 39: ...ed to the device is displayed Product Name The Ubiquiti name of the device is displayed IP Address The IP address of the device is displayed You can click it to access the device s configuration throu...

Page 40: ...d Packet descriptions Log Monitor The Log Monitor is a log displaying live updates Click the pause button to stop the live updates Click the play button to resume the live updates The System log messa...

Page 41: ...e cable also known as a rollover cable to connect the Console port of the EdgeRouter to your computer If your computer does not have a DB9 port then you will also need a DB9 adapter Computer Console 2...

Page 42: ...For details go to Remove the Default User Account on page 42 Change the default password of the ubnt login Use the set command as detailed in Remove the Default User Account on page 42 Access Using T...

Page 43: ...new user account preferred option For details go to Remove the Default User Account on page 42 Change the default password of the ubnt login Use the set command as detailed in Remove the Default User...

Page 44: ...of the boot configuration until you save the changes to the boot configuration Boot When the EdgeRouter reboots it loads the boot configuration for use The following scenarios cover some of the most...

Page 45: ...ommands The plaintext password that you entered is converted to an encrypted password Create a Firewall Rule To create a firewall rule use the set or edit commands both methods are described below In...

Page 46: ...s the or tab key to display options for the specified edit level To show changes within the edit level use the compare command To move up an edit level use the up command To return to the top edit lev...

Page 47: ...mand Line Interface EdgeRouter Lite User Guide Ubiquiti Networks Inc To create a new firewall rule from an existing firewall rule use the copy command To change the name of the new firewall rule use t...

Page 48: ...l configuration Note This is a backup if the EdgeRouter were rebooted it would still boot from the default file config config boot 2 After the administrator deleted the IPsec configuration and was con...

Page 49: ...er certain changes such as a firewall or NAT rule can cut off access to the remote router so you then have to visit the remote router and reboot it To avoid such issues when you make risky changes use...

Page 50: ...4 with Hardware Acceleration for Packet Processing System Memory 512 MB DDR2 RAM Onboard Flash Storage 2 GB CE FCC IC Wall Mount Yes Operating Temperature 10 to 45 C Operating Humidity 90 Non Condensi...

Page 51: ...ACL Based Firewall Zone Based Firewall NAT VPN IPSec Site to Site and Remote Access OpenVPN Site to Site and Remote Access PPTP Remote Access L2TP Remote Access PPTP Client Services DHCP DHCPv6 Serve...

Page 52: ...ts inside this equipment Service should be provided only by a qualified service technician 3 This equipment is provided with a detachable power cord which has an integral safety ground wire intended f...

Page 53: ...returned without an RMA number will not be processed and will be returned freight collect or subject to disposal Information on the RMA process and obtaining an RMA number can be found at www ubnt com...

Page 54: ...tates and provinces do not allow the exclusion or limitation of liability for incidental or consequential damages so the above limitation may not apply to you EXCEPT TO THE EXTENT ALLOWED BY LOCAL LAW...

Page 55: ...on this product represents the product is in compliance with all directives that are applicable to it RoHS WEEE Compliance Statement English European Directive 2002 96 EC requires that the equipment...

Page 56: ...votre responsabilit de jeter ce mat riel ainsi que tout autre mat riel lectrique ou lectronique par les moyens de collecte indiqu s par le gouvernement et les pouvoirs publics des collectivit s terri...

Page 57: ...54 Appendix F Declaration of Conformity EdgeRouter Lite User Guide Ubiquiti Networks Inc Appendix F Declaration of Conformity...

Page 58: ...hardware compatibility or field issues as quickly as possible We strive to respond to support inquiries within a 24 hour period Online Resources Support support ubnt com Wiki Page wiki ubnt com Suppor...

Reviews:

No comments

Related manuals for ERLite-3

3Com Server User Manual preview
Server
Brand: 3Com Pages: 48
Patton electronics 1090 Service Manual preview
1090
Brand: Patton electronics Pages: 8
ADTRAN ATLAS 550 Manual preview
ATLAS 550
Brand: ADTRAN Pages: 2
Xircom RealPort Ethernet 10/100 User Manual preview
RealPort Ethernet 10/100
Brand: Xircom Pages: 30
Tektronix CTS 850 User Manual preview
CTS 850
Brand: Tektronix Pages: 178
IBM System Storage DS3200 Overview preview
System Storage DS3200
Brand: IBM Pages: 2
Digisol DG-BG100 User Manual preview
DG-BG100
Brand: Digisol Pages: 81
Cyclades AlterPath Manager 2500 Installation, Configuration And User Manual preview
AlterPath Manager 2500
Brand: Cyclades Pages: 368
ADTRAN 239 T1 HDSL4 Installation And Maintenance Manual preview
239 T1 HDSL4
Brand: ADTRAN Pages: 20
Riverbed SteelCentral NetExpress 470 Upgrade And Maintenance Manual preview
SteelCentral NetExpress 470
Brand: Riverbed Pages: 140
LevelOne ServCon FPS-3003 Quick Install Manual preview
ServCon FPS-3003
Brand: LevelOne Pages: 45
Allied Telesis IS230-10GP Web User Manual preview
IS230-10GP
Brand: Allied Telesis Pages: 136
Generic IP ROUTER User Manual preview
IP ROUTER
Brand: Generic Pages: 51
Kraun 1T1R - USB User Manual preview
1T1R - USB
Brand: Kraun Pages: 32
IBM IBM 9077 Get Connected preview
IBM 9077
Brand: IBM Pages: 342
Johnson Controls IQ WiFi 6 Installation Manual preview
IQ WiFi 6
Brand: Johnson Controls Pages: 55
Tripp Lite N302-30M Specification Sheet preview
N302-30M
Brand: Tripp Lite Pages: 2
MikroTik SXT R Manual preview
SXT R
Brand: MikroTik Pages: 7

Brands by name

Popular brands

Load more brands