manualshive.com logo in svg

Ubiquiti ERLite-3, User Manual

The Ubiquiti ERLite-3 is a powerful router designed for small to medium-sized businesses. For a quick setup, download the free Quick Start Manual from our website. This manual provides detailed instructions on setting up and configuring the ERLite-3 for optimal performance. Get your manual at manualshive.com today.

Share
Download
background image

20

Chapter 6: Security Tab

EdgeRouter

 Lite User Guide

 Ubiquiti Networks, Inc.

• 

Default Log 

Check this box to log packets that trigger 

the default action.

Click

 Save

 to apply your changes.

Search 

Allows you to search for specific text. Begin 

typing; there is no need to press 

enter

. The results are 

filtered in real time as soon as you type two or more 
characters.

All/Drop/Reject/Accept 

Click the appropriate tab to filter 

the policies by default action.

• 

All 

All policies are displayed by default.

• 

Drop 

All of the drop policies are displayed.

• 

Reject 

All of the reject policies are displayed.

• 

Accept 

All of the accept policies are displayed.

A table displays the following information about each 
policy. Click a column heading to sort by that heading.

Name 

The name of the policy is displayed.

Interfaces 

The specified interface and direction of traffic 

flow are displayed.

Number of Rules 

The number of rules in the policy is 

displayed.

Default Action 

The action that the policy will execute if 

the packets do not match any rule is displayed. 

Actions 

Click the 

Actions

 button to access the following 

options:

• 

Edit Rules 

To configure the rules, click 

Edit Rules

. Go to 

the 

Rules

 section in the next column.

• 

Configuration 

To configure the policy, click 

Configuration

. Go to 

”Configuration” on page 23

.

• 

Interfaces 

To select interfaces and direction of traffic 

flow for your policy, click 

Interfaces

. Go to 

”Interfaces” 

on page 23

.

• 

Stats 

To view statistics on firewall usage, click 

Stats

. Go 

to 

”Stats” on page 23

.

• 

Copy Policy 

To create a duplicate, click 

Copy Policy

The 

Copy Firewall Ruleset

 screen appears.

 

-

Name 

Enter a new name for this policy. 

Click 

Copy

 to confirm, or click 

Cancel

.

• 

Delete Policy 

Remove the policy.

Configure the Firewall Policy

The 

Ruleset Configuration for  _

 screen appears. 

You have four tabs available:

•  Rules (see below)

• 

”Configuration” on page 23

• 

”Interfaces” on page 23

• 

”Stats” on page 23

Add New Rule 

To create a new rule, click 

Add New Rule

Go to 

“Add or Configure a Rule” on page 21

.

Save Rule Order 

To change the rule order, click and drag 

a rule up or down the sequence, and then release the rule. 
When you are finished, click 

Save Rule Order

.

Rules

A rule tells the EdgeRouter what action to take with a 
specific packet. Define the following:

•  Criteria for matching packets

•  Action to take with matching packets

Rules are organized into a set and applied in the specified 

Rule Order

. If the packets match a rule’s criteria, then its 

action is triggered. If not, then the next rule is applied.

A table displays the following information about each rule. 
Click a column heading to sort by that heading. 

Order 

The rules are applied in the order specified. The 

number of the rule in this order is displayed.

Description 

The keywords you entered to describe this 

rule are displayed.

Source 

The source specified by this rule is displayed.

Destination 

The destination specified by this rule is 

displayed.

Protocol 

The protocol that matches the rule is displayed.

Action 

The action specified by this rule is displayed.

Actions 

Click the 

Actions

 button to access the following 

options:

• 

Basic 

To configure the basic options of a rule, click 

Basic

. Go to 

”Basic” on page 21

.

• 

Advanced 

To configure the advanced options of a rule, 

click 

Advanced

. Go to 

”Advanced” on page 21

.

• 

Source 

To configure the source options of a rule, click 

Source

. Go to 

”Source” on page 22

.

• 

Destination 

To configure the destination options of a 

rule, click 

Destination

. Go to 

”Destination” on page 

22

.

• 

Time 

To configure the time options of a rule, click 

Time

Go to 

”Time” on page 22

.

Summary of Contents for ERLite-3

Page 1: ...3 Port Router...

Page 2: ...allation of the EdgeRouter Lite 2 Typical Deployment Scenarios 3 Chapter 3 Using EdgeOS 5 Ports and Status Information 5 Navigation 5 Common Interface Options 6 Chapter 4 Dashboard Tab 10 Services 10...

Page 3: ...CLI 38 CLI Modes 40 Appendix B Specifications 47 Appendix C Safety Notices 49 Electrical Safety Information 49 Appendix D Warranty 50 General Warranty 50 Appendix E Compliance Information 51 FCC 51 In...

Page 4: ...ity at 10 100 Mbps Green Link Established at 1000 Mbps Green Flashing Link Activity at 1000 Mbps Chapter 1 Overview Introduction Thank you for purchasing the Ubiquiti Networks EdgeRouter Lite model ER...

Page 5: ...ors the EdgeRouter Lite itself should be housed inside a protective enclosure Terms of Use All Ethernet cabling runs must use CAT5 or above It is the customer s responsibility to follow local country...

Page 6: ...arios that are possible this section highlights a couple of typical deployments Service Provider Deployment Corporate Deployment Service Provider Deployment This scenario uses six EdgeRouter devices 1...

Page 7: ...faces connect to the following Internet DMZ LAN Internet DMZ LAN Firewall Policies Here are the typical steps to follow 1 Configure the appropriate settings on the System tab see System on page 6 for...

Page 8: ...e 33 Change the default password of the ubnt login on the Users Local tab For details go to Configure the User on page 34 Ports and Status Information The Ports image displays the active connections A...

Page 9: ...d Line Interface on page 38 for more information Toolbox At the top right of the screen click the Toolbox button The following network administration and monitoring tools are available Ping on page 35...

Page 10: ...on the Internet holds these mappings in its respective DNS database System name server Enter the IP address of your DNS server example 192 0 2 1 for IPv4 or 2001 db8 1 for IPv6 Click Add New to add ad...

Page 11: ...hat warrant attention The EdgeRouter contains an SNMP agent which does the following Provides an interface for device monitoring using SNMP Communicates with SNMP management applications for network p...

Page 12: ...stem image To update the EdgeRouter with new firmware click Upload a file and locate the new firmware file Then click Choose Please be patient as the firmware update routine can take three to seven mi...

Page 13: ...order Gateway Protocol IBGP Interior Border Gateway Protocol The number of each route type and the total number of routes are displayed Click Routes to display the Routing Routes tab Go to Routes on p...

Page 14: ...eatea New VLAN screen appears VLAN ID The VLAN ID is a unique value assigned to each VLAN at a single device every VLAN ID represents a different VLAN The VLAN ID range is 2 to 4094 Interface Select t...

Page 15: ...quires network settings from a DHCPv4 server Click the Renew button to acquire fresh network settings Use DHCP for IPv6 The interface acquires network settings from a DHCPv6 server Manually define IP...

Page 16: ...n Refer to Name Server on page 7 Dashboard VLAN configuration Refer to Add VLAN on page 11 Dashboard Interface configuration Refer to Configure the Interface on page 12 For IPv6 addresses the EdgeOS C...

Page 17: ...utes from different sources such as static RIP or OSPF the EdgeRouter compares the routes and uses the route with the lowest distance Enable Check the box to enable the route Click Save to apply your...

Page 18: ...tions Click the Actions button to access the following options Config To configure the route click Config Go to the Configure the Static Route section below Delete Delete the route its configuration w...

Page 19: ...ncompatible metrics It must reconcile information from multiple protocols to determine which route to use for a specific destination network You can change the metrics of the distributed protocol to c...

Page 20: ...more network addresses Click Save to apply your changes A table displays the following information about each OSPF Area Click a column heading to sort by that heading Area ID The identification number...

Page 21: ...ssign a cost to the interface Click Save to apply your changes A table displays the following information about each OSPF Interface Click a column heading to sort by that heading Interface The name of...

Page 22: ...ork Address Translation To create a firewall policy 1 Click the Firewall Groups tab and create the applicable firewall groups See Firewall Groups on page 23 for more information 2 Click the Firewall P...

Page 23: ...ancel Delete Policy Remove the policy Configure the Firewall Policy The Ruleset Configuration for _ screen appears You have four tabs available Rules see below Configuration on page 23 Interfaces on p...

Page 24: ...tch packets of all protocols except for the selected protocol Enter a protocol number Enter the port number of the protocol Match packets of this protocol Match all protocols except for this Match pac...

Page 25: ...the appropriate group s you can specify up to two groups maximum in these combinations An address group and port group A network group and port group The packets must match both groups to apply the r...

Page 26: ...he order specified The number of the rule in this order is displayed Packets The number of packets that triggered this rule is displayed Bytes The number of bytes that triggered this rule is displayed...

Page 27: ...oup is displayed Description Enter keywords to describe this group Network Enter the IP address and subnet mask using slash notation network_IP_address subnet_mask_number example 192 0 2 0 24 Click Ad...

Page 28: ...guration screen appears Description Enter keywords to describe this rule Enable Check the box to enable this rule Outbound Interface Select the interface through which the outgoing packets exit the Ed...

Page 29: ...nation NAT Rulesection Save Rule Order To change the rule order click and drag a rule up or down the sequence and then release the rule When you are finished click Save Rule Order Search Allows you to...

Page 30: ...t Address Enter the IP address or network address of the destination You can also enter a range of IP addresses one of them will be used Note If you enter a network address enter the IP address and su...

Page 31: ...ervers to assign IP ranges in different subnets on the different interfaces Add DHCP Server To create a new DHCP server click Add DHCP Server The CreateDHCP Server screen appears Complete the followin...

Page 32: ...ils Go to Details on page 31 Delete Delete the DHCP server its configuration will be removed Disable Disable the DHCP server while keeping its configuration Configure the DHCP Server The DHCPServer sc...

Page 33: ...DHCP clients route all packets to this IP address which is the EdgeRouter s own IP address in most cases DNS The IP address of the DNS server is displayed Status The Enabled Disabled status of the DHC...

Page 34: ...Range Start Enter the starting IP address of the range Range Stop Enter the last IP address of the range Router Enter the default route of the DHCP clients The DHCP clients route all packets to this I...

Page 35: ...Dial In User Service server provides authentication to help secure PPPoE connections Enter the IP address of the RADIUS server RADIUS server key Enter the key shared with the RADIUS server MTU Enter...

Page 36: ...e Select the appropriate permission level Admin The user can make changes to the EdgeRouter configuration Operator The user can view the EdgeRouter configuration but cannot make changes Click Save to...

Page 37: ...Allows you to search for specific text Begin typing there is no need to press enter The results are filtered in real time as soon as you type two or more characters PPTP L2TP PPPOE All Click the appro...

Page 38: ...Packet Capture Log Monitor Ping You can ping other devices on the network directly from the EdgeRouter The Ping tool uses ICMP packets to check the preliminary link quality and packet latency estimati...

Page 39: ...ed to the device is displayed Product Name The Ubiquiti name of the device is displayed IP Address The IP address of the device is displayed You can click it to access the device s configuration throu...

Page 40: ...d Packet descriptions Log Monitor The Log Monitor is a log displaying live updates Click the pause button to stop the live updates Click the play button to resume the live updates The System log messa...

Page 41: ...e cable also known as a rollover cable to connect the Console port of the EdgeRouter to your computer If your computer does not have a DB9 port then you will also need a DB9 adapter Computer Console 2...

Page 42: ...For details go to Remove the Default User Account on page 42 Change the default password of the ubnt login Use the set command as detailed in Remove the Default User Account on page 42 Access Using T...

Page 43: ...new user account preferred option For details go to Remove the Default User Account on page 42 Change the default password of the ubnt login Use the set command as detailed in Remove the Default User...

Page 44: ...of the boot configuration until you save the changes to the boot configuration Boot When the EdgeRouter reboots it loads the boot configuration for use The following scenarios cover some of the most...

Page 45: ...ommands The plaintext password that you entered is converted to an encrypted password Create a Firewall Rule To create a firewall rule use the set or edit commands both methods are described below In...

Page 46: ...s the or tab key to display options for the specified edit level To show changes within the edit level use the compare command To move up an edit level use the up command To return to the top edit lev...

Page 47: ...mand Line Interface EdgeRouter Lite User Guide Ubiquiti Networks Inc To create a new firewall rule from an existing firewall rule use the copy command To change the name of the new firewall rule use t...

Page 48: ...l configuration Note This is a backup if the EdgeRouter were rebooted it would still boot from the default file config config boot 2 After the administrator deleted the IPsec configuration and was con...

Page 49: ...er certain changes such as a firewall or NAT rule can cut off access to the remote router so you then have to visit the remote router and reboot it To avoid such issues when you make risky changes use...

Page 50: ...4 with Hardware Acceleration for Packet Processing System Memory 512 MB DDR2 RAM Onboard Flash Storage 2 GB CE FCC IC Wall Mount Yes Operating Temperature 10 to 45 C Operating Humidity 90 Non Condensi...

Page 51: ...ACL Based Firewall Zone Based Firewall NAT VPN IPSec Site to Site and Remote Access OpenVPN Site to Site and Remote Access PPTP Remote Access L2TP Remote Access PPTP Client Services DHCP DHCPv6 Serve...

Page 52: ...ts inside this equipment Service should be provided only by a qualified service technician 3 This equipment is provided with a detachable power cord which has an integral safety ground wire intended f...

Page 53: ...returned without an RMA number will not be processed and will be returned freight collect or subject to disposal Information on the RMA process and obtaining an RMA number can be found at www ubnt com...

Page 54: ...tates and provinces do not allow the exclusion or limitation of liability for incidental or consequential damages so the above limitation may not apply to you EXCEPT TO THE EXTENT ALLOWED BY LOCAL LAW...

Page 55: ...on this product represents the product is in compliance with all directives that are applicable to it RoHS WEEE Compliance Statement English European Directive 2002 96 EC requires that the equipment...

Page 56: ...votre responsabilit de jeter ce mat riel ainsi que tout autre mat riel lectrique ou lectronique par les moyens de collecte indiqu s par le gouvernement et les pouvoirs publics des collectivit s terri...

Page 57: ...54 Appendix F Declaration of Conformity EdgeRouter Lite User Guide Ubiquiti Networks Inc Appendix F Declaration of Conformity...

Page 58: ...hardware compatibility or field issues as quickly as possible We strive to respond to support inquiries within a 24 hour period Online Resources Support support ubnt com Wiki Page wiki ubnt com Suppor...

Reviews:

No comments

Related manuals for ERLite-3

Canon C50FSi - VB Network Camera Setup Manual preview
C50FSi - VB Network Camera
Brand: Canon Pages: 32
Macsense MIH-108 User Manual preview
MIH-108
Brand: Macsense Pages: 39
Xenya XS26GS User Manual preview
XS26GS
Brand: Xenya Pages: 189
B+B SmartWorx spectre lte User Manual preview
spectre lte
Brand: B+B SmartWorx Pages: 52
ICP DAS USA USB-87P1 User Manual preview
USB-87P1
Brand: ICP DAS USA Pages: 62
TP-Link Deco XE200 User Manual preview
Deco XE200
Brand: TP-Link Pages: 57
National Instruments PXI PXITM -1000 User Manual preview
PXI PXITM -1000
Brand: National Instruments Pages: 55
Genexis FiberTwist XGS2410 Installation Manual preview
FiberTwist XGS2410
Brand: Genexis Pages: 7
Lanpro LP-F22 Series Assembling Instructions preview
LP-F22 Series
Brand: Lanpro Pages: 3
N-Tron 104TX Specification Sheet preview
104TX
Brand: N-Tron Pages: 2
National Instruments USB device 622x User Manual preview
USB device 622x
Brand: National Instruments Pages: 23
JETWAY FDF13 Series Quick Installation Manual preview
FDF13 Series
Brand: JETWAY Pages: 15
IBM 4003-R04 User Manual preview
4003-R04
Brand: IBM Pages: 24
Porter-Cable 690LR Instruction Manual preview
690LR
Brand: Porter-Cable Pages: 6
OWC MINISTACK STX User Manual preview
MINISTACK STX
Brand: OWC Pages: 8
Watlow Electric 945 Series How To Use Manual preview
945 Series
Brand: Watlow Electric Pages: 28
Teletronics International TT5800 Quick Product Manual preview
TT5800
Brand: Teletronics International Pages: 2
Teletronics International EzBridge 5800 User Manual preview
EzBridge 5800
Brand: Teletronics International Pages: 47

Brands by name

Popular brands

Load more brands