manualshive.com logo in svg

Ubiquiti ERLite-3, User Manual

The Ubiquiti ERLite-3 is a powerful router designed for small to medium-sized businesses. For a quick setup, download the free Quick Start Manual from our website. This manual provides detailed instructions on setting up and configuring the ERLite-3 for optimal performance. Get your manual at manualshive.com today.

Share
Download
background image

21

Chapter 6: Security Tab

EdgeRouter

 Lite User Guide

 Ubiquiti Networks, Inc.

• 

Copy Rule 

To create a duplicate, click 

Copy Rule

. The 

duplicate rule appears at the bottom of the list.

• 

Delete Rule 

Remove the rule.

Add or Configure a Rule

The 

Rule Configuration for _

 screen appears. You have five 

tabs available:

•  Basic (see below)

•  Advanced (see the next column)

• 

”Source” on page 22

• 

”Destination” on page 22

• 

”Time” on page 22

Basic

• 

Description 

Enter keywords to describe this rule.

• 

Enable 

Check the box to enable this rule.

• 

Action 

Select the action for packets that match this 

rule’s criteria.

 

-

Drop 

Packets are blocked with no message.

 

-

Reject 

Packets are blocked, and an ICMP (Internet 

Control Message Protocol) message is sent saying the 
destination is unreachable.

 

-

Accept 

Packets are allowed.

• 

Protocol

 

-

All protocols 

Match packets of all protocols.

 

-

Both TCP and UDP 

Match TCP and UDP packets.

 

-

Choose a protocol by name 

Select the protocol from 

the drop-down list. Match packets of this protocol.

• 

Match all protocols except for this 

Match packets 

of all protocols except for the selected protocol.

 

-

Enter a protocol number 

Enter the port number of 

the protocol. Match packets of this protocol.

• 

Match all protocols except for this 

Match packets 

of all protocols except for the selected protocol.

• 

Logging 

Check this box to log instances when the rule 

is matched.

Click

 Save

 to apply your changes, or click 

Cancel

.

Advanced

• 

State 

This describes the connection state of a packet.

 

-

Established 

Match packets that are part of a two-way 

connection.

 

-

Invalid 

Match packets that cannot be identified.

 

-

New 

Match packets creating a new connection.

 

-

Related 

Match packets related to established 

connections.

• 

Recent Time 

Enter the number of seconds to monitor 

for attempts to connect from the same source.

• 

Recent Count 

Enter the number of times the same 

source is detected within the 

Recent Time

 duration. 

This helps thwart attacks using continual attempts to 
connect.

• 

IPsec 

IPsec (Internet Protocol security) helps secure 

packet routing.

 

-

Don’t match on IPsec packets 

Do not match any 

IPsec packets.

 

-

Match inbound IPsec packets 

Match IPsec packets 

that are entering the EdgeRouter.

 

-

Match inbound non-IPsec packets 

Match non-IPsec 

packets that are entering the EdgeRouter.

Summary of Contents for ERLite-3

Page 1: ...3 Port Router...

Page 2: ...allation of the EdgeRouter Lite 2 Typical Deployment Scenarios 3 Chapter 3 Using EdgeOS 5 Ports and Status Information 5 Navigation 5 Common Interface Options 6 Chapter 4 Dashboard Tab 10 Services 10...

Page 3: ...CLI 38 CLI Modes 40 Appendix B Specifications 47 Appendix C Safety Notices 49 Electrical Safety Information 49 Appendix D Warranty 50 General Warranty 50 Appendix E Compliance Information 51 FCC 51 In...

Page 4: ...ity at 10 100 Mbps Green Link Established at 1000 Mbps Green Flashing Link Activity at 1000 Mbps Chapter 1 Overview Introduction Thank you for purchasing the Ubiquiti Networks EdgeRouter Lite model ER...

Page 5: ...ors the EdgeRouter Lite itself should be housed inside a protective enclosure Terms of Use All Ethernet cabling runs must use CAT5 or above It is the customer s responsibility to follow local country...

Page 6: ...arios that are possible this section highlights a couple of typical deployments Service Provider Deployment Corporate Deployment Service Provider Deployment This scenario uses six EdgeRouter devices 1...

Page 7: ...faces connect to the following Internet DMZ LAN Internet DMZ LAN Firewall Policies Here are the typical steps to follow 1 Configure the appropriate settings on the System tab see System on page 6 for...

Page 8: ...e 33 Change the default password of the ubnt login on the Users Local tab For details go to Configure the User on page 34 Ports and Status Information The Ports image displays the active connections A...

Page 9: ...d Line Interface on page 38 for more information Toolbox At the top right of the screen click the Toolbox button The following network administration and monitoring tools are available Ping on page 35...

Page 10: ...on the Internet holds these mappings in its respective DNS database System name server Enter the IP address of your DNS server example 192 0 2 1 for IPv4 or 2001 db8 1 for IPv6 Click Add New to add ad...

Page 11: ...hat warrant attention The EdgeRouter contains an SNMP agent which does the following Provides an interface for device monitoring using SNMP Communicates with SNMP management applications for network p...

Page 12: ...stem image To update the EdgeRouter with new firmware click Upload a file and locate the new firmware file Then click Choose Please be patient as the firmware update routine can take three to seven mi...

Page 13: ...order Gateway Protocol IBGP Interior Border Gateway Protocol The number of each route type and the total number of routes are displayed Click Routes to display the Routing Routes tab Go to Routes on p...

Page 14: ...eatea New VLAN screen appears VLAN ID The VLAN ID is a unique value assigned to each VLAN at a single device every VLAN ID represents a different VLAN The VLAN ID range is 2 to 4094 Interface Select t...

Page 15: ...quires network settings from a DHCPv4 server Click the Renew button to acquire fresh network settings Use DHCP for IPv6 The interface acquires network settings from a DHCPv6 server Manually define IP...

Page 16: ...n Refer to Name Server on page 7 Dashboard VLAN configuration Refer to Add VLAN on page 11 Dashboard Interface configuration Refer to Configure the Interface on page 12 For IPv6 addresses the EdgeOS C...

Page 17: ...utes from different sources such as static RIP or OSPF the EdgeRouter compares the routes and uses the route with the lowest distance Enable Check the box to enable the route Click Save to apply your...

Page 18: ...tions Click the Actions button to access the following options Config To configure the route click Config Go to the Configure the Static Route section below Delete Delete the route its configuration w...

Page 19: ...ncompatible metrics It must reconcile information from multiple protocols to determine which route to use for a specific destination network You can change the metrics of the distributed protocol to c...

Page 20: ...more network addresses Click Save to apply your changes A table displays the following information about each OSPF Area Click a column heading to sort by that heading Area ID The identification number...

Page 21: ...ssign a cost to the interface Click Save to apply your changes A table displays the following information about each OSPF Interface Click a column heading to sort by that heading Interface The name of...

Page 22: ...ork Address Translation To create a firewall policy 1 Click the Firewall Groups tab and create the applicable firewall groups See Firewall Groups on page 23 for more information 2 Click the Firewall P...

Page 23: ...ancel Delete Policy Remove the policy Configure the Firewall Policy The Ruleset Configuration for _ screen appears You have four tabs available Rules see below Configuration on page 23 Interfaces on p...

Page 24: ...tch packets of all protocols except for the selected protocol Enter a protocol number Enter the port number of the protocol Match packets of this protocol Match all protocols except for this Match pac...

Page 25: ...the appropriate group s you can specify up to two groups maximum in these combinations An address group and port group A network group and port group The packets must match both groups to apply the r...

Page 26: ...he order specified The number of the rule in this order is displayed Packets The number of packets that triggered this rule is displayed Bytes The number of bytes that triggered this rule is displayed...

Page 27: ...oup is displayed Description Enter keywords to describe this group Network Enter the IP address and subnet mask using slash notation network_IP_address subnet_mask_number example 192 0 2 0 24 Click Ad...

Page 28: ...guration screen appears Description Enter keywords to describe this rule Enable Check the box to enable this rule Outbound Interface Select the interface through which the outgoing packets exit the Ed...

Page 29: ...nation NAT Rulesection Save Rule Order To change the rule order click and drag a rule up or down the sequence and then release the rule When you are finished click Save Rule Order Search Allows you to...

Page 30: ...t Address Enter the IP address or network address of the destination You can also enter a range of IP addresses one of them will be used Note If you enter a network address enter the IP address and su...

Page 31: ...ervers to assign IP ranges in different subnets on the different interfaces Add DHCP Server To create a new DHCP server click Add DHCP Server The CreateDHCP Server screen appears Complete the followin...

Page 32: ...ils Go to Details on page 31 Delete Delete the DHCP server its configuration will be removed Disable Disable the DHCP server while keeping its configuration Configure the DHCP Server The DHCPServer sc...

Page 33: ...DHCP clients route all packets to this IP address which is the EdgeRouter s own IP address in most cases DNS The IP address of the DNS server is displayed Status The Enabled Disabled status of the DHC...

Page 34: ...Range Start Enter the starting IP address of the range Range Stop Enter the last IP address of the range Router Enter the default route of the DHCP clients The DHCP clients route all packets to this I...

Page 35: ...Dial In User Service server provides authentication to help secure PPPoE connections Enter the IP address of the RADIUS server RADIUS server key Enter the key shared with the RADIUS server MTU Enter...

Page 36: ...e Select the appropriate permission level Admin The user can make changes to the EdgeRouter configuration Operator The user can view the EdgeRouter configuration but cannot make changes Click Save to...

Page 37: ...Allows you to search for specific text Begin typing there is no need to press enter The results are filtered in real time as soon as you type two or more characters PPTP L2TP PPPOE All Click the appro...

Page 38: ...Packet Capture Log Monitor Ping You can ping other devices on the network directly from the EdgeRouter The Ping tool uses ICMP packets to check the preliminary link quality and packet latency estimati...

Page 39: ...ed to the device is displayed Product Name The Ubiquiti name of the device is displayed IP Address The IP address of the device is displayed You can click it to access the device s configuration throu...

Page 40: ...d Packet descriptions Log Monitor The Log Monitor is a log displaying live updates Click the pause button to stop the live updates Click the play button to resume the live updates The System log messa...

Page 41: ...e cable also known as a rollover cable to connect the Console port of the EdgeRouter to your computer If your computer does not have a DB9 port then you will also need a DB9 adapter Computer Console 2...

Page 42: ...For details go to Remove the Default User Account on page 42 Change the default password of the ubnt login Use the set command as detailed in Remove the Default User Account on page 42 Access Using T...

Page 43: ...new user account preferred option For details go to Remove the Default User Account on page 42 Change the default password of the ubnt login Use the set command as detailed in Remove the Default User...

Page 44: ...of the boot configuration until you save the changes to the boot configuration Boot When the EdgeRouter reboots it loads the boot configuration for use The following scenarios cover some of the most...

Page 45: ...ommands The plaintext password that you entered is converted to an encrypted password Create a Firewall Rule To create a firewall rule use the set or edit commands both methods are described below In...

Page 46: ...s the or tab key to display options for the specified edit level To show changes within the edit level use the compare command To move up an edit level use the up command To return to the top edit lev...

Page 47: ...mand Line Interface EdgeRouter Lite User Guide Ubiquiti Networks Inc To create a new firewall rule from an existing firewall rule use the copy command To change the name of the new firewall rule use t...

Page 48: ...l configuration Note This is a backup if the EdgeRouter were rebooted it would still boot from the default file config config boot 2 After the administrator deleted the IPsec configuration and was con...

Page 49: ...er certain changes such as a firewall or NAT rule can cut off access to the remote router so you then have to visit the remote router and reboot it To avoid such issues when you make risky changes use...

Page 50: ...4 with Hardware Acceleration for Packet Processing System Memory 512 MB DDR2 RAM Onboard Flash Storage 2 GB CE FCC IC Wall Mount Yes Operating Temperature 10 to 45 C Operating Humidity 90 Non Condensi...

Page 51: ...ACL Based Firewall Zone Based Firewall NAT VPN IPSec Site to Site and Remote Access OpenVPN Site to Site and Remote Access PPTP Remote Access L2TP Remote Access PPTP Client Services DHCP DHCPv6 Serve...

Page 52: ...ts inside this equipment Service should be provided only by a qualified service technician 3 This equipment is provided with a detachable power cord which has an integral safety ground wire intended f...

Page 53: ...returned without an RMA number will not be processed and will be returned freight collect or subject to disposal Information on the RMA process and obtaining an RMA number can be found at www ubnt com...

Page 54: ...tates and provinces do not allow the exclusion or limitation of liability for incidental or consequential damages so the above limitation may not apply to you EXCEPT TO THE EXTENT ALLOWED BY LOCAL LAW...

Page 55: ...on this product represents the product is in compliance with all directives that are applicable to it RoHS WEEE Compliance Statement English European Directive 2002 96 EC requires that the equipment...

Page 56: ...votre responsabilit de jeter ce mat riel ainsi que tout autre mat riel lectrique ou lectronique par les moyens de collecte indiqu s par le gouvernement et les pouvoirs publics des collectivit s terri...

Page 57: ...54 Appendix F Declaration of Conformity EdgeRouter Lite User Guide Ubiquiti Networks Inc Appendix F Declaration of Conformity...

Page 58: ...hardware compatibility or field issues as quickly as possible We strive to respond to support inquiries within a 24 hour period Online Resources Support support ubnt com Wiki Page wiki ubnt com Suppor...

Reviews:

No comments

Related manuals for ERLite-3

Panasonic KX-HTS Series Quick Start Manual preview
KX-HTS Series
Brand: Panasonic Pages: 2
Cabletron Systems Netlink FRX4000 Installation And Setup Manual preview
Netlink FRX4000
Brand: Cabletron Systems Pages: 8
Cabletron Systems 9C300-1 Upgrade Instructions preview
9C300-1
Brand: Cabletron Systems Pages: 4
Cabletron Systems MMAC-Plus 9F106-02 Reference Manual preview
MMAC-Plus 9F106-02
Brand: Cabletron Systems Pages: 7
DCE ANS-205 User Manual preview
ANS-205
Brand: DCE Pages: 5
Banner Sure Cross DX70 Instruction Manual preview
Sure Cross DX70
Brand: Banner Pages: 35
QNAP TS-130-US User Manual preview
TS-130-US
Brand: QNAP Pages: 39
Allied Telesis AT-8000C Declaration Of Conformity preview
AT-8000C
Brand: Allied Telesis Pages: 1
Ubiquiti PBE-5AC-300-ISO Quick Start Manual preview
PBE-5AC-300-ISO
Brand: Ubiquiti Pages: 28
Olicom Ethernet MCA 10/100 Adapter Manual To Operations preview
Ethernet MCA 10/100 Adapter
Brand: Olicom Pages: 88
Hi-flying HF-LPB User Manual preview
HF-LPB
Brand: Hi-flying Pages: 59
B&B Electronics IASW5P Quick Start Manual preview
IASW5P
Brand: B&B Electronics Pages: 2
Allied Telesis AR100 series User Manual preview
AR100 series
Brand: Allied Telesis Pages: 128
NCD Gen3 Ethernet Module Quick Start Manual preview
Gen3 Ethernet Module
Brand: NCD Pages: 18
3Com Router 3033 Configuration Manual preview
Router 3033
Brand: 3Com Pages: 63
Martin 90523000 User Manual preview
90523000
Brand: Martin Pages: 41
Weidmüller IE-SW-AL18M-16TX-2GC Hardware Installation Manual preview
IE-SW-AL18M-16TX-2GC
Brand: Weidmüller Pages: 2
Planet FGSW-4840S User Manual preview
FGSW-4840S
Brand: Planet Pages: 38

Brands by name

Popular brands

Load more brands