manualshive.com logo in svg

Ubiquiti ERLite-3, User Manual

The Ubiquiti ERLite-3 is a powerful router designed for small to medium-sized businesses. For a quick setup, download the free Quick Start Manual from our website. This manual provides detailed instructions on setting up and configuring the ERLite-3 for optimal performance. Get your manual at manualshive.com today.

Share
Download
background image

25

Chapter 6: Security Tab

EdgeRouter

 Lite User Guide

 Ubiquiti Networks, Inc.

Save Rule Order 

To change the rule order, click and drag 

a rule up or down the sequence, and then release the rule. 
When you are finished, click 

Save Rule Order

.

Search 

Allows you to search for specific text. Begin 

typing; there is no need to press 

enter

. The results are 

filtered in real time as soon as you type two or more 
characters.

A table displays the following information about each rule. 
Click a column heading to sort by that heading. 

Order 

The rules are applied in the order specified. The 

number of the rule in this order is displayed.

Description 

The keywords you entered to describe this 

rule are displayed.

Source Addr. 

The source IP address is displayed.

Source Port 

The source port number is displayed.

Dest. Addr. 

The destination IP address is displayed.

Dest. Port 

The destination port number is displayed.

Translation 

A description of the translation (such as 

masquerade to eth_

) is displayed.

Count 

The number of translations is displayed.

Actions 

Click the 

Actions

 button to access the following 

options:

• 

Config 

To configure the rule, click 

Config

. Go to the 

Add or Configure a Source NAT Rule

 section below. 

• 

Copy 

To create a duplicate, click 

Copy

. The duplicate 

rule appears at the bottom of the list.

• 

Delete 

Remove the rule.

Add or Configure a Source NAT Rule

After you click 

Config

, the 

Source NAT Rule Configuration

 

screen appears. 

• 

Description 

Enter keywords to describe this rule.

• 

Enable 

Check the box to enable this rule.

• 

Outbound Interface 

Select the interface through 

which the outgoing packets exit the EdgeRouter. This is 
required only for Source NAT Rules that use Masquerade.

• 

Translation 

Select one of the following:

 

-

Use Masquerade 

Masquerade is a type of Source 

NAT. If enabled, the source IP address of the packets 
becomes the public IP address of the outbound 
interface.

 

-

Specify address and/or port 

If enabled, the source 

IP address of the packets becomes the specified IP 
address and port.

• 

Address 

Enter the IP address that will replace the 

source IP address of the outgoing packet. You can 
also enter a range of IP addresses; one of them will 
be used.

• 

Port 

Enter the port number that will replace the 

source port number of the outgoing packet. You 
can also enter a range of port numbers; one of them 
will be used.

• 

Exclude from NAT 

Check the box to exclude packets 

that match this rule from NAT.

• 

Enable Logging 

Check this box to log instances when 

the rule is matched.

• 

Protocol 

Select one of the following:

 

-

All protocols 

Match packets of all protocols.

 

-

Both TCP and UDP 

Match TCP and UDP packets.

 

-

Choose a protocol by name 

Select the protocol from 

the drop-down list. Match packets of this protocol.

• 

Match all protocols except for this 

Match packets 

of all protocols except for the selected protocol.

 

-

Enter a protocol number 

Enter the port number of 

the protocol. Match packets of this protocol.

• 

Match all protocols except for this 

Match packets 

of all protocols except for the selected protocol.

Summary of Contents for ERLite-3

Page 1: ...3 Port Router...

Page 2: ...allation of the EdgeRouter Lite 2 Typical Deployment Scenarios 3 Chapter 3 Using EdgeOS 5 Ports and Status Information 5 Navigation 5 Common Interface Options 6 Chapter 4 Dashboard Tab 10 Services 10...

Page 3: ...CLI 38 CLI Modes 40 Appendix B Specifications 47 Appendix C Safety Notices 49 Electrical Safety Information 49 Appendix D Warranty 50 General Warranty 50 Appendix E Compliance Information 51 FCC 51 In...

Page 4: ...ity at 10 100 Mbps Green Link Established at 1000 Mbps Green Flashing Link Activity at 1000 Mbps Chapter 1 Overview Introduction Thank you for purchasing the Ubiquiti Networks EdgeRouter Lite model ER...

Page 5: ...ors the EdgeRouter Lite itself should be housed inside a protective enclosure Terms of Use All Ethernet cabling runs must use CAT5 or above It is the customer s responsibility to follow local country...

Page 6: ...arios that are possible this section highlights a couple of typical deployments Service Provider Deployment Corporate Deployment Service Provider Deployment This scenario uses six EdgeRouter devices 1...

Page 7: ...faces connect to the following Internet DMZ LAN Internet DMZ LAN Firewall Policies Here are the typical steps to follow 1 Configure the appropriate settings on the System tab see System on page 6 for...

Page 8: ...e 33 Change the default password of the ubnt login on the Users Local tab For details go to Configure the User on page 34 Ports and Status Information The Ports image displays the active connections A...

Page 9: ...d Line Interface on page 38 for more information Toolbox At the top right of the screen click the Toolbox button The following network administration and monitoring tools are available Ping on page 35...

Page 10: ...on the Internet holds these mappings in its respective DNS database System name server Enter the IP address of your DNS server example 192 0 2 1 for IPv4 or 2001 db8 1 for IPv6 Click Add New to add ad...

Page 11: ...hat warrant attention The EdgeRouter contains an SNMP agent which does the following Provides an interface for device monitoring using SNMP Communicates with SNMP management applications for network p...

Page 12: ...stem image To update the EdgeRouter with new firmware click Upload a file and locate the new firmware file Then click Choose Please be patient as the firmware update routine can take three to seven mi...

Page 13: ...order Gateway Protocol IBGP Interior Border Gateway Protocol The number of each route type and the total number of routes are displayed Click Routes to display the Routing Routes tab Go to Routes on p...

Page 14: ...eatea New VLAN screen appears VLAN ID The VLAN ID is a unique value assigned to each VLAN at a single device every VLAN ID represents a different VLAN The VLAN ID range is 2 to 4094 Interface Select t...

Page 15: ...quires network settings from a DHCPv4 server Click the Renew button to acquire fresh network settings Use DHCP for IPv6 The interface acquires network settings from a DHCPv6 server Manually define IP...

Page 16: ...n Refer to Name Server on page 7 Dashboard VLAN configuration Refer to Add VLAN on page 11 Dashboard Interface configuration Refer to Configure the Interface on page 12 For IPv6 addresses the EdgeOS C...

Page 17: ...utes from different sources such as static RIP or OSPF the EdgeRouter compares the routes and uses the route with the lowest distance Enable Check the box to enable the route Click Save to apply your...

Page 18: ...tions Click the Actions button to access the following options Config To configure the route click Config Go to the Configure the Static Route section below Delete Delete the route its configuration w...

Page 19: ...ncompatible metrics It must reconcile information from multiple protocols to determine which route to use for a specific destination network You can change the metrics of the distributed protocol to c...

Page 20: ...more network addresses Click Save to apply your changes A table displays the following information about each OSPF Area Click a column heading to sort by that heading Area ID The identification number...

Page 21: ...ssign a cost to the interface Click Save to apply your changes A table displays the following information about each OSPF Interface Click a column heading to sort by that heading Interface The name of...

Page 22: ...ork Address Translation To create a firewall policy 1 Click the Firewall Groups tab and create the applicable firewall groups See Firewall Groups on page 23 for more information 2 Click the Firewall P...

Page 23: ...ancel Delete Policy Remove the policy Configure the Firewall Policy The Ruleset Configuration for _ screen appears You have four tabs available Rules see below Configuration on page 23 Interfaces on p...

Page 24: ...tch packets of all protocols except for the selected protocol Enter a protocol number Enter the port number of the protocol Match packets of this protocol Match all protocols except for this Match pac...

Page 25: ...the appropriate group s you can specify up to two groups maximum in these combinations An address group and port group A network group and port group The packets must match both groups to apply the r...

Page 26: ...he order specified The number of the rule in this order is displayed Packets The number of packets that triggered this rule is displayed Bytes The number of bytes that triggered this rule is displayed...

Page 27: ...oup is displayed Description Enter keywords to describe this group Network Enter the IP address and subnet mask using slash notation network_IP_address subnet_mask_number example 192 0 2 0 24 Click Ad...

Page 28: ...guration screen appears Description Enter keywords to describe this rule Enable Check the box to enable this rule Outbound Interface Select the interface through which the outgoing packets exit the Ed...

Page 29: ...nation NAT Rulesection Save Rule Order To change the rule order click and drag a rule up or down the sequence and then release the rule When you are finished click Save Rule Order Search Allows you to...

Page 30: ...t Address Enter the IP address or network address of the destination You can also enter a range of IP addresses one of them will be used Note If you enter a network address enter the IP address and su...

Page 31: ...ervers to assign IP ranges in different subnets on the different interfaces Add DHCP Server To create a new DHCP server click Add DHCP Server The CreateDHCP Server screen appears Complete the followin...

Page 32: ...ils Go to Details on page 31 Delete Delete the DHCP server its configuration will be removed Disable Disable the DHCP server while keeping its configuration Configure the DHCP Server The DHCPServer sc...

Page 33: ...DHCP clients route all packets to this IP address which is the EdgeRouter s own IP address in most cases DNS The IP address of the DNS server is displayed Status The Enabled Disabled status of the DHC...

Page 34: ...Range Start Enter the starting IP address of the range Range Stop Enter the last IP address of the range Router Enter the default route of the DHCP clients The DHCP clients route all packets to this I...

Page 35: ...Dial In User Service server provides authentication to help secure PPPoE connections Enter the IP address of the RADIUS server RADIUS server key Enter the key shared with the RADIUS server MTU Enter...

Page 36: ...e Select the appropriate permission level Admin The user can make changes to the EdgeRouter configuration Operator The user can view the EdgeRouter configuration but cannot make changes Click Save to...

Page 37: ...Allows you to search for specific text Begin typing there is no need to press enter The results are filtered in real time as soon as you type two or more characters PPTP L2TP PPPOE All Click the appro...

Page 38: ...Packet Capture Log Monitor Ping You can ping other devices on the network directly from the EdgeRouter The Ping tool uses ICMP packets to check the preliminary link quality and packet latency estimati...

Page 39: ...ed to the device is displayed Product Name The Ubiquiti name of the device is displayed IP Address The IP address of the device is displayed You can click it to access the device s configuration throu...

Page 40: ...d Packet descriptions Log Monitor The Log Monitor is a log displaying live updates Click the pause button to stop the live updates Click the play button to resume the live updates The System log messa...

Page 41: ...e cable also known as a rollover cable to connect the Console port of the EdgeRouter to your computer If your computer does not have a DB9 port then you will also need a DB9 adapter Computer Console 2...

Page 42: ...For details go to Remove the Default User Account on page 42 Change the default password of the ubnt login Use the set command as detailed in Remove the Default User Account on page 42 Access Using T...

Page 43: ...new user account preferred option For details go to Remove the Default User Account on page 42 Change the default password of the ubnt login Use the set command as detailed in Remove the Default User...

Page 44: ...of the boot configuration until you save the changes to the boot configuration Boot When the EdgeRouter reboots it loads the boot configuration for use The following scenarios cover some of the most...

Page 45: ...ommands The plaintext password that you entered is converted to an encrypted password Create a Firewall Rule To create a firewall rule use the set or edit commands both methods are described below In...

Page 46: ...s the or tab key to display options for the specified edit level To show changes within the edit level use the compare command To move up an edit level use the up command To return to the top edit lev...

Page 47: ...mand Line Interface EdgeRouter Lite User Guide Ubiquiti Networks Inc To create a new firewall rule from an existing firewall rule use the copy command To change the name of the new firewall rule use t...

Page 48: ...l configuration Note This is a backup if the EdgeRouter were rebooted it would still boot from the default file config config boot 2 After the administrator deleted the IPsec configuration and was con...

Page 49: ...er certain changes such as a firewall or NAT rule can cut off access to the remote router so you then have to visit the remote router and reboot it To avoid such issues when you make risky changes use...

Page 50: ...4 with Hardware Acceleration for Packet Processing System Memory 512 MB DDR2 RAM Onboard Flash Storage 2 GB CE FCC IC Wall Mount Yes Operating Temperature 10 to 45 C Operating Humidity 90 Non Condensi...

Page 51: ...ACL Based Firewall Zone Based Firewall NAT VPN IPSec Site to Site and Remote Access OpenVPN Site to Site and Remote Access PPTP Remote Access L2TP Remote Access PPTP Client Services DHCP DHCPv6 Serve...

Page 52: ...ts inside this equipment Service should be provided only by a qualified service technician 3 This equipment is provided with a detachable power cord which has an integral safety ground wire intended f...

Page 53: ...returned without an RMA number will not be processed and will be returned freight collect or subject to disposal Information on the RMA process and obtaining an RMA number can be found at www ubnt com...

Page 54: ...tates and provinces do not allow the exclusion or limitation of liability for incidental or consequential damages so the above limitation may not apply to you EXCEPT TO THE EXTENT ALLOWED BY LOCAL LAW...

Page 55: ...on this product represents the product is in compliance with all directives that are applicable to it RoHS WEEE Compliance Statement English European Directive 2002 96 EC requires that the equipment...

Page 56: ...votre responsabilit de jeter ce mat riel ainsi que tout autre mat riel lectrique ou lectronique par les moyens de collecte indiqu s par le gouvernement et les pouvoirs publics des collectivit s terri...

Page 57: ...54 Appendix F Declaration of Conformity EdgeRouter Lite User Guide Ubiquiti Networks Inc Appendix F Declaration of Conformity...

Page 58: ...hardware compatibility or field issues as quickly as possible We strive to respond to support inquiries within a 24 hour period Online Resources Support support ubnt com Wiki Page wiki ubnt com Suppor...

Reviews:

No comments

Related manuals for ERLite-3

GE MDS SD Series Setup Manual preview
MDS SD Series
Brand: GE Pages: 4
ADC PG-FlexPlus AMU-912 Manual preview
PG-FlexPlus AMU-912
Brand: ADC Pages: 130
IBM totalstorage 200 Service Manual preview
totalstorage 200
Brand: IBM Pages: 180
Campbell NL115 User Manual preview
NL115
Brand: Campbell Pages: 38
VCS VideoJet 100 Manual preview
VideoJet 100
Brand: VCS Pages: 118
Moxa Technologies PT-7710 Series Hardware Installation Manual preview
PT-7710 Series
Brand: Moxa Technologies Pages: 2
Moxa Technologies TAP-125 Series User Manual preview
TAP-125 Series
Brand: Moxa Technologies Pages: 51
Belden HIRESCHMANN IT MAMMUTHUS MTM8003-FAN User Manual preview
HIRESCHMANN IT MAMMUTHUS MTM8003-FAN
Brand: Belden Pages: 84
ZyXEL Communications P-660R-F1 series User Manual preview
P-660R-F1 series
Brand: ZyXEL Communications Pages: 268
Beckhoff CU8210-D001-0200 Manual preview
CU8210-D001-0200
Brand: Beckhoff Pages: 25
Tripp Lite N304-05M Specification Sheet preview
N304-05M
Brand: Tripp Lite Pages: 2
Infrant Technologies READYNAS X6 Installation Manual preview
READYNAS X6
Brand: Infrant Technologies Pages: 2
Wisstar WP-N6516-M2-16P User Manual preview
WP-N6516-M2-16P
Brand: Wisstar Pages: 195
D-Link DCS-5025L Quick Installation Manual preview
DCS-5025L
Brand: D-Link Pages: 13
Honeywell CP-645 Installation Instructions Manual preview
CP-645
Brand: Honeywell Pages: 20
Honeywell Q7055C1053 Installation Instructions Manual preview
Q7055C1053
Brand: Honeywell Pages: 8
Honeywell Embedded NVR Quick Connection Manual preview
Embedded NVR
Brand: Honeywell Pages: 2
Honeywell 3252 User Manual preview
3252
Brand: Honeywell Pages: 4

Brands by name

Popular brands

Load more brands