Ubiquiti EdgeRouter Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

Ubiquiti

EdgeRouter

Page 21 / 58 Scroll up to view Page 16 - 20

Chapter 5: Routing Tab

EdgeRouter

™

Lite User Guide

Ubiquiti Networks, Inc.

•

Network

Enter the IP address and subnet mask using

slash notation:

<network_IP_address>

<subnet_mask_number>

(example:

192.0.2.0/24

Click

Add New

to enter more network addresses.

Click

Save

to apply your changes.

Interfaces

You can configure interfaces with specific OSPF options.

Add OSPF Interface

To create a new interface, click

Add

OSPF Interface

The

OSPF Interface Configuration

screen appears.

Complete the following:

•

Interface

Select the appropriate interface from the

drop-down list.

•

Auth Type

OSPF authentication helps secure

communication between routers. Select the appropriate

option:

Off

No authentication is used.

MD5/sec

Each router uses a key (password) and key

ID. This is the most secure option because the key is

never transmitted.

Plain text

Each router uses a key. This provides

minimal security because the key is transmitted in

plain text format.

•

Auth Key

Enter the key used for authentication.

•

Cost

By default, the cost of an interface is based on its

bandwidth; however, you can manually assign a cost to

the interface.

Click

Save

to apply your changes.

A table displays the following information about each

OSPF Interface. Click a column heading to sort by that

heading.

Interface

The name of the interface is displayed.

Cost

The cost of the interface is displayed. OSPF uses cost

as a metric to determine the best route.

Actions

Click the

Actions

button to access the following

options:

•

Config

To configure the OSPF Interface, click

Config

Go to the

Configure the OSPF Interface

section.

•

Delete

Delete the OSPF Interface.

Configure the OSPF Interface

After you click

Config

, the

OSPF Interface Configuration

screen appears.

Make changes as needed.

•

Interface

The name of the interface is displayed.

•

Auth Type

Authentication helps secure communication

between routers. Select the appropriate option:

Off

No authentication is used.

MD5/sec

Each router uses a key (password) and key

ID. This is the most secure option because the key is

never transmitted.

Plain text

Each router uses a key. This provides

minimal security because the key is transmitted in

plain text format.

•

Auth Key

Enter the key used for authentication.

•

Cost

By default, the cost of an interface is based on its

bandwidth; however, you can manually assign a cost to

the interface.

Click

Save

to apply your changes.

Page 22 / 58

Chapter 6: Security Tab

EdgeRouter

™

Lite User Guide

Ubiquiti Networks, Inc.

Chapter 6: Security Tab

The

Security

tab displays status information about firewall

policies, firewall groups, (Network Address Translation)

rules, and PPTP VPN options. You can also configure these

policies, groups, rules, and options. Any setting marked

with a blue asterisk

is required.

You have four sub-tabs:

Firewall Policies

Each firewall policy is a set of rules

applied in the order you specify.

Firewall Groups

Create groups defined by IP address,

network address, or port number.

NAT

View and create NAT rules.

VPN

Configure the EdgeRouter as a PPTP VPN server.

Firewall Policies

A firewall policy is a set of rules with a default action.

Firewall policies are applied before SNAT (Source Network

Address Translation) and after DNAT (Destination Network

Address Translation).

To create a firewall policy:

1. Click the

Firewall Groups

tab, and create the

applicable firewall groups. See

“Firewall Groups” on

page 23

for more information.

2. Click the

Firewall Policies

tab, and then click

Add

Policy

. Configure the basic parameters. See the

Add Policy

description in the next column for more

information.

Configure the details of the firewall policy. See

“Configure the Firewall Policy” on page 20

for

more information.

All/Drop/Reject/Accept

Add Policy

To create a new policy, click

Add Policy

The

Create New Ruleset

screen appears.

Complete the following:

•

Name

Enter a name for this policy.

•

Description

Enter keywords to describe this policy.

•

Default action

All policies have a default action if the

packets do not match any rule. Select the appropriate

default action:

Drop

Packets are blocked with no message.

Reject

Packets are blocked, and an ICMP (Internet

Control Message Protocol) message is sent saying the

destination is unreachable.

Packets are allowed through the firewall.

Page 23 / 58

Chapter 6: Security Tab

EdgeRouter

™

Lite User Guide

Ubiquiti Networks, Inc.

•

Default Log

Check this box to log packets that trigger

the default action.

Click

Save

to apply your changes.

Allows you to search for specific text. Begin

typing; there is no need to press

enter

. The results are

filtered in real time as soon as you type two or more

characters.

All/Drop/Reject/Accept

Click the appropriate tab to filter

the policies by default action.

•

All

All policies are displayed by default.

•

Drop

All of the drop policies are displayed.

•

Reject

All of the reject policies are displayed.

•

All of the accept policies are displayed.

A table displays the following information about each

policy. Click a column heading to sort by that heading.

Name

The name of the policy is displayed.

Interfaces

The specified interface and direction of traffic

flow are displayed.

Number of Rules

The number of rules in the policy is

displayed.

Default Action

The action that the policy will execute if

the packets do not match any rule is displayed.

Actions

Click the

Actions

button to access the following

options:

•

Edit Rules

To configure the rules, click

Edit Rules

. Go to

the

Rules

section in the next column.

•

Configuration

To configure the policy, click

Configuration

. Go to

”Configuration” on page 23

•

Interfaces

To select interfaces and direction of traffic

flow for your policy, click

Interfaces

. Go to

”Interfaces”

on page 23

•

Stats

To view statistics on firewall usage, click

Stats

. Go

”Stats” on page 23

•

Copy Policy

To create a duplicate, click

Copy Policy

The

Copy Firewall Ruleset

screen appears.

Name

Enter a new name for this policy.

Click

Copy

to confirm, or click

Cancel

•

Delete Policy

Remove the policy.

Configure the Firewall Policy

The

Ruleset Configuration for

screen appears.

You have four tabs available:

• Rules (see below)

•

”Configuration” on page 23

•

”Interfaces” on page 23

•

”Stats” on page 23

Add New Rule

To create a new rule, click

Add New Rule

Go to

“Add or Configure a Rule” on page 21

Save Rule Order

To change the rule order, click and drag

a rule up or down the sequence, and then release the rule.

When you are finished, click

Save Rule Order

Rules

A rule tells the EdgeRouter what action to take with a

specific packet. Define the following:

• Criteria for matching packets

• Action to take with matching packets

Rules are organized into a set and applied in the specified

Rule Order

. If the packets match a rule’s criteria, then its

action is triggered. If not, then the next rule is applied.

A table displays the following information about each rule.

Click a column heading to sort by that heading.

Order

The rules are applied in the order specified. The

number of the rule in this order is displayed.

Description

The keywords you entered to describe this

rule are displayed.

Source

The source specified by this rule is displayed.

Destination

The destination specified by this rule is

displayed.

Protocol

The protocol that matches the rule is displayed.

Action

The action specified by this rule is displayed.

Actions

Click the

Actions

button to access the following

options:

•

Basic

To configure the basic options of a rule, click

Basic

. Go to

”Basic” on page 21

•

Advanced

To configure the advanced options of a rule,

click

Advanced

. Go to

”Advanced” on page 21

•

Source

To configure the source options of a rule, click

Source

. Go to

”Source” on page 22

•

Destination

To configure the destination options of a

rule, click

Destination

. Go to

”Destination” on page

•

Time

To configure the time options of a rule, click

Time

Go to

”Time” on page 22

Page 24 / 58

Chapter 6: Security Tab

EdgeRouter

™

Lite User Guide

Ubiquiti Networks, Inc.

•

Copy Rule

To create a duplicate, click

Copy Rule

. The

duplicate rule appears at the bottom of the list.

•

Delete Rule

Remove the rule.

Add or Configure a Rule

The

Rule Configuration for _

screen appears. You have five

tabs available:

• Basic (see below)

• Advanced (see the next column)

•

”Source” on page 22

•

”Destination” on page 22

•

”Time” on page 22

Basic

•

Description

Enter keywords to describe this rule.

•

Enable

Check the box to enable this rule.

•

Action

Select the action for packets that match this

rule’s criteria.

Drop

Packets are blocked with no message.

Reject

Packets are blocked, and an ICMP (Internet

Control Message Protocol) message is sent saying the

destination is unreachable.

Packets are allowed.

•

Protocol

All protocols

Match packets of all protocols.

Both TCP and UDP

Match TCP and UDP packets.

Choose a protocol by name

Select the protocol from

the drop-down list. Match packets of this protocol.

•

Match all protocols except for this

Match packets

of all protocols except for the selected protocol.

Enter a protocol number

Enter the port number of

the protocol. Match packets of this protocol.

•

Match all protocols except for this

Match packets

of all protocols except for the selected protocol.

•

Logging

Check this box to log instances when the rule

is matched.

Click

Save

to apply your changes, or click

Cancel

Advanced

•

State

This describes the connection state of a packet.

Established

Match packets that are part of a two-way

connection.

Invalid

Match packets that cannot be identified.

New

Match packets creating a new connection.

Match packets related to established

connections.

•

Recent Time

Enter the number of seconds to monitor

for attempts to connect from the same source.

•

Recent Count

Enter the number of times the same

source is detected within the

Recent Time

duration.

This helps thwart attacks using continual attempts to

connect.

•

IPsec

IPsec (Internet Protocol security) helps secure

packet routing.

Don’t match on IPsec packets

Do not match any

IPsec packets.

Match inbound IPsec packets

Match IPsec packets

that are entering the EdgeRouter.

Match inbound non-IPsec packets

Match non-IPsec

packets that are entering the EdgeRouter.

Page 25 / 58

Chapter 6: Security Tab

EdgeRouter

™

Lite User Guide

Ubiquiti Networks, Inc.

•

P2P

Match P2P (Peer-to-Peer) applications.

None

Do not match P2P connections.

All

Match all P2P connections.

Choose P2P app(s) by name

Match packets of the

selected P2P application(s). Check the box of any P2P

application on this list to select it.

Click

Save

to apply your changes, or click

Cancel

Source

•

Address

Enter the IP address of the source.

•

Port

Enter the port number or range of the source.

•

MAC Address

Enter the MAC address of the source.

•

Address Group / Network Group / Port Group

Firewall

groups are created on the

Firewall Groups

tab; see

“Firewall Groups” on page 23

for more information.

Select the appropriate group(s); you can specify up to

two groups maximum in these combinations:

• An address group and port group

• A network group and port group

The packets must match both groups to apply the rule.

Click

Save

to apply your changes, or click

Cancel

Destination

•

Address

Enter the IP address of the destination.

•

Port

Enter the port number of the destination.

•

Address Group / Network Group / Port Group

Firewall

groups are created on the

Firewall Groups

tab; see

“Firewall Groups” on page 23

for more information.

Select the appropriate group(s); you can specify up to

two groups maximum in these combinations:

• An address group and port group

• A network group and port group

The packets must match both groups to apply the rule.

Click

Save

to apply your changes, or click

Cancel

Time

•

Month Days

Enter the days of the month when the rule

should be applied. Enter numbers in the range 1 to 31.

If you enter more than one day, use commas to separate

the numbers (example:

3, 4, 5

Match all month days except for these

Match all

days of the month except for the selected days.

•

Week Days

Enter the days of the week when the rule

should be applied. Enter

Sun

Mon

Tue

Wed

Thu

Fri

Sat

. If you enter more than one day, use commas to

separate the days (example:

Mon, Tue, Wed

Match all week days except for these

Match all days

of the week except for the selected days.

•

Start Date

Enter the date the rule should start being

applied. Use the YYYY-MM-DD (year-month-day) format.

•

Start Time

Enter the time the rule should start

being applied. Use the 24-hour format, HH:MM:SS

(hours:minutes:seconds).

•

Stop Date

Enter the date the rule should stop being

applied. Use the YYYY-MM-DD (year-month-day) format.

•

Stop Time

Enter the time the rule should stop

being applied. Use the 24-hour format, HH:MM:SS

(hours:minutes:seconds).

•

Interpret dates and times as UTC

Check the box if

your network uses UTC.

Click

Save

to apply your changes, or click

Cancel

Rate

Popular Ubiquiti Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share