1. Home
    2. /
  2. Manuals
    3. /
  3. Ubiquiti
    4. /
  4. EdgeRouter
    5. /
  5. 6
Page 26 / 58 Scroll up to view Page 21 - 25
23
Chapter 6: Security Tab
EdgeRouter
Lite User Guide
Ubiquiti Networks, Inc.
Configuration
Name
The name of this policy is displayed.
Description
Enter keywords to describe this policy.
Default action
All policies have a default action if the
packets do not match any rule. Select the appropriate
default action:
Drop
Packets are blocked with no message.
Reject
Packets are blocked, and an ICMP (Internet
Control Message Protocol) message is sent saying the
destination is unreachable.
Accept
Packets are allowed.
Default Log
Check this box to log packets that trigger the
default action.
Click
Save Ruleset
to apply your changes.
Interfaces
Interface
Select the appropriate interface from the
drop-down list.
Direction
Select the direction of the traffic flow.
-
in
Match inbound packets.
-
out
Match outbound packets.
-
local
Match local packets.
Add Interface
Click
Add Interface
to enter more
interfaces.
Click
Save Ruleset
to apply your changes.
Stats
A table displays the following statistics about each rule.
Click a column heading to sort by that heading.
Rule
The rules are applied in the order specified. The
number of the rule in this order is displayed.
Packets
The number of packets that triggered this rule is
displayed.
Bytes
The number of bytes that triggered this rule is
displayed.
Action
The action specified by this rule is displayed.
Description
The keywords you entered to describe this
rule are displayed.
Firewall Groups
Create groups organized by IP address, network address,
or port number.
All/Address/Network/Port
Add Group
To create a new group, click
Add Group
.
The
Create New Group
screen appears.
Complete the following:
Name
Enter a name for this group.
Description
Enter keywords to describe this group.
Group Type
Select the appropriate option:
-
Address Group
Define a group by IP address.
-
Network Group
Define a group by network address.
-
Port Group
Define a group by port numbers.
Click
Save
to apply your changes.
Search
Allows you to search for specific text. Begin
typing; there is no need to press
enter
. The results are
filtered in real time as soon as you type two or more
characters.
All/Address/Network/Port
Click the appropriate tab to
filter the groups as needed.
All
All groups are displayed by default.
Address
All of the address groups are displayed.
Network
All of the network groups are displayed.
Port
All of the port groups are displayed.
Page 27 / 58
24
Chapter 6: Security Tab
EdgeRouter
Lite User Guide
Ubiquiti Networks, Inc.
A table displays the following information about each
group. Click a column heading to sort by that heading.
Name
The name of the group is displayed.
Description
The keywords you entered to describe the
group are displayed.
Type
The type of group is displayed.
Number of group members
The number of members is
displayed.
Actions
Click the
Actions
button to access the following
options:
Config
To configure the group, click
Config
. Go to the
Configure the Firewall Group
section below.
Delete
Remove the group.
Configure the Firewall Group
After you click
Config
, the
Edit Firewall Group
screen
appears. Follow the instructions for your group type:
Address Group
Make changes as needed.
-
Name
The name of this group is displayed.
-
Description
Enter keywords to describe this group.
-
Address
Enter the IP address or range of addresses
(examples:
192.0.2.1
or
192.0.2.1-15
). Click
Add New
to
enter more IP addresses.
Click
Save
to apply your changes.
Network Group
Make changes as needed.
-
Name
The name of this group is displayed.
-
Description
Enter keywords to describe this group.
-
Network
Enter the IP address and subnet mask using
slash notation:
<network_IP_address>
/
<subnet_mask_number>
(example:
192.0.2.0/24
).
Click
Add New
to enter more network addresses.
Click
Save
to apply your changes.
Port Group
Make changes as needed.
-
Name
The name of this group is displayed.
-
Description
Enter keywords to describe this group.
-
Port
Enter the port name, number, or range. Click
Add New
to enter more ports.
Click
Save
to apply your changes.
NAT
NAT changes the addressing of packets. A NAT rule tells
the EdgeRouter what action to take with a specific packet.
Define the following:
• Criteria for matching packets
• Action to take with matching packets
Rules are organized into a set and applied in the specified
Rule Order
. If the packets match a rule’s criteria, then its
action is performed. If not, then the next rule is applied.
Source NAT Rules
Source NAT changes the source address of packets;
a typical scenario is that a private source needs to
communicate with a public destination. A Source NAT Rule
goes from the private network to the public network and
is applied after routing.
Add Source NAT Rule
To create a new rule, click
Add
Source NAT Rule
. Go to
“Add or Configure a Source NAT
Rule” on page 25
.
Page 28 / 58
25
Chapter 6: Security Tab
EdgeRouter
Lite User Guide
Ubiquiti Networks, Inc.
Save Rule Order
To change the rule order, click and drag
a rule up or down the sequence, and then release the rule.
When you are finished, click
Save Rule Order
.
Search
Allows you to search for specific text. Begin
typing; there is no need to press
enter
. The results are
filtered in real time as soon as you type two or more
characters.
A table displays the following information about each rule.
Click a column heading to sort by that heading.
Order
The rules are applied in the order specified. The
number of the rule in this order is displayed.
Description
The keywords you entered to describe this
rule are displayed.
Source Addr.
The source IP address is displayed.
Source Port
The source port number is displayed.
Dest. Addr.
The destination IP address is displayed.
Dest. Port
The destination port number is displayed.
Translation
A description of the translation (such as
masquerade to eth_
) is displayed.
Count
The number of translations is displayed.
Actions
Click the
Actions
button to access the following
options:
Config
To configure the rule, click
Config
. Go to the
Add or Configure a Source NAT Rule
section below.
Copy
To create a duplicate, click
Copy
. The duplicate
rule appears at the bottom of the list.
Delete
Remove the rule.
Add or Configure a Source NAT Rule
After you click
Config
, the
Source NAT Rule Configuration
screen appears.
Description
Enter keywords to describe this rule.
Enable
Check the box to enable this rule.
Outbound Interface
Select the interface through
which the outgoing packets exit the EdgeRouter. This is
required only for Source NAT Rules that use Masquerade.
Translation
Select one of the following:
-
Use Masquerade
Masquerade is a type of Source
NAT. If enabled, the source IP address of the packets
becomes the public IP address of the outbound
interface.
-
Specify address and/or port
If enabled, the source
IP address of the packets becomes the specified IP
address and port.
Address
Enter the IP address that will replace the
source IP address of the outgoing packet. You can
also enter a range of IP addresses; one of them will
be used.
Port
Enter the port number that will replace the
source port number of the outgoing packet. You
can also enter a range of port numbers; one of them
will be used.
Exclude from NAT
Check the box to exclude packets
that match this rule from NAT.
Enable Logging
Check this box to log instances when
the rule is matched.
Protocol
Select one of the following:
-
All protocols
Match packets of all protocols.
-
Both TCP and UDP
Match TCP and UDP packets.
-
Choose a protocol by name
Select the protocol from
the drop-down list. Match packets of this protocol.
Match all protocols except for this
Match packets
of all protocols except for the selected protocol.
-
Enter a protocol number
Enter the port number of
the protocol. Match packets of this protocol.
Match all protocols except for this
Match packets
of all protocols except for the selected protocol.
Page 29 / 58
26
Chapter 6: Security Tab
EdgeRouter
Lite User Guide
Ubiquiti Networks, Inc.
Src Address
Enter the IP address or network address of
the source. You can also enter a range of IP addresses;
one of them will be used.
Note:
If you enter a network address, enter the IP
address and subnet mask using slash notation:
<network_IP_address>
/
<subnet_mask_number>
(example:
192.0.2.0/24
).
Src Port
Enter the port name or number of the source.
You can also enter a range of port numbers; one of them
will be used.
Dest. Address
Enter the IP address or network address
of the destination. You can also enter a range of IP
addresses; one of them will be used.
Note:
If you enter a network address, enter the IP
address and subnet mask using slash notation:
<network_IP_address>
/
<subnet_mask_number>
(example:
192.0.2.0/24
).
Dest. Port
Enter the port name or number of the
destination. You can also enter a range of port numbers;
one of them will be used.
Click
Save
to apply your changes, or click
Cancel
.
Destination NAT Rules
Destination NAT changes the destination address of
packets; a typical scenario is that a public source needs
to communicate with a private destination. A Destination
NAT Rule goes from the public network to the private
network and is applied before routing.
Add Destination NAT Rule
To create a new rule, click
Add Destination NAT Rule
. Go to the
Add or Configure a
Destination NAT Rule
section.
Save Rule Order
To change the rule order, click and drag
a rule up or down the sequence, and then release the rule.
When you are finished, click
Save Rule Order
.
Search
Allows you to search for specific text. Begin
typing; there is no need to press
enter
. The results are
filtered in real time as soon as you type two or more
characters.
A table displays the following information about each rule.
Click a column heading to sort by that heading.
Order
The rules are applied in the order specified. The
number of the rule in this order is displayed.
Description
The keywords you entered to describe this
rule are displayed.
Source Addr.
The source IP address is displayed.
Source Port
The source port number is displayed.
Dest. Addr.
The destination IP address is displayed.
Dest. Port
The destination port number is displayed.
Translation
A description of the translation (such as
to
<IP_address>
) is displayed.
Count
The number of translations is displayed.
Actions
Click the
Actions
button to access the following
options:
Config
To configure the rule, click
Config
. Go to the
Add or Configure a Destination NAT Rule
section below.
Copy
To create a duplicate, click
Copy
. The duplicate
rule appears at the bottom of the list.
Delete
Remove the rule.
Add or Configure a Destination NAT Rule
After you click
Config
, the
Destination NAT Rule
Configuration
screen appears.
Description
Enter keywords to describe this rule.
Enable
Check the box to enable this rule.
Inbound Interface
Select the interface through which
the incoming packets enter the EdgeRouter.
Page 30 / 58
27
Chapter 6: Security Tab
EdgeRouter
Lite User Guide
Ubiquiti Networks, Inc.
Translations
Complete the following:
-
Address
Enter the IP address that will replace the
destination IP address of the incoming packet.
-
Port
Enter the port number that will replace the
destination port number of the incoming packet.
Exclude from NAT
Check the box to exclude packets
that match this rule from NAT.
Enable Logging
Check this box to log instances when
the rule is matched.
Protocol
-
All protocols
Match packets of all protocols.
-
Both TCP and UDP
Match TCP and UDP packets.
-
Choose a protocol by name
Select the protocol from
the drop-down list. Match packets of this protocol.
Match all protocols except for this
Match packets
of all protocols except for the selected protocol.
-
Enter a protocol number
Enter the port number of
the protocol. Match packets of this protocol.
Match all protocols except for this
Match packets
of all protocols except for the selected protocol.
Src Address
Enter the IP address or network address of
the source. You can also enter a range of IP addresses;
one of them will be used.
Note:
If you enter a network address, enter the IP
address and subnet mask using slash notation:
<network_IP_address>
/
<subnet_mask_number>
(example:
192.0.2.0/24
).
Src Port
Enter the port name or number of the source.
You can also enter a range of port numbers; one of them
will be used.
Dest. Address
Enter the IP address or network address
of the destination. You can also enter a range of IP
addresses; one of them will be used.
Note:
If you enter a network address, enter the IP
address and subnet mask using slash notation:
<network_IP_address>
/
<subnet_mask_number>
(example:
192.0.2.0/24
).
Dest. Port
Enter the port name or number of the
destination. You can also enter a range of port numbers;
one of them will be used.
Click
Save
to apply your changes, or click
Cancel
.
VPN
A common type of VPN uses PPTP (Point-to-Point
Tunneling Protocol). The EdgeRouter can function as a
PPTP VPN server so a remote VPN client can access the
LAN using a PPTP VPN tunnel over the Internet.
PPTP Server
Client IP pool range start
The client IP pool is the pool
of IP addresses that remote VPN clients will use. Enter the
starting IP address of the range (this address must in a /24
subnet).
Client IP pool range stop
Enter the last IP address of the
range.
Server outside address
Enter the IP address that VPN
clients will connect to; this is the outside or external
address of the PPTP server.
RADIUS server IP address
The RADIUS (Remote Access
Dial-In User Service) server provides authentication to
help secure VPN tunnels. Enter the IP address of the
RADIUS server.
RADIUS server key
Enter the key shared with the RADIUS
server.
MTU
Enter the MTU for the PPTP VPN connection.
DNS 1
Enter the IP address of the primary remote access
DNS server that your VPN client will use.
DNS 2
Enter the IP address of the secondary remote
access DNS server.
Click
Save
to apply your changes, or click
Cancel
.

Rate

4.5 / 5 based on 2 votes.

Popular Ubiquiti Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top