User guide

ManualsBrandsUbiquiti Networks ManualsComputer equipmentERLite-3

Chapter 6: Security TabEdgeRouter

™

Lite User Guide

Ubiquiti Networks, Inc.

• Copy Rule To create a duplicate, click Copy Rule. The

duplicate rule appears at the bottom of the list.

• Delete Rule Remove the rule.

Add or Configure a Rule

The Rule Configuration for _ screen appears. You have five

tabs available:

• Basic (see below)

• Advanced (see the next column)

• ”Source” on page 22

• ”Destination” on page 22

• ”Time” on page 22

Basic

• Description Enter keywords to describe this rule.

• Enable Check the box to enable this rule.

• Action Select the action for packets that match this

rule’s criteria.

- Drop Packets are blocked with no message.

- Reject Packets are blocked, and an ICMP (Internet

Control Message Protocol) message is sent saying the

destination is unreachable.

- Accept Packets are allowed.

• Protocol

- All protocols Match packets of all protocols.

- Both TCP and UDP Match TCP and UDP packets.

- Choose a protocol by name Select the protocol from

the drop-down list. Match packets of this protocol.

• Match all protocols except for this Match packets

of all protocols except for the selected protocol.

- Enter a protocol number Enter the port number of

the protocol. Match packets of this protocol.

• Match all protocols except for this Match packets

of all protocols except for the selected protocol.

• Logging Check this box to log instances when the rule

is matched.

Click Save to apply your changes, or click Cancel.

Advanced

• State This describes the connection state of a packet.

- Established Match packets that are part of a two-way

connection.

- Invalid Match packets that cannot be identified.

- New Match packets creating a new connection.

- Related Match packets related to established

connections.

• Recent Time Enter the number of seconds to monitor

for attempts to connect from the same source.

• Recent Count Enter the number of times the same

source is detected within the Recent Time duration.

This helps thwart attacks using continual attempts to

connect.

• IPsec IPsec (Internet Protocol security) helps secure

packet routing.

- Don’t match on IPsec packets Do not match any

IPsec packets.

- Match inbound IPsec packets Match IPsec packets

that are entering the EdgeRouter.

- Match inbound non-IPsec packets Match non-IPsec

packets that are entering the EdgeRouter.