EdgeOS WAN_LOCAL Rules

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
welcome back to the third and maybe not so final video in our firewall rules that we've been working on with the edge router so the first thing we're going to do is we're going to log in and if you remember this is about the LAN local firewall rule so let's pull up our firewall policies and we've got way and local and it's e zero which is our way in interface and is local so what what does this mean what this means is this is traffic that is destined for a service on the router and I might be oversimplifying that but that might be a good place to start under understanding it and the reason you can kind of think about it that way is if you know we want to allow ICMP this is where we do it if we want to allow us you know to ping that way in interface or if we want to allow a lockdown source you know to come in to SSH or to HTTPS to manage this guy or if we want to you know set up our PPTP rules or let's say that this guy is remote somewhere and you want to get SNMP from it you know this is this is something that we have to configure so let's take a look at this how we would make some of these these rules now I do want to put a disclaimer out here that should you have to open your web interface your HTTPS to the outside world that you lock it down to a source that is not open for everyone to be able to connect I also recommend that you change the port the HTTP port in if you look back through my videos you will see a video on how to change that port you know make it something obscure don't make it easy but lock it down if you have to you know another way to do this would be to set up the PPTP server remote into this guy and then open the internal IP GI GUI session instead of having it open to the outside world if you have to open SSH lock it down change the port use key-based authentication instead of password authentication make it as secure as possible you know hackers and mischievious people you know count on you first of all using ub n t + ub NT as a username and password don't do that choose a different username and password something secure use a mixture of uppercase lowercase special characters numbers you know make it seven plus characters this is another one of those things you know ask a thousand IT guys get a thousand different answers you know how many characters is my password have to be my recommendation I would go over eight but I wouldn't make it so long that you've got to write it down and I would make it complicated one thing that I like to do and I'm gonna bring up a notepad here is sometimes I will take songs and take the the letter out of each word of a song and create a password so you know mary had a little lamb its fleece was white as snow and you can substitute you know characters and things like that so you know you have a mnemonic to kind of you know keep it fresh and so you don't forget it and have to write it down and you know you could use this password you know you could just capitalize at the beginning and put a 1 in a bang at the end and that's you know it's not based on an English word it's not you know not based on a dictionary word you know this should be relatively relatively secure I mean I wouldn't say that this is the most secure pass where you can create but it's not like you used your first and last name and is definitely not na u v and t u BM t you know so create a you know a different user and you know anytime you open any of those those services to the outside world make sure it's locked down as much as possible so now that I've given you like fair warning on that let's take a look at these rules so if we want to allow SSH into this from the outside we edit the rule set we need add a new rule and we would call it you know allow SSH now we're going to accept it would be TCP and then it'd be port 22 so as this is created this is open to the outside world because we've not specified a source now if I've got a main you know admin network and I've got static IPS you know we could I'm just gonna use the the Google DNS but we could you know tie it down so now only 8.8.8.8 is allowed to ssh into this so you could create an HTTP rule you could create an SNMP rule and basically this way and local the way it is set up out of the box is you know this is set up for things that are stopping at this at this router so if you need to do those those outside services and SNMP is a good example because a lot of times you know people will monitor devices remotely and sometimes you'll use you know you'll use a you'll use a combination of ICMP and SNMP to accomplish that you know SNMP is gonna pull your statistics from your interfaces your CPU your memory all that good stuff and then ICMP is just simply just gonna check you know she's gonna ping it to see if it's alive so we could we're going to accept and we'll choose a protocol by name and we also select ICMP and we'll save this guy and now everybody can ping you know this device the way an interface of this device so play around with these rules now there's a another kind of local rules when we talk about it and it would be you know if I had let's say that I had III set up on actually let's see how do we have this guy set it ok perfect example so we've got switched 0 that has e two three and four and the address is 192 168 2.1 / 24 for switch 0 then eath 1 is its own network 192 wants to see a 1.1 / 24 you can create other rules to keep traffic segregated from these two networks on the same router if you want to see those those rules and that demo please put it in the comments if I get enough people who want to see that I'll go ahead and create that video so otherwise I'm gonna you know leave you to experiment with these rules if you liked the video give a thumbs up please subscribe please comment and share and you know hang in there we've got a lot of great videos coming up I've got a video I'm probably gonna break it into two videos but I did some traveling over the last week or so and I want to talk about Wi-Fi security and the reason I want to talk about it is because I stayed at a hotel and I walked into the hallway and lo and behold there's a ubiquity access point staring me in the face and so I connected to it started using it and I thought well you know let's see what's going on and they had absolutely I could see every ubiquity access point on the entire property I could see their entire airmax infrastructure and I am drafting a letter I did not try to log in but just the fact that I can see that is a huge concern for me so I'm gonna do you know a 2 or 3 video series on that and I am I was actually I tested the wireless security and at least four places all of them failed miserably so and sometimes we set networks up purposefully to watch traffic and see what people are doing but this was definitely not the case so I am drafting letters to the management just to let them know what I found if they'd like you know any tips on you know locking that down I can help them with that but once again if you liked the video give a thumbs up comment you know subscribe share the videos and you know I do have a lot of ubiquity videos coming up some more Linux videos let me know what you want to see and we'll see you soon
Info
Channel: Willie Howe
Views: 42,553
Rating: undefined out of 5
Keywords: edgeos wan_local, edgerouter wan_local, edgerouter open ssh, edgerouter open snmp, edgerouter allow ping, edgerouter allow icmp, edgemax allow ssh, edgemax allow snmp, edgemax allow ping, edgemax allow icmp, edgeos open ssh, edgeos allow ssh, edgeos open snmp, edgeos allow snmp, edgeos allow ping, edgeos allow icmp, ubiquiti firewall, ubiquiti firewall rules
Id: y5anonFCWD0
Channel Id: undefined
Length: 10min 2sec (602 seconds)
Published: Tue Jul 26 2016
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.