![]() I would recommend these routers only for people who are either good with command line network configuration, or who have someone else to deal with such things. Both these wired-only routers are made by Ubiquiti, cost under $100, and include an OpenVPN client that can be configured through the command line. Set firewall name DMZ_IN rule 4 destination address ' 192.168.0.Following up on my post in the OpenVPN Service topic: I now have FTTN, and have done some tests with OpenVPN running on both the EdgeRouter X and the EdgeRouter Lite. Set firewall name DMZ_IN rule 4 description 'drop DMZ to INTERNAL 192.168.0.0/16 subnet' Set firewall name DMZ_IN rule 4 action drop Set firewall name DMZ_IN rule 3 protocol all Set firewall name DMZ_IN rule 3 log disable Set firewall name DMZ_IN rule 3 destination address ' 10.0.0.0/8' Set firewall name DMZ_IN rule 3 description 'drop DMZ to INTERNAL 10.0.0.0/8 subnet' Set firewall name DMZ_IN rule 3 action drop Set firewall name DMZ_IN rule 2 state related disable Set firewall name DMZ_IN rule 2 state new disable Set firewall name DMZ_IN rule 2 state invalid enable Set firewall name DMZ_IN rule 2 state established disable Set firewall name DMZ_IN rule 2 protocol all Set firewall name DMZ_IN rule 2 log disable Set firewall name DMZ_IN rule 2 description 'drop invalid state' Set firewall name DMZ_IN rule 2 action drop Set firewall name DMZ_IN rule 1 state related enable Set firewall name DMZ_IN rule 1 state new disable Set firewall name DMZ_IN rule 1 state invalid disable Set firewall name DMZ_IN rule 1 state established enable Set firewall name DMZ_IN rule 1 protocol all Set firewall name DMZ_IN rule 1 log disable ![]() Set firewall name DMZ_IN rule 1 description 'allow established connections' Set firewall name DMZ_IN rule 1 action accept Set firewall name DMZ_IN description 'packets from DMZ' Set firewall name DMZ_IN default-action drop Config file changes to block traffic between subnets for the two LAN configuration. 175$Įdgerouter : 2 Millions packets per seconds, 8 interfaces 329$Įdgerouter Pro : 2 millions packets per second, 8 interfaces (of witch, 2 of them are combo RJ-45/SFP ports) 369$Ĭontributed by a reader. PoE : 1 million packets per second, 3 Interfaces : 3 ports switched with PoE on the 3rd interface. Lite : 1 million packets per second, 3 Interfaces. You still have room to do very advanced configuration. So all in all, it became a fairly simple device to get working on basics. There is an option to activate NAT Reflection (Loopback) on your Port fowarding rules.Īlso, they added dual WAN with automatic fail-over in the CLI, nice feature for buisnesses out there. Start your DNS Cache service on your LAN interface.īy default port fowarding will also take care of opening ports in the firewall. (192.168.1.0/24 on the LAN ans DHCP on WAN)Ĭonfigure a starting firewall configuration.īlock Everything IN on the WAN interface.Īccept Established and related connections IN on the WAN interfaceīlock everything to the router on the WAN interface Now we are on Firmware 1.4.0 and here is what has been added.īind your WAN an LAN interfaces. They are very active with the community and takes suggestions very seriously. Now there is the Edgerouter PoE, Edgerouter and Edgerouter PRO.Īt the time, on firmware 1.0.2, the device looked scary for begginners since you had to manually configure everything in the router.īut since then, there had many updates on the firmware, and a LOT of improvements. I'm an engineer, not a marketing guyĪ yeay ago Tim Higgins did a review of the Ubiquiti Edgemax Edge router lite.Īt the the time, there was only the edgerouter Lite, wich is the small version of it. I believe UniFi can do the other things you asked, but we should probably find someone more UniFi knowledgeable than me. The UniFi APs are power via PoE, so depending on how many APs you have the 5 port EdgeRouter-PoE might be able to suit your needs and power the APs. Then I can add firewall rules such the the guest network only has access to Internet, the testing network has access to Internet and some shared resources such as printers and NAS, and the production network has no restrictions. This is convenient because on the router I can configure those VLAN each to have a different subnet and their own dhcp-server. We have 3 SSIDs (production, testing, guest) and UniFi tags them each with a different VLAN. What I can tell you is that we use a EdgeRouter Pro as our corporate router/firewall and (no surprise) UniFi for our wireless. Obviously Ubiquiti does have the UniFi wifi product line, but to tell you the truth I don't know much about UniFi. Click to expand.L&LD, most of your question seem wifi related and the EdgeMAX line of router don't have built-in wifi.
0 Comments
Leave a Reply. |