Access Configuration

This section contains configurations that determine how the device can be accessed, as well as, security features that decrease susceptibility to malicious activity.

Go to Administration > Access Configuration. For any section, make sure to click Submit, then Save and Restart after your changes.

Web Server

HTTP Redirect to HTTPS:

The device only allows secure access to its Web UI. This set of configurations automatically redirects HTTP requests to the device’s secure HTTPS port.

Field Description
Enabled Enables HTTP to HTTPS redirect. This automatically redirects users trying to access the device via HTTP to HTTPS.
Port The port that the device listens for HTTP requests to redirect.
Via LAN If checked, the device listens and redirects HTTP requests to HTTPS
from the LAN.
Via WAN If checked, the device listens and redirects HTTP requests to HTTPS
from the WAN.

HTTPS:

The device provides secure Web UI access to modify its configurations and execute actions.

Field Description
Port The port that the device listens for HTTPS requests on.
Via WAN If checked, the device listens and responds to HTTPS requests
from the WAN. This increases susceptibility to malicious activity.
Timeout Minutes Amount of time a user’s session can remain dormant before automatically
being logged out.
Change Password Utility to change the user’s password.

SSH

The device’s internal system can be accessed securely via SSH. This is intended for advanced troubleshooting and/or custom deployment solutions.

Field Description
Enabled Enables SSH connections to the device.
Port The port for the SSH server to listen on for inbound SSH connections.
The default is port 22.
Via LAN If checked, the device allows SSH connections to the LAN.
Via WAN If checked, the device allows SSH connections to the WAN. This
increases susceptibility to malicious activity.

ICMP

The device can be configured to respond to ICMP requests to it through connections to either/both LAN and/or WAN.

Field Description
Enabled Enables ICMP responses.
Respond to LAN If checked, the device responds to ICMP traffic from the LAN,
such as ping requests.
Respond to WAN If checked, the device responds to ICMP traffic from the WAN,
such as ping requests. This increases susceptibility to malicious
activity.

Node-RED

The device can be configured to accept connections to the Node-RED browser editor to either/both LAN and/or WAN.

Field Description
Via LAN If checked, the device allows connection to Node-RED from the
LAN.
Via WAN If checked, the device allows connection to Node-RED from the
WAN. This may increase susceptibility to malicious activity.

IP Defense

A set of rules that decrease susceptibility to malicious activity. If these settings are configured too strictly, they may interfere with non-malicious
activity.

DoS Prevention:

This engages a set of rules at the firewall that prevents Denial-of-Service attacks by limiting the amount of new connection requests to the device.

Field Description
Enabled Enables the DoS prevention.
Per Minute Allowed number of new connections per minute until burst points
are consumed. For example, if 60 new connections are received
in a minute, decrement one burst point. If no more burst points,
drop the packet.
Burst Number of burst points. A “burst” occurs when the
“Per Minute” limit is reached. On a period where the
“Per Minute” limit is not reached, one burst point is
regained, up to the maximum.

Ping Limit:

This engages a set of rules at the firewall that aims to prevent Ping Flood attacks by limiting the number of ICMP requests to the device. This does not apply if ICMP is disabled.

Field Description
Enabled Enables the Ping Limit feature.
Per Second Allowed number of pings per second before burst points are
consumed. Once burst points run out, ICMP packets will be dropped.
Burst Number of burst points. On a period where the “Per Second”
limit is not reached, one burst point is regained, up to this
maximum.

Brute Force Protection:

This feature tracks login attempts at the RESTFUL API level. Its purpose is to prevent Dictionary attacks that attempt to brute force the user’s password.

Field Description
Enabled Enables the Brute Force Prevention feature.
Attempts The number of failed attempts allowed before the user’s account
is locked out.
Lockout Minutes The number of minutes an account is locked out before a new
login attempt is accepted.

Bootloader Protection:

This feature adds a password in order to access the device bootloader. It is disabled by default.

Field

Description
Authentication Status Disabled(by default). Click Enabled to activate, then add password andconfirm.