NethSecurity administrator manual

External links

• Official site

• Developer manual

• Help on Community

About

• Introduction
• Release notes

Installation

• System requirements
• Download
• Installation
  • Install on bare metal
  • Install on virtual machines
  • Default network configuration
• Remote access
  • Default credentials
  • Web user interface
  • NethSecurity UI 2FA
  • NethSecurity UI administrators
  • SSH
  • VGA console and keyboard layout
  • Serial console
• Setup wizard
  • Welcome to the setup wizard
  • Step 1: Change root password
  • Step 2: SSH Access
  • Step 3: Web interface access on TCP port 9090
  • Step 4: Web interface and WAN access on TCP port 443
  • Step 5: Summary

Monitoring

• Monitoring
  • Real-time monitoring
  • Historical monitoring
  • Alerts
• Netify Informatics
  • Before getting started
  • Connect NethSecurity to Netify Informatics
  • Deployment Manager

System

• Subscription
  • Register the system
  • Remove the subscription
• Remote support
  • Session management
  • Command Line Interface
• Backup and restore
  • Backup
  • Restore
  • Machines with a subscription
  • Backup customization
  • How to decrypt a backup
• Updates
  • Bug & security fixes
  • System upgrades
  • Automatic package updates
• Storage
  • Manual configuration
• Factory reset
  • Factory reset
  • Failsafe mode
  • Emergency recovery
• Controller
  • Installation and configuration
  • Users
  • Units
  • Unit groups
  • Logs management
  • Metrics
  • Unit updates
  • SSH access
  • Accounting
  • Subscription and limitations
  • Version awareness

Network

• Network interfaces
  • Logical interfaces
  • VLAN
  • IP aliasing
  • PPPoE
  • USB-to-Ethernet Adapters
• DNS & DHCP
  • DHCP and MAC binding
  • Static Leases
  • Dynamic leases
  • DNS
  • DNS records
  • Scan network
  • DHCP Relay
  • External references
• Static routes
• MultiWAN
  • Routing rules
  • General settings
  • Reset configuration
• Hotspot
  • Main features
  • How it works?
  • Status
  • Settings
• Certificates and reverse proxy
  • Reverse proxy
  • Certificates
• Quality of Service (QoS)
  • Operating principles
  • Configuration
  • Advanced configuration
  • Troubleshooting

Users and objects

• Users databases
  • Local database
  • Remote databases
  • Suggested configurations
• Firewall objects
  • Static Leases
  • DNS Records
  • VPN Users
  • Host Sets
  • Domain Sets

Firewall

• Port forward
  • Hairpin NAT
• NAT
  • SNAT
  • MASQUERADE
  • ACCEPT (disable NAT)
  • Netmap
  • NAT helpers
• Rules
  • Logging limits
• Connections
  • Good practices for terminating sessions
• Zones and policies
  • Guests and DMZ zones

Security

• Content Filtering
  • Threat Shield IP
  • Threat Shield DNS
  • FlashStart DNS filter
  • Deep Packet Inspection (DPI) filter
  • Comparison of filtering options
• Threat shield IP
  • Configuration
  • Block brute force attacks
• Threat shield DNS
  • Configuration
  • Filter bypass
  • Local allowlist
  • Local blocklist
  • Check if a domain is blocked
  • Advanced configuration
• Deep Packet Inspection (DPI) filter
  • Configuration
• FlashStart DNS filter
  • Recommendations Before Configuring FlashStart DNS Filter
  • Configuration
  • Presence of an Active Directory (AD) Controller
  • FlashStart Pro vs FlashStart Pro Plus
  • Troubleshooting
• Intrusion Prevention System (Snort)
  • Enable IPS
  • Access to Snort rules via Oinkcode
  • Today event list
  • Filter bypass
  • Disable rules
  • Suppressed alerts

VPN

• OpenVPN Road Warrior
  • Server configuration
  • VPN accounts
  • Managing certificate expiration
  • MTU Issue and Packet Fragmentation
  • Connection history
• OpenVPN tunnels
  • Configuration
  • Topology
  • Advanced features
  • Multiple OpenVPN tunnels
  • MTU Issue and Packet Fragmentation
  • Managing certificate expiration
• IPsec tunnels
  • Configuration
  • IPsec tunnel in a MultiWAN scenario
• WireGuard VPN
  • Server Configuration
  • Tunnel Configuration
  • Debug

High Availability

• Overview, Features, Limitations
  • Key concepts
  • Supported features and limitations
• Setup and management
  • Requirements
  • Setup and configuration
• Maintenance and Troubleshooting
  • Alerting
  • Maintenance
  • Troubleshooting
• Migration from NethSecurity 7.9 with HA
  • Prerequisites
  • Migration procedure

Advanced (CLI)

• Dynamic DNS
  • Supported Providers
  • General configuration steps
  • Using the UCI command line
  • Split DNS
  • Using Luci
• DNS over HTTPS with filtering
  • Installation
  • Configuration
  • Troubleshooting
• Mail notifications (SMTP)
• SNMP Server
  • Configuring the SNMP Server
  • Disabling the SNMP Server
  • Enabling remote access
  • Security considerations
• Custom OpenVPN tunnel
  • Prerequisites
  • Configure the VPN
  • Configure authentication credentials (optional)
  • Configure the firewall to allow traffic for the VPN
  • Disable the tunnel
• Logs
  • Forwarding to a remote server
  • Forwarding to Nethesis Cloud Log Manager
  • Log rotation
• Speedtest
  • Usage
  • MultiWAN
• UPS (NUT)
  • Configure a local UPS
  • Allow remote monitoring
  • Connect to remote NUT server
  • Extra UPS settings
  • Troubleshooting
• Wake-on-LAN (EtherWake)
  • Installation
  • Usage
• Checkmk
  • NethSecurity packages
  • Install the packages
  • Allow remote monitoring
• UCI (Unified Configuration Interface)
  • Key Characteristics
  • Configuration Storage
  • Viewing Configuration
  • Complete Configuration Workflow
  • SET - Modifying Configuration
  • LISTS - Editing List Options
  • COMMIT - Saving Changes
  • RELOAD - Applying Changes
  • Configuration File Format
  • Best Practices
  • Troubleshooting

Best practices

• NethServer 7 migration
  • Hardware compatibility
  • Testing the migration
  • Migration in-place
  • Migration with other installed modules
  • Post migration steps
  • Migration coverage matrix
  • Custom Zones
  • USB-to-Ethernet adapters
• Troubleshooting
  • Gathering information from the user interface