.. _Core Settings: Settings ==================== You can find the General Settings at **System → Settings**. You can configure * Hostname and Domain * Webserver Settings * Global Language and Timzone * SSH Settings * ... It is a good starting point when you want to configure your VT AIR to look through these options and check if they meet your requirements. The defaults are reasonable and will work right away. .. image:: img/Settings-General.png :width: 100% :align: center :alt: General Settings You can also activate **Config Mode** under **System → Config Mode**. By doing this none of the changes you're making are applied so you can configure everything and then apply everything at once. This is especially useful for changes you're making during normal operation when your router is supposed to have minimal downtime. Host ================ **Name** is the hostname of your VT AIR without the domain part. **Domain** is the domain part of your host. **Show Hostname** will show the full hostname in the top bar and login screen in the webgui, so you can identify the device more easily. Web ========================= **Web Interfaces** lets you configure one or more interfaces and ipaddresses for the Web Interface. **HTTP Forward** auto redirects HTTP requests to the web interfaces to HTTPS (encrypted). **Web HTTPS Port** is the HTTPS Port of the web interfaces. **Web Certificate** is the certificate used to secure your HTTPS connection to the web interfaces. The option **Auto Logout Time** is the time a user stays logged in when not using the webgui in seconds. The default value is 3600 seconds, which is 1 hour. Localization ======================== Timezone and Language settings for your VT AIR device. SSH ========================= You can enable **SSH** and choose to only allow SSH Keys. SSH Keys have to be added to each user to be able to login. **SSH Rate Limit** sets the number of connections per IP that can access the VT AIR. **SSH Rate Limit Time** is the time (Seconds/Minutes) that the Rate Limit should apply to. For example a rate limit of 5 per Minutes will restrict a single IP to a maximum of 5 connections per minute. Firewall ==================== **Anti Lockout Rules** Automatically creates Firewall Rules that prevent you from losing access to the web interface. DNS ================= **DNS Override** allows the DHCP Server to override the DNS Servers. **DNS Localhost** uses the internal DNS Server for your network (must be enabled under Services). **DNS Forward Servers** are IP addresses of external DNS Servers that you want to use. NAT & Firewall ===================== **NAT Reflection** allows your clients to access DNAT forwarded IPs by their external address. Without NAT Reflection a DNAT forwarded WAN IP can not be accessed from inside the local network. *Split DNS* is usually a better solution to fix this problem by pointing the internal DNS entry to the local IP Address of the server. **Auto VRRP VIP Rules** will supply automatic firewall rules for the following Services: * VRRP VIP * DHCP * OSPF They will be updated when you change any relevant settings in these Services. If you want to manage these firewall rules manually, you can deactivate the auto generation here. Miscellaneous ======================== **Dashboard Columns** How many columns on the main dashboard will be displayed. It can be 2, 3, 4 or 5. The default value is 2. **Prefer IPv4 over IPv6** When both IPv6 and IPv4 are available for a specific connection your VT AIR will default to IPv6 unless you enable this option in which case IPv4 will be used. **Enable Watchdog** Enable the hardware watchdog which auto-detects severe malfunctions that cause the software to crash and reboots your VT AIR device. **OpenSSL Engine** can be *Dynamic (Default)* or *AF ALG (Kernel Crypto API)*. **Console Password** enables the password for the console. The admin password must be used to unlock it. **Disable API** disables the REST API. **Log to RAM** chaches logfiles in the RAM and copies them to the SSD hourly. This saves write operations on your SSD prolonging its life span **Maximum log to RAM size (MB)** is the maximum size of the log to ram disk. This will be deducted from the availble RAM, so be careful not set this too high. **Logfile Analysis** stores critical logfiles like firewall and intrusion protection long term for analysis in the Webgui. This comes at a performance and disk storage cost. Disable the setting if high performance is important. **Maximum Logfile Analysis Days** for each logfile to store for analysis. More days requires more disk storage and for small systems it is necessary to keep the entries relatively low. There is an automatic logfile cleaner in the background that will empty large logfiles if there is not enough space on the hard drive or ram disk. The mechanism ensures that the logfolder will not be full and therefore logfiles are not stored anymore. Basic Configuration example ============================== When first setting up your VT AIR device give it a **Hostname** that is easily recongnizable in your network and makes clear what device this is. For example if you have multiple VT AIR devices in your network consider using their location as part of the hostname. This way you can easiliy identify which device is the right one in case you need physical access to it. Change the **Domain** to your company's domain to complete your device's FQDN (Fully Qualified Domain Name). Enable **HTTP Forward** to encrypt the traffic between your computer and your VT AIR device when accessing the web GUI. Chnages to this are only effective after you press save at the bottom of the page and reload the browser tab. Enter your **Timezone** and **Language** preference for your device. If you want to access the :ref:`Console Access` remotely consider enabling SSH on your device. If you want to make changes from the Voleatech :ref:`VT AIR Portal`, consider enabling the Portal connections. Keep the **Anti Lockout Rules** enabled. This creates automatic Firewall rules that prevent you from accidentaly being locked out of your firewall due to a wrong Firewall rule. Leave the **DNS Localhost** enabled unless you have a specific reason for it to not be enabled. If your ISP supplies you with a Dual Stack (Lite) connection instead of a native IPv4 connection you can enable **Prefer to use IPv4 even if IPv6 is available**. This will route all traffic over IPv4 wherever possible instead of switching to IPv6 when available. Click **Save** on the bottom of the page.