You can find the General Settings at System → Settings. You can configure
- Hostname and Domain
- Webserver Settings
- Global Language and Timzone
- SSH Settings
It is a good starting point when you want to configure your VT AIR to look through these options and check if they meet your requirements. The defaults are reasonable and will work right away.
You can also activate Config Mode under System → Config Mode. By doing this none of the changes you’re making are applied so you can configure everything and then apply everything at once. This is especially useful for changes you’re making during normal operation when your router is supposed to have minimal downtime.
Name Hostname of your VT AIR without the domain part
Domain Domain part of your host
HTTP Forward Auto redirect HTTP requests to the web interface to HTTPS (encrypted)
Web HTTPS Port HTTPS Port of the web interface
Web Certificate The certificate used to secure your HTTPS connection to the web interface
The option Auto Logout Time is the time a user stays logged in when not using the webgui in seconds. The default value is 3600 seconds, which is 1 hour.
Timezone and Language settings for your VT AIR device.
You can enable SSH and choose to only allow SSH Keys. SSH Keys have to be added to each user to be able to login.
SSH Rate Limit sets the number of connections per IP that can access the VT AIR. SSH Rate Limit Time is the time (Seconds/Minutes) that the Rate Limit should apply to.
For example a rate limit of 5 per Minutes will restrict a single IP to a maximum of 5 connections per minute.
Anti Lockout Rules Automatically creates Firewall Rules that prevent you from losing access to the web interface
DNS Override Allow the DHCP Server to override the DNS Servers
DNS Localhost Use the internal DNS Server for your network (must be enabled under Services)
DNS Forward Servers IP addresses of external DNS Servers that you want to use
7.1.8. NAT & Firewall¶
NAT Reflection allows your clients to access DNAT forwarded IPs by their external address. Without NAT Reflection a DNAT forwarded WAN IP can not be accessed from inside the local network. Split DNS is usually a better solution to fix this problem by pointing the internal DNS entry to the local IP Address of the server.
Auto VRRP VIP Rules We do supply automatic firewall rules for the following Services:
- VRRP VIP
They will be updated when you change any relevant settings in these Services. If you want to manage these firewall rules manually, you can deactivate the auto generation here.
Prefer IPv4 over IPv6 When both IPv6 and IPv4 are available for a specific connection your VT AIR will default to IPv6 unless you enable this option in which case IPv4 will be used.
By default the option Strict Reverse Path Filter is set to true. This checks for a reverse route on the interface the traffic entered so no asymmetric routing is allowed. If you need to enable asymmetric routing please uncheck this option.
You also can’t use states in the Firewall Rules (Forward and Input) for connections that use asymmetric routing. Please create appropriate firewall rules for this scenario.
Watchdog Enable the hardware watchdog which auto-detects severe malfuntions that cause the software to crash and reboots your VT AIR device.
Disable API Disable the REST API
Log to RAM Chaches logfiles in the RAM and copies them to the SSD hourly. This saves write operations on your SSD prolonging its life span
7.1.10. Basic Configuration example¶
When first setting up your VT AIR device give it a Hostname that is easily recongnizable in your network and makes clear what device this is. For example if you have multiple VT AIR devices in your network consider using their location as part of the hostname. This way you can easiliy identify which device is the right one in case you need physical access to it.
Change the Domain to your company’s domain to complete your device’s FQDN (Fully Qualified Domain Name).
Enable HTTP Forward to encrypt the traffic between your computer and your VT AIR device when accessing the web GUI. Chnages to this are only effective after you press save at the bottom of the page and reload the browser tab.
Enter your Timezone and Language preference for your device.
If you want to access the Console Access remotely consider enabling SSH on your device.
If you want to make changes from the Voleatech VT AIR Portal, consider enabling the Portal connections.
Keep the Anti Lockout Rules enabled. This creates automatic Firewall rules that prevent you from accidentaly being locked out of your firewall due to a wrong Firewall rule.
Leave the DNS Localhost enabled unless you have a specific reason for it to not be enabled.
If your ISP supplies you with a Dual Stack (Lite) connection instead of a native IPv4 connection you can enable Prefer to use IPv4 even if IPv6 is available. This will route all traffic over IPv4 wherever possible instead of switching to IPv6 when available.
Click Save on the bottom of the page.