UPnP

From Edge Threat Management Wiki - Arista
Revision as of 15:21, 14 December 2016 by Cblaise (talk | contribs)
Jump to navigationJump to search

About UPnP

Universal Plug and Play (UPnP for short) allows clients to create their own firewall port forward rules. Common uses include:

Allow gaming consoles to host games. Enable BitTorrent clients to host uploads.


UPnP settings can be found at Config > Network > Advanced > UPnP.




Security Considerations

These are considered "automatic port forward rules" and therefore you should consider the potential security implications before enabling in your environment. In a home environment with an Xbox, you probably want it enabled. In an office environment, you likely do not want it enabled at all.



Settings

This section reviews the different settings and configuration options available for QoS.


  • Enabled: Controls whether UPnP is enabled or disabled. The default setting is unchecked, which means UPnP is disabled.
  • Secure Mode: An option that restricts port creations to the client system. In most environments you should leave this enabled.


WAN Bandwidth


  • UPnP Status is a status readout of recent activity. The statistics are reset at reboot and when settings are saved.
QoS Statistics

Access Control Rules

These rules allow you to control which networks can use UPnP as well as the ports they can manage along with an allow or deny action. All rules are processed in order.

The default rules for Allow all and Deny all allow all UPnP traffic if UPnP is enabled.

If you which to control access to a particular network, create a new Allow rule for that network and ports and make sure it is above the Deny all rule.