eth2 needs subnet configuration.
Add default route , if more networks are attached on inside, you need to configure static routes for them
Use firewall to local-host rules, so you're not exposing the ER itself to entire world:
set firewall name WAN2LOCAL set firewall name WAN2LOCAL default-action drop set firewall name WAN2LOCAL rule 1 action accept set firewall name WAN2LOCAL rule 1 description Estab-Related set firewall name WAN2LOCAL rule 1 log disable set firewall name WAN2LOCAL rule 1 protocol all set firewall name WAN2LOCAL rule 1 state established enable set firewall name WAN2LOCAL rule 1 state related enable set firewall name WAN2LOCAL rule 2 action drop set firewall name WAN2LOCAL rule 2 description DropInvalid set firewall name WAN2LOCAL rule 2 state invalid enable set firewall name WAN2LOCAL rule 2 log enable set interfaces ethernet eth1 firewall local name WAN2LOCAL set interfaces ethernet eth2 firewall local name WAN2LOCAL
These rules do NOT apply for any traffic going through the ER
recommended reading about firewall ins and outs:
http://community.ubnt.com/t5/EdgeMAX/Layman-s-firewall-explanation/m-p/1436103
