This article collects the practices we expect partners and field techs to follow when standing up and maintaining an Uplevel-managed client network. They cover network access, physical equipment protection, and the routine maintenance cadence that keeps everything supportable.
Network access
Default to Client VPN for LAN access
- Reach LAN assets through the Client VPN, not directly from the public internet.
- Don’t expose LAN services with port forwarding unless there is no other option (see Port Forward for our standing recommendation against it).
- The Client VPN guides cover Windows, macOS, Android, and iOS — see Client VPN — L2TP/IPsec, SSTP, SSL and Client VPN — OpenVPN with TOTP MFA.
If port forwarding is unavoidable
When the client absolutely needs a port forward (rare — generally indicates an architectural gap somewhere else):
- Keep aggressive security-patch management on the exposed service.
- Monitor end-of-life announcements for the affected software.
- Run regular CVE database checks against the running version.
- Document the exception and put a recurring review on the calendar.
Physical equipment protection
Surge protection is mandatory
All gear must sit behind a surge protector, especially in regions with frequent thunderstorms. That includes:
- Power supplies / AC adapters.
- Ethernet runs that leave the building (between buildings, outdoor APs, etc.).
- Coaxial lines (cable modem, antenna feeds).
Recommended surge protection
- Pick products that ship with equipment insurance — the warranty is usually a fair indicator of the manufacturer’s confidence in the unit’s clamping behaviour.
- Use commercial-grade surge protection for power.
- Add dedicated Ethernet surge protection on any cable that runs outside the building.
- Add coaxial surge protection for cable or satellite feeds:
Documentation
Configuration guides, FAQs, and product datasheets live in the Uplevel Support Knowledge Base linked from uplevelsystems.com.
For escalations:
- Email: support@uplevelsystems.com
- Phone: 971-317-3001
Maintenance cadence
| Cadence | Activity |
|---|---|
| Monthly | Security-patch review |
| Quarterly | Vulnerability assessment |
| Semi-annually | Surge-protection equipment inspection |
| Annually | Security-policy review |
Compliance / policy hygiene
- Document every method by which someone can reach the client network.
- Keep a log of security exceptions (port forwards, vendor remote access, third-party connectors).
- Review access policies on the cadence above.
- Update security documentation as the environment changes — not just at audit time.
Deploying Uplevel hardware
Before going on-site for a new deployment, work through the Deployment Checklist. Doing the prep up front cuts the on-site time down and surfaces client-network gotchas before they turn into outages.