Better ISP Management

Easy Setup, Intuitive Interface, Affordable Subscription

Discover More



Recently Activated
  • From Cyprus 20 hours ago
  • From Pakistan a day ago
  • From Nigeria a day ago
  • From Swaziland 2 days ago
  • From Lebanon 2 days ago
Latest Forum Posts
  • About the IP config category
    This section covers everything related to IP pools, Framed IP and Framed Routes.
    a month ago by Documentation
  • FAQ: My blocked and Expired users are able to access the internet. How can I fix that?
    Zima automatically configures Mikrotik to prevent the offline IP pool from accessing the Internet. This includes Expired and Blocked users. It does that by adding a rule in Mikrotik > IP > Firewall > Filter Rules. If your users are able to access the internet it means someone has disabled this rule by mistake. ### The fix 1. Go to **IP > Firewall > Filter Rules** 2. Enable the rule again: ![image|690x316](upload://1RZXehyMJeZLE76QLtoOi0Tn1Uq.png)
    a month ago by
  • I reset my Mikrotik to default-mode, all users are able to access the internet without authentication. What rules do I need to fix?
    When Mikrotik is reset, the default configuration is applied. Mikrotik's default configuration includes: 1. A DHCP server 2. A NAT rule applied to all networks Those 2 configurations are responsible of allowing access to all users. Here is how to fix that: ### 1- Disabling the DHCP Server Go to **IP > DHCP Server** and disable the server as shown in the screenshot below: ![image|615x320](upload://jWn2z4WOPEWSbx1LWRF2IxzQfNE.png) ### 2- Disable the NAT rule applied to all networks 1. Go to **IP > Firewall > NAT** 2. You'll find a rule that has an empty **src-nat** IP range. It means, it does not restrict Internet to a specific range, just any range can have Internet access. 3. You need to disable this rule as shown in the screenshot below: ![image|690x320](upload://lgt8MxsatnEm3J8Qy2L2Wu9l9na.png) Congrats, your users now have to authenticate before they can connect to the internet. For more readings about configuring a basic PPP server that allows users to authenticate before having Internet access, check the following post:
    a month ago by
  • How do I uninstall Zima from my router?
    Zima script does not install software on your router. It adds a VPN client config to connect your router to Zima Cloud (Details here: Having cleared this point, here's the uninstall script: > /ip firewall filter remove [/ip firewall filter find where in-interface="ZimaVPN"]; /ip firewall filter remove [/ip firewall filter find where comment="Managed By ZIMA"]; /interface ovpn-client remove [find where user~"zima"]; /user remove [find where name ~"zima"]; It removes the following items: - Firewall rules managed by Zima. - ZimaVPN - API Credentials ### Step 1 Paste the uninstall script in Mikrotik terminal and press **enter**. ![image|596x389](upload://t0PXezxALapNQT4Wpy2lf5laFgj.png) ### Step 2 Optional step in case you have edited the API service to protect from API attacks(details here: 1. Go to **IP > Services** 2. Remove if listed in the **Available From** field on the API. ![image|478x318](upload://n6o5zLDcjyaBUsTm08jRLwZOm6t.png) 3. Disable the API service if no other software is using it. ![image|441x321](upload://gtDyYFxxuGyRF3akPJAHmpiF2Dk.png)
    18 days ago by
  • What is Zima connection script?
    Briefly, Zima connection script instructs your router to connect to Zima Cloud. You can totally use Zima without the need to get into the technicality of it. However if you'd like to know what it is all about, here is the breakdown of the different components of the script and what each part is responsible of: # 1. RouterOS Version Check >{put "\n\n\n\n\n\n\n\r================================\r\n ZIMA Connection Script\r\n================================\n"; :local ver [tostr [system package get system version]]; :local verstr ""; :for i from=0 to=([:len $ver] -1) step=1 do={ :local char value=[:pick $ver $i]; :if ($char = ".") do={ :set char value="," }; :set verstr value=($verstr.$char); }; :local verarr [toarray $verstr]; :local major [pick $verarr 0]; :local minor [pick $verarr 1]; **if** ((major < 6) || (major = 6 && minor < 14)) do= { put "Checking RouterOS version... Update Required! ($ver)"; return "\n=============================================\n\rERROR! Your RouterOS version is outdated! \n\rPlease upgrade to version 6.14 or newer.\n\r=============================================\r\n\n";} **else**={ put "Checking RouterOS version... Pass! ($ver)"; - Checks for the correct version of RouterOS. - If the current version is outdated, and error message is displayed and the script stops. - The minimum required is 6.14. # 2. ZimaVPN setup >/ip firewall filter remove [/ip firewall filter find where in-interface="ZimaVPN"]; /interface ovpn-client remove [find where user~"zima"]; /interface ovpn-client add name=ZimaVPN user=zima3WWCCgevtK4____ password=zimaVZ9c9gd1RA____ port=1190 cipher=aes128 auth=sha1; put "Configuring VPN... Done!"; - Removes any existing Firewall rule related to ZimaVPN. - Recreates ZimaVPN client. # 3.API Credentials > /user remove [find where name ~"zima"]; /user add name=zimaEpP6TMbYL1K____ password=zimaAthXOEuzKmW____ group=full; put "Adding API Credentials... Done!"; - Removes any existing credentials. - Adds the correct credentials. # 4. Firewall Rule > if ([:len [tostr [/ip firewall filter find]]]>0) do={/ip firewall filter add chain=input src-address= in-interface=ZimaVPN action=accept place-before=0 comment=ZimaVPN;} else={/ip firewall filter add chain=input src-address= in-interface=ZimaVPN action=accept comment=ZimaVPN; }; put "Adding Firewall rule... Done!"; - Adds an **accept** rule for **ZimaVPN** using the VPN IP range **** - Rule is added at the top of filter rules. # 5. API Service >/ip service set api port=8728 disabled=no; :local avfarr [/ip service get api address]; :local avfrom [tostr [/ip service get api address]]; :local avf value=""; :if (([:len $avfrom] > 0) && ([:find $avfarr "" -1] < 0)) do={set avf ($avfrom.";");}; :local newavf value=""; :if ([:find $avf ";" -1] > 0) do={ :for i from=0 to=([:len $avf] -1) step=1 do={ :local char value=[:pick $avf $i]; :if ($char = ";") do={ :set char value="," }; :set newavf value=($newavf.$char); }; /ip service set api address=$newavf; }; put "Configuring API Access... Done!"; - **Enables** the API Service. - Adjusts "**Available From**" field to accept traffic from the VPN range **** - If "Available From" is empty, it remains that way. # 6. Disable Fasttrack >if ([len [tostr [/ip firewall filter find action=fasttrack-connection disabled=no]]]>0) do={put "Disabling Fasttrack rules... Reboot Recommended"; /ip firewall filter disable [/ip firewall filter find action=fasttrack-connection];} else={ /ip firewall filter disable [/ip firewall filter find action=fasttrack-connection]; put "Disabling Fasttrack rules... Done!";}; put "\r\n================================================================\r\nSUCCESS!! Your Router has been configured successfully!\r\n================================================================\r\n\n\n\n"; }} - Checks for existing Fasttrack rules and disables them. - If any rule is found, a reboot is recommended for quota control to work. - Script success message. ---- To uninstall the connection script from the router check the following link:
    7 days ago by
  • Add Hotspot and payment gateway integration
    Speaking of payment getaway integration, there is an informative article by [Cleveroad]( about that.
    2 months ago by Mary
  • Basic ISP configuration using Mikrotik Routerboard
    Below is a simple scenario of how a basic ISP works and the minimum requirements: ![image|684x461](upload://8pn2LsOIlpyycKziuL6trPhiUWr.png) What you need: - A Mikrotik router. - A backbone network that provides Layer 2 connectivity. It consists of cables, switches, wireless point-to-point, fiber, etc... In this setup, the subscribers are connected via 2 switches to **ether2** and **ether3** on the router, and they use PPPoE to authenticate with their unique username and password. # Router Configuration: ## 1. **IP > DHCP Client:** - Create new DHCP Client for **ether1**: ![image|326x363](upload://qyMctHprXvZ7eM1BZz652VBJ2j6.png) ## 2. **PPP > PPPoE Servers:** - Create PPPoE server for **ether2** and **ether3**: ![image|379x342](upload://lJdrNBtftVC0BKHSvK2x4sAU7Rx.png) ## 3. **IP > Routes:** - Verify default route: ![image|365x153](upload://jELflljCINQwOlRTmNYMd5f82Ml.png) ## 4. **IP > DNS:** - Check **Allow Remote Requests**: ![image|386x396](upload://xXitbskG955yrfNvTAWdmpxSwcJ.png) ## 5. IP > Pool: - Create IP Pool to be used for pppoe clients: ![image|317x238](upload://6RuMm2r9flcaqioIuka1SoVtmhK.png) ## 6. IP > Firewall > NAT: - Add a **masquerade** rule for your IP Pool: ![image|690x203](upload://1rUwcSvS2rQpoIya09B09Waahh3.png) ## 7. PPP > Profiles: - Create a PPP profile. Select your **IP Pool** as remote address. Use **an IP outside the selected pool** for local address: ![image|382x191](upload://8I1RdHsVb7RQmTQBJxAPvgLHBUe.png) ## 8. PPP > Secrets: - Create a PPP secret with the previously created profile: ![image|387x163](upload://jBHfYotvsMqMFZoJABN90kILbqF.png) # Client Configuration: - On client router, select PPPoE as the WAN connection and enter the ppp username and password. ![image|690x242](upload://nUSEgsX4r3d9twXTZMwX3LCrOm4.png)
    2 months ago by
  • What is the Local Address in IP Pool config?
    The Local Address serves as **gateway address** on client-side. Since PPP is a one-to-one communication, the local address doesn't have to belong to any range. ![image|531x227](upload://pRktapsXDPIxmuUuDIYTeczAuac.png) The default local address ( works in most cases and doesn't need to be changed. Here's an example: - **IP Range:** - **Local Address:** ### PPPoE connection details: ![image|333x167](upload://qY75JgV5XfAksbf0FTeotY6crlF.png) ### Routes: ![image|635x75](upload://u26Qf0dfTHx7JHddw3u5GoaohLd.png) ### Conclusion As we can see, the example above with the gateway works despite that it does not belong to the same range.
    a month ago by
  • Clear duplicate IP Ranges
    If you registered your ISP before the [IP Pools revamp]( on June 1st 2020, your IP pools may have the same IP ranges across all of your routers. Here is how you can redistribute your IP addresses to prevent conflicts. - Log in as administrator and go to **Settings > IP Pools**:: ![image|241x139](upload://ePwo9xtBLsi0SGcEXsXlVn49dkH.png) - Select an **IP pool** and click Edit: ![image|685x173](upload://6QeDzUk6FScEhF6Xr9e8QdegKI4.png) - On the **Routers** tab, look for duplicate ranges: ![image|666x455](upload://gUfD4Vh3ASVVA5FbAYRVVYTUYIG.png) ### You can do either: - Split the ranges manually such as: - Use the **IP Ranges Allocator** to distribute your ranges equally for all routers: ![image|676x468](upload://hBpziwdGYbZClGvKTmNMOmAhGSz.png) Save your changes when you are done.
    21 days ago by
  • Clean up unnecessary IP Pools
    Our previous default config created 4 IP pools. For a simpler management experience, we have narrowed the default IP pools config to just two: online-pool and offline-pool. If you happen to have 4 IP pools, no worries. This guide shows you how you can clean the unnecessary pools to simplify your configuration. # Two Steps ## 1. Edit the service plans - Log in as admin and go to Settings > Service Plans: ![image|234x137](upload://m5lpQnEK1nLN5et1yPVvSccSiQl.png) - Select a service plan: ![image|690x151](upload://9BJQHJOWJ0TfRwEHyeg8LK4RN7Q.png) - Instead of having default-blocked, default-ruleBlocked as separate pools, we will set them all to **default-expired** as displayed in the screenshot below: ![image|690x98](upload://524SGAHltEnQPGYxmKDndwdHFSF.png) **Repeat the steps for ALL your service plans.** ## 2. Delete the unused pools After that you have edited the IP pools section of all your service plans. - Go to Settings > IP Pools ![image|241x139](upload://ePwo9xtBLsi0SGcEXsXlVn49dkH.png) - Now we can delete **default-blocked** and **default-ruleBlocked** as shown in the screenshot below: ![image|618x309](upload://1J4rqYARA5C0AXzUT2bIlzz0m0V.png) ## Optional: Rename the expired pool to **offline-pool** - Select **default-expired** and click the edit button: ![image|614x340](upload://7Kj6lUBVUq1ugdPBERTEvhSoc4R.png) - Rename it to **offline-pool** and click Save Changes: ![image|690x275](upload://dCRoeGDOWpnEcvekOVOSrBLgkxe.png) Congratulations, you have cleaned up the unnecessary IP pools for a simpler management experience.
    a month ago by

How it works

Step 1: Connect Mikrotik

Step 2: Add Subscribers

Step 3: Manage

Quota Control

  • Specify daily, weekly, monthly quota consumption for clients
  • Multi-level bandwidth shaping to help prevent consumption abuse
  • Create FUP rules for peak time (Fair Usage Policy)
  • Specify higher rate limits at off-peak time (i.e. double, or triple speed after midnight)
  • Exclude traffic accounting during a certain time of day (i.e. free quota after midnight)
  • Specify speed on based on week day (i.e. faster speed on the weekend)
  • Create special service plans that are active during business hours only (i.e. blocked on weekends, and after 6PM on business days)

Consumption Graphs

  • Detailed consumptions graphs of your subscribers
  • Fitler using custom time ranges

Central Monitoring Page

  • Seemless control of your ISP from a single page
  • Block/unblock, and renew subscriptions
  • Quick search, and filtering by status (Active users, Expired, Expires-soon, Online, Offline)
  • Color codes (Online, Offline, Blocked, Expired)
  • Customize column visibility

More great features


Customize your company name, logo, currency, and sub-domain.

Role Based Access

Admin, reseller, sub-Resellers, and subscribers. Each reseller/sub-reseller manages their own list of subscribers, admin manages all.

MAC Auto Detect & Lock

Automatic binding of MAC address to subscriber on first connection. Reset MAC binding when a device is changed.

Accounting & Reports

Easy credits transactions. Customize your accounting reports. Export reports to CSV or Excel.

Cloud Based

No need for a server anymore. All you need is a Mikrotik router. Access your ISP from anywhere using your subdomain

Data Safety

Your data is stored safely, and kept private. No need to worry about data backup anymore.

Pricing Plans














Made For Mikrotik

Zima is fully compatible with Mikrotik (RouterOs). We are also enlisted among MFM (Made For Mikrotik)

Frequently Asked Questions

How can I install Zima?

Do I need any technical skills to setup Zima?

Do I need a public IP to use Zima?

Can I import my subscribers from other RADIUS systems to Zima?

How much time do I need to setup Zima, migrate my subscribers, and connect my routers?

Is there a limit for the number of subscribers I can add?

One of my routers has been damaged, and I need to replace it. How can I restore?

I manage 2 remote locations, with 2 separate networks. Do I need 2 licenses?

To Top