Better ISP Management

## Overview  In this release, we have revamped the Zima user interface to become easier to navigate. The main highlights are: 1. Unified navigation menu 2. Notifications button 3. Clear section titles 4. Managers selection bar 5. Unified actions panel 6. Columns visibility revamp 7. Managers page 8. My Account section 9. Auto-complete search in Bandwidth reports page 10. Other enhancements ## Features ### 1. Unified navigation menu Previously the subscribers page was accessed from the top left, the managers settings were accessed from the header near the ISP name, the ISP settings were accessed from the top right. Now everything is centralized in one menu accessible from the top right. ### 2. Notifications button Previously the warning messages were displayed in the subscribers page. Now the notification messages are collected under the notifications button.  ### 3. Clear Section titles Now each section title is displayed uniformly on top. ### 4. Manager selection bar The subscribers of a manager are now accessible from the manager selection bar in the subscribers page. The filters also moved to the managers selection bar. ### 5. Unified actions panel Now all the pages with tables have a unified interface to add, filter, and access user actions. The pages that include it are: Subscribers, Managers, Service plans, Routers and IP Pools.  ### 6. Columns visibility revamp Now the columns visibility includes the columns ordering and is accessible from the gear icon on the top right of the table.   ### 7. Managers page Managers now have their own page. The admin can create/edit/delete them from there. Also, now the admin role is not allowed to manage subscribers. Having subscribers is restricted to managers. The ISPs that had subscribers under an admin will now be seeing them under a manager with the same admin name. It is backwards compatible. However, the manager needs to have credits in his account so he can renew service plans for his clients. To add credits for a manager, you select the manager and select [Credits] from the actions panel.   ### 8. My Account section We added the “My Account” section that contains the Profile and Change Password tabs for all users. For the admin account, it also includes Organization and Subscription tabs. We also revamped the organization section. All the organization preferences can now be edited there.  ### 9. Auto-complete search in Bandwidth reports page In the bandwidth reports page, we added the auto-complete functionality for easier navigation.  ### 10. Other fixes and enhancements 1. The Migrator page has become accessible from the navigation menu and is now called Import. 2. In the subscribers page, Export action now exports the selected items instead of all records. To export all subscribers, simply select all and then export. 3. Explicit assign links: When a manager doesn’t have Service plans, or Routers assigned they will see an explicit link that takes them to the assign section. This is helpful for new users. 4. New descriptive icons, fonts sizes revision and general UI enhancements. ## What's next? Next we will be revamping billing and implementing email notifications.

## Features 1. The number of selected subscribers and the number of filtered subscribers now appear under the search box.  --- 2. "Select All" and "Deselect All" were removed from the actions and are now represented by the select box in the header as shown in the screenshot below.  --- 3. Move subscribers is now in actions and not in the edit subscriber form.  --- 4. Change password tab was removed. Now the subscribers password is accessible from the edit subscriber form directly as shown in the screenshot below.  --- 5. Permissions tab was added. It will be showing all the permissions that will be added in the future.  --- ## What's next? For the next release, we'll revamp the Navigation menu and we will introduce the managers page.

## Features - In Subscribers page: - Mobile friendly toolbar: The action items and filter items fold into 2 lists for better visibility and user experience on mobile.  - Delete Subscriber is now accessible from the actions menu (Previously it was accessible from Subscriber/Edit/Other) - Export CSV and Export Excel items were merged into one Item Export (Excel, CSV). It opens list (Excel, CSV) to choose the format from, then export. - Other - Sessions Log of the subscribers is now accessible by Resellers from the menu SessionsLog (previously it was only accessible by admin) - Renamed Subscriber/Edit/Other tab to Move subscribers ## Bug fixes - Restricted change username from the Subscribers panel (previously it was possible and caused confusion for resellers) - Locked MAC for new added PPPoE subscribers by default (previously it was not set) - Fixed timezone setting for dates of the records added in the Credit Transfer section (Previously Timezone was not taken care of correctly in this section).

Update: We have merged the category "Product Discussions" with "Community Talks" for easier access. We Will be identifying the product discussions using tags. Soon the forum will be accessible automatically once logged in to your Zima subdomain. Moving the product conversations to this forum is very important. It helps us prioritize the features that we work on to align with the community needs. Stay tuned.

This section covers everything related to IP pools, Framed IP and Framed Routes.

Zima automatically configures Mikrotik to prevent the offline IP pool from accessing the Internet. This includes Expired and Blocked users. It does that by adding a rule in Mikrotik > IP > Firewall > Filter Rules. If your users are able to access the internet it means someone has disabled this rule by mistake. ### The fix 1. Go to **IP > Firewall > Filter Rules** 2. Enable the rule again: 

When Mikrotik is reset, the default configuration is applied. Mikrotik's default configuration includes: 1. A DHCP server 2. A NAT rule applied to all networks Those 2 configurations are responsible of allowing access to all users. Here is how to fix that: ### 1- Disabling the DHCP Server Go to **IP > DHCP Server** and disable the server as shown in the screenshot below:  ### 2- Disable the NAT rule applied to all networks 1. Go to **IP > Firewall > NAT** 2. You'll find a rule that has an empty **src-nat** IP range. It means, it does not restrict Internet to a specific range, just any range can have Internet access. 3. You need to disable this rule as shown in the screenshot below:  Congrats, your users now have to authenticate before they can connect to the internet. For more readings about configuring a basic PPP server that allows users to authenticate before having Internet access, check the following post: https://forum.zima.cloud/t/basic-isp-configuration-using-mikrotik-routerboard/668

Zima script does not install software on your router. It adds a VPN client config to connect your router to Zima Cloud (Details here: https://forum.zima.cloud/t/what-is-zima-connection-script/674). Having cleared this point, here's the uninstall script: > /ip firewall filter remove [/ip firewall filter find where in-interface="ZimaVPN"]; /ip firewall filter remove [/ip firewall filter find where comment="Managed By ZIMA"]; /interface ovpn-client remove [find where user~"zima"]; /user remove [find where name ~"zima"]; It removes the following items: - Firewall rules managed by Zima. - ZimaVPN - API Credentials ### Step 1 Paste the uninstall script in Mikrotik terminal and press **enter**.  ### Step 2 Optional step in case you have edited the API service to protect from API attacks(details here: https://forum.zima.cloud/t/faq-how-to-protect-my-router-from-api-attacks/655) 1. Go to **IP > Services** 2. Remove 10.214.0.0/16 if listed in the **Available From** field on the API.  3. Disable the API service if no other software is using it. 

Briefly, Zima connection script instructs your router to connect to Zima Cloud. You can totally use Zima without the need to get into the technicality of it. However if you'd like to know what it is all about, here is the breakdown of the different components of the script and what each part is responsible of: # 1. RouterOS Version Check >{put "\n\n\n\n\n\n\n\r================================\r\n ZIMA Connection Script\r\n================================\n"; :local ver [tostr [system package get system version]]; :local verstr ""; :for i from=0 to=([:len $ver] -1) step=1 do={ :local char value=[:pick $ver $i]; :if ($char = ".") do={ :set char value="," }; :set verstr value=($verstr.$char); }; :local verarr [toarray $verstr]; :local major [pick $verarr 0]; :local minor [pick $verarr 1]; **if** ((major < 6) || (major = 6 && minor < 14)) do= { put "Checking RouterOS version... Update Required! ($ver)"; return "\n=============================================\n\rERROR! Your RouterOS version is outdated! \n\rPlease upgrade to version 6.14 or newer.\n\r=============================================\r\n\n";} **else**={ put "Checking RouterOS version... Pass! ($ver)"; - Checks for the correct version of RouterOS. - If the current version is outdated, and error message is displayed and the script stops. - The minimum required is 6.14. # 2. ZimaVPN setup >/ip firewall filter remove [/ip firewall filter find where in-interface="ZimaVPN"]; /interface ovpn-client remove [find where user~"zima"]; /interface ovpn-client add name=ZimaVPN user=zima3WWCCgevtK4____ password=zimaVZ9c9gd1RA____ connect-to=vpn.zima.cloud port=1190 cipher=aes128 auth=sha1; put "Configuring VPN... Done!"; - Removes any existing Firewall rule related to ZimaVPN. - Recreates ZimaVPN client. # 3.API Credentials > /user remove [find where name ~"zima"]; /user add name=zimaEpP6TMbYL1K____ password=zimaAthXOEuzKmW____ group=full; put "Adding API Credentials... Done!"; - Removes any existing credentials. - Adds the correct credentials. **Note**: This step requires an admin login with type full. # 4. Firewall Rule > if ([:len [tostr [/ip firewall filter find]]]>0) do={/ip firewall filter add chain=input src-address=10.214.0.0/16 in-interface=ZimaVPN action=accept place-before=0 comment=ZimaVPN;} else={/ip firewall filter add chain=input src-address=10.214.0.0/16 in-interface=ZimaVPN action=accept comment=ZimaVPN; }; put "Adding Firewall rule... Done!"; - Adds an **accept** rule for **ZimaVPN** using the VPN IP range **10.214.0.0/16** - Rule is added at the top of filter rules. # 5. API Service >/ip service set api port=8728 disabled=no; :local avfarr [/ip service get api address]; :local avfrom [tostr [/ip service get api address]]; :local avf value=""; :if (([:len $avfrom] > 0) && ([:find $avfarr "10.214.0.0/16" -1] < 0)) do={set avf ($avfrom.";10.214.0.0/16");}; :local newavf value=""; :if ([:find $avf ";" -1] > 0) do={ :for i from=0 to=([:len $avf] -1) step=1 do={ :local char value=[:pick $avf $i]; :if ($char = ";") do={ :set char value="," }; :set newavf value=($newavf.$char); }; /ip service set api address=$newavf; }; put "Configuring API Access... Done!"; - **Enables** the API Service. - Adjusts "**Available From**" field to accept traffic from the VPN range **10.214.0.0/16** - If "Available From" is empty, it remains that way. # 6. Disable Fasttrack >if ([len [tostr [/ip firewall filter find action=fasttrack-connection disabled=no]]]>0) do={put "Disabling Fasttrack rules... Reboot Recommended"; /ip firewall filter disable [/ip firewall filter find action=fasttrack-connection];} else={ /ip firewall filter disable [/ip firewall filter find action=fasttrack-connection]; put "Disabling Fasttrack rules... Done!";}; put "\r\n================================================================\r\nSUCCESS!! Your Router has been configured successfully!\r\n================================================================\r\n\n\n\n"; }} - Checks for existing Fasttrack rules and disables them. - If any rule is found, a reboot is recommended for quota control to work. - Script success message. ---- To uninstall the connection script from the router check the following link: https://forum.zima.cloud/t/how-do-i-uninstall-zima-from-my-router/675

Speaking of payment getaway integration, there is an informative article by [Cleveroad](https://www.cleveroad.com/blog/all-you-need-to-know-about-the-payment-gateway-integration-into-an-app) about that.