Better ISP Management

The Local Address serves as **gateway address** on client-side. Since PPP is a one-to-one communication, the local address doesn't have to belong to any range.  The default local address (10.0.0.1) works in most cases and doesn't need to be changed. Here's an example: - **IP Range:** 192.168.100.0/24 - **Local Address:** 10.0.0.1 ### PPPoE connection details:  ### Routes:  ### Conclusion As we can see, the example above with the gateway 10.0.0.1 works despite that it does not belong to the same range.

Thanks for the explanation. I had an issue that was all my customers was masquerade behind the WAN IP of the router for all outbound traffic and not the WAN IP normaly assigned by Zima. I had to create a scrnat rules before the NAT rule to get back in the correct way. Now I disabled it and through zima disable NAT also and everything woks fine. Thanks Best Regards

The Online pool has the option of NAT. If selected it takes care of updating the router with a masquerade rule that gives internet access for the online pool. If not selected, it will not be updated. Let us know if this was clear, and of you got any other questions.

Thanks for your answer. But before to remove it, I would like to understand the purpose/role of this rules ? Thanks Best Regards

Yes, in order to remove it: Go to /settings/IP Pools choose the active pool and edit it. Unselect the NAT option then save. Now this rule will not be synchronized to your router. Let us know if this answered your question.

Hi there, I have a question about a firewall rules on a Mikrotik that is created automatically by zima :slight_smile: Chain : scrnat src address : xxx.xxx.xxx.xxx/24 ( the subnet of pppoe IP we assign to our customer) Action : masquerade Does it comes from zima cause when I try to delete it it comes automatically within 1 min ? What is it made for ? Thanks for your help Best Regards

As a general rule, to protect your router from attacks, you simply need to block all the services that you are are not currently using. Here are the steps: ### 1. Go to **IP > Services**:  ### 2. Disable any services that you are not using:  ### 3. API service config For the API section, you can block all access except for the local Zima VPN range so that Zima can still access the API safely. Here's how: Edit API service field Available From: 10.214.0.0/16 as shown in the screenshot below:  Congrats, you are done. Now your router is safe from unsolicited access and attacks.

Any Update on PPTP connections?

We were able to log graphs for PPtP connections using same method. We will need to develop it and release. We will include this one soon in the release after and will update this thread.

Seriously? No one? What are you using for suspension/block reminder?