Feature
Wireless
Wireless mode
802.11b/g/n/ac Wave 2 (Wi-Fi 5) with data transmission rates up to 867 Mbps (Dual Band, MU-MIMO), 802.11r fast transition, Access Point (AP), Station (STA)
Wi-Fi security
WPA2-Enterprise: PEAP, WPA2-PSK, WPA-EAP, WPA-PSK, WPA3-SAE, WPA3-EAP, OWE; AES-CCMP, TKIP, Auto-cipher modes, client separation, EAP-TLS with PKCS#12 certificates, disable auto-reconnect, 802.11w Protected Management Frames (PMF)
SSID/ESSID
SSID stealth mode and access control based on MAC address
Wi-Fi users
Up to 150 simultaneous connections
Wireless Connectivity Features
Wireless mesh (802.11s), fast roaming (802.11r), Relayd, BSS transition management (802.11v), radio resource measurement (802.11k)
Wireless MAC filter
Allowlist, blocklist
Wireless QR code generator
Once scanned, a user will automatically enter your network without needing to input login information
TravelMate
Forward Wi-Fi hotspot landing page to a subsequent connected device
Bluetooth
Bluetooth 5.0
Bluetooth low energy (LE) for short range communication
Ethernet
WAN
1 x WAN port 10/100/1000 Mbps, compliance with IEEE 802.3, IEEE 802.3u, 802.3az standards, supports auto MDI/MDIX crossover
LAN
3 x LAN ports, 10/100/1000 Mbps, compliance with IEEE 802.3, IEEE 802.3u, 802.3az standards, supports auto MDI/MDIX crossover
Network
Routing
Static routing, Dynamic routing (BGP, OSPF v2, RIP v1/v2, EIGRP, NHRP), Policy based routing
Network protocols
TCP, UDP, IPv4, IPv6, ICMP, NTP, DNS, HTTP, HTTPS, SFTP, FTP, SMTP, SSL/TLS, ARP, VRRP, PPP, PPPoE, UPNP, SSH, DHCP, Telnet, SMPP, SNMP, MQTT, Wake On Lan (WOL), VXLAN
VoIP passthrough support
H.323 and SIP-alg protocol NAT helpers, allowing proper routing of VoIP packets
Connection monitoring
Ping Reboot, Wget Reboot, Periodic Reboot, LCP and ICMP for link inspection
Firewall
Port forward, traffic rules, custom rules, TTL target customisation
Firewall status page
View all your Firewall statistics, rules, and rule counters
Port management
View device ports, enable and disable each of them, turn auto-configuration on or off, change their transmission speed, and so on
Network topology
Visual representation of your network, showing which devices are connected to which other devices
Hotspot
Captive portal (hotspot), internal/external Radius server, Radius MAC authentication, SMS authorisation, SSO authentication, internal/external landing page, walled garden, user scripts, URL parameters, user groups, individual user or group limitations, user management, 9 default customisable themes and optionality to upload and download customised hotspot themes
DHCP
Static and dynamic IP allocation, DHCP relay, DHCP server configuration, status, static leases: MAC with wildcards
QoS / Smart Queue Management (SQM)
Traffic priority queuing by source/destination, service, protocol or port, WMM, 802.11e
DDNS
Supported >77 service providers, others can be configured manually
DNS over HTTPS
DNS over HTTPS proxy enables secure DNS resolution by routing DNS queries over HTTPS
Network backup
Wi-Fi WAN, VRRP, Wired options, each of which can be used as an automatic Failover
Load balancing
Balance Internet traffic over multiple WAN connections
SSHFS
Possibility to mount remote file system via SSH protocol
VRF support
Initial virtual routing and forwarding (VRF) support
Traffic Management
Real-time monitoring, wireless signal charts, traffic usage history
Security
Certificate Manager
Certificate creation tool allows to create CA, server, client, let's encrypt, SCEP certificates
802.1x
Port-based network access control client
Authentication
Pre-shared key, digital certificates, X.509 certificates, TACACS+, Internal & External RADIUS users authentication, IP & login attempts block, time-based login blocking, built-in random password generator
Firewall
Preconfigured firewall rules can be enabled via WebUI, unlimited firewall configuration via CLI, DMZ, NAT, NAT-T, NAT64
Attack prevention
DDOS prevention (SYN flood protection, SSH attack prevention, HTTP/HTTPS attack prevention), port scan prevention (SYN-FIN, SYN-RST, X-mas, NULL flags, FIN scan attacks)
VLAN
Port and tag-based VLAN separation
WEB filter
Block list for blocking out unwanted websites, allow list for specifying allowed sites only
Access control
Flexible access control of SSH, Web interface, CLI and Telnet
TPM
Identification and authentication module, TPM 2.0 standard
*Feature availability varies by order code
VPN
OpenVPN
Multiple clients and a server can run simultaneously, 27 encryption methods
OpenVPN Encryption
DES-CBC 64, RC2-CBC 128, DES-EDE-CBC 128, DES-EDE3-CBC 192, DESX-CBC 192,
BF-CBC 128, RC2-40-CBC 40, CAST5-CBC 128, RC2-64-CBC 64, AES-128-CBC 128, AES-128-CFB 128, AES-128-CFB1 128, AES-128-CFB8 128, AES-128-OFB 128, AES-128-GCM 128, AES-192-CFB 192, AES-192-CFB1 192, AES-192-CFB8 192, AES-192-OFB 192, AES-192-CBC 192, AES-192-GCM 192, AES-256-GCM 256, AES-256-CFB 256, AES-256-CFB1 256, AES-256-CFB8 256, AES-256-OFB 256, AES-256-CBC 256
IPsec
XFRM, IKEv1, IKEv2, with 14 encryption methods for IPsec (3DES, DES, AES128, AES192, AES256, AES128GCM8, AES192GCM8, AES256GCM8, AES128GCM12, AES192GCM12, AES256GCM12, AES128GCM16, AES192GCM16, AES256GCM16)
GRE
GRE tunnel, GRE tunnel over IPsec support
PPTP, L2TP
Client/Server instances can run simultaneously, L2TPv3, L2TP over IPsec support
Stunnel
Proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the program’s code
DMVPN
Method of building scalable IPsec VPNs, Phase 2 and Phase 3 and Dual Hub support
SSTP
SSTP client instance support
ZeroTier
ZeroTier VPN client support
WireGuard
WireGuard VPN client and server support
Tinc
Tinc offers encryption, authentication and compression in it's tunnels. Client and server support.
Tailscale
Tailscale offers speed, stability, and simplicity over traditional VPNs. Encrypted point-to-point connections using the open source WireGuard protocol
