Virtual Private Network(VPN)

VPNWhat Is a VPN and How Does It Work?

Simply put, a VPN creates a virtual encrypted tunnel between you and a remote server operated by a VPN service. All your internet traffic is routed through this tunnel, so your data is secure from prying eyes. Best of all, your computer appears to have the IP address of the VPN server, masking your identity and location.

When your data reaches the VPN server, it exits onto the public internet. If the site you’re heading to uses HTTPS to secure the connection, you’re still secure. But even if it was intercepted, it’s difficult to trace the data back to you, since it appears to be coming from the VPN server.

When the internet was first being pieced together, there wasn’t much thought given to security or privacy. At first it was just a bunch of shared computers at research institutions, and computing power so limited that any encryption could have made things extremely difficult. If anything, the focus was on openness, not defense.

Protect Yourself With a VPN

Today, most of have multiple devices that connect to the web that are vastly more powerful than the top computers of the early days. But the internet hasn’t made a lot of fundamental improvements. Consider that it is only in the past few years that HTTPS has become widespread.

This means that, unfortunately, it is up to individuals to protect themselves. Antivirus apps and password managers go a long way toward keeping you safer, but a VPN is a uniquely powerful tool that you should definitely have in your personal security toolkit, especially in today’s connected world. Whether you opt for a free service or even go all-in with an encrypted router, having some way to encrypt your internet traffic is critically important.

Due to recently outbreak of #COVID-19, It was safe to work from home instead of going to office. But how if your server is located in the office which is a few KM from you? You definite need the Virtual Private Network #VPN connection to your office so you can access it from anywhere in the world. Purchasing a hardware VPN router will cause you a lot of money since a lot of factory is closing down in china due to recently #outbreak. The best way is to setup a Software VPN in your server so you continue to #workfromhome Support Application:

(1) if you installing/host any of software like #sage #myob #autocount #payroll #sqlaccounting(client server based)


(2) if you have centralized file sharing Setup installation can be done remotely. You need to download the teamviewer for me to access your server and router.


What is RSSI and what does it mean for a WiFi network?

RSSI, or “Received Signal Strength Indicator,” is a measurement of how well your device can hear a signal from an access point or router. It’s a value that is useful for determining if you have enough signal to get a good wireless connection.

Note: Because an RSSI value is pulled from the client device’s WiFi card (hence “received” signal strength), it is not the same as transmit power from a router or AP.

RSSI vs dBm

dBm and RSSI are different units of measurement that both represent the same thing: signal strength. The difference is that RSSI is a relative index, while dBm is an absolute number representing power levels in mW (milliwatts).

RSSI is a term used to measure the relative quality of a received signal to a client device, but has no absolute value. The IEEE 802.11 standard (a big book of documentation for manufacturing WiFi equipment) specifies that RSSI can be on a scale of 0 to up to 255 and that each chipset manufacturer can define their own “RSSI_Max” value. Cisco, for example, uses a 0-100 scale, while Atheros uses 0-60. It’s all up to the manufacturer (which is why RSSI is a relative index), but you can infer that the higher the RSSI value is, the better the signal is.

Since RSSI varies greatly between chipset manufacturers, MetaGeek software uses a more standardized, absolute measure of signal strength: received signal power, which is measured in decibels, or dBm on a logarithmic scale. There’s a lot of math we could get into, but basically, the closer to 0 dBm, the better the signal is.

To help leverage your signal strength measurement most effectively so you can make channel planning decisions,inSSIDer Plus displays signal strength in two ways.

Acceptable Signal Strengths

Signal Strength TL;DR Required for
-30 dBm Amazing Max achievable signal strength. The client can only be a few feet from the AP to achieve this. Not typical or desirable in the real world. N/A
-67 dBm Very Good Minimum signal strength for applications that require very reliable, timely delivery of data packets. VoIP/VoWiFi, streaming video
-70 dBm Okay Minimum signal strength for reliable packet delivery. Email, web
-80 dBm Not Good Minimum signal strength for basic connectivity. Packet delivery may be unreliable. N/A
-90 dBm Unusable Approaching or drowning in the noise floor. Any functionality is highly unlikely. N/A

What if I have an acceptable signal strength but I’m still having problems?

If you’ve already checked your signal strength using a WiFi scanning app like inSSIDer Plus and concluded that you have acceptable WiFi signal strength, then interference may be to blame. Your computer’s WiFi adapter can help you see some types of interference, but for finding non-WiFi interferers, you’ll need a spectrum analysis tool like Wi-Spy.

Site to Site VPN with Draytek

model: Vigor 2925 and Vigor 2926

HQ: (dynamic ip address)
a) put in the peer id  (both must same on HQ and Branch)
b) IKE pre-shared key (both must same on HQ and Branch)
1. go to vpn and remote access -> lan to lan
2. create a profile – choose dial in, enable profile
Branch: (dynamic ip address)
a) pre-shared key (both must same on HQ and Branch)
b) put in the dynamic dns from hq
c)after click advanced, select aggressive mode and put the local ID (both must same on HQ and Branch)
click advanced

Port Forward in Maxis MA131

Maxis Business fiber will having issue to setup on other router if the user want to use their phone (free line). they cannot attach to the TM modem as per this equipment is not own by maxis. If you want to use the phone line from maxis you must use their router MA131. Problem come if you want to do port forwarding when you have different firewall router which will need. what we do is to do double port forwarding.


below is the example of the port forwarding in maxis router.

as you can see the ip actually is the firewall router behind this maxis router.


below is the firewall router. the wan ip for this router are configure as static ip receive from the maxis router. which is

what you to do is double open the port for both router.

DSX-600 CableAnalyzer

Essential certification of copper, twisted pair structured cabling from Cat 3 / Class C through Cat 6A / Class EA

The DSX-600 from Fluke Networks provides essential Cat 6A and Class EA Copper Certification featuring ten second test times and advanced user interface. Manage jobs and testers from any smart device over Wi-Fi with LinkWare™ Live. Features legendary Fluke Networks reliability backed by worldwide support.

  • Cat 6A and Class EA Copper Certification
  • Includes Channel Measurement Adapters; Optional rugged Permanent Link Adapters with removable test plug available
  • 10 second Cat 6A test time
  • ProjX™ Management System makes test setup fast and foolproof
  • HDTDX and HDTDR diagnostics pinpoint fault location
  • Integrates with LinkWare™ Live to manage jobs and testers from any smart device.
  • Quickly and easily create professional custom PDF reports with LinkWare™ PC.

Unique Features

  • The DSX-600 enables users to accomplish more than ever before by accelerating every step of the testing process
  • LinkWare Live cloud service lets the Project Manager remotely set up the testers, monitor job progress and even location from any smart device
  • ProjX™ management system eases tasks from initial set-up of a job to system acceptance. It eliminates redundant steps, and ensures that all tests are completed correctly the first time, and every time
  • Taptive™ user interface puts advanced data analysis and easy set-up and operation at the fingertips of technicians of all skill levels
  • LinkWare PC management software provides unmatched analysis of test results and professional test reports


  • TIA – Category 3, 5, 5e, 6, 6A per TIA 568-C.2 or TIA-1005
  • ISO/IEC – Class C and D, E, EA certification per ISO/IEC 11801:2002 and amendments
  • IEEE 802.3 – 10BASE-T, 100BASE-TX, 1000BASE-T, 10GBASE-T


  • Nine second Cat 6/Class E and 10 second Cat 6A/Class EA test time contributes to the fastest way to gain certification
  • Graphically displays the source of failures, the DSX-600 HDTDR and HDTDX algorithms provide quick, easy-to-understand directions to identify the point of failure (distance from the tester).
  • Manage up to 12,000 Cat 6A test results with full graphics
  • Capacitive touchscreen allows quick tester setup with easily selectable cable types, standards and testing parameters

ProjX™ Management System Manages Complex Jobs with Ease

Manage up to 12,000 Cat 6A test results with full graphics

Managing the testing of multiple jobs with multiple teams, testers, and requirements is time consuming and a source of errors. Increasingly larger jobs make project organization more important than ever. The new ProjX management system on the DSX-600 CableAnalyzer provides individual project files for all job specific details to be saved under a simple name, eliminating the need to re-enter job specific details after starting a project. This minimizes set-up errors or lost files when switching from one job to another or utilizing multiple testers on a single job. In addition, it provides test results by cable ID, merges any changes without duplicates and defaults to the last copper or fiber module installed. ProjX management system provides real time status to completion on each job with a 0-100% scale and gives the operator the option to isolate any test requiring a second look and helps to assure nothing is overlooked. The “Fix Later” selection creates a punch list or automatic to do list for correcting any workmanship issues. ProjX enables project managers and crew leaders to be truly efficient.

Performs with Unsurpassed Speed

Ten second Cat 6A test time and the fastest way to submit your certification results

No tester offers so much speed for so many tests. Complete copper certification to Cat 6A in 10 seconds . Quickly get a Pass or Fail result and easily review individual test parameters by value or drill into specific area on a graph.

LinkWare™ PC Cable Test Management Software

Leveraging the popular and multi-featured LinkWare PC management software application, DSX-600 users can easily access the ProjX management system data, generate reports, and upgrade the software in their testers. Project Managers have full capabilities to manage workflow and consolidate test results. Users can provide the finishing touch by adding their company logo to the report and offer it unaltered to their customers for system acceptance purposes. Keep your business tools simple, no matter which Fluke Networks copper or fiber tester you are using, LinkWare PC is the software package that reports it all.

Now with LinkWare PC stats, the new automated statistical report option, you can move above and beyond the page-per-link report and see your entire cabling infrastructure. It analyzes and transforms LinkWare PC test results data into charts and diagrams that reveal your cabling plant performance; this report summarizes your entire cabling infrastructure in a compact, graphical format that makes it easy to verify margins and to spot anomalies.

LinkWare™ Live Test Results Management Service

LinkWare Live is a cloud-based service that lets you manage certification jobs anytime, anywhere, with anyone on any device.  With LinkWare Live, you can:

  • Keep track of every test on every job. Get an overview of every project from any smart device. Drill down to each individual test. Instantly receive notification of incorrect test setting or cable IDs.
  • Get it right the first time. Define cable IDs and test settings from your PC or tablet.
  • Keep your testers up to date. Standards can change without notice, and an out-of-date test report can mean hours of re-testing. LinkWare Live automatically ensures your testers are running the latest.
  • Stop wasting time and gas driving testers back to the office. Upload your test results straight from the job site to LinkWare Live over Wi-Fi. Then download them automatically to the right job for fast report generation with LinkWare PC.
  • Avoid Project Delays. Track the last used location and monitor the status of all testers to ensure they are always calibrated and running the latest firmware*

Multiple port forwarding setup


On router 2, you need to open the port assign to the wan port  of router 1. for example cctv use 37777 tcp

on router 1, you need to open the port assign to the DVR. for example cctv use 37777 tcp.


How to Determine Your Network Cabling & Wiring Needs

The conveyance media you choose for your structured cabling implementation is determined by many factors, the most important of which are your current bandwidth needs, your network environment, your expected future bandwidth requirements and your budget. This article will address each of these primary concerns in an attempt to help you identify which cabling solution will best meet your specific requirements.

Determining Your Current Network Bandwidth Needs

Your primary concern in determining the type of cabling to use is your network’s current bandwidth requirements. This figure can vary greatly based on the size of the network (i.e. the number of workstations connected to the network). A small network of 15 workstations will generally have much lower bandwidth requirements than a network that needs to support 100 workstations. Future growth should also be factored when considering network size. If your company is expecting to double the number of employees over the next two years, then you can expect your network bandwidth needs to increase accordingly. To complicate matters further, you must also factor in the type and volume of the data traffic that your network will be supporting. For example, a small multimedia and graphic design firm with only 10 workstations will likely have much greater bandwidth requirements than a law firm consisting of 25 workstations. Again, this is due primarily to the type and volume of the data one can expect in each work environment: a single user transferring a 5-minute high definition video across the network can easily consume more bandwidth than 20 users opening MS Word and Excel files.

So how do you accurately determine your network bandwidth requirements?

There are several ways to analyze network traffic, but the best and most accurate method is to utilize a tool called a network analyzer. Among the simplest and most ubiquitous of these tools is a utility that is built into all flavors of Windows servers called Network Monitor. The Network Monitor utility gives detailed insight into traffic on a network segment and can detail broadcast traffic and specific packets transmitted to or from a machine. There are also several other third-party products such as Ethereal (free), as well commercial analyzers such as Network General Fast Ethernet Sniffer, Cinco NetXRay, AG Group EtherPeek, Novell LANalyzer for Windows, and Intel LANDesk Traffic Analyst among many others. It is important to note than when using a network analyzer to monitor your current network’s bandwidth usage, that you sample data over the course of several days (or even weeks), and that you do so throughout different times of the day. Doing this will ensure that you make the most accurate assessment of your network’s bandwidth requirements.

Your Network Environment

Your network environment plays a large part in determining the best type of cabling you should use. While optical fiber offers the fastest possible bandwidth and is the best medium for “future proofing” your network, certain environments are ill suited toward fiber optic installation. Unlike twisted copper mediums like Cat5e or Cat6, optical fiber is prone to transmission problems due to dirt and scratches on the fiber. This can be typical of dirty or dusty mechanical closets, equipment closets, and any rooms that are not clean or friendly to fiber technology. In such cases, twisted copper solutions might be the best way to go. Alternatively, certain environments cause problems with twisted copper mediums. Although Cat5e and Cat6 have much improved noise immunity than their twisted copper predecessors, they are susceptible to high RF (radio frequency) and EMI (electromagnetic interference). Hospitals for example, have tremendous RF interference problems over twisted pair cabling. A Cat5e or Cat6 cable running alongside a CAT scanner or NMR (nuclear magnetic resonance) scanner would be rendered virtually useless due to RF interference. In such environments, optical fiber is the ideal solution as it is all but immune to such interference.

Future Bandwidth Requirements

It is rare that people think to factor in the growth of a company, or the launching of new products and services when estimating future bandwidth requirements. But, failure to make an accurate assessment of future bandwidth requirements can end up costing a lot of money. Unfortunately, estimating future bandwidth is both complex and often speculative. As an example, it might seem that doubling the number of employees in a company would result in a doubling of the network bandwidth demand. Rarely is it so straightforward, however. Consider that several of the new employees might be multimedia authors, who generally have much higher bandwidth requirements. Also consider that bringing on several new sales people means bringing on the back-and-forth communication between those sales people and all their customers. Perhaps the sales department has decided to host an in-house, web-based CRM implementation — this could result in an increase in bandwidth requirements that are that are far out of proportion to the rest of the users on the network. Because of such factors as these, it is important that a network administrator have knowledge of the future plans for a business when planning a structured cabling implementation. Generally speaking, it is far less costly to “future proof” a structured cabling implementation than it is to replace the existing cabling once it becomes apparent that it is not sufficient to meet the demands of the network.

Your Budget

While working within a budget is certainly something one should consider, it must be understood that the difference in costs between Cat5e, Cat6 and optical fiber is insignificant compared to the costs involved in not using the correct conveyance media for current and future network requirements. The old adage that “it’s better to do it right the first time” certainly holds true when planning your network infrastructure. Not doing it right the first time could cost your company far more than it saved by choosing an older technology or less expensive conveyance media, not to mention that not choosing the correct media could cripple a network and bring about the wrath of it’s users. Because of this, current and future bandwidth requirements, as well as an understanding of your network environment should play a far more important role than cost in determining which type of cabling is best suited for your needs.


Sync your clock with the domain controller

The quickest way to synchronise your clock with the domain time, open a command prompt window and type:

To force a computer to synchronize its time with a specific computer, send the following command:



NET TIME \\<IP Address> /SET /Y

Where <MACHINENAME> is the domain controller computer name, or IP address.

Guide of solving common wireless network problem

One of the most common root causes for having slow and unstable wireless network connections is interference. Many things interfere with a wireless network: everything from walls to the microwaves you use in the kitchen to other wireless networks. That’s why I decided to learn more on the subject, experiment with my own wireless network and share what I have learned. You will understand more about what can interfere with your wireless network and learn how to deal with interferences from other wireless networks.

The Causes & Symptoms for Wireless Network Interference Problems

There are many possible causes for having interference problems with your wireless network:

  • The physical landscape where your network is placed: the apartment, office building or house where the wireless network is found. Walls and doors interfere with the signal of your network, lower its strength and the transfer speed.
  • Electronic equipment you are using: microwave ovens, cordless phones, wireless headsets, Bluetooth devices, surveillance cameras operate at the 2.4 gigahertz (GHz) frequency used by most wireless networks.
  • The physical distance from the router or the device emitting the wireless signal. The further away, the weaker the signal weaker. This always translates into a higher likelihood of being impacted by different kinds of interference.
  • Last but not least, other wireless networks can interfere with yours.

When your wireless network has interference problems you can encounter one or more symptoms: reduced range for your WiFi network (generally much lower than what the manufacturer of your router mentions in the hardware specifications), sudden drops in transfer speeds, the wireless signal dropping out in certain places or at certain times during the day, your wireless signal strength going up and down randomly.

What Makes Wireless Networks Interfere With Each Other?

If two or more wireless network are placed close to one another, then they can interfere with each other if:

They use the same operating frequency (2.4 GHz or 5 GHz). The 802.11g and 802.11b standards use the 2.4 GHz operating frequency, 802.11n can operate both at 2.4 GHz and 5 GHz while 802.11a can operate only at 5 GHz.
They use the same channel or neighboring channels which overlap. A wireless router can send the wireless signal using a set channel, from 1 to 11 or 13 (depending on the router model and where it is sold). To make sure there is a smaller likelihood of overlapping with other channels, you should choose channel 1, 6 or 11 (or 13 if available for your router). By default, most routers are set to use channel 6, thus the reason for conflicts.
Identify Interference Problems from Other Wireless Networks With inSSIDer

Identifying the exact root cause for your interference problems can be quite a pain, depending on your location. If you are in a busy area with lots of wireless networks around, then your problems are most likely caused by the other networks.

So… how do you fix them? You can use a tool named inSSIDer (working download link: here). We covered the basics of using it in a previous tutorial: Find Hidden Wireless Networks & View Useful Information (Including the SSID). I recommend that you read it first, before going ahead with the instructions in this article.

Let’s assume you are trying to fix interference problems in your own home. If you are using android, download wifi analyzer software into your phone.

wifi analyzer

Pay attention to how wireless networks disappear from the radar or show up on it. View how your network signal evolves. In the areas where you encounter most issues, you most probably have other wireless networks active.


Possible Solutions to Your Wifi Interference Problems

If your router fully supports the 802.11n standard, you can use it and switch to the 5 GHz operating frequency. However, this can cause some problems you need to be aware of. First, the wireless network signal will not be able to penetrate as far as when using the 802.11b standard, for example. It is better absorbed by walls, doors and other solid objects. If covering a large area is important, you might not want to go this route. Then, another issue is caused by support for this standard. Older laptops, smartphones and wireless adapters do not support it. Test your older equipment and learn if it can detect and connect to the wireless network when using the 802.11n standard.

If you have a dual band router, that can operate both at 2.4 GHz and 5 GHz, then you can connect the newer devices to the 5 GHz wireless network and the older equipment to the 2.4 GHz network. Depending on your router, in this scenario, you can encounter issues with file sharing and how devices and computer detect each other over the network. Don’t hesitate to test things through and check if file sharing works as needed.

If changing the operating frequency and the wireless standard is not an option, then you have to analyze the signal used by all wireless networks in your area.

In the screenshots used in this article, my home network is named C1pr1an. It uses channel 7 to operate. Most networks in my area use channel 6. If look on the 2.4 GHz tab, I can see how my wireless network signal overlaps with many networks, especially with those using channel 6. It is clear that it is best to change the channel.

adapted from

Web Content Filtering

Web Content Filtering

DrayTek’s Web Content Filtering (WCF) facilities enable you to protect your network and your users from web content according to your preferences. There are many reasons for doing this, for example:

Reason to Block Example
Unsuitable Adult material for children
Undesirable Time wasting sites for employees
Dangerous Malware or virus-ridden web sites
Fraudulent Confidiential data leaving your network

As DrayTek WCF is performed by your router – your point of entry to the Internet – it is far more difficult to circumvent than software solutions installed on each client/PC and applies to guest PCs too (laptops etc.). Blocking/filtering can be selective for certain computers, users or groups too, so that, for example, managers can have less filtering imposed than other users and time schedules can apply these content filtering for specific time periods only (the facilities and granularity of this depends on the specific model of router selected).

Internet Control in the Home

Whilst the Internet can be hugely beneficial to any home, both for adults and children, there is also the opportunity for it to become distractive, over-consuming as well as risky. For children, a common use of control control is to block inappropriate content, such as web sites with sexual, violent or other adult-oriented content. That’s the inappropriate content, but even age-appropriate content can be undesirable. Facebook might be great for your teens, and CBeebies for your younger children, but not if they are supposed to be doing something else. Many parents want to control access to the Internet, for example allowing access to acceptable web sites for specified times of day only. For your adult users in the home, you may want to block access to sites which have a high probability of being infected with malware. You may also wish to block your own computers from sending emails in case of trojan/zombie infection. There are infinite combinations of content filtering and firewalling you might want to impose in your home.

Staff Internet Abuse – A real cost to your business

The Internet provides your business with an effective, useful and often essential facility. Your staff can use it to find quick answers, liaise with customers, send and receive emails and many other productive tasks. Unfortunately, the Internet also provides the opportunity for mis-use. DrayTek products can help you restrict, control and monitor staff Internet usage.

Staff using your Internet facility for time-wasteful activities are costing you. Even more importantly these activities can put your businesses computers and network at risk. A recent survey of 10,000 employees indicated that 44% admitted to spending time on the Internet for personal use, for up to 2.1 hours per day.

Most staff are responsible and prudent with their Internet use and we always recommend a suitable AUP (Acceptable Use Policy) to be in place so that staff or any users of your systems know what they are and aren’t permitted to use the computers for. This AUP can be re-inforced by DrayTek routers which can block specific content (either at certain times only or all times) and also block potentially harmful file/code types from being installed by rogue web sites. There are some staff who will make severe abuse of the Internet facilities – spending literally hours on personal matters or social networking sites.

Top 5 Personal Internet Uses for Employees


  • Personal Email: Hotmail, Gmail, Yahoo etc.
  • Intant Messaging: Skype, AOL, Yahoo etc.
  • Social Networking: Facebook, MySpace, Twitter etc.
  • Buying: Using Amazon, Ebay etc.
  • Multimedia : YouTube, iPlayer etc.


It’s easy to let a ‘quick visit’ become a prolonged stay without realising and losing track of time. All of the above activities can be immensely time consuming and addictive. What doesn’t quite make the list but could be even more serious in its consequences is adult or illegal material being accessed in the workplace, as well as the higher likelihood that such sites are infected with malware which will then get onto your business network. There is also the potential to ‘innocently’ download software and install it on local PCs, unwittingly introducing spyware or trojans onto your network.

Introducing DrayTek Web Content Filtering

DrayTek Web Filtering allows you to block web content in four main ways:


  1. By matching keyword / specific sites
  2. By web site category (Subject to Subscription)
  3. By digital content type
  4. IP Filtering (Actually part of the firewall, along with many other security features.)

Features 1,3 and 4 above are included with the router. Feature 2 is included but requires an annual subscription to the external server which keeps a real-time constantly updated database of web sites. More details of that later. Features supported varies with router model; please check on specifiction for confirmation of Web Content Filter capabilities.

1. Keyword Matching URL Content Filter

In Keyword Matching you can specify a list of either banned (blacklist)) or permitted sites (whitelist). The DrayTek method is ‘object’ oriented, which means that you create lists of keywords or sites, can then group them and then apply them into specific user groups or time periods

Using a blacklist, all sites would be accessible by your users except those that match the keywords you specify. This would be useful, for example where there are specific sites known to be causing disruption or timewasting in your organisation such as social networking or webmail. The example below would allow access to all sites except the ones listed:


A whitelist, on the other hand, is much more restrictive on what your users can access as it blocks all web sites by default and then only allows access to web sites which match your keywords. This is useful when you really want to lock down your Internet access to only allow very specific web site access. The example below would block access to all web sites except those listed:


The URL blacklist and whitelist feature support varies with router model; Please check on specification for details of keyword matching support.

2. Web Site Category (DrayTek GlobalView)

DrayTek’s GlobalView is built into most of our routers and allows you to select specific categories of web site which your router will allow access to. For example, an office may wish to block access to social networking or other company time-wasting sites or a home user might want to block adult sites from their children. In public Internet access facilities, you might want to block various unsuitable categories.

GlobalView covers 64 separate categories which you can select as blocked or permitted. Every time one of your users attempts to access a site, the router’s automatically queries the central GlobalView server to ascertain its classification. This takes only milliseconds. If a site is blocked by GlobalView, according to the categories you have selected, instead of the requested web page, a warning message is displayed to the user (you can customise the message).

The GlobalView central database is continuously updated with new sites and changes to sites but also records normally legitimate sites which have become compromised or contain malware (a unique feature to GlobalView). Access to the GlobalView server requires an annual subscription. A free 30-day trial is included with all new routers so that you can try the feature out before subscribing. Scroll down the box below to see the 64 different categories which can be blocked by GlobalView, either permanently or at certain times of day/week according to your chosen schedule and for the PCs you choose.

GlobalView Categories :

Globalview requires a subscription to the Globalview server. This is a 12-month subscription available from your dealer. There is no additional licensing for the number of users you have; it is a flat fee based on your router model:

Subscription Type Supported Series
Group A Vigor 2820, 2830, 2850, 2860, 2920, 2925, 3200, PBX2820
Group B Vigor 2110, 2130, 2710, 2750, 2760
Group S Vigor 3300V+, 300B, 2930, 2960, 2950, 2955, 3510, 3900, 5510


Why Globalview?

Globalview uses a unique method of categorisation to ensure the most accurate, relevant and up to date database of web sites. In particular compared to other services, these are some important advantages of Globalview:

  1. Globalview is built into the hardware. There are software solutions for category blocking or parental control but they have to be installed on each PC, maintained on each PC and someone with the right skills (a skilled employee or smart child!) can often find a way to bypass or disable the software. DrayTek’s Globalview operates at your Internet point of entry so examines all web site URLs requested and cannot be turned off without administrative rights to the router.
  2. GlobalView is a commercial/professional Service
    . Unlike some other services, GlobalView does not rely on volunteers to submit suggestions for sites to include or rely on volunteers to categorise each site submitted (and multiple users to then concur which the category proposal). Relying on community-driven categorisation can lead to inaccuracies, delays, mischief and an incomplete database which omits many sites, particularly those which are more obscure or unknown (which are also more likely to be undesirable). The Globalview WCF service has been available for many years, and continuously evolves to improve performance and accuracy.
  3. GlobalView is not a Domain Resolution Service, therefore it is not possible to bypass it merely by changing the DNS settings on your PC, or by browsing by IP address instead of URL. Globalview intercepts and examines all web requests for their specific destination rather than just intercepting DNS requests and rejecting those which it believes should be blocked.
  4. Categorisation uses an automated mechanism.
    GlobalView URL filtering is based on a hugely scalable cloud-based architecture that uses the extensive cloud computing resources available for categorization. GlobalView URLF uses a dynamically built, relevant local database with real-time connectivity to a hugely scalable cloud-based repository. GlobalView URLF therefore provides more complete, relevant categorization of the Internet. GlobalView’s main benefit is the highly intelligent and accurate categorisation algorithms which are used to build its database.
  5. Zero-Hour Protection
    The Internet is a living, continuously growing and evolving system. As GlobalView operates in real-time, it can categorise a site from the moment it becomes available from the first time it is requested, and re-categorise it if it changes at a later date without community-driver or user intervention. Users do not have to manually submit sites for categorisation.
  6. Categorise IP Addresses
    Some other content filtering services can be bypassed simply by the user browsing to an IP address so that the URL is never considered/checked. Globalview will categorise sites based on their IP address if a user tries to access via that method. i.e. Both and would be blocked by GlobalView if you have prohibited social networking. This is also particularly useful in combating phishing emails which commonly use IP addresses instead of URLs. The DrayTek router can, in addition, block browsing by IP address altogether.
  7. Multiple Categories Per Site
    Globalview can identify a single web site or page as falling into several categories, for example a site might provide both ‘dating’ and ‘adult’ content so if you choose to block either of those, Globalview will correctly identify it as both.
  8. Site granularity
    Whereas other services considers only the top level domain (TLD) i.e. the URL up until the first “/”, Globalview will parse/consider the whole URL. This is particularly a problem for Web 2.0 sites such as blog sites ( where one user’s blog might be for kids and other user’s contain adult-suited material. Another example is commercial sites which contain different materials types. For example, Globalview will distinguish between “” (Sports pages) and “” (Swimwear models/nudity).
  9. Embedded Links are examined.
    Another common methods that users might use to bypass web controls is using parsing or translation web sites. For example, if you try to visit “” then GlobalView will correctly identify that you have asked Google to display ‘’ and block it if that is a category you have prohibited, whereas other services will just see ‘Google” and permit access based on the categorisation of Google (search engine).

3. Digital Content Type

DrayTek’s Content filtering allows you to specify particular data types or web content to be blocked by the router. The vigor is pre-set with many different content types or protocols. You can select any or all of them for blocking. There are infinite combinations but some examples of commonly blocked content are:

  • Block download of executable (EXE) or compressed (ZIP) files to reduce the chance or virus infection or installation of untested software.
  • Block Peer-to-Peer (P2P) software such as BitTorrent, to avoid users using vast amounts of your bandwidth or engaging in media piracy.
  • Block HTTP/FTP upload or webmail to prevent theft/espionage of your company data
  • At Home, block Instant Messaging protocols to prevent your children from unsupervised chat with strangers.
  • Block SMTP from all devices other than your mail server to stop Trojan Zombies

For detailed list on the protocols and content type which can be blocked, Click Here.

4. IP Filtering

This is a more technically complex method. All data sent across the Internet is sent as a ‘data packet’ between devices (for example between your PC and a web site) Each device has its own IP address (such as ‘’). In addition, each data packet can be one of several data types (TCP, UDP, ICMP etc.) and may also have additional information such as TCP port numbers. Don’t worry if this all sounds a bit complicated; the useful factor here is that these packets can be distinguished and therefore rules can be set up on the router to block or pass packets which match parameters you choose.

Examples of useful IP filters might be to block incoming mail from all but known mail servers, or to allow access to your internal web server from all addresses except known remote locations. IP Filters can be nested so that a chain of filters can all be tied together and data passed only if one of, or all of the rule criteria are met. As we said, it’s a technically complex feature but immensely powerful.

Note : Although we include IP filtering here, most users actually consider that to be part of the main firewall features as it’s not filtering ‘by content’ as such.


SSL/TLS (“HTTPS”) Sites & DrayTek DNS Filter


Concerns regarding privacy and security have increasingly lead to web sites moving their services to web servers that offer SSL/TLS connections as standard. SSL/TLS connections are those prefixed with https:// or commonly shown with a ‘padlock’ symbol in your brower.

SSL/TLS is a protocol that allows communication to be secured encryption so that it can’t be read by a third party – anyone in between you and the server. This security also extends to the actual URL (web address) that the user enters, which has an impact on web content filtering methods that categorise websites based on the URL that is being accessed.

The Keyword matching URL Content Filter is unable to make web content filtering decisions for HTTPS requests because the web address is encrypted. DrayTek’s Globalview is also affected but the Globalview servers have other methods which can assist with categorisation decisions even when the URL is encrypted.

However a new feature is now available on various DrayTek products called DNS Filter.

When a PC tries to access a web site, it has to always convert that web address into an IP address (e.g. That IP address itself cannot be encrypted by SSL/TLS because your router has to know where to send the data to!

DrayTek’s new DNS Filter examines all DNS lookups that your PCs make and then make categorisation or content filtering decisions. DNS Filter can be used with both the Keyword matching URL filter (whitelists/blacklists) and the Globalview Web Content filter.

Replacing Unifi Maxis Router with Fortinet

Replacing Unifi Maxis Router with Fortinet

Fortigate 40c with Unifi router/ maxis router



1. For fortigate 40c, the GUI configuration are limited, so have to set it using CLI.

2. Type following command to create sub-interface

config system interface
edit unifi
set type vlan
set vlanid 500
set vdom root
set interface wan1
set allowaccess https

* vlan 500 for unifi, vlan 621 for maxis

3. After create the sub-interface. go to system -> network -> interface as you will see



4. right click the sub-interface -> edit

5. select pppoe, enter your username and password, save



6. Go to policy, Create New

7. set the policy as follow

Incoming interface: internal

source address: all

outgoing interface: unifi/maxis

destination address: all

schedule: always

service: all

action: accept

enable NAT



Structured Cabling

The Hidden Hero of the IT cabling

Cabling is one of the most important elements within any IT network and is one of the biggest IT investments that companies make. Selecting the right cabling system can have a tangible impact on a range of issues, including network performance, the speed at which data can pass through the network. Therefore, making the right choice of cabling system is too important an issue to be ignored.

Understandably, since cabling is an occasional rather than a regular purchase, most IT managers cannot be expected to be experts in this area, but this does mean that they often need to rely on advice from contractors, consultants, installers and suppliers. This can be dangerous, depending on the quality of the information being distributed. Poor-quality or inadequate cabling systems can bring a network to a standstill.

There have even been occasions where it has been necessary to rip out large sections of structured cabling, due to faults that need to be located and repaired, costing the companies involved vast amounts of money, as well as lost time. These faults may not be immediately obvious, potentially causing the user company considerable disruption at a later date.

The good news is that with a basic understanding of the cabling market and installation issues, IT managers can make more informed choices. The first question is: structured or not? Direct cabling is cheaper, but it is essentially a blind network, without any means to manage or configure it easily. This is particularly important when changes need to be made, for instance switching around connections to end-users, should there be a reorganisation in an office.

When correctly labelled, the patch panel of a structured cabling system makes it easy to see at a glance every connection, so changes can be quickly and easily made, usually without requiring a specialist visit from a third party. Moreover, efficient installation means that any potential EMI or crosstalk options can be minimised, for instance by ensuring specified distances between cables, minimising bend radius and using techniques, such as dual-pathing with diverse routing of cables. Given how often most companies will need to make changes to their cabling systems, however small, structured cabling is these days the sensible option.