In addition to the Firewall, Content Filtering and VPN services, the 2 Plus has many more NAT routing functions than found in less expensive routers. First, you can specify the number of maximum concurrent sessions per host. The default is 2048 out of 3000 total maximum sessions. You can also disable NAT entirely.
If you have multiple IP addresses from your ISP, the 2 Plus can help you get the most out of them. Supported NAT Mapping types in the Address Mapping screen include One-to-One, Many-to-One, Many-to-Many Overload, Many One-to-One and Server.
Those with single WAN IP addresses will bypass the Address Mapping screen and use the Port Forwarding rules shown in Figure 19. (The "Default Server" entry at the top of the screenshot is same as the "DMZ" function on other NAT routers.) You can also specify twelve Port Triggering rules using port ranges on the incoming and trigger ports.
Figure 19: NAT Port Forwarding screen (click image to enlarge)
Other methods of helping applications to deal with the 2 plus' NAT firewall include Universal Plug and Play (UPnP) and Application Layer Gateway (ALG) support. UPnP is disabled by default and has separage enables for allowing clients to make router configuration changes via UPnP and using UPnP NAT Traversal. I liked that the 2 plus displays any ports opened by any UPnP clients. The UPnP Ports screen also provides a checkbox that allows those rules to be stored in flash if you want to preserve them.
Options are a bit simpler for ALG and include checkboxes to enable handling for FTP, H.323 and SIP. You can also change the SIP ALG timeout from its default of 3600 seconds or disable it by entering 0.
The Static Route screen lets you specify up to eleven static routes including destination IP address, subnet mask, gateway IP and metric.
The Bandwidth Management section provides separate controls for both WAN to LAN and LAN to WAN traffic, using Fairness or Priority-based packet scheduling. You can set a maximum speed in each direction, define classes and subclasses of traffic (Figure 20) with eight priority levels. Statistics and Monitor screens let you see the effects of the rules you put in place. I usually like to check out how smoothly bandwidth is managed, but, unfortunately didn't have time.
Figure 20: Bandwidth Management Class Edit screen (click image to enlarge)
Like many of the 2 plus' features, its DNS handling is pretty flexible. You can enter Address Records and assign them to specific IP addresses if you like. Different DNS servers can be assigned for different domain zones, with choices of ISP, Public or Private DNS servers available. The 2 plus can cache both positive (default enabled) and negative DNS resolutions, with separately settable caching times (60 - 3600 seconds), display of cached entries and ability to flush the cache. Up to three DNS servers that are handed out by the 2 plus' DHCP server can also be set. Wrapping up the DNS features is a built-in dynamic DNS client for dyndns.org that handles up to five domain names.
Figure 21 shows the plethora of options for 2 plus management. Note that HTTPs management is always enabled, but you are not auto-forwarded to it from a http login and need to specify https:// when you enter the 2 plus' IP address into your browser. You can reach the command line interface via both SSH and Telnet, both of which are enabled by default to both LAN and WAN clientsnot the most secure default configuration! You can limit access to LAN or WAN clients only, disable it entirely or limit SSH and Telnet access to a specific IP address. You can also change the operating port for each service.
Figure 21: Remote Mangement screen
If up and downloading router configurations and firmware updates via web browser isn't your cup of tea, you can use FTP access, which also has the same access and port change options as SSH and Telnet.
If the 2 plus is going to be part of a larger network, its SNMPv1 support will come in handy, along with the ability to tweak its access and port options like the previous services. If you're a ZyXEL shop and use its Vantage CNM Server as your network management system, the 2 plus can handle that too. Finally, if you need to control the interfaces that support DNS queries, you can do that on the DNS tab.