Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
can also try the UMAX
UGate Forum site. NOTE: As of late 1999, you must
be a registered owner of a UMAX networking product to access the Forum.
You can register your product here. You then need to register for the forum, and login
with your email address and product serial number each time you
want to access the forum.
Read the information hereand download and install firmware version 5.3R0F or higher.
Open a browser on a UGP client and go to the UGP's
administration screen (default address is 192.168.0.1).
Click on the Advanced Internet link, then click
on the User Defined Virtual Servers link.
Clear the form, then enter the following information:
Name : IDENT
Check the Enable box
IP Address: Enter the IP address of the
computer that you need to access IRC.
Internal Port No.: 113
External Port No.: 113
Click the Add button.
Go back to the Advanced Internet screen and click
the Enable button, then click the Save button.
The IRC IDENT function should now work on the machine whose
IP address you entered in Step 2.
VPN (PPTP) Upgrade [Both]
Help for setting up a PPTP connection through a router is available here.
For UGate Plus
Download the latest firmware using the information here.
you previously installed a firmware revision earlier than 5.3R0E that
required using the Exposed Computer feature of the UGate Plus to establish
a PPTP connection, download the newer firmware (5.3R0E or later) and disable
the Exposed Computer unless you need it for some other reason.
You should now be able to establish a PPTP connection from
one client at a time. You'll need to wait at least
1 minute between ending a PPTP session on one client and starting another
session on another client.
For UG3000 Download the latest firmware using the information here.
If it ain't broke...!
Upgrading router firmware can sometimes cause more problems than it fixes!
Here are a few lthings to consider before you click that "Upgrade"
Check the Readme or other information that describes what the firmware
will do before you do the upgrade. If you don't need new features and
your product is happily doing it's job... leave it alone and don't
perform the upgrade!
If you do need the upgrade, first download a copy of your
existing firmware revision, or the closest earlier revision
available. You may need it in case something doesn't work right with
the new firmware.
If you don't see the latest firmware posted on the MaxGate firmware download
page, contact MaxGate support at 510-492-5760 or firstname.lastname@example.org
Linux and MacOS firmware updaters are available for the
UG3000 and UG3200.Get
any firmware update erases any settings that you have in the router.
You'll have to re-enter all your settings after you install the firmware
Latest MaxGate Router Firmware
NOTE: We've discontinued our firmware matrix because
MaxGate now has very nice firmware charts for Windows,
Installing the UGate Plus is very easy and the manual that comes with
it explains the process very well.
The manual, however, doesn't contain a "QuickStart" section,
so for those of you who don't read manuals, here are some hints to help
(If you are a manual reader, you can get the UGP User manualhere
in PDF format. The UGate 3000 manual can be found here,
also in PDF format.))
The UGP setup is done through a set of web pages that
are served by a min-webserver in the UGP. This server lives
at address 192.168.0.1. This means that whatever computer
you use to access this webserver, must be on the same subnet, i.e.
have an address of 192.168.0.X.
The easiest way to do this is to set the TCP/IP for the NIC on
this computer to obtain an address automatically or from
a DHCP server (MacOs). Connect the computer to the UGP
LAN port using a regular patch cable, then reboot the computer.
The built-in DHCP server in the UGP should assign a proper address
when the computer boots up and you'll be able to access the UGP setup
(If you have to or would rather set your clients' TCP/IP information
manually, go here for the info.)
If your computer isn't able to get to the UGP's setup page, it may
not have properly leased a new address from the UGP's DHCP server.
Use the winipcfg command and click
the Release All button, wait until it's done, then click the
Renew All button. When the command is finished, you should
see an IP address and also see an IP number in the DNS section of
the winipcfg screen. This means that your computer has properly
leased its IP address.
If your ISP uses DHCP to assign your IP address (and
most do) make sure you set the External(WAN) port to DHCP
Client. Make sure you Save the setting before changing to another
If your ISP uses the Adapter (or MAC) address of your
NIC to enable service (MediaOne/RR in the New England area does this),
you'll need to follow your ISPs procedure to change the address.
You can find the address on the UGP's Status page listed next
to Physical Address, in the External LAN Port section
of the page. Copy this down and give it to your ISP. After you
change the address at your ISP, do the following:
After you call in the address, unplug your cable modem
power and unplug the UGP power. Wait about 5 seconds and plug
in the cable modem and wait for it to boot up.
Now plug in the UGP power, wait for it to stop blinking
and press the black reset button. This will force a DHCP release/renew
cycle. Check the UGP Status screen. The External
LAN fields should show valid IP address information if you obtained
If you didn't get address info, press the UGP Reset
button again, wait about 10 seconds and click the browser Reload button.
If you still don't get an address, you might have
to update your firmware. Check here for further info.
Setting up the Client
PC TCP/IP for the UGate [Both]
Right click Network Neighborhood.
Choose the Properties option Scroll to
the TCP/IP listing for your NIC card and highlight it
Click the Properties button
Click the IP Address tab
Select the option for Specify an IP Address
In the IP Address field specify an address from 192.168.0.2
to 192.168.0.254. Make sure each client PC has a different
In the Subnet Mask field enter the following Subnet mask:
Click on the Gateway tab
Enter the IP address of the UGate in the Gateway field. This should
Click the Add button
Click the DNS configuration tab.
Select the Enable DNS radio button.
Enter this computer's name in the Host field, this must
be a name not used for any other computer on your network
It can be as easy as "computer2" as this host name is
not used for the Internet.
Leave the Domain field BLANK
In the DNS server search order you will need to enter the
IP address of your ISPs DNS server(s). This should have been
provided to you by your ISP. If you do not know the IP addresses
of your ISPs DNS server, use the winipcfg
command to find out.
Enter the domain name of your ISP in the Domain Suffix Search
Order box. This will be something like ne.mediaone.net
If you're not sure what to enter, use the procedure on this
Click OK you will need to reboot the machine
Internal LAN users
unable to access LAN based webservers by Domain name ("Loopback problem)
This problem can be fixed by downloading and installing UGate-3000 firmware
2.02b or higher (ug3k202b.zip) or UGate-plus firmware 5.4r0d or
(If you don't see the file on the UMAX firmware download page, request
it from UMAX support (email@example.com).
with PPTP/IPsec passthru with the UG3200P can be fixed by the 1.013
firmware update. See this info.
side Admin page access
The routers ship with WAN side access for the Admin pages disabled.
To enable WAN side access do one of the following:
Method #1: Set a Virtual server for 192.168.0.1
and Port 80 if you are not also forwarding a Webserver
on your LAN.
Method #2: Set a Virtual server for 192.168.0.1
and Port 8888 if you are also forwarding a Webserver on
Once you have saved the Virtual Server setup, you can access
the Admin pages from a WAN based computer by entering the router's WAN
port IP address in your web browser if you have used Method #1.
If you've used Method #2, then enter your WAN port address followed by
Example:If your WAN port address is 184.108.40.206,
you'd enter 220.127.116.11:8888 into your browser.
UGate 3000 and 3200 routers running older firmware can corrupt UDP packets,
causing players to be dropped from games. This is fixed in firmware
version 2.06h for the UGate 3000 and version 3.06h for the UGate
3200. Download 2.06h BIN file here,
or the 3.06h file from here.
You can also check the MaxGate Support site for later firmware, using
the link in the Upgrade Firmware section.
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.