Thanks, it helped!in case there is NAT between server and client: google "AssumeUDPEncapsulationContextOnSendRule"
Due to a this bug in 6.42.x:May I ask why downgrade to such a vulnerable version? Wouldn't be better to upgrade the other equipment if having the same version on all hardware is important?
But why??This is correct behavior.
Have you tried TP-Link or D-Link?
I am sure they are much easier with all their wizards whistles and bells.
If you find RouterOS hard, then it's probably not for you.
I have a config that works for many years on any version before 6.38It is almost impossible to guess what ipsec config you have and what might not work.
No, currently routers with switch-chip can only Tagged Vlan (802.1Q).I'm not sure if I get what you want but afaik ROS supports VLANs on switch chip level.
Target = 192.168.0.0/24
Max limit = 10M
Limit at = 2M
Queue type = PCQ-UPLOAD-DEFAULT and also PCQ-DOWNLOAD-DEFAULT
I have one for the ISPQueue connection /16 and one for each smaller /24 group. These smaller groups has the main ISP queue linked using the PARENT=ISPQueue setting
It's just your habit.Mikrotik's firewall is simply awesome! It's the most intuitive UI I've ever used for iptables and it uses the correct terminology to describe fields/options.
write at least one reason why I should use the 7(!) fields, if the same thing I do with two fields?It's already intuitive and admin-friendly, and very much at that.
I know itaction is a mandatory property of each firewall rule.>>Do you suggest to get rid of the action=jump rules altogether?
My suggestion is for FirewallRule/General, not for Action
Chain can be automatically determined based on the source and destination.WAT?Remove: