Hello, I came across the Mikrotic Router by accident.
I have some experience with ubiquiti and would like to try with microtik. My goal is to build a secure network. P2P/Bittorrent is to be blocked and certain groups of pages such as games, social media (Facebook, Twitter) are also to be blocked.
Since my WLAN is not so special, I want to integrate a WLAN access point sometime and build up a secure WLAN network with it.
My question would be, which micro-router would you recommend? I have an DSL-modem (ZyXEL VMG1312-B30A VDSL2 ) an 2 VLAN 1 Gb switches.
Can be locked as described above pages in the firewall can be blocked using categories via the web interface? Are there a few german-speaking users who might be able to help?
Most Mikrotik routers run RouterOS. some have Gigabite or 10G ports, some have SFP ports, some have WLAN or LTE but in terms of routing functions, they do exactly the same job!
well, almost, there are different licence that come with different products but the standard licence will do what you wanted.
Apart from harware interfaces, the only difference between them is performance. Also the number of users, throughput, add into the equation. To block P2P you may have few L7 rules and using proxy or address list to block facebook etc. All these have a load on the CPU. Normally a 2011 or 3011 should be good enough.
Also using Mikrotik to block these require bit of work and are not 100%. Lots of tutorials on the Internet including youtube.
If you got the budget, use a proper Layer7 firewall.
To add what SOLAR stated, one has to be able to block HTTPS sites as well and I believe the Mikrotiks have a way of doing that.
"Since most of the internet now uses https, it has become much harder to filter specific web content. For this
reason, RouterOS 6.41 introduces a new firewall matcher which allows you to block https websites (TLS traffic)
based on the TLS SNI extension, called “TLS-HOST”. The new parameter supports glob-style patterns, which
should be enough for whatever you’re trying to match.
For example, to block example.com, you would use a rule like this:
/ip firewall filter add chain=forward dst-port=443 protocol=tcp tls-host=*.example.com action=reject "
You could also use a first layer by going through OPEN DNS and their filtering for example.
As for assistance in German, this is your lucky week. Just hop on the train to Berlin and there will be lots of experts, drinking beer or maybe discussing Mikrotik
