Hi all,
I have the RB3011UiAS as my primary router in a small office, which is also CAPsMAN. Then I have several cAP ac’s that are connected to some switches behind this router. I booted them up in CAPs mode (holding reset for 10 seconds).
Everything works fine but I’m not sure what to do about security. The firewall rules on CAPs are empty. Do I need to configure firewall on the CAPs or do they inherit CAPsMAN firewall rules? Local forwarding in datapaths is turned off.
Thanks a lot for any tips.
Tomas
From my perspective a firewall on an accesspoint doesn’t make sense. Why would you think you need a firewall?
I suppose I don’t understand the process fully. If someone connects to my Wi-Fi via AP managed by CAPsMAN, all traffic has to go through the CAPsMAN anyway, therefore applying its firewall rules?
It’s up to you have all traffic is routed. Perhaps good to make a network diagram, also containing zones and authorization.
Please read:
https://help.mikrotik.com/docs/display/ROS/CAPsMAN
Specifically:
datapath.client-to-client-forwarding
datapath.local-forwarding