I’m still new to CHR and Mikrotik, I setup a CHR on ESXi and I noticed in the logs that there’s lots of attempted ssh logins on the WAN connection. Does CHR by default allow SSH and management over the WAN interface? What are the best practices when first setting up CHR if that’s the case?
Check under IP>Services to disable ssh or other services.
https://help.mikrotik.com/docs/display/ROS7/Securing+your+router
I want to be able to SSH into the unit on the LAN side, but why does it allow SSH access by default on the public WAN? I don’t want to disable SSH completely
Unless something changed recently, CHR comes with blank config. There’s only dhcp client and nothing else, no firewall. It’s up to you to add some.
Default config is more or less blank. Mikrotik don’t really spoon feed you like other manufacturers do. If you want a firewall that stops SSH from WAN then you need to create it.