There seems to be different meanings of “Enterprise”. My “Enterprise” employer (and all others I know) has a dedicated Information Security Department which never would allow to have highly sensitive network devices talking to a vendor cloud without going through lengthy approval process including regular audits and in the US FIPS certification (without saying those corporate security theater necessarily makes things safer). That works for Cisco etc. which are used to this and have all the required certificates and contracts ready. But not for a shop like Mikrotik.
For smaller Cisco/Juniper devices (large ones have cloud required, see above) we use auto configuration: Using special options, the device asks the DHCP server for a https or scp URL to download configs or FW updates, providing serial number so the DHCP server knows what to respond. Of course the https or scp certificates are checked by the device before downloading anything. This allows for zero touch provisioning of switches and similar. Just by knowing the SN, we can configure things upfront, the device is directly shipped to the branch by the vendor. Local staff just unpacks and connects it to the network and switches it on. The rest happens automatically without any 3rd party server or cloud.
Something similar for Mikrotik would be nice and IMO much better than any cloud stuff.
Obviously some users here refer with “enterprise” to the many small-medium companies taking any cloud as long as it safes time and money in the short term. Until it doesn’t and they end up paying bitcoins to some thugs to get their data unencrypted.
I agree and have also suggested soho and enterprise/professional product lines from MikroTik
They’re very confused right now head stuck up their ass, or in the sand and only focused on cheap and to third world market
If they segmented soho (hAP series) and limited those to WebFig and a phone app. This make it simple for market to entry Home users (get them familiar with MikroTik and build confidence - look at return rate and reviews or negative forum post by new comers to complexity). Or we as professionals can easily recommend hAP to home users or family and spend less time.
Then, for us real fucking people and professionals, let us have the full routerOS with Winbox, and all you can eat as professionals and enterprise level. MikroTik develop snd create a partner portal and get serious. Otherwise, I feel market share will shrink…. Imploding….
That way MikroTik can lock down and protect their hAP series and mitigate this bullshit device mode and sticker passwords
Meraki/Cisco, Cambium, Forti and even Ubiquiti don’t have this device lock or sticker password
Also I call lies on MikroTik in their mindset of “open to hacking when rushing to cloud”
Well, MikroTik - eat your own dog food. Don’t rush it.
Your hardware is great (keep 16mb flash to home devices).
We’re leaving MikroTik and can no longer recommend. This is as a 12+ year user who deploy in business settings.
MikroTik - why don’t you reach out to your certified trainers and get their feedback? Listen. Grow. Advanced. Profit
Last note - I am of feeling that the only current stable MikroTik wireless products are the 60Ghz line. We feel confident deploying these to customers and have stable links. However, the Cube 60 Pros did have water ingestion issues.
The outdoor AX wireless are not yo to quality as competition in same price point. I can now buy cambium outdoor product for near same price of a modded out NetMetal AX.
And thus Ampere partnership is cool…. But I feel the software quality will need to meet the hardware. Why have such great hardware but missing what we ask for. Stop the ROSE push. It is a sick joke. Shame.
The frustrations here is that we all feel MikroTik is taking the wrong direction for security and function. Do some market research what other vendors have done or are currently doing with success. Why reinvent the wheel?
soho/consumer product lines: hAP and similar - “lock” to WebFig and MikroTik App [iOS / Android]. These come with a baked config like any other consumer device. Home / residential users are not going to maintain.
The real hardware [CCR,CRS, Routerboard lines] be the Professional/Enterprise and be full featured with proper packaging of software. Look at what other vendors do for pushing their firmware and software. Perhaps have built in md5-checksums during install, or signed packages. Randomized passwords on stickers is chaos theory and has already caused us headaches with remote cAP deployments.
IE: We drop shipped new cAPs to a customer and had a tech go connect them. Well, they shipped with the new randomized passwords… We had to go back to distribution to get the passwords. This made a 3-minute job per AP of factory reset for cAP mode and provision, to hours. We ended up having tech take pictures of the stickers and we matched up the MAC address to device and was able to get into them after reset.
Same goes for outdoor APs that are in the weather.
What happens if a technology company takes over a customers network and the prior IT / MSP did NOT properly document the default passwords…
Because I have a “strong opinion” on Fortinet especially (as one of these “enterprise” vendors), here is my 2 cents - with ChatGPT “polite” filter applied. So please don’t say it is ChatGTP made up.
Enterprise solutions like Fortinet often come with their own challenges. For example, the handling of 0-day exploits can be concerning, especially when vulnerabilities remain undisclosed for extended periods while being exploited in the wild. Additionally, their business models, which heavily rely on cloud subscriptions, feature-specific licensing, and costly support contracts, can be quite demanding.
If these aspects align with your enterprise needs, they may be the right choice for you. However, it’s important not to project these expectations onto Mikrotik, whose philosophy and approach to networking differ significantly. Consulting your compliance department might provide clarity on the specific requirements and solutions suitable for your organization.
Last saturday I chatted with my old friend whom actively using Enterprise level MikroTik devs and other vendors devices too.
He didn’t hear about device-mode. I don’t want to mess the joke so I didn’t tell about it.
There are many others over the world whom doesn’t hear about device-mode and its lockdown features.
There are many people whom using a lot of vendors’s lot of enterprise level routers and switches. What do you think, which of those can locks itself for security reason?
There will be a lot of surprises, when 7.17 comes to stable and gets widespread
