Hello.
This is the first Mikrotik config made by me which is being used in production environments. It’s designed to run being pasted to Winbox terminal and config the whole router at once.
There are two versions of the script. Both are based on http://wiki.mikrotik.com/wiki/Advanced_Routing_Failover_without_Scripting
The configuration needs some scripts in order to SIP work fine. If those scripts are not present, when failover is triggered, an Asterisk 1.8x server wont be able to connect to its voice provider. The conection status would stay “Request Send” forever. This was solved with a netwatch which launches an scripts to delete all current connections on ROS.
Keep in mind I have not idea at all of Mikrotiks internals, so if there’s something that could be improved I’d love to get feedback.
Now, here are the scripts. Sorry but comments are in Spanish: I’m at work and have no time to edit them.
First script: Thsi script is designed for places with 3 Internet connections: 1 dedicated to voice and 2 for normal internet use.
(ISP1 is for inet, ISP2 for failover and ISP3 for voice). If ISP1 is down, its traffic goes by ISP2. If ISP3 is down, it’s traffic goes by ISP1. Its made like this because we asume ISP2 is FAR WORSE than ISP1. In other situations you may find interesting to do ISP3->ISP2 instead.
Both scripts allow remote management with Winbox of web from IPs you can determine on the config part.
Script with dedicated SIP connection. Voice MUST be in diferent LAN than nromal traffic:
# ------------------- header -------------------
# Script by Dario Goikoetxea, version 1.0.1
# If you use this script, or edit and
# re-use it, please keep the header intact.
#
# Script based on
# http://wiki.mikrotik.com/wiki/Advanced_Routing_Failover_without_Scripting
# ------------------- header -------------------
###########################################################
############# Puedes editar a partir de aqui ##############
### Respeta el formato de las variables. Puede romperse ###
###########################################################
# Se establecen las 4 ips contra las que se comprueban los ISPs.
#Hostname del router
:global routerName "MikrotikVV"
#Nombres de interfaces:
:global interfaceLAN LAN
#Numero de GWs
:global numGW 3
#Numero de IPs de comprobación por cada host:
:global hostsPerGW 2
#IPs comprobacion ISP1
:global Host1A 4.2.2.2
:global Host1B 4.2.2.3
#IPs comprobacion ISP2
:global Host2A 4.2.2.4
:global Host2B 4.2.2.5
#IPs comprobacion ISP3
:global Host3A 4.2.2.6
:global Host3B 4.2.2.1
#tiempo entre verificaciones de conexion (Solo sirve para los emails!)
:global secondsNetwatch 20
#IPs de las GW de cada ISP.
:global GW1 192.168.50.1
:global GW2 192.168.51.1
:global GW3 192.168.52.1
#IPs vituales para enrutar. Inventadas.
:global virtualGW1 10.1.1.1
:global virtualGW2 10.2.2.2
:global virtualGW3 10.3.3.3
#Configuración de los parámetros IP (address, network y bcast) del mikrotik
#Parametros de la boca LAN (llamada LAN)
:global LANIP 192.168.1.1/24
:global LANNET 192.168.1.0
:global LANBC 192.168.1.255
#Configuración de los parámetros IP (address, network y bcast) del mikrotik
#Parametros de la boca LAN (llamada LAN)
:global LANVOZIP 192.168.2.1/24
:global LANVOZNET 192.168.2.0
:global LANVOZBC 192.168.2.255
#Parametros de la boca WAN1 (llamada ISP1)
:global WAN1IP 192.168.50.2/24
:global WAN1NET 192.168.50.0
:global WAN1BC 192.168.50.255
#Parametros de la boca WAN2 (llamada ISP2)
:global WAN2IP 192.168.51.2/24
:global WAN2NET 192.168.51.0
:global WAN2BC 192.168.51.255
#Parametros de la boca WAN3 (llamada ISP3)
:global WAN3IP 192.168.52.2/24
:global WAN3NET 192.168.52.0
:global WAN3BC 192.168.52.255
#Parametros del DHCP y DNS
:global red 192.168.1.0/24
:global gw 192.168.1.1
:global DNSs 208.67.222.222,208.67.220.220
:global rango 192.168.1.201-192.168.1.254
:global leaseDias 1d
#NTP servers
:global primerNTP 150.214.94.5
:global segundoNTP 158.227.98.15
:global timeZone CET
#Configuraciones de e-mail:
#Destinatarios:
:global recipients {"private@mail.es"; "dontbe@curious.about"}
#Servidor correo
:global mailServer "smtp.mail.es"
:global mailPort 25
:global mailtls no
:global mailFrom "sender@account.com"
:global mailUser $mailFrom
:global mailPassword "ThisIsObviouslySecret"
#Titulos y cuerpos de mensajes de alerta
:global subjectGWDown {"GW principal caido"; \
"GW secundario caido"; \
"GW de voz recuperado"}
:global msgGWDown {"GW principal caido"; \
"GW secundario caido"; \
"GW de voz recuperado"}
:global subjectGWUp {"GW principal caido"; \
"GW secundario caido"; \
"GW de voz recuperado"}
:global msgGWUp {"GW principal recuperado"; \
"GW secundario recuperado"; \
"GW de voz recuperado"}
#Remote management IPs
:global accessListName=management_SNT
:global remoteManagement {a.b.c.d/32; e.f.g.h/32}
###########################################################
############# Deja de editar a partir de aqui #############
### Editar el script a partir de aquí podría romperlo. ####
###########################################################
/interface ethernet
set 0 name="$interfaceLAN"
set 2 name="ISP1"
set 3 name="ISP2"
set 4 name="ISP3"
/ip address
add address=$LANIP network=$LANNET broadcast=$LANBC interface=$interfaceLAN
add address=$LANVOZIP network=$LANVOZNET broadcast=$LANVOZBC interface=$interfaceLAN
add address=$WAN1IP network=$WAN1NET broadcast=$WAN1BC interface=ISP1
add address=$WAN2IP network=$WAN2NET broadcast=$WAN2BC interface=ISP2
add address=$WAN3IP network=$WAN3NET broadcast=$WAN3BC interface=ISP3
/ip firewall mangle
add chain=prerouting src-address=192.168.2.0/24 dst-address=!192.168.0.0/16 action=mark-routing new-routing-mark=ISP3 comment="Marcar los paquetes de la red 2 hacia internet como VOZ (ISP3)"
add chain=input connection-mark=no-mark in-interface=ISP1 connection-state=new action=mark-connection new-connection-mark=WAN1->ROS comment="Reglas para responder las conexiones entrantes por la misma boca"
add chain=input connection-mark=no-mark in-interface=ISP2 connection-state=new action=mark-connection new-connection-mark=WAN2->ROS
add chain=input connection-mark=no-mark in-interface=ISP3 connection-state=new action=mark-connection new-connection-mark=WAN3->ROS
add chain=output connection-mark=WAN1->ROS action=mark-routing new-routing-mark=ISP1
add chain=output connection-mark=WAN2->ROS action=mark-routing new-routing-mark=ISP2
add chain=output connection-mark=WAN3->ROS action=mark-routing new-routing-mark=ISP3
/ip route
add dst-address=$Host1A gateway=$GW1 scope=10 comment="Puertas de enlace para IPs de comprobacion"
add dst-address=$Host1B gateway=$GW1 scope=10
add dst-address=$Host2A gateway=$GW2 scope=10
add dst-address=$Host2B gateway=$GW2 scope=10
add dst-address=$Host3A gateway=$GW3 scope=10
add dst-address=$Host3B gateway=$GW3 scope=10
add dst-address=$virtualGW1 gateway=$Host1A scope=10 target-scope=10 check-gateway=ping comment="Hosts virtuales para cada puerta de enlace"
add dst-address=$virtualGW1 gateway=$Host1B scope=10 target-scope=10 check-gateway=ping
add dst-address=$virtualGW2 gateway=$Host2A scope=10 target-scope=10 check-gateway=ping
add dst-address=$virtualGW2 gateway=$Host2B scope=10 target-scope=10 check-gateway=ping
add dst-address=$virtualGW3 gateway=$Host3A scope=10 target-scope=10 check-gateway=ping
add dst-address=$virtualGW3 gateway=$Host3B scope=10 target-scope=10 check-gateway=ping
add distance=1 gateway=$virtualGW1 comment="Rutas reales sin marca de ruta, como ISP1"
add distance=2 gateway=$virtualGW2
add distance=3 gateway=$virtualGW3
add distance=1 gateway=$virtualGW1 routing-mark=ISP1 comment="Rutas reales en funcion de marcas de ruta"
add distance=2 gateway=$virtualGW2 routing-mark=ISP1
add distance=3 gateway=$virtualGW3 routing-mark=ISP1
add distance=1 gateway=$virtualGW2 routing-mark=ISP2
add distance=2 gateway=$virtualGW1 routing-mark=ISP2
add distance=3 gateway=$virtualGW3 routing-mark=ISP2
add distance=1 gateway=$virtualGW3 routing-mark=ISP3
add distance=2 gateway=$virtualGW1 routing-mark=ISP3
add distance=3 gateway=$virtualGW2 routing-mark=ISP3
add dst-address=$Host1A type=blackhole distance=20 comment="Rutas para solucionar problema al volver a IP anterior"
add dst-address=$Host2A type=blackhole distance=20
add dst-address=$Host3A type=blackhole distance=20
add dst-address=$Host1B type=blackhole distance=20
add dst-address=$Host2B type=blackhole distance=20
add dst-address=$Host3B type=blackhole distance=20
/ip firewall nat
add chain=srcnat out-interface=ISP1 action=masquerade comment="Hacer NAT de la red local a los ISP"
add chain=srcnat out-interface=ISP2 action=masquerade
add chain=srcnat out-interface=ISP3 action=masquerade
/ip dhcp-server network add address=$red gateway=$gw dns-server=$DNSs
/ip pool add name=dhcp_pool1 ranges=$rango
/ip dhcp-server add name=dhcp1 interface=$interfaceLAN address-pool=dhcp_pool1 lease-time=$leaseDias disabled=no
/ip dns set servers=$DNSs allow-remote-requests=yes
/system identity set name="$routerName"
/system ntp client set enabled=yes primary-ntp=$primerNTP secondary-ntp=$segundoNTP
/system clock set time-zone-name=$timeZone
:foreach r in=[:toarray $remoteManagement] do={
/ip firewall address-list add list=$accessListName address=$r
}
/ip firewall
address-list add list=management_SNT address=a.b.c.d/32
address-list add list=management_SNT address=e.f.g.h/32
/ip firewall
filter add chain=input action=accept protocol=icmp comment="Default: Aceptar ping"
filter add chain=input action=accept connection-state=established in-interface=("!" . $interfaceLAN) comment="Default: aceptar respuestas (no se aplica a interfaz LAN)"
filter add chain=input action=accept connection-state=related in-interface=("!" . $interfaceLAN) comment="Default: aceptar relacionados (no se aplica a interfaz LAN)"
filter add chain=input action=accept protocol=tcp dst-port=8291 in-interface=("!" . $interfaceLAN) src-address-list=management_SNT comment="Puerto Winbox para management desde SNT"
filter add chain=input action=accept protocol=tcp dst-port=80 in-interface=("!" . $interfaceLAN) src-address-list=management_SNT comment="Puerto web para management desde SNT"
filter add chain=input action=drop in-interface=("!" . $interfaceLAN) comment="Default: Rechazar resto (no se aplica a interfaz LAN)"
/tool mac-server remove [find];
/tool mac-server mac-winbox disable [find];
:foreach k in=[/interface find] do={
:local tmpName [/interface get $k name];
:if (!($tmpName~"ISP")) do={
/tool mac-server add interface=$tmpName disabled=no;
/tool mac-server mac-winbox add interface=$tmpName disabled=no;
}
}
/ip neighbor discovery set [find name="ISP1"] discover=no
/ip neighbor discovery set [find name="ISP2"] discover=no
/ip neighbor discovery set [find name="ISP3"] discover=no
#Registra la cuenta de correo apropiada:
/tool e-mail set address=[:resolve $mailServer] port=$mailPort from="$mailFrom" user="$mailUser" password="$mailPassword"
#Crea scripts que enviaran e-mails si alguna GW se cae.
:global mails
:set mails ""
:foreach r in=[:toarray $recipients] do={
:local parte "\"$r\"" ;
:if ([:len $mails] = 0) do={
:set mails ($parte)
} else={
:set mails ($mails . "; \\\r\n\t" . $parte)
}
}
:global scriptISP 1
:while ($scriptISP <= $numGW) do={
:global scriptISP
/system script add name=("gw" . $scriptISP . "-down") source=":global recipients { $mails}\r\
\n/tool e-mail set address=[:resolve $mailServer]\r\
\n:local subject \"$[:pick $subjectGWDown ($scriptISP - 1)]\"\r\
\n:local mensajebody \"$[:pick $msgGWDown ($scriptISP - 1)]\"\r\
\n:local FailTreshold $hostsPerGW\r\
\n:global PingFailCountISP$scriptISP\r\
\n\r\
\n:if ([:typeof \$PingFailCountISP$scriptISP] = \"nothing\") do={:set PingFailCountISP$scriptISP 0}\r\
\n:if (\$PingFailCountISP$scriptISP < \$FailTreshold) do={\r\
\n\t:set PingFailCountISP$scriptISP (\$PingFailCountISP$scriptISP + 1)\r\
\n}\r\
\n:if (\$PingFailCountISP$scriptISP >= \$FailTreshold) do={\r\
\n\t/ip firewall connection {:foreach r in=[find] do={remove \$r}}\r\
\n\t:foreach r in=[:toarray \$recipients] do={\r\
\n\t\t:put (\"Sending email to \" . [:tostr \$r])\r\
\n\t\t/tool e-mail send to=\"\$[:tostr \$r]\" subject=\"\$[/system identity get name] - \$subject\" body=\"\$[/system identity get name]\n\$[/system clock get date] - \$[/system clock get time]\n\$mensajebody\"\r\
\n\t}\r\
\n}"
/system script add name=("gw" . $scriptISP . "-up") source=":global recipients { $mails}\r\
\n/tool e-mail set address=[:resolve $mailServer]\r\
\n:local subject \"$[:pick $subjectGWUp ($scriptISP - 1)]\"\r\
\n:local mensajebody \"$[:pick $msgGWUp ($scriptISP - 1)]\"\r\
\n:local FailTreshold $hostsPerGW\r\
\n:global PingFailCountISP$scriptISP\r\
\n\r\
\n:if ([:typeof \$PingFailCountISP$scriptISP] = \"nothing\") do={:set PingFailCountISP$scriptISP 0}\r\
\n:if (\$PingFailCountISP$scriptISP >= \$FailTreshold) do={\r\
\n\t/ip firewall connection {:foreach r in=[find] do={remove \$r}}\r\
\n\t:foreach r in=[:toarray \$recipients] do={\r\
\n\t\t:put (\"Sending email to \" . [:tostr \$r])\r\
\n\t\t/tool e-mail send to=\"\$[:tostr \$r]\" subject=\"\$[/system identity get name] - \$subject\" body=\"\$[/system identity get name]\n\$[/system clock get date] - \$[/system clock get time]\n\$mensajebody\"\r\
\n\t}\r\
\n}\r\
\n:if (\$PingFailCountISP$scriptISP > 0) do={\r\
\n\t:set PingFailCountISP$scriptISP (\$PingFailCountISP$scriptISP - 1)\r\
\n}"
:set scriptISP ($scriptISP + 1)
}
/tool netwatch
add host=$Host1A interval=($secondsNetwatch . "s") timeout=998ms up-script=gw1-up down-script=gw1-down
add host=$Host2A interval=($secondsNetwatch . "s") timeout=998ms up-script=gw2-up down-script=gw2-down
add host=$Host3A interval=($secondsNetwatch . "s") timeout=998ms up-script=gw3-up down-script=gw3-down
add host=$Host1B interval=($secondsNetwatch . "s") timeout=998ms up-script=gw1-up down-script=gw1-down
add host=$Host2B interval=($secondsNetwatch . "s") timeout=998ms up-script=gw2-up down-script=gw2-down
add host=$Host3B interval=($secondsNetwatch . "s") timeout=998ms up-script=gw3-up down-script=gw3-down
#Elimina todas las variables globales establecidas en el script.
:foreach k in=[/system script environment find] do={
/system script environment remove $k;
}
#Genera un backup del sistema y lo guarda como config_inicial_SNT
/system backup save name=config_inicial_SNT
Script without dedicated voice ISP.
# ------------------- header -------------------
# Script by Dario Goikoetxea, version 1.0.1
# If you use this script, or edit and
# re-use it, please keep the header intact.
#
# Script based on
# http://wiki.mikrotik.com/wiki/Advanced_Routing_Failover_without_Scripting
# ------------------- header -------------------
###########################################################
############# Puedes editar a partir de aqui ##############
### Respeta el formato de las variables. Puede romperse ###
###########################################################
# Se establecen las 4 ips contra las que se comprueban los ISPs.
#Hostname del router
:global routerName "MikrotikVV"
#Nombres de interfaces:
:global interfaceLAN LAN
#IPs comprobacion ISP1
:global Host1A 4.2.2.2
:global Host1B 4.2.2.3
#IPs comprobacion ISP2
:global Host2A 4.2.2.4
:global Host2B 4.2.2.5
#tiempo entre verificaciones de conexion (Solo sirve para los emails!)
:global secondsNetwatch 20
#IPs de las GW de cada ISP.
:global GW1 192.168.50.1
:global GW2 192.168.51.1
#IPs vituales para enrutar. Inventadas.
:global virtualGW1 10.1.1.1
:global virtualGW2 10.2.2.2
#Configuración de los parámetros IP (address, network y bcast) del mikrotik
#Parametros de la boca LAN (llamada LAN)
:global LANIP 192.168.1.1/24
:global LANNET 192.168.1.0
:global LANBC 192.168.1.255
#Parametros de la boca WAN1 (llamada ISP1)
:global WAN1IP 192.168.50.2/24
:global WAN1NET 192.168.50.0
:global WAN1BC 192.168.50.255
#Parametros de la boca WAN2 (llamada ISP2)
:global WAN2IP 192.168.51.2/24
:global WAN2NET 192.168.51.0
:global WAN2BC 192.168.51.255
#Parametros del DHCP y DNS
:global red 192.168.1.0/24
:global gw 192.168.1.1
:global DNSs 208.67.222.222,208.67.220.220
:global rango 192.168.1.201-192.168.1.254
:global leaseDias 1d
#NTP servers
:global primerNTP 150.214.94.5
:global segundoNTP 158.227.98.15
:global timeZone CET
#Configuraciones de e-mail:
#Destinatarios:
:global recipients {"private@mail.es"; "dontbe@curious.about"}
#Servidor correo
:global mailServer "smtp.mail.es"
:global mailPort 25
:global mailtls no
:global mailFrom "sender@account.com"
:global mailUser $mailFrom
:global mailPassword "ThisIsObviouslySecret"
#Establece titulo y parte del cuerpo del mensage. Nombre del router y fecha ya estan incluidos!
#Asunto y cuerpo del mensage de caida del primer router
:global subjectGW1Down "GW principal caido"
:global msgGW1Down "GW principal caido"
#Asunto y cuerpo del mensage de recuperacion del primer router
:global subjectGW1Up "GW principal recuperado"
:global msgGW1Up "GW principal recuperado"
#Asunto y cuerpo del mensage de caida del segundo router
:global subjectGW2Down "GW secundario caido"
:global msgGW2Down "GW secundario caido"
#Asunto y cuerpo del mensage de recuperacion del segundo router
:global subjectGW2Up "GW secundario recuperado"
:global msgGW2Up "GW secundario recuperado"
#Remote management IPs
:global accessListName=management_SNT
:global remoteManagement {a.b.c.d/32; e.f.g.h/32}
###########################################################
############# Deja de editar a partir de aqui #############
### Editar el script a partir de aquí podría romperlo. ####
###########################################################
/interface ethernet
set 0 name="$interfaceLAN"
set 3 name="ISP1"
set 4 name="ISP2"
/ip address
add address=$LANIP network=$LANNET broadcast=$LANBC interface=$interfaceLAN
add address=$WAN1IP network=$WAN1NET broadcast=$WAN1BC interface=ISP1
add address=$WAN2IP network=$WAN2NET broadcast=$WAN2BC interface=ISP2
/ip route
add dst-address=$Host1A gateway=$GW1 scope=10 comment="Puertas de enlace para IPs de comprobacion"
add dst-address=$Host1B gateway=$GW1 scope=10
add dst-address=$Host2A gateway=$GW2 scope=10
add dst-address=$Host2B gateway=$GW2 scope=10
add dst-address=$virtualGW1 gateway=$Host1A scope=10 target-scope=10 check-gateway=ping distance=1 comment="Hosts virtuales para cada puerta de enlace"
add dst-address=$virtualGW1 gateway=$Host1B scope=10 target-scope=10 check-gateway=ping distance=2
add dst-address=$virtualGW2 gateway=$Host2A scope=10 target-scope=10 check-gateway=ping distance=1
add dst-address=$virtualGW2 gateway=$Host2B scope=10 target-scope=10 check-gateway=ping distance=2
add distance=1 gateway=$virtualGW1 comment="Ruta virtual salida GW1"
add distance=2 gateway=$virtualGW2 comment="Ruta virtual salida GW2"
add dst-address=$Host1A type=blackhole distance=20 comment="Rutas para solucionar problema al volver a IP anterior"
add dst-address=$Host2A type=blackhole distance=20
add dst-address=$Host1B type=blackhole distance=20
add dst-address=$Host2B type=blackhole distance=20
/ip firewall nat
add chain=srcnat out-interface=ISP1 action=masquerade comment="Hacer NAT de la red local a los ISP"
add chain=srcnat out-interface=ISP2 action=masquerade
/ip dhcp-server network add address=$red gateway=$gw dns-server=$DNSs
/ip pool add name=dhcp_pool1 ranges=$rango
/ip dhcp-server add name=dhcp1 interface=$interfaceLAN address-pool=dhcp_pool1 lease-time=$leaseDias disabled=no
/ip dns set servers=$DNSs allow-remote-requests=yes
/system identity set name="$routerName"
/system ntp client set enabled=yes primary-ntp=$primerNTP secondary-ntp=$segundoNTP
/system clock set time-zone-name=$timeZone
:foreach r in=[:toarray $remoteManagement] do={
/ip firewall address-list add list=$accessListName address=$r
}
/ip firewall
filter add chain=input action=accept protocol=icmp comment="Default: Aceptar ping"
filter add chain=input action=accept connection-state=established in-interface=("!" . $interfaceLAN) comment="Default: aceptar respuestas (no se aplica a interfaz LAN)"
filter add chain=input action=accept connection-state=related in-interface=("!" . $interfaceLAN) comment="Default: aceptar relacionados (no se aplica a interfaz LAN)"
filter add chain=input action=accept protocol=tcp dst-port=8291 in-interface=("!" . $interfaceLAN) src-address-list=management_SNT comment="Puerto Winbox para management desde SNT"
filter add chain=input action=accept protocol=tcp dst-port=80 in-interface=("!" . $interfaceLAN) src-address-list=management_SNT comment="Puerto web para management desde SNT"
filter add chain=input action=drop in-interface=("!" . $interfaceLAN) comment="Default: Rechazar resto (no se aplica a interfaz LAN)"
/tool mac-server remove [find];
/tool mac-server mac-winbox disable [find];
:foreach k in=[/interface find] do={
:local tmpName [/interface get $k name];
:if (!($tmpName~"ISP")) do={
/tool mac-server add interface=$tmpName disabled=no;
/tool mac-server mac-winbox add interface=$tmpName disabled=no;
}
}
/ip neighbor discovery set [find name="ISP1"] discover=no
/ip neighbor discovery set [find name="ISP2"] discover=no
#Registra la cuenta de correo apropiada:
/tool e-mail set address=[:resolve $mailServer] port=$mailPort from="$mailFrom" user="$mailUser" password="$mailPassword"
#Crea scripts que enviaran e-mails si alguna GW se cae.
:global mails
:set mails ""
:foreach r in=[:toarray $recipients] do={
:local parte "\"$r\"" ;
:if ([:len $mails] = 0) do={
:set mails ($parte)
} else={
:set mails ($mails . "; \\\r\n\t" . $parte)
}
}
/system script add name=gw1-down source=":global recipients { $mails}\r\
\n/tool e-mail set address=[:resolve $mailServer]\r\
\n:local subject \"$subjectGW1Down\"\r\
\n:local mensajebody \"$msgGW1Down\"\r\
\n\r\
\n:foreach r in=[:toarray \$recipients] do={\r\
\n\t:put (\"Sending email to \" . [:tostr \$r])\r\
\n\t/tool e-mail send to=\"\$[:tostr \$r]\" subject=\"\$[/system identity get name] - \$subject\" body=\"\$[/system identity get name]\n\$[/system clock get date] - \$[/system clock get time]\n\$mensajebody\"\r\
\n}"
/system script add name=gw1-up source=":global recipients { $mails}\r\
\n/tool e-mail set address=[:resolve $mailServer]\r\
\n:local subject \"$subjectGW1Up\"\r\
\n:local mensajebody \"$msgGW1Up\"\r\
\n\r\
\n:foreach r in=[:toarray \$recipients] do={\r\
\n\t:put (\"Sending email to \" . [:tostr \$r])\r\
\n\t/tool e-mail send to=\"\$[:tostr \$r]\" subject=\"\$[/system identity get name] - \$subject\" body=\"\$[/system identity get name]\n\$[/system clock get date] - \$[/system clock get time]\n\$mensajebody\"\r\
\n}"
/system script add name=gw2-down source=":global recipients { $mails}\r\
\n/tool e-mail set address=[:resolve $mailServer]\r\
\n:local subject \"$subjectGW2Down\"\r\
\n:local mensajebody \"$msgGW2Down\"\r\
\n\r\
\n:foreach r in=[:toarray \$recipients] do={\r\
\n\t:put (\"Sending email to \" . [:tostr \$r])\r\
\n\t/tool e-mail send to=\"\$[:tostr \$r]\" subject=\"\$[/system identity get name] - \$subject\" body=\"\$[/system identity get name]\n\$[/system clock get date] - \$[/system clock get time]\n\$mensajebody\"\r\
\n}"
/system script add name=gw2-up source=":global recipients { $mails}\r\
\n/tool e-mail set address=[:resolve $mailServer]\r\
\n:local subject \"$subjectGW2Up\"\r\
\n:local mensajebody \"$msgGW2Up\"\r\
\n\r\
\n:foreach r in=[:toarray \$recipients] do={\r\
\n\t:put (\"Sending email to \" . [:tostr \$r])\r\
\n\t/tool e-mail send to=\"\$[:tostr \$r]\" subject=\"\$[/system identity get name] - \$subject\" body=\"\$[/system identity get name]\n\$[/system clock get date] - \$[/system clock get time]\n\$mensajebody\"\r\
\n}"
/tool netwatch
add host=$Host1A interval=($secondsNetwatch . "s") timeout=998ms up-script=gw1-up down-script=gw1-down
add host=$Host2A interval=($secondsNetwatch . "s") timeout=998ms up-script=gw2-up down-script=gw2-down
#Elimina todas las variables globales establecidas en el script.
:foreach k in=[/system script environment find] do={
/system script environment remove $k;
}
#Genera un backup del sistema y lo guarda como config_inicial_SNT
/system backup save name=config_inicial_SNT
Please, if I forgot to remove some sensitive data from the scripts let me know so I can edit them.