Help. What Mikrotik board to buy?

My network is very small (10 users max) … I need a complete Application Firewall and Router (Gateway, UTM, VPN (OpenVPN), Intrusion Prevention (IPS) - blocking HTTPS sites, facebook lock, facebook messenger, skype, Trillian, teamviewer, etc …) … would be nice if the application had web management.

I was appointed to buy:
Mikrotik routerboard RB951G-2HnD with Level 4 License.

Is this correct? I’m going to get everything I need with this MikroTik?

I need:
Firewall and Router;
DHCP, Gateway, UTM, VPN (OpenVPN);
Intrusion Prevention (IPS);
blocking HTTPS sites;
facebook lock;
blocking facebook messenger, Skype, Trillian, ICQ, teamviewer, etc …;
Reports of internet browsing;
Rules for use by IP, schedule;
VLAN (wifi clients);

Thanks,

We’re going to need more information before we can provide you any kind of recommendation. How fast is your connection to the ISP? Do you have static or dynamic IP? Do you have multiple public IP addresses? Is your network flat or are you looking to segment it to keep user machines on a different VLAN than servers?

I haven’t used the RB951G series, so I can’t say from experience; depending on your exact network configuration and needs, it may or may not be up to the task. Keep in mind, the more functions you have it do, the less performance you will get from it. To get a general sense for the capabilities it has, check out the MikroTik wiki. If you have more specific questions, contact sales or support to make sure it suitable for your environment.

Hmm, it seems to be you are looking for quite a lot of stuff. And while I believe a Routerboard/Mikrotik based system can do most if not all of these functions, Mikrotik stuff is not for the un-initiated.

There are no wizards or anything else to help you accomplish everything you list above. You will knowledge of how a firewall works, packet flows, how to create the Layer7 inspection rules, etc. You will need to figure out all the ports and hosts of the services you wish to block yourself, etc.

Also, there are limitations you need to invest some research into. While RouterOS does have OpenVPN it does not support UDP connections for instance.

What does IPS (Intrusion Prevention) mean for you? There are quite a few different ways this can function. Also, a Mikrotik by itself will never be able to do such a thing. Well, it can use port triggers and scripts that if someone pings you 10 times, they will get blocked and such. But if you wish it to scan your traffic for malicious software or other stuff, no.

All this stuff also costs CPU power. If you really wish to do Layer7 packet inspection, well, the RB951G-2HnD might leave you with only 20Mbit? Not using those rules it might be able to do 100Mbit to 300Mbit all depending on configuration and wishes.

Don’t get me wrong, Mikrotik, Routerboards and RouterOS is awesome! It’s flexibility and configurability are absolute strong points. But as I said, it’s not for the un-initiated. It’s not a “Insert Brand Here” router which has a wizard to accomplish X or Y. It can do all those things, and much much more, stable and faster, but YOU will need to have the knowledge to configure it.

My advice, if you have never used a RouterOS based product, get a cheap one (the pricing is GREAT) and toy with it a bit. It’s what I did and I am hooked every since!