I have a hotspot setup on a B450 using ROS 3.30 that is having a strange behavior when login. When I log in the browser sits stuck on the hotspot page (even though I can see in winbox that the host goes to active). Then if a url is typed again (say google.com). The hotspot user can continue. I thought the problem was with the login page so I reverted it to factory and the symptom continued.
This is for a small hotel and some other IT firm set up most of the configuration of the firewall etc.
They have configured a web proxy for port 80, that was originally for the purpose of blocking front desk access to everything non-essential. It redirects all port 80 traffic to web proxy, so I added a src rule to allow access for the hotspot I think I would rather skip the proxy for the hotspot but cannot figure out the rule I need.
Here is the entire config (i changed some to protect the innocent). Any ideas?
/interface ethernet
set 0 arp=enabled auto-negotiation=yes comment="" disabled=no full-duplex=yes l2mtu=1526 mac-address=00:0C:42:2E:B4:35 mtu=1500 name=\
E1-WAN/PoE speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment="" disabled=no full-duplex=yes l2mtu=1522 mac-address=\
00:0C:42:2E:B4:36 master-port=none mtu=1500 name=E2-LAN1 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment="" disabled=no full-duplex=yes l2mtu=1522 mac-address=\
00:0C:42:2E:B4:37 master-port=none mtu=1500 name=E3-LAN2 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment="" disabled=no full-duplex=yes l2mtu=1522 mac-address=\
00:0C:42:2E:B4:38 master-port=none mtu=1500 name=E4-Hotspot speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment="" disabled=no full-duplex=yes l2mtu=1522 mac-address=\
00:0C:42:2E:B4:39 master-port=none mtu=1500 name=E5-Phone speed=100Mbps
/interface wireless security-profiles
set default authentication-types="" eap-methods=passthrough group-ciphers="" group-key-update=5m interim-update=0s mode=none name=\
default radius-eap-accounting=no radius-mac-accounting=no radius-mac-authentication=no radius-mac-caching=disabled \
radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username static-algo-0=none static-algo-1=none static-algo-2=none \
static-algo-3=none static-key-0="" static-key-1="" static-key-2="" static-key-3="" static-sta-private-algo=none \
static-sta-private-key="" static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=none tls-mode=no-certificates \
unicast-ciphers="" wpa-pre-shared-key="" wpa2-pre-shared-key=""
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=\
cookie,http-chap name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no
add dns-name="" hotspot-address=10.5.50.1 html-directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap \
name=hsprof1 rate-limit=1M/512K smtp-server=0.0.0.0 split-user-domain=no use-radius=no
/ip ipsec proposal
set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m name=default pfs-group=modp1024
/ip pool
add name=dhcp_pool1 ranges=192.168.20.26-192.168.20.200
add name=Hotel ranges=192.168.10.50-192.168.10.200
add name=HS-pool ranges=10.5.50.50-10.5.50.150
add name=dhcp_pool2 ranges=10.10.100.25-10.10.100.225
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=static disabled=yes interface=E3-LAN2 lease-time=3d name=dhcp1
add address-pool=HS-pool authoritative=after-2sec-delay bootp-support=static disabled=no interface=E4-Hotspot lease-time=1h name=\
HS-DHCP
add address-pool=dhcp_pool2 authoritative=after-2sec-delay bootp-support=static disabled=no interface=E5-Phone lease-time=1d name=\
DHCP-Phonenet
/ip hotspot
add address-pool=HS-pool disabled=no idle-timeout=none interface=E4-Hotspot keepalive-timeout=none name=Hotspot profile=hsprof1
/ip hotspot user profile
set default address-pool=HS-pool advertise=no idle-timeout=5m keepalive-timeout=2m name=default open-status-page=always rate-limit=\
256k/768k shared-users=100 status-autorefresh=1m transparent-proxy=yes
/port
set 0 baud-rate=auto data-bits=8 flow-control=none name=serial0 parity=none stop-bits=1
/ppp profile
set default change-tcp-mss=yes comment="" name=default only-one=default use-compression=default use-encryption=default \
use-vj-compression=default
add address-list=a change-tcp-mss=default comment="" name="set accounting=yes interim-update=0s use-radius=no" only-one=default \
use-compression=default use-encryption=default use-vj-compression=default
set default-encryption change-tcp-mss=yes comment="" name=default-encryption only-one=default use-compression=default use-encryption=\
yes use-vj-compression=default
/interface pptp-client
add add-default-route=no allow=pap,chap,mschap1,mschap2 comment="" connect-to=VPN_IP dial-on-demand=no disabled=no max-mru=1460 \
max-mtu=1460 mrru=disabled name=pptp-out1 password=VPNPASSWORD profile=default-encryption user=VPNUSER
/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 red-limit=60 red-max-threshold=50 \
red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
set default-small kind=pfifo name=default-small pfifo-limit=10
/routing bgp instance
set default as=65530 client-to-client-reflection=yes comment="" disabled=no ignore-as-path-len=no name=default out-filter="" \
redistribute-connected=no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no redistribute-static=no router-id=\
0.0.0.0
/routing ospf area
set backbone area-id=0.0.0.0 authentication=none disabled=no name=backbone type=default
/snmp
set contact=support@THIERCOMPANYNAME.com enabled=yes engine-boots=63 engine-id="" location="" time-window=15 trap-sink=0.0.0.0 trap-version=1
/snmp community
set public address=0.0.0.0/0 authentication-password="" authentication-protocol=MD5 encryption-password="" encryption-protocol=DES \
name=public read-access=yes security=none write-access=no
/system logging action
set memory memory-lines=100 memory-stop-on-full=no name=memory target=memory
set disk disk-file-count=2 disk-file-name=log disk-lines-per-file=100 disk-stop-on-full=no name=disk target=disk
set echo name=echo remember=yes target=echo
set remote bsd-syslog=no name=remote remote=0.0.0.0:514 src-address=0.0.0.0 syslog-facility=daemon syslog-severity=auto target=remote
/system routerboard settings
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=300MHz enable-jumper-reset=\
yes enter-setup-on=any-key
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=300MHz enable-jumper-reset=\
yes enter-setup-on=any-key
/user group
add comment="" name=read policy=local,telnet,ssh,reboot,read,test,winbox,password,web,sniff,sensitive,!ftp,!write,!policy
add comment="" name=write policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,sniff,sensitive,!ftp,!policy
add comment="" name=full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
/interface ethernet mirror
set mirror-port=none source-port=none
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=default enabled=no keepalive-timeout=60 mac-address=\
FE:94:1C:9C:A3:38 max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=\
disabled
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 \
frames-per-second=25 receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10 multiple-channels=no only-headers=no receive-errors=no \
streaming-enabled=no streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.10.1/24 broadcast=192.168.10.255 comment="Hotel LAN" disabled=no interface=E2-LAN1 network=192.168.10.0
add address=192.168.20.1/24 broadcast=192.168.20.255 comment="Guest Network" disabled=no interface=E3-LAN2 network=192.168.20.0
add address=WANIP/24 broadcast=24.249.53.255 comment=WAN disabled=no interface=E1-WAN/PoE network=WANNETWORK
add address=10.10.100.1/24 broadcast=10.10.100.255 comment="Phone System" disabled=no interface=E5-Phone network=10.10.100.0
add address=10.5.50.1/24 broadcast=10.5.50.255 comment="Hotspot Network" disabled=no interface=E4-Hotspot network=10.5.50.0
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=10.5.50.0/24 comment="" dns-server=68.105.28.11,68.105.29.11 gateway=10.5.50.1
add address=10.10.100.0/24 comment="" gateway=10.10.100.1
add address=192.168.20.0/24 comment="" dns-server=68.230.242.25,68.230.242.30 gateway=192.168.20.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=512 primary-dns=68.105.28.11 secondary-dns=\
68.105.29.11
/ip firewall address-list
add address=192.168.10.0/24 comment="" disabled=no list=Hotel_Network
add address=192.168.20.0/24 comment="" disabled=no list=Guest_Network
add address=64.39.213.226 comment="" disabled=no list=RemoteMgmt
add address=64.39.216.240/28 comment="" disabled=no list=RemoteMgmt
add address=192.168.10.0/24 comment="" disabled=no list=RemoteMgmt
add address=192.168.254.0/24 comment="" disabled=no list=RemoteMgmt
add address=64.39.212.34 comment="" disabled=no list=RemoteMgmt
add address=68.103.155.226 comment="" disabled=no list=RemoteMgmt
add address=192.168.10.10 comment="" disabled=no list=ProxyEnabled
add address=192.168.10.9 comment="" disabled=no list=ProxyEnabled
add address=10.10.100.0/24 comment="" disabled=no list=Phone_system
add address=10.5.50.0/24 comment="" disabled=no list=Hotspot
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment="Allow All traffic from management VPN at Wichita Data Centers" disabled=no src-address=\
192.168.109.1
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=drop chain=input comment="detect and drop port scan connections" disabled=no protocol=tcp psd=21,3s,3,1
add action=tarpit chain=input comment="suppress DoS attack" connection-limit=3,32 disabled=no protocol=tcp src-address-list=black_list
add action=add-src-to-address-list address-list=black_list address-list-timeout=1d chain=input comment="detect DoS attack" \
connection-limit=10,32 disabled=no protocol=tcp
add action=accept chain=input comment="Allow Broadcast Traffic" disabled=no dst-address-type=broadcast
add action=accept chain=input comment="Allow established traffic" connection-state=established disabled=no
add action=accept chain=input comment="Allow Related Traffic" connection-state=related disabled=no
add action=jump chain=input comment="jump to chain ICMP" disabled=no jump-target=ICMP protocol=icmp
add action=jump chain=input comment="jump to chain services" disabled=no jump-target=services
add action=log chain=input comment="log dropped traffic" disabled=no log-prefix=dropped--
add action=drop chain=input comment="drop everything else" disabled=no
add action=accept chain=ICMP comment="0:0 and limit for 5pac/s" disabled=no icmp-options=0:0-255 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment="3:3 and limit for 5pac/s" disabled=no icmp-options=3:3 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment="3:4 and limit for 5pac/s" disabled=no icmp-options=3:4 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment="8:0 and limit for 5pac/s" disabled=no icmp-options=8:0-255 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment="11:0 and limit for 5pac/s" disabled=no icmp-options=11:0-255 limit=5,5 protocol=icmp
add action=drop chain=ICMP comment="Drop everything else" disabled=no protocol=icmp
add action=accept chain=services comment="accept localhost" disabled=no dst-address=127.0.0.1 src-address-list=127.0.0.1
add action=accept chain=services comment="allow MACwinbox " disabled=no dst-port=20561 protocol=udp
add action=accept chain=services comment="allow WinBox Connections" disabled=no dst-port=8291 protocol=tcp src-address-list=RemoteMgmt
add action=accept chain=services comment="allow telnet Connections" disabled=no dst-port=23 protocol=tcp src-address-list=RemoteMgmt
add action=accept chain=services comment="Allow HTTP to firewall" disabled=no dst-port=80 protocol=tcp src-address-list=RemoteMgmt
add action=accept chain=services comment="Allow FTP connections" disabled=no dst-port=20-21 protocol=tcp src-address-list=RemoteMgmt
add action=accept chain=services comment="Bandwidth server" disabled=yes dst-port=2000 protocol=tcp
add action=accept chain=services comment=" MT Discovery Protocol" disabled=no dst-port=5678 protocol=udp
add action=accept chain=services comment="allow SNMP" disabled=yes dst-port=161 protocol=tcp
add action=accept chain=services comment="Allow BGP" disabled=yes dst-port=179 protocol=tcp
add action=accept chain=services comment="allow BGP" disabled=yes dst-port=5000-5100 protocol=udp
add action=accept chain=services comment="Allow NTP" disabled=yes dst-port=123 protocol=udp
add action=accept chain=services comment="Allow PPTP" disabled=no dst-port=1723 protocol=tcp
add action=accept chain=services comment="allow PPTP and EoIP" disabled=no protocol=gre
add action=accept chain=services comment="allow DNS request" disabled=no dst-port=53 protocol=tcp
add action=accept chain=services comment="Allow DNS request" disabled=no dst-port=53 protocol=udp
add action=accept chain=services comment=UPnP disabled=yes dst-port=1900 protocol=udp
add action=accept chain=services comment=UPnP disabled=yes dst-port=2828 protocol=tcp
add action=accept chain=services comment="allow DHCP" disabled=no dst-port=67-68 protocol=udp
add action=accept chain=services comment="allow Web Proxy" disabled=no dst-port=3128 protocol=tcp
add action=accept chain=services comment="allow IPIP" disabled=yes protocol=ipencap
add action=accept chain=services comment="allow https for Hotspot" disabled=no dst-port=443 protocol=tcp
add action=accept chain=services comment="allow Socks for Hotspot" disabled=no dst-port=1080 protocol=tcp
add action=accept chain=services comment="allow IPSec connections" disabled=yes dst-port=500 protocol=udp
add action=accept chain=services comment="allow IPSec" disabled=yes protocol=ipsec-esp
add action=accept chain=services comment="allow IPSec" disabled=yes protocol=ipsec-ah
add action=accept chain=services comment="allow RIP" disabled=yes dst-port=520-521 protocol=udp
add action=accept chain=services comment="allow OSPF" disabled=yes protocol=ospf
add action=return chain=services comment="" disabled=no
add action=drop chain=forward comment="Drop Hotel to Guest Network" disabled=no dst-address-list=Guest_Network src-address-list=\
Hotel_Network
add action=drop chain=forward comment="Drop Guest to Hotel Network" disabled=no dst-address-list=Hotel_Network src-address-list=\
Guest_Network
add action=accept chain=forward comment="Allow established/new connections" connection-state=new disabled=no
add action=accept chain=forward comment="" connection-state=established disabled=no
add action=accept chain=forward comment="" connection-state=related disabled=no
add action=accept chain=forward comment="Credit Card Authorization" disabled=no dst-address=192.168.10.10 dst-port=17476 protocol=tcp
add action=accept chain=forward comment="" disabled=no dst-address=192.168.10.10 dst-port=17411 protocol=tcp
add action=accept chain=forward comment="" disabled=no dst-address=192.168.10.9 dst-port=17476 protocol=tcp
add action=accept chain=forward comment="" disabled=no dst-address=192.168.10.9 dst-port=17411 protocol=tcp
add action=log chain=forward comment="Log & Drop all other traffic" disabled=yes log-prefix=""
add action=drop chain=forward comment="" disabled=no
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=redirect chain=dstnat comment="Redirect HTTP to Proxy Server (ADL - ProxyEnabled)" disabled=no dst-port=80 protocol=tcp \
src-address-list=ProxyEnabled to-ports=3128
add action=masquerade chain=srcnat comment="Hotel Network - Internet Traffic" disabled=no src-address-list=Hotel_Network
add action=masquerade chain=srcnat comment="Guest Network - Internet Traffic" disabled=no src-address-list=Guest_Network
add action=masquerade chain=srcnat comment="Phone Network" disabled=no src-address-list=Phone_system
add action=masquerade chain=srcnat comment="Hotspot Network" disabled=no src-address-list=Hotspot
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
add comment="" disabled=no name=hotelguest password=wireless profile=default
/ip neighbor discovery
set E1-WAN/PoE discover=no
set E2-LAN1 discover=no
set E3-LAN2 discover=no
set E4-Hotspot discover=yes
set E5-Phone discover=yes
set pptp-out1 discover=no
/ip proxy
set always-from-cache=no cache-administrator=support@THERIITCOMPANYs.com cache-hit-dscp=4 cache-on-disk=no enabled=yes max-cache-size=none \
max-client-connections=600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 parent-proxy-port=0 port=3128 \
serialize-connections=no src-address=192.168.10.1
/ip proxy access
add action=allow comment="Allow public access to Hotspot Users" disabled=no src-address=10.5.50.0/24
add action=allow comment="" disabled=no dst-host=*.sapphiremanager.com path=*
add action=allow comment="" disabled=no dst-host=*.dstechs.* path=*
add action=allow comment="" disabled=no dst-host=*.itzsecure.com path=*
add action=allow comment="" disabled=no dst-host=*.innquest.* path=*
add action=allow comment="" disabled=no dst-host=maps.google.com path=*
add action=allow comment="" disabled=no dst-host=*.corplodging.com path=*
add action=allow comment="" disabled=no dst-host=*.hotelextranet.* path=*
add action=allow comment="" disabled=no dst-host=*.malwarebytes.* path=*
add action=allow comment="" disabled=no dst-host=*.avast.* path=*
add action=allow comment="" disabled=no dst-host=*.gowichita.com path=*
add action=deny comment="" disabled=no dst-host=""
add action=allow comment="" disabled=yes
/ip route
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=OURWANGATEWAY scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=192.168.109.0/24 gateway=192.168.109.1 scope=30 target-scope=10
/ip service
set telnet address=0.0.0.0/0 disabled=no port=23
set ftp address=0.0.0.0/0 disabled=no port=21
set www address=0.0.0.0/0 disabled=no port=80
set ssh address=0.0.0.0/0 disabled=no port=22
set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443
set api address=0.0.0.0/0 disabled=yes port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/queue interface
set E1-WAN/PoE queue=ethernet-default
set E2-LAN1 queue=ethernet-default
set E3-LAN2 queue=ethernet-default
set E4-Hotspot queue=ethernet-default
set E5-Phone queue=ethernet-default
set pptp-out1 queue=default
/radius incoming
set accept=no port=3799
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m gateway-selection=no-gateway origination-interval=5s \
preferred-gateway=0.0.0.0 timeout=1m ttl=50
/routing ospf
set distribute-default=never metric-bgp=20 metric-connected=20 metric-default=1 metric-rip=20 metric-static=20 mpls-te-area=unspecified \
mpls-te-router-id=unspecified redistribute-bgp=no redistribute-connected=no redistribute-rip=no redistribute-static=no router-id=\
0.0.0.0
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 metric-default=1 metric-ospf=1 metric-static=1 \
redistribute-bgp=no redistribute-connected=no redistribute-ospf=no redistribute-static=no timeout-timer=3m update-timer=30s
/store
add comment="" disabled=no disk=system name=web-proxy1 type=web-proxy
/system clock
set time-zone-name=America/Chicago
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start="jan/01/1970 00:00:00" time-zone=+00:00
/system console
add disabled=no port=serial0 term=vt102
/system health
set
/system identity
set name="ASYSTEMNAME"
/system logging
add action=memory disabled=no prefix="" topics=info
add action=memory disabled=no prefix="" topics=error
add action=memory disabled=yes prefix="" topics=warning
add action=echo disabled=no prefix="" topics=critical
add action=memory disabled=yes prefix="" topics=info
add action=memory disabled=yes prefix="" topics=error
add action=memory disabled=no prefix="" topics=warning
add action=echo disabled=yes prefix="" topics=critical
add action=memory disabled=no prefix="" topics=web-proxy,!debug
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=yes mode=unicast primary-ntp=OUTTIMESERVER secondary-ntp=0.0.0.0
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=10
/tool e-mail
set from=<> password="" server=0.0.0.0:25 username=""
/tool graphing
set page-refresh=300 store-every=5min
/tool graphing interface
add allow-address=0.0.0.0/0 disabled=no interface=all store-on-disk=yes
/tool mac-server
add disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""
/tool sniffer
set file-limit=10 file-name="" filter-address1=0.0.0.0/0:0-65535 filter-address2=0.0.0.0/0:0-65535 filter-protocol=ip-only \
filter-stream=yes interface=all memory-limit=10 only-headers=no streaming-enabled=no streaming-server=0.0.0.0
/user aaa
set accounting=yes default-group=read interim-update=0s use-radius=no