I have a Mikrotik router and I am building a IPSec tunnel to a Unifi. That is working perfect. Problem is I want to be able to filter traffic in so that people on the Mikrotik side cannot get to the USG side unless the packet is related or established. In other words I want to filter out packets with a NEW state.
Seems easy, but when put in the rules, it breaks. I think it has to do with the forward rules not working with the IPSec policy???