Dear Member,
How would you secure your mikrotik services such as winbox without using built in firewall so that fastpath can kick in?
This is a BGP router and you want the best performance ever.
Thanks!
1.) Fast path works on forwarding packets, the services work on the input chain, so securing them via firewall should not affect fast path performance.
2.) You can dissable unwanted services running on the router, and you can also change the port they listen to to obscure thingts a bit more.
According to http://wiki.mikrotik.com/wiki/Manual:Fast_Path
one of the rule it said
- firewal rules are not configured;
That’s for when it’s automatically enabled. You can still use the firewall and NAT, just put in you’re own fasttrack-connection rule.
The only approach I can think of is the following. Allocate one interface for management purposes only, and connect it to your trusted (protected) network. Then configure winbox, ssh and other services you need to listen on this management interface only.
Configure the services to only be available from some trusted IP address.
Please, does anybody know how to protect a BGP Router (Port TCP 179) without breaking fastpath ?