Requesting a home small business router with enough memory to handle current threats.
256Mb HDD is too small, suggesting 512 makes more sense in todays climate.

Please advise, yes improve entire lineup hexlite, hex and hexS

I dont see a hardware alternative that makes sense for this market on your hardware lineup or did I miss something that has hw offloading and ipsec encryption performance.
(while your at it, increase hw offloading to be capable on two bridges not just one!! )

Yes, I recently bought two hex units and would have gladly paid a few bucks more for more HDD, knowing what I know now. An upgrade program would be helpful or a nice gesture.

You are talking about nand storage not about the memory, right? If this is the case, why external usb flash or sd card is not a solution for you?

I am talking about my resource table which shows my hdd with 3136KiB available from 16.3MiB!!!!
The ipset function uses this resource for the ip firewall address list. From a previous poster I understand why (speed of access to list needed so it cannot reside externally), so increase the basic HDD to 512MiB. A reasonable request considering address lists are an extremely useful function for a non-object oriented friendly design and todays climate of many bad actors out there and thus the need for Blacklists etc.......... I do use fixed lists (not ones that grow continually, and for example my scanner, spammer, synflood lists are usually empty due to placing some weighing PSD or #of connections requirement.
My ONLY choice is to reduce the number of bad guys I put on my lists, which is really silly in this day and age of memory and cost.
I dont see any other router solution for the homeowner or small business in the mikrotik hardware inventory with the same feature set.
As stated I would have gladly paid the additional $$ to get 512MiB!

Is this one closer to what you are looking for?
https://mikrotik.com/product/rb450gx4

Hahahaha you are very funny.
You want me to pay $40 more bucks for 256MiB? and lose a USB port in the process (only a shitty usb.2.0 port so I guess its not much of a loss). Plus my cat will pee on the board way before if I figure out how to wire the thing into my outlet. Can I use low voltage wires directly plugged into the wall socket and where do I attach them on the board,,,,,,, just try anything that looks like a solder point?? Oh you want me to construct some sort of enclosure for the thing, I suppose given enough Elmers glue and tongue depressors i could come up with something.
Please dont let this guy be in charge of marketing!!

What do I GAIN over the HEX, besides the 256 MiB

a. # ports same no change
b. usb port gone con
c. no enclosure con
d. buy an enclosure con
e. figure out how to power the thing con
f. probably buy something to power the thing con
h. it looks naked..... sexy but a con
i. processor - finally PRO
j. hdd space - PRO
k. POE - the HEX S has this, so call it equal.
l. cores - PRO get two more !!!!!!

Finally a-l dont matter the product doesn't seem to be available in Canada.
I dont mind find an enclosure if some are readily available and power supplies are not expensive.
It would be nice to see the design diagram which shows the switch architecture with or without bridge selection to compare to the hex.

Hahahaha you are very funny.
You want me to pay $40 more bucks for 256MiB? and lose a USB port in the process (only a shitty usb.2.0 port so I guess its not much of a loss). Plus my cat will pee on the board way before if I figure out how to wire the thing into my outlet. Can I use low voltage wires directly plugged into the wall socket and where do I attach them on the board,,,,,,, just try anything that looks like a solder point?? Oh you want me to construct some sort of enclosure for the thing, I suppose given enough Elmers glue and tongue depressors i could come up with something.
Please dont let this guy be in charge of marketing!!

Do you have any idea how petty and resentful you are coming across? The RB450 is a ROUTER BOARD, which is what MikroTik has been renowned for manufacturing...

In the link kindly provided by the previous poster MikroTik clearly lists the power requirements of 10-57v DC voltage. In addition Mikrotik links the compatible DC power supplies and aluminium enclosure. (no need for soldering power cables or making DIY enclosures as you sarcastically mentioned)

The cost may be more than what you were expecting or are prepared to pay but you don't have to be so rude and aggressive against a company which is giving you such advanced and stable networking functionality at the price of a decent toaster! Sheesh!

Sarcasm is my real name. As noted at the bottom, I assumed there were readily available enclosures and power supplies LOL.
Bizarre to me as a homeowner as I never bought naked boards as a product.
I am sure the xtra $$ is good value, just asking besides the 256MiB, what is the impetus to move up to the board?

I don't put any router or manufacturer on a pedestal but I have been a stout zyxel guy for decades (user and VAR) and am willing to give mikrotik a shot because I too think its better value than anything else I've seen. In any case the suggested board is not available in my location.

I am sure the xtra $$ is good value, just asking besides the 256MiB, what is the impetus to move up to the board?

Better hardware. Traditionally, flagship ROUTEROARDs had higher quality components than lower cost home market solutions. When comparing the two routers, routing performance is similar on first glance, but if you look closely at the Xena2544 test results, they diverge significantly (rb450gx4 is 2.5x as fast) on the 25filter rule routing test when processing small packets. The devil is in the details.

Thanks, any idea when it will be available in Canada?

By the way, in your sarcastic comparison you forgot to mention another few PROs for RB450Gx4 over hEX:
1) Four times more RAM: 256mb -> 1gb
2) Serial port (Yes, I'm sure that you don't need it, but someone might. And that moves this board from the home device range closer to enterprise.)
3) License level: Level 4 -> Level 5
4) Also you are stating that hEX has 256mb storage and the gain is only from 256mb to 512mb. That's not right. hEx has only 16mb of storage (256mb is the RAM size). So the gain is 16mb -> 512mb
I think all this (together with what you have already mentioned) is enough to justify the 2x price (Around 130$, if you add the price for the case and power supply to the price of the unit).

Yes, I had the memory figures wrong its quite a jump in capability and a serial port is useful for an emergency situation when one doesnt necessarily want to reset the router to defaults and re-program but you hit the nail on the head............ this is for a home scenario vice enterprise scenario. I would be happy paying an xtra $10-20 just to have double the hdd size which seems to be the limiting factor for address lists and perhaps bump up to 512 of memory........ hence the Hex+ for the home market!! If I was an installer (VAR) that would allow me to provide for small offices and homeowners with scripts and lists without very much concerns. The routerboard is nice but overkill. On my HEX, I am using currently 1/2 of the 256M, which is okay, I imagine one should have approx 50% capacity available for memory during normal times to account for growth or surge. I have not implemented by two cAP AC I bought so I still have to add wireless programming as well. In addition I have a bunch of VLANs I want to program. All on hold as I cannot get my Fiber connection to work properly .
Regarding the routerboard, do you know of a similar diagram to others I have seen which details the chip schematic flow diagram when using bridge mode or not bridge mode?

I think you have it all wrong. Home/Home Office users do not need that much storage. Using blacklists is the wrong idea. You should be using whitelists. Only allowing trusted ip or temporarily allowing ips is what is need in these situations. Port knocking and trusted address list keeps requirements low. Even my dst-nat is protected by whitelists. Why expose anything to anyone when you can keep it closed to every one but you and those you allow.

https://i.mt.lv/routerboard/files/RB450 ... 125413.png

Block diagram says nothing about lane speed between switch and CPU, so you better ask someone from Mikrotik about it.

Unless you are an ISP, it makes zero sense to use (large) permanent blacklists. So, this is anything but a common use case for a SOHO device, no matter who you get it from.

However, you could get any Ubiquiti Edgerouter, including the similarly priced Edgerouter X. That has 256 MB NAND, full OpenVPN support, and much more advanced Active Queue Management like fq-codel (Fair Queuing with Controlled Delay) up to around 100-120 Mbit/s WAN-LAN - very useful to combat bufferbloat and acting as an efficient set-it-and-forget it QoS option. It is also much more user friendly for typical SOHO tasks than any Mikrotik and it is a relatively open platform so you can customize it more, if needed.

The Edgerouter X and X SFP, however, are limited to 1 Gbit/s aggregate, unlike hEX or hAP ac2.

Also, in the end you may sorely miss Winbox, especially the second you start doing any non-typical task.

maybe rb450GX4 is a device suited for you

https://mikrotik.com/product/rb450gx4

https://i.mt.lv/routerboard/files/RB450 ... 113548.pdf

Nope sticking with Mikrotik, I may invest in the 450Gx4 (although I am a bit confused on what power supply to use).
Also, hey can I have two bridges with HW offloading on this puppy? The HEX is limited to one.

I guess you dont look at your log, I can either drop all the incoming by a drop rule in filtering or stop most of it in RAW through blacklist.
My limited understanding is that raw is more efficient.
Also a fixed list is not an issue if the hdd size is sufficient. I still have 3-4KiBs left and am just concerned about software udpates.
I do agree that having a capture increasing list size may be detrimental so the fixed list works.

As to 2 frogs white list suggestion, I would say that is an enterprise approach not suitable to me.