Hello,
I am very new to Mikrotik and would like some help with a basic firewall config. I am an outside contractor managing a network set up by someone else, and the company that set up their phones has made a request to me.Please see the request below (ip addresses have been omitted for privacy) and help me with the best way to set up these rules. I tried reading on how to do this and I wasn't quite sure I understood it correctly so I turn to you kind people to point me in the right direction.
"Please allow all outbound traffic for the following ports to the following IP's
a.a.a.a (omitted)
b.b.b.b (omitted)
TCP ports:
TCP ports 80, 443, 8001 (for web UI)
TCP port 3306 (open from any server on a different network)
TCP port 5060 (SIP TCP)
TCP port 5061 (TLS)
UDP ports:
UDP port 5060 (for SIP signaling)
UDP ports 20000-27999 (for SIP RTP)
UDP/TCP ports:
21 (FTP Control)
69 (Trivial File Transfer Protocol (TFTP) )
For their paging to work we require Multicast address 224.0.2.60:50001 to be allowed, and are using codec g7.22"
From what I have read I thought I would make a rule on the forward chain but not sure if it should be a different chain?
When I'm making a rule and need to lock it down to certain destination ports do I have to make separate rules for multiple ports or can I create a group of ports or 'service' with and reference that service as the destination port(s)?
Same question for destination IP, can I make an address object that contains both IP addresses and reference the address object instead of making separate rules for each IP? And where should I put this rule in terms of priority/order?
As for the multicast rule I'm clueless on that one. Any and all help is appreciated as these devices are so new to me.
Thanks in advance