Community discussions

MikroTik App
 
flori1973
just joined
Topic Author
Posts: 1
Joined: Tue Apr 03, 2018 11:06 pm

Beginner have any questions

Tue Apr 03, 2018 11:25 pm

Hello, I came across the Mikrotic Router by accident.

I have some experience with ubiquiti and would like to try with microtik. My goal is to build a secure network. P2P/Bittorrent is to be blocked and certain groups of pages such as games, social media (Facebook, Twitter) are also to be blocked.

Since my WLAN is not so special, I want to integrate a WLAN access point sometime and build up a secure WLAN network with it.

My question would be, which micro-router would you recommend? I have an DSL-modem (ZyXEL VMG1312-B30A VDSL2 ) an 2 VLAN 1 Gb switches.
Can be locked as described above pages in the firewall can be blocked using categories via the web interface? Are there a few german-speaking users who might be able to help?
 
solar77
Long time Member
Long time Member
Posts: 577
Joined: Thu Feb 04, 2016 11:42 am
Location: Scotland

Re: Beginner have any questions

Wed Apr 04, 2018 6:05 pm

Most Mikrotik routers run RouterOS. some have Gigabite or 10G ports, some have SFP ports, some have WLAN or LTE but in terms of routing functions, they do exactly the same job!
well, almost, there are different licence that come with different products but the standard licence will do what you wanted.

Apart from harware interfaces, the only difference between them is performance. Also the number of users, throughput, add into the equation. To block P2P you may have few L7 rules and using proxy or address list to block facebook etc. All these have a load on the CPU. Normally a 2011 or 3011 should be good enough.

Also using Mikrotik to block these require bit of work and are not 100%. Lots of tutorials on the Internet including youtube.
If you got the budget, use a proper Layer7 firewall.
MTCNA MTCTCE UEWA
 
anavds
newbie
Posts: 38
Joined: Wed Apr 04, 2018 2:47 pm

Re: Beginner have any questions

Wed Apr 04, 2018 6:59 pm

To add what SOLAR stated, one has to be able to block HTTPS sites as well and I believe the Mikrotiks have a way of doing that.

"Since most of the internet now uses https, it has become much harder to filter specific web content. For this
reason, RouterOS 6.41 introduces a new firewall matcher which allows you to block https websites (TLS traffic)
based on the TLS SNI extension, called “TLS-HOST”. The new parameter supports glob-style patterns, which
should be enough for whatever you’re trying to match.
For example, to block example.com, you would use a rule like this:
/ip firewall filter add chain=forward dst-port=443 protocol=tcp tls-host=*.example.com action=reject "

You could also use a first layer by going through OPEN DNS and their filtering for example.
As for assistance in German, this is your lucky week. Just hop on the train to Berlin and there will be lots of experts, drinking beer or maybe discussing Mikrotik ;-)
 
solar77
Long time Member
Long time Member
Posts: 577
Joined: Thu Feb 04, 2016 11:42 am
Location: Scotland

Re: Beginner have any questions

Wed Apr 04, 2018 8:00 pm

Thanks anavds. I've learned something new too! Tested and I managed to block https://forum.mikrotik.com. Ha ha.
MTCNA MTCTCE UEWA

Who is online

Users browsing this forum: OZisKTB and 75 guests