I plan to expose MikroTik (2011 series) running a small network to a public static IP address. Since security issues from time to time surface on any device (until they are fixed), will it make a sense to put a separate firewall (e.g. ZyXEL) in front of the MikroTik?
Maybe firewall on the MikroTik can still remain active, but the point is to increase the effort needed for exploitation and also to relieve the MikroTik from many attacks randomly coming to the public static IP address.