Community discussions

 
kellogs
Member Candidate
Member Candidate
Topic Author
Posts: 114
Joined: Sun Jan 04, 2009 10:55 am

Securing Mikrotik without using Firewall for fastpath

Mon Oct 05, 2015 6:49 pm

Dear Member,

How would you secure your mikrotik services such as winbox without using built in firewall so that fastpath can kick in?

This is a BGP router and you want the best performance ever.

Thanks!
 
Feklar
Forum Guru
Forum Guru
Posts: 1726
Joined: Tue Dec 01, 2009 11:46 pm

Re: Securing Mikrotik without using Firewall for fastpath

Mon Oct 05, 2015 8:16 pm

1.) Fast path works on forwarding packets, the services work on the input chain, so securing them via firewall should not affect fast path performance.
2.) You can dissable unwanted services running on the router, and you can also change the port they listen to to obscure thingts a bit more.
 
kellogs
Member Candidate
Member Candidate
Topic Author
Posts: 114
Joined: Sun Jan 04, 2009 10:55 am

Re: Securing Mikrotik without using Firewall for fastpath

Tue Oct 06, 2015 4:29 am

According to http://wiki.mikrotik.com/wiki/Manual:Fast_Path

one of the rule it said

1. firewal rules are not configured;
 
skuykend
Member Candidate
Member Candidate
Posts: 270
Joined: Tue Oct 06, 2015 7:28 am

Re: Securing Mikrotik without using Firewall for fastpath

Tue Oct 06, 2015 7:33 am

That's for when it's automatically enabled. You can still use the firewall and NAT, just put in you're own fasttrack-connection rule.
 
andriys
Forum Guru
Forum Guru
Posts: 1080
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: Securing Mikrotik without using Firewall for fastpath

Tue Oct 06, 2015 10:29 am

The only approach I can think of is the following. Allocate one interface for management purposes only, and connect it to your trusted (protected) network. Then configure winbox, ssh and other services you need to listen on this management interface only.
 
User avatar
cohprog
Frequent Visitor
Frequent Visitor
Posts: 62
Joined: Sat May 23, 2015 4:54 pm
Contact:

Re: Securing Mikrotik without using Firewall for fastpath

Wed Oct 07, 2015 11:54 am

Configure the services to only be available from some trusted IP address.

Who is online

Users browsing this forum: No registered users and 31 guests