@tabate47, do I assume right that the ultimate goal is to make sure that the ubnt boxes would use a different network path (starting by a different gateway) than the other traffic, regardless what the current IP number of the controller is?
If that is the case, the generic mechanism for this is called policy routing. You create a default
route via that special gateway (i.e. with dst-address=0.0.0.0/0
), but in a dedicated routing table
, which is identified by an attribute of the route, called routing-mark
. And then you use rules in chain prerouting
of table mangle
of /ip firewall
to assign that routing-mark
to packets matching some conditions.
If the ubnt boxes only talk to their controllers and nothing else, the criteria to assign the routing-mark
may be just the source IP addresses of the controllers. If they need to talk to other resources as well, and should use the generic default route to do that, you can use the ability of /ip firewall address-list
items to be configured for fqdns and track the changes of the associated IP numbers. You can combine multiple criteria (only packets from ubnt IP addresses to the controller's current address will get the routing-mark
); if the ubnt boxes access another address, they will use the default (main) routing table
, and so will other devices if accessing the controller's IP address.
In more detail the above is described here
(but there it is for packets sent by the Mikrotik itself - for your purpose, the mangle rules need to be in mangle chain prerouting
as mentioned above), as well as in tens of other similar topics on this forum.