There's an easy way to find out whether it is a firewall issue (even if the firewall was so selective that it would restrict access to
cloud2.mikrotik.com but not to
forum.mikrotik.com): use
/tool traceroute.
If it shows no response at all, your own firewall or routing is to be blamed (or your ISP's); if it does show some hops responding, the issue is located further in the network (possibly a firewall somewhere else, but more likely a routing issue, or maybe a DNS update issue at Mikrotik side).
I have the following picture, for forum.mikrotik.com:
formatted code
[me@myTik] > /tool traceroute 2a02:610:7501:3000::239
# ADDRESS LOSS SENT LAST AVG BEST WORST STD-DEV STATUS
1 xxxx:xxxx:xxxx::xxxx 0% 2 13.1ms 12.2 11.3 13.1 0.9
2 yyyy:yyyy:yyyy::yyyy 0% 2 22ms 18.3 14.5 22 3.8
3 100% 2 timeout
4 100% 2 timeout
5 2001:2034:1:c3::1 0% 2 41.3ms 43.8 41.3 46.3 2.5
6 100% 2 timeout
7 2001:2000:3080:21c8::2 0% 2 52.6ms 54.6 52.6 56.6 2
8 100% 2 timeout
9 100% 2 timeout
10 100% 2 timeout
11 100% 2 timeout
12 2a02:610:7501:3000::239 0% 2 50.3ms 50.3 50.3 50.3 0
For cloud2.mikrotik.com:
formatted code
[me@myTik] > /tool traceroute 2a02:610:7501:1000::201
# ADDRESS LOSS SENT LAST AVG BEST WORST STD-DEV STATUS
1 xxxx:xxxx:xxxx::xxxx 0% 3 13.4ms 12.9 11.8 13.4 0.7
2 yyyy:yyyy:yyyy::yyyy 0% 3 16.2ms 17.6 16.1 19.1 1.5
3 zzzz:zzzz:zzz:zzz::zzz 0% 3 19.1ms 18.9 18.4 19.1 0.3
4 100% 3 timeout
5 100% 3 timeout
6 2001:2034:1:c3::1 0% 3 42.6ms 43.9 42.6 46.4 1.7
7 2001:2034:0:85::1 0% 3 44.1ms 44.1 41.3 46.9 2.3
8 2001:2000:3080:21c8::2 0% 3 48.4ms 48.9 48.4 49.9 0.7
9 100% 3 timeout
10 100% 3 timeout
11 100% 3 timeout
12 100% 3 timeout
13 100% 3 timeout
(and the same for the other address, 2a02:610:7501:4000::251).
So in my case, it's not caused by my firewall.