I have an industrial hardware appliance that is configured using a web interface. Shockingly, this appliance has zero security. You just point your web browser at it and you're in. No usernames, no passwords. It's insane and the vendor even recognizes it. So would it be possible to offer some protection to it using my MikroTik hEX S router? Here's what I'm hoping for...
My industrial device is connected to my LAN using an ethernet cable connected to a run of the mill switch. I was hoping that I can insert my hEX between the appliance and the switch and block all inbound traffic to the appliance where port 80 is the destination port EXCEPT if you're coming from some privileged host. Everything else must be allowed to pass at the L2 level since this devices does things on our LAN that we need. I just need to block the web interface. The IP of the appliance can NOT be changed and I can not place it in its own vlan and set up access control lists on our main router like you would normally do in a situation like this. I'm thinking the hEX will just act like a standard L2 switch and monitor SYN packets for the condition I gave above. If a packet has 80 as the destination port, it just drops the packet if its not from the privileged host.
Is this possible?
-Ryan McDonald