What kind of ACL do you mean? Proper firewall will drop all connections, and will not allow the IP to try to negotiate SSL connections
I am referring to 'address' (called 'available from' in webfig) at /ip service.
Can you please state for the record whether routers are vulnerable to attack from an IP which is not listed in this ACL.
Also I have another question which I think is relevant. We have connection tracking set to 'auto' as such:
[admin@XXXXXX] /ip firewall connection tracking> print
Will adding a drop rule to the firewall switch connection tracking on? We are concerned about the performance impact this may have on heavily loaded routers*.
*by heavily loaded I mean CCR1036's running several gigabits per second 24/7