Community discussions

MikroTik App
 
JeremyNull
just joined
Topic Author
Posts: 1
Joined: Tue Nov 05, 2024 3:18 am

What are the security concerns with using a CRS305-1G-4S+ in front of each of my routers' WAN ports?

Tue Nov 05, 2024 3:36 am

I have some pfSense router/firewalls that I want to set into high availability mode and I'm placing a CRS305-1G-4S+ in front of each of my routers' WAN ports (ie: ISP Equipment > CRS305-1G-4S+ > 2 routers > and then another CRS305-1G-4S+ on the LAN side > LAN switches). I'm just using the CRS305-1G-4S+ 's in SwOS mode.

What are the security concerns with doing this?
What configuration changes (if any) should I put into SwOS to mitigate these concerns?
Would setting a static IP Address of a local IP mitigate most of these concerns?
Would these switches be seen or reachable over the internet through any sort of tweaked WinBox or other mechanism because they leave certain ports open? (If so: are there ways to close these ports in SwOS or do I need to enable RouterOS?

I'd prefer to just stay on the much simpler, faster-to-boot switch os because I only need some switching and multicasting for my HA setup.
If there's already a post covering this can you please point me in it's direction; I couldn't find one when I searched.

Thanks for any and all help!
 
User avatar
sirbryan
Member
Member
Posts: 392
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: What are the security concerns with using a CRS305-1G-4S+ in front of each of my routers' WAN ports?

Wed Nov 06, 2024 5:21 pm

If you put a private IP, they shouldn't be reachable from the world. For that matter, you could use VLANs to encapsulate the traffic, and set up access rules that only allow access from a different VLAN or from a specific (internal) IP. With RouterOS, you could do a couple more fancy tricks with the firewall if you're that concerned.

I currently have this exact same setup (ISP handoff switch -> CRS305 -> three CCR2116/2216 routers) and it works fine.

Who is online

Users browsing this forum: No registered users and 4 guests