I have some pfSense router/firewalls that I want to set into high availability mode and I'm placing a CRS305-1G-4S+ in front of each of my routers' WAN ports (ie: ISP Equipment > CRS305-1G-4S+ > 2 routers > and then another CRS305-1G-4S+ on the LAN side > LAN switches). I'm just using the CRS305-1G-4S+ 's in SwOS mode.
What are the security concerns with doing this?
What configuration changes (if any) should I put into SwOS to mitigate these concerns?
Would setting a static IP Address of a local IP mitigate most of these concerns?
Would these switches be seen or reachable over the internet through any sort of tweaked WinBox or other mechanism because they leave certain ports open? (If so: are there ways to close these ports in SwOS or do I need to enable RouterOS?
I'd prefer to just stay on the much simpler, faster-to-boot switch os because I only need some switching and multicasting for my HA setup.
If there's already a post covering this can you please point me in it's direction; I couldn't find one when I searched.
Thanks for any and all help!