YES!I am new to Mikrotik, so I can't tell which RouterOS version introduced this issue, but I can tell what is causing it and how to resolve it. I am running a hAp ac^2 with RouterOS v6.43.10.
I believe, the Quick Set WISP AP (and probably the Home AP as well), Bridge mode sets a few configuration items incorrectly. One of them is making the WebFig interface inaccessible.
The firewall rule #4 "defconf:drop all not coming from LAN" drops our WebFig packets because the bridge interface is not on the LAN interface list.
You can resolve this by either:
1. adding the bridge interface to the LAN list (RECOMMENDED):
Interfaces->Interface List tab->Add New: List=LAN, Interface=bridge, Enabled=True ->OK
2. Disabling the firewall rule, which drops our WebFig packages:
IP->Firewall: Press disable on rule #4 (drop all not coming from LAN)
The solution #1 seems right to me, as it is corrects the root cause. However, the #2 might be OK to do as well, as I believe there is no reason to have firewall rules at all in bridge mode whatsoever. (Though I am interested in any reasoning which proves that otherwise)
I also find other Quick Set "bridge" mode settings quite strange or erroneous. A bridge is essentially a switch. Yet, there is
1. a configured DHCP server, (a switch does not need a DNS server)
2. The DHCP server is configured with a strange IP pool (it may be in conflict with IP pool of the master DHCP server pobably running in our router)
3. A firewall is configured with many rules (a switch does not need a firewall) (?)
4. A static DNS server is configured (a switch does not need a DNS server)
5. The ether1 interface is configured for WAN (a bridge does not need a WAN port and its a waste of one ethernet port)
[admin@EntryRouter] /ip firewall> export # nov/03/2021 22:11:08 by RouterOS 6.49 # software id = 1EIH-CITT # # model = RB750Gr3 /ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp add action=drop chain=input comment="defconf: drop all not coming from LAN" disabled=yes in-interface-list=!LAN add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN /ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
[admin@EntryRouter] /interface> export # nov/03/2021 22:11:49 by RouterOS 6.49 # software id = 1EIH-CITT # # model = RB750Gr3 /interface ethernet set [ find default-name=ether1 ] speed=100Mbps set [ find default-name=ether2 ] name=ether2-master speed=100Mbps set [ find default-name=ether3 ] speed=100Mbps set [ find default-name=ether4 ] speed=100Mbps set [ find default-name=ether5 ] speed=100Mbps /interface bridge add admin-mac=xxxredactedxx auto-mac=no comment="created from master port" name=bridge1 protocol-mode=none /interface list add comment=defconf name=WAN add comment=defconf name=LAN add exclude=dynamic name=discover add name=mactel add name=mac-winbox /interface bridge port add bridge=bridge1 interface=ether3 add bridge=bridge1 interface=ether4 add bridge=bridge1 interface=ether5 /interface list member add comment=defconf interface=bridge1 list=LAN add comment=defconf interface=ether1 list=WAN add interface=bridge1 list=discover add interface=ether3 list=discover add interface=ether4 list=discover add interface=ether5 list=discover add interface=bridge1 list=mactel add interface=bridge1 list=mac-winbox