Hi all,
firstly the use case - I have common home network with Mikrotik router in NAT mode with provider's AP on WAN and eth ports bridged together with wlan. And I am thinking about separating one of the eth ports from the rest due to security reasons - typicaly to protect new devices during their first update. (All computers in LAN/wlan are used by regular users including me, who knows how many computer worms may be crawling there from time to time...)
The questions:
1) The first thing I do before the updating anything is enabling a sw fw and dropping all incoming connections. Considering that, is having a separate network for upgrading useful?... or paranoid and the sw fw is enough?
2) If useful, how simply separate lets say eth4 port? Can I simply remove eth4 from bridge and use fw to drop all forwards bridge>eth4 resp. eth4>bridge? (And still use the same IP adressess and DHCP server?)
Thank you for your advices, hope the questions are not too dumb 0:) still learning but already in love with Router OS