![](/uploads/1/2/5/8/125835081/146250968.jpg)
![Rules Rules](/uploads/1/2/5/8/125835081/887747571.png)
MikroTik CHR: Basic system protection. Guide for essential system protection. Here You will find the essential steps to protect your MikroTik CHR from intrusion. Be careful while placing restrictive (drop) rules, it is possible to limit your own access to the router. Please be noted that the above firewall rules are NOT complete. Firewall Filter Rules On Mikrotik Routers February 8, 2018 Kelly Collins 0 Comments. If you’re having trouble securing your network here I have made a script for the essential Firewall rules that will help to protect your router. All you need to do is to go your router menu, click new terminal and paste the script below, after that you.
I bought this for several reasons.
I had been using a large HP 2900-48G switch and a PFSense i7-7700K PC based router for my home network.
They worked great, but...
The HP switch was large, LOUD, put out a LOT of heat and sucks down 200-300watts of power. It is a server 19' rack enterprise switch. The PFSense i7 CPU PC mini tower router is powerful, flexible but takes up lots of space and consumes another 100 Watts.
I wanted something with four 10GBit links like the HP. I no longer needed more than 24 ports like I did last year.
The Mikrotik also has a comprehensive GUI (WinBox). I don't manage routers and switches for a living so a GUI was a must for me. I have no desire to learn another command line interface. I have a couple of proper Win 2012R2 media servers and a Threadripper workstation I do most of my home based business and personal things on. I wanted to be able to move large multi gigabyte media files to the servers at HD speeds and not be limited to the roughly 115MB/sec of gigabit ethernet. I will also run the 4th fiber link to the media room to access content from the servers.
In all honesty I do not need most of the features this device has (which are numerous). It was appealing that this device's router OS has a following and is often used in business environments. A plus. I'm sure that I can grow with this setup to do all those things I want to do. My next step is to eventually install proper access points and power those with the need for a wall wart in whatever house we move to soon. Currently I use an R7000 and a WRT1900AC running DD-WRT setup as access points only(no routing).
I only took me a couple of hours to find some tutorials online for things like setting Static IP address, changing DNS servers, upgrading the firmware and setting up the DHCP stuff. This is all pretty basic stuff. Later I will find more information concerning best security practices and hardening of this box so I am not a target for hackers.
I am very happy. My network speed is great. My power draw is 8x less and I no longer have 5 screaming fans from the HP to talk over. The Mikrotik only has 2 quiet fans and barely puts out any heat. I love it!!!!
UPDATE: Important!!!! You MUST add some firewall rules and go through the Mikrotik Wiki to secure this router or it will be hacked!!! I installed mine, updated the router OS to the latest version and changed the ADMIN password. NOT ENOUGH!! After a week I was getting failed login attempts every second form multiple sources all over the world. Google 'microtik essential firewall rules' and watch the youtube tutorial #29. This guy also has a web page with a script to add rules. Also google 'securing mikrotik router'. The first hit is the Mikrotik wiki. Follow this!!!! Turn off services from the Winbox CMD line that are not needed so this router doesn't become some hacker's plaything. Keep your router firmware up to date!!!!! VERY IMPORTANT!!!
I had been using a large HP 2900-48G switch and a PFSense i7-7700K PC based router for my home network.
They worked great, but...
The HP switch was large, LOUD, put out a LOT of heat and sucks down 200-300watts of power. It is a server 19' rack enterprise switch. The PFSense i7 CPU PC mini tower router is powerful, flexible but takes up lots of space and consumes another 100 Watts.
I wanted something with four 10GBit links like the HP. I no longer needed more than 24 ports like I did last year.
The Mikrotik also has a comprehensive GUI (WinBox). I don't manage routers and switches for a living so a GUI was a must for me. I have no desire to learn another command line interface. I have a couple of proper Win 2012R2 media servers and a Threadripper workstation I do most of my home based business and personal things on. I wanted to be able to move large multi gigabyte media files to the servers at HD speeds and not be limited to the roughly 115MB/sec of gigabit ethernet. I will also run the 4th fiber link to the media room to access content from the servers.
In all honesty I do not need most of the features this device has (which are numerous). It was appealing that this device's router OS has a following and is often used in business environments. A plus. I'm sure that I can grow with this setup to do all those things I want to do. My next step is to eventually install proper access points and power those with the need for a wall wart in whatever house we move to soon. Currently I use an R7000 and a WRT1900AC running DD-WRT setup as access points only(no routing).
I only took me a couple of hours to find some tutorials online for things like setting Static IP address, changing DNS servers, upgrading the firmware and setting up the DHCP stuff. This is all pretty basic stuff. Later I will find more information concerning best security practices and hardening of this box so I am not a target for hackers.
I am very happy. My network speed is great. My power draw is 8x less and I no longer have 5 screaming fans from the HP to talk over. The Mikrotik only has 2 quiet fans and barely puts out any heat. I love it!!!!
UPDATE: Important!!!! You MUST add some firewall rules and go through the Mikrotik Wiki to secure this router or it will be hacked!!! I installed mine, updated the router OS to the latest version and changed the ADMIN password. NOT ENOUGH!! After a week I was getting failed login attempts every second form multiple sources all over the world. Google 'microtik essential firewall rules' and watch the youtube tutorial #29. This guy also has a web page with a script to add rules. Also google 'securing mikrotik router'. The first hit is the Mikrotik wiki. Follow this!!!! Turn off services from the Winbox CMD line that are not needed so this router doesn't become some hacker's plaything. Keep your router firmware up to date!!!!! VERY IMPORTANT!!!
![](/uploads/1/2/5/8/125835081/146250968.jpg)