MikroTik 101: Firewall

MikroTik 101: Firewall

Over the next couple of weeks, we’ll be featuring a number of articles to serve as a crash course into MikroTiK; MikroTiK 101. This week we’ll be focusing on MikroTik’s Firewall feature!


Introduction to MikroTik’s RouterOS firewall

MikroTik’s RouterOS firewall is aimed at protecting your network against incoming and outgoing traffic based on predefined security rules. The MikroTik firewall doesn’t only protect your network from potential threats but can also enhance your company’s productivity by prohibiting employee access to sites such as Facebook, Youtube, etc. Also, by blocking P2P data intensive activity on your network you’ll be saving on precious network bandwidth and data usage.  The Mikrotik firewall can be used on any device running RouterOS. It can also be used with any size network, from SOHO to enterprise, and best of all you do not have to renew your firewall yearly as with most firewalls in the market.


Top features of the MikroTik RouterOS Firewall include:

Firewall 2

  • Stateful packet inspection: a stateful firewall is a network firewall that tracks the operating state and characteristics of network connections traversing it. The firewall is configured to distinguish legitimate packets for different types of connections. Only packets matching a known active connection are allowed to pass the firewall. Stateful packet inspection (SPI), also referred to as dynamic packet filtering, is a security feature often included in business networks.

  • Layer-7 protocol detection: also known as Layer 7 application control, is used to block sites from being accessed on your network. You can either block sites by keywords, e.g. Facebook, Twitter, Youtube, etc. or by category, e.g. video, games, guns, etc.

  • Peer-to-Peer traffic control: Peer-to-peer is a concept whereby one individual host directly communicates with another, as opposed to each client referring to a common hub or server. This type of network connection allows users to share various information, including audio and video files and application programs. Uncontrolled P2P connections take all the available bandwidth and leave no space for other activities (like mail or VoIP calling).

  • NAT: It also supports Source and Destination NAT (Network Address Translation); NAT helps for popular applications and UPnP.

  • Source MAC address: This limits the access to your network to a predetermined number of devices and their MAC addresses for greater security.

  • IP addresses: It can filter by IP address, address range, port, port range, IP protocol, DSCP and other parameters. Also supports Static and Dynamic Address Lists.

  • IPv6: The RouterOS Firewall facility also supports IPv6.




Submit a Comment

Your email address will not be published. Required fields are marked *