Believe me, while this is possible to achieve manually, you just want the box to "know" what o365 traffic is. That is not something a generic router can do. You need to buy a special box that has a maintenance contract to provide you with the dynamic information required for that. What is...

Anyone from MikroTik going to chime in on this ? This has been asked before and as far as I recall Mikrotik has always been radio silent on this. I'd stay away from Mikrotik if this is a requirement. You're much safer if you use a vendor that has gone through this certification and has a FIPS mode.

It is already fixed in v7.7 and v7.8betas

Can you please elaborate? What is fixed in v7.7 and v7.8 betas.

"DMVPN" is such a killer feature in the enterprise world. VyOS has support for it since years. in general called SD-WAN. This is implemented in v7 using ZeroTier. This will be my last post on this as it's getting off-topic, but ZeroTier is a pretty basic SD-WAN and is in no way equivalent...

This is a disappointing release as 7.8, should have been 7.7.1. When are we going to see Mikrotik address those critical route/switch features that most enterprises use. Specifically: 1. BFD fixed 2. BGP-VPNv4-VRF RR fixed 3. Something equivalent to Cisco DMVPN, HP DVPN, Meraki AutoVPN, or Fortinet ...

This tweet from IP Architects suggests sooner than expected. https://twitter.com/stubarea51/status/1584164274213044230?cxt=HHwWjICq5fPAivwrAAAA FYI, IP Architects' tweet is just referencing my post on Reddit r/mikrotik. And I'm the person who started this post here. Apparently I'm the first person ...

Does Mikrotik publish End-of-Sale/End-of-Support dates? The TILE processor was discontinued this year by Nvidia: https://network.nvidia.com/files/pdf/eol/LCR-000851.pdf https://network.nvidia.com/files/pdf/eol/LCR-000901.pdf Has Mikrotik stopped manufacturing TILE-based CCR models or are they contin...

Can a pair of CRS518-16XS-2XQ do this? - Configured as MLAG peers with a 2 x 25G bond for the peer-ports - The remaining 25G links (14) on the CRS518s configured as MLAG trunks carrying 4-10 VLANs up to access switches - The subnet gateway for each VLAN residing on the CRS518s with VRRP between the ...

1) IS-IS, 2) VTI, 3) something equivalent to Cisco DMVPN or GETVPN or HP DVPN or Meraki AutoVPN, 4) BGP Multipath, 5) Lack of commit/rollback

Those are the five features that prevent me from recommending Mikrotik to large enterprise customers.

I have this config on my CCR2004-16G-2S+: # jan/02/1970 12:51:37 by RouterOS 7.5 # software id = XXXXXXXXXX # # model = CCR2004-16G-2S+ # serial number = XXXXXXXXXX /interface bridge add name=bridge1 vlan-filtering=yes /interface bridge port add bridge=bridge1 frame-types=admit-only-vlan-tagged inte...

Thanks guys makes perfect sense. I've done lots of firewalls on RouterOS v6, just haven't done any under v7 yet.

I received a new CCR2004-16G-2S+ with 7.5 and it appears to have no default firewall configured and it doesn't have one under
/system default-configuration print.

What is the thinking behind that?

I'm getting about 425-450 Mbps max throughput over single IPSec SA using IKEv2, AES256, SHA256 between a RB4011 and Palo Alto 7000, regardless of throughput test tool. I see one core hit 100% CPU on this test with the RB4011, so I assume it's maxed out? The RB4011 has 1 Gb symmetric Internet and the...