The issue with WiFi password being shown upon entering HTTPS login screen (even though "Hidden/Hide" is ticked) is still there.

Bridge Filter doesn't specify what is filters. For example, your NAT firewall filter can be set to allow exclusively TCP and UDP traffic, but LLDP (data link layer) frames are not going to be filtered, even when bridge filtering is enabled. LLDP and similar frames are controlled by "Discovery&q...

I have all the updates and RouterBOARD upgrade and this is the best router money can buy. For $200 it beats anything out there. I wish I was a professional reviewer with credibility to write a review of this beautiful device, but my posts show I don't know enough about networking. Back to topic - ye...

Ether1 is default WAN port and is also default NetInstall port. Using such defaults allows us of NetInstall through WAN port. That means use of NetInstall of WAN. That's an issue for sure.

I am looking through NetInstall documentation for Chateau Pro AX and by default it uses ether1 port, which is also default WAN port. Of course I can change WAN port to anything else, but is it not a bad idea to let NetInstall port = WAN port by default? Doesn't that make router vulnerible to attacks...

MikroTik Chateau Pro AX has options for bridge filtering, which I assume, are either similar to Netfilter EBTables or is based on Netfilter EBTables. In GUI I can restrict protocols to TCP/UDP (via NAT Firewall), enable/disable ARP (via bridge and port settings/options), enable/disable LLDP (and sim...

Slightly off-topic, but where can one purchase Ethernet card/adapters/NIC's for consumer PC's? AFAIK MACSec is not open-source and is rare in non-enterprise enivronments.

Some encryption is better than none most of the time. DNS is one of the easiest protocols to attack if not encrypted, but MikroTik already supports DNS-over-HTTPS. That leaves safe time retrieval as the next problem. MikroTik supports NTP, but that's about it. There are safer ways to retreive time. ...

WiFi password is unhidden by default in the latest version (when viewed with Firefox), even though box to hide it is ticked by default.

Still loving my MikroTik Chateau Pro AX and have some questions about it: - Where is the Gratuitous ARP option? I saw it once, but then lost it. I want to disable that completely and only allow 2 ARP types - request and reply. This is mostly because some clients, such as Apple TV, impersonate other ...

Still a no-go. I set permanent ARP in both - router and Windows, but the same thing happens. Windows shows packets are sent, but none received. Router shows packets are received, but none sent back. Maybe this is a bug. I've never had this issue with other routers. I think developers should look int...

Thanks! I've already had all that configured as you described (withoiut success), except for IP firewall. I assume bridge IP firewall is EBTables, correct?

How can I run this software in Sandboxie? I tried a variety of settings, but WinBox just refuses to be sandboxed... Does it use some kind of low level kernel access? Does it actually encrypt traffic between client and router? There is no way to apply a TLS certificate to WinBox in "IP Services&...

So far I love Chateau AX Pro big time, but it has a downside that makes maintenance very difficult. I always use static IP addresses + ARP for LAN/Ethernet devices with very strict firewall rules. I disable DHCP in Windows services and block broadcast packets in both directions. The problem is that ...

Has there been an update on this? It is at least possible to disable unsafe ciphers? Where does MikroTik apply TLS? Local login page?

No HTTPS? Only HTTP, Telnet, and SSH for local access?

How accurate is Mikrotik overlay for firewall rules? Without seeing actual tables, I can't even judge whether GUI applies what I think it applies...

Thank you for all your replies! I still have some questions: - Are there dumps of tools used by Router OS? For example, I want to have TCPDump, IPTables, EBTables, and ARPTables. - Are there any NVRAM dumps? - Can updates for tools (such as TCPDump, IPTables, EBTables, and ARPTables) be downloaded i...

Is it possible to install add-ons like AdGuard Home and/or Suricata?

Would clients running WireGuard (such as Windows clients running official WireGuard NT) be able to pull 700-800Mbps on Chateau AX Pro? I don't expect such throughput when running WireGuard on router itself, but fast PC's with WireGuard NT should be able to achieve such throughput. Well, if WG is ru...

Thank you for such a prompt response! Would clients running WireGuard (such as Windows clients running official WireGuard NT) be able to pull 700-800Mbps on Chateau AX Pro? I don't expect such throughput when running WireGuard on router itself, but fast PC's with WireGuard NT should be able to achie...

Every device runs ROS, so every device can act as a router if that is your question. I would not recommend any product until its clear what the requirements are. a. type of internet connections b. throughput of ISPs c. if WIFI is required, size of location, number of rooms etc... d. any other netwo...

Normally "AP" are strictly AP's.

I seek a prosumer router, something similar to UniFi Dream Machine, but with newer hardware for WireGuard throughput and better customizations. For example, I want to be able to access router via SSH to not only customize NAT via IPTables, but have my rules preserved after reboot and not have router...