First thanks for the quick reply. This is more of a bulletin board than a forum too many hard coded formatting fields and the quick buttons at the top do not work for me either ![:)]( "Smile")
As you can see by the time stamp on my message i don't really have time for formatting ![:)]( "Smile")
1) Yes the interface lists are there for rules - i assume i can use them in the FW rules
a) I deleted WAN and I am not referring to lists currently so that need to be cleaned up most of it is from the default config
b) the interface and structure is a bit odd with regards to vlans, interfaces, lists, etc.. my past experience with other vendors products was more structured
c) I did not have a chance to remove the LAN lists stuff as i locked myself out of the MGMT Interface
2) There is no WAN here this is an internal network sitting behind an existing firewall - that is what the trunk ports are for
internet -> Firewalla Gold -> Mikrotik switch -> VLANs
3) The two trunk lists are for the two QFSP+ ports which I will use part of one to uplink to my Firewalla 2.5gb port. Don't need much more than that as my bandwidth is only 1.4gb
4) The other VLANs are for various segmentation which i want to HW offload and use the firewall rules/filters to secure. I am trying to segment as much as possilbe.
5) the ip/ARP was from the last config also - i have not deleted it but will
6) the older posts you refer to do not encompass the newer switches and using HW offloading they are simple configs which do not really apply except to learn a basic config which will completely change to implement bridge/routing HW offloading with stateless inspection. But I read them for base level knowledge.
7) I need to find a config where the MGMT interface is added so that I can use the dedicated Ether1 port only for mgmt with no IP and no routing of MAC. I have yet to find one.
I need a sample config which has HW offloading using router OS and VLAN trunking setup so I can mirror and learn.
I also posted a question about using two switches or a router @ wire speed to accomplish what i can't do with one switch because I am limited to either HW offloading for VLANs with filtering and stateless inspection or HW offloading for FW and stateful inspection.
Hopefully that makes sense.
As you can see by the time stamp on my message i don't really have time for formatting 1) Yes the interface lists are there for rules - i assume i can use them in the FW rules
a) I deleted WAN and I am not referring to lists currently so that need to be cleaned up most of it is from the default config
b) the interface and structure is a bit odd with regards to vlans, interfaces, lists, etc.. my past experience with other vendors products was more structured
c) I did not have a chance to remove the LAN lists stuff as i locked myself out of the MGMT Interface
2) There is no WAN here this is an internal network sitting behind an existing firewall - that is what the trunk ports are for
internet -> Firewalla Gold -> Mikrotik switch -> VLANs
3) The two trunk lists are for the two QFSP+ ports which I will use part of one to uplink to my Firewalla 2.5gb port. Don't need much more than that as my bandwidth is only 1.4gb
4) The other VLANs are for various segmentation which i want to HW offload and use the firewall rules/filters to secure. I am trying to segment as much as possilbe.
5) the ip/ARP was from the last config also - i have not deleted it but will
6) the older posts you refer to do not encompass the newer switches and using HW offloading they are simple configs which do not really apply except to learn a basic config which will completely change to implement bridge/routing HW offloading with stateless inspection. But I read them for base level knowledge.
7) I need to find a config where the MGMT interface is added so that I can use the dedicated Ether1 port only for mgmt with no IP and no routing of MAC. I have yet to find one.
I need a sample config which has HW offloading using router OS and VLAN trunking setup so I can mirror and learn.
I also posted a question about using two switches or a router @ wire speed to accomplish what i can't do with one switch because I am limited to either HW offloading for VLANs with filtering and stateless inspection or HW offloading for FW and stateful inspection.
Hopefully that makes sense.
Statistics: Posted by tdampier — Wed Jan 03, 2024 11:00 pm