VIDEO
HIGHLIGHT
Log InSign up
Configuração Inicial do MikroTik do Zero com Firewall 2021 | Leonardo Vieira
SummaryTranscriptChat

Configuração Inicial do MikroTik do Zero com Firewall 2021 | Leonardo Vieira

New Section

The video provides a detailed guide on setting up a MikroTik router from scratch, emphasizing the use of the Winbox application for configuration.

Setting Up Winbox Application

  • The Winbox application is developed by MikroTik to simplify router configurations using RouterOS.
  • It is crucial to download the latest version of Winbox to ensure compatibility and access all features.
  • Within Winbox, users can view router details such as IP address, device model, interfaces, and wireless capabilities.

New Section

Exploring further functionalities within the Winbox application for MikroTik router setup.

Accessing Router Information

  • Users can identify the router's IP address, version, model, and interfaces through Winbox.
  • Differentiate between accessing via IP or MAC address for stable connections.

New Section

Initial steps in configuring a MikroTik router through the Winbox application.

Configuring Router Settings

  • Upon first login with default credentials, users are prompted to maintain or reset factory settings.
  • Resetting configurations clears existing settings for a fresh start without backups.

New Section

Demonstrating post-reset actions and reconnection process in setting up the MikroTik router.

Post-Reset Actions

  • After resetting, refreshing allows monitoring device reconnection in Winbox interface.

Entregando IP Público e Configurações de Roteador

In this section, the speaker discusses setting up a public IP address and configuring a router for optimal performance.

Setting Up Public IP and DMZ

  • Explains the concept of DMZ (Demilitarized Zone) where incoming traffic directed to the public IP is redirected to the MikroTik router.
  • Recommends putting the operator's modem in Bridge mode for direct IP delivery to the router, essential for accessing devices like cameras or DVR remotely.

Router Updates and Versions

  • Demonstrates updating the router's operating system with options for stable, long-term, or testing versions based on stability preferences and feature requirements.
  • Highlights that version updates primarily focus on bug fixes and security enhancements rather than introducing new features.

Router Firmware Updates and Best Practices

This segment covers updating firmware on routers, emphasizing best practices to ensure smooth operations.

Updating Firmware

  • Guides through checking current firmware version and upgrading to the latest stable version for improved performance.
  • Compares updating firmware in a router to updating an operating system in a computer, stressing its critical role in system initialization and integration with hardware.

Firmware Upgrade Process

  • Details the steps involved in applying firmware upgrades, including rebooting the system twice for complete installation.
  • Emphasizes patience during reboots as interrupting the process can lead to system corruption necessitating reinstallation.

Optimizing Router Performance by Disabling Unused Packages

This part focuses on enhancing router efficiency by disabling unnecessary packages to reduce resource consumption.

Package Management

New Section

In this section, the speaker discusses the configuration of security settings on a device.

Configuring Security Settings

  • The speaker mentions the need for configuring security settings on a device.
  • They highlight the importance of having the necessary security packages installed.
  • Reference is made to specific configurations such as activating certain features like W1.
  • Configuration steps are outlined for ensuring optimal security measures on the device.

New Section

This part focuses on practical steps after disabling certain features on a device.

Practical Steps Post Disabling Features

  • After disabling features, a reboot is suggested to implement changes effectively.
  • Emphasis is placed on checking interfaces and setting up connections internally.
  • Mention of configuring devices from different operators for efficient network operations.

New Section

The discussion revolves around utilizing USB ports for power and internet connectivity.

Utilizing USB Ports

  • Explanation of using USB ports to provide power and internet connectivity to devices.
  • Reference to MikroTik devices with USB ports for dual functionality.
  • Insights into passing electrical power and internet through USB adapters efficiently.

New Section

Understanding data transmission rates and monitoring network traffic.

Data Transmission Rates and Monitoring

  • Discussion on data rates, distinguishing between download and upload speeds.
  • Importance of monitoring traffic flow through interfaces in real-time.
  • Explaining how to interpret data transfer rates effectively for network optimization.

New Section

Setting up specific download and upload speed configurations for efficient network performance.

Download and Upload Speed Configuration

  • Setting specific download (30 Mbps) and upload (3 Mbps) speeds for optimal performance.
  • Reasons behind specifying these speeds based on user requirements and network capabilities.

New Section

In this section, the speaker discusses setting up IP ranges for DHCP delivery and configuring DNS servers for clients based on network requirements.

Setting Up IP Ranges

  • Setting up IP ranges involves reserving specific numbers for DHCP delivery.
  • Example: Delivering IPs from 50 to 254 excludes IPs from 2 to 49.
  • Manual configuration may be necessary for certain devices.

Configuring DNS Servers

  • When configuring DNS servers, consider the lease time for IPs.
  • Lease time example: Assigning an IP for 10 minutes allows quick turnover if a device leaves the network.
  • Tailoring lease times based on network size and device turnover is crucial.

New Section

This part focuses on determining appropriate IP address allocation based on network size and usage patterns.

Network Size Considerations

  • For a small office with around 10 computers and less than 20 devices daily, a /24 subnet suffices without running out of IPs.
  • Adjusting lease times to three days can accommodate larger networks but may lead to IP shortage in high-turnover environments like hotels.

New Section

The discussion shifts towards customizing DHCP server configurations, including renaming servers and managing DNS settings.

Customizing DHCP Server

  • Renaming the DHCP server for organizational purposes is possible through simple interface interactions.
  • Modifying server names and related settings enhances organization within the network infrastructure efficiently.

New Section

Exploring advanced configurations such as altering DNS servers and implementing backup options for improved network reliability.

Advanced Configuration Options

  • Companies can designate primary and secondary DNS servers within DHCP settings.
  • Adding backup DNS servers ensures seamless operation in case of primary server failures, enhancing network stability.

New Section

Understanding how to manage IP leases, renewals, and view assigned IPs within the DHCP server interface.

Managing IP Leases

  • The "leases" section displays devices that have obtained IPs from the DHCP server.

Conexões e Configurações de Rede

In this section, the speaker discusses setting up network connections and configurations on a notebook.

Setting Up Network Connections

  • The speaker mentions checking internet connectivity on their notebook.
  • Emphasizes the importance of having a checklist for beginners to track tasks systematically.
  • Talks about configuring DHCP client settings on the notebook for network connections.

Configuração de Usuários e Grupos

This part focuses on user and group configuration for enhanced security measures.

User and Group Configuration

  • Creating a new user account with a unique username and password for improved security.
  • Deleting unnecessary users to prevent brute force attacks and enhance security measures.

Definição de Permissões e Acessos

Exploring permissions, access levels, and group settings for effective network management.

Permissions and Access Levels

  • Discussing different user groups like full access, read-only, and custom groups for varied permissions.
  • Highlighting the importance of creating new groups to assign specific permissions based on roles within the network.

Configurações Avançadas de Segurança

Delving into advanced security settings to safeguard network devices from unauthorized access.

Advanced Security Settings

  • Customizing user group permissions regarding device access methods like SSH or console cable.
  • Specifying tools available to different user levels such as diagnostic tools or configuration capabilities.

Gestão e Monitoramento da Rede

Addressing network management tools and monitoring software for efficient system administration.

Network Management Tools

  • Introducing MikroTik management software for configuration purposes.

System Identity and Router Configuration

In this section, the speaker discusses the System Identity feature in router configuration, emphasizing the importance of assigning unique names to routers for efficient management.

System Identity and Naming Conventions

  • The System Identity feature allows users to assign specific names to routers, facilitating easy identification.
  • Assigning unique names is crucial when managing multiple routers to avoid confusion, especially in scenarios with numerous devices.
  • Customizing names based on entities like companies or service providers enhances clarity and organization in network administration.

Network Configuration: DHCP vs. PPPoE

This segment delves into network configuration options, comparing DHCP (Dynamic Host Configuration Protocol) with PPPoE (Point-to-Point Protocol over Ethernet).

DHCP Configuration

  • DHCP enables automatic IP address assignment from a server within the network.
  • Tailoring login credentials in DHCP setups is essential for personalized access control and security.

PPPoE Setup

  • PPPoE offers an alternative to DHCP, commonly used by ISPs for authentication purposes.
  • Configuring PPPoE connections may require adjusting network interfaces and client settings for seamless internet access.

Troubleshooting Network Connectivity

This part focuses on diagnosing and resolving connectivity issues within a network setup.

Connection Debugging

  • Troubleshooting involves verifying interface configurations and ensuring proper routing for internet connectivity.
  • Addressing connection errors often requires resetting configurations or re-establishing network links for smooth operation.

Dedicated Link Setup and IP Allocation

Exploring dedicated link configurations and IP address allocation strategies for enhanced network performance.

Dedicated Link Establishment

  • Setting up dedicated links involves configuring specific IPs provided by the ISP for exclusive connectivity.
  • Fine-tuning firewall settings ensures that traffic flows smoothly through designated pathways, optimizing network functionality.

IP Address Allocation

  • Allocating fixed IPs within a subnet range streamlines network management and facilitates targeted device communication.

Interface List Creation for Network Management

Creating interface lists aids in organizing multiple internet connections efficiently within a networking environment.

Interface List Configuration

Security Parameters and Interface Configuration

In this section, the speaker discusses security parameters and interface configuration related to IP Firewall Nat settings.

Configuring Security Parameters

  • The speaker mentions using the "interface list links" feature for security parameters associated with two interfaces.
  • Demonstrates configuring internet masking for two different IPs based on the interface used.

Network Setup and DHCP Configuration

This part covers network setup, DHCP server configuration, and IP address reservation.

Network Setup

  • Setting up a bridge with ports 3 and 4 for the local network.
  • Explaining how to automate IP renewal by adjusting time settings in Windows.

DHCP Configuration

  • Highlighting the significance of disabling unused services like FTP and SSH for security.
  • Emphasizing changing default port numbers for SSH access to enhance security measures.

Port Configuration and Access Control

This segment focuses on port configurations, access control, and enhancing device security through port changes.

Port Configuration

  • Advising against using Telnet due to clear text transmission vulnerabilities.
  • Stressing the importance of changing default Winbox ports for enhanced security measures.

Access Control

  • Demonstrating how changing Winbox ports can deter unauthorized access attempts effectively.
  • Discussing the practice of altering default ports to mitigate potential vulnerabilities effectively.

Webfig Security Settings

This part delves into securing Webfig access through specific configurations.

Webfig Security

  • Advising on customizing Webfig access permissions based on network origin (local or internet).

Understanding Network Security with MikroTik Routers

In this section, the speaker discusses the concept of network security using MikroTik routers, emphasizing the role of inputs, connections, and established states in ensuring network protection.

Input and Routing

  • Inputs on a router determine where data flows.
  • The router directs traffic based on inputs like Facebook requests passing through it.
  • Blocking unwanted traffic from entering or leaving the network is crucial for security.

Connection Control

  • Managing connections is vital for network security.
  • Setting limits on packet transmission can enhance control over network traffic.
  • Monitoring established connections helps in identifying valid versus invalid ones.

Validating Connections

  • Recognizing valid connections is key to preventing unauthorized access.
  • Identifying and blocking invalid connections enhances network security.
  • Filtering out invalid connection attempts ensures only authorized traffic passes through.

Enhancing Firewall Efficiency with Rule Optimization

This segment delves into optimizing firewall rules to streamline operations, improve efficiency, and bolster network security by reducing rule complexity while maintaining effectiveness.

Rule Optimization Strategies

  • Simplifying firewall rules can lead to enhanced performance and resource utilization.
  • Fewer rules result in more efficient processing without compromising security measures.

Setting Up Internet Equalization on MikroTik Router

In this section, the speaker discusses setting up internet equalization on a MikroTik router to ensure fair distribution of bandwidth among users.

Configuring Internet Equalization

  • The user wants to divide the internet equally among visitors and residents by balancing download and upload speeds.
  • Internet is distributed evenly when multiple users are connected, ensuring everyone gets their fair share of bandwidth.
  • Configuration involves specifying the maximum download and upload limits to facilitate equal distribution among users.
  • Options include setting IP blocks or interfaces for traffic management to avoid congestion and optimize internet usage.
  • Updating settings with IP blocks or interface selections ensures efficient bandwidth allocation for different users.

Configuring Wi-Fi Security on MikroTik Router

This part focuses on configuring Wi-Fi security settings on a MikroTik router for enhanced network protection.

Enhancing Wi-Fi Security

  • Setting up a security profile with WPA2 encryption ensures secure wireless communication.
  • Choosing a strong password (minimum 8 characters) enhances network security against unauthorized access.
  • Selecting appropriate modes like G/N for Wi-Fi operation optimizes performance based on device compatibility and signal range.
  • Adjusting channel width impacts interference levels, signal strength, and overall network performance.
  • Tailoring settings such as channel width helps balance speed, coverage, and reliability in wireless connections.

Establishing Guest Wi-Fi Network Isolation

This segment covers creating a separate guest Wi-Fi network to isolate it from the main local network for enhanced security.

Guest Network Isolation

  • Creating a virtual interface for the guest network ensures segregation from the primary network, enhancing security measures.
  • Assigning a unique SSID and password to the guest network prevents unauthorized access to sensitive local resources.

Detailed Configuration Steps for Network Security

In this section, detailed steps are provided for configuring network security settings to enhance visitor access control and isolate client devices for improved security.

Configuring Visitor Access Control

  • Create a separate Wi-Fi profile with a visitor password for enhanced access control.
  • Implement client isolation by assigning a different IP range to visitors, enhancing network security.
  • Set up a DHCP server for the visitor network to manage IP addresses efficiently.
  • Configure firewall rules to prevent visitors from accessing the local network, enhancing overall security.

Enhancing Network Security

  • Implement measures to prevent viruses or malware from spreading from visitor devices to the local network.
  • Utilize network tools to monitor and protect against potential security threats.

Logging and Backup Configuration for Network Management

This section focuses on setting up logging and backup configurations to ensure effective network management and data protection.

Logging Configuration

  • Enable logging capabilities to track network activities and potential security incidents effectively.
  • Configure log storage options, including remote servers or local disk storage, based on specific requirements.

Backup Configuration

  • Establish backup procedures using external storage devices like pendrives for efficient data protection.
  • Customize backup settings to include critical logs and errors, ensuring comprehensive data recovery options.

Data Encryption and Secure Backup Procedures

This segment delves into data encryption methods and secure backup procedures essential for safeguarding sensitive information.

Data Encryption

  • Encrypt backup files securely to prevent unauthorized access or tampering with sensitive data.

Secure Backup Procedures

  • Use specific commands like Export to create encrypted backup files efficiently.
Video description

🎯 Venha para nosso servidor no DISCORD https://discord.gg/4nN2uBhrnc No Discord você poderá tirar dúvidas, participar de palestrar e muito mais. Quanto mais pessoas interessadas maiores as chances que eu vá na sua cidade. WHATSAPP (31) 97153-4214 Se faz sentido inscreva-se no canal https://bit.ly/3oxR1Yy Curso e Consultoria de MikroTik me chame no Whatsapp https://bit.ly/3CbsuRb Tópicos e localização no vídeo. 00:02:17 Entendendo o nome da RB 00:02:49 Porque o acesso por MAC fica caindo 00:04:05 Como resetar as configurações do MikroTik 00:06:15 DHCP Client ( Internet IP por DHCP ) 00:08:08 Porque colocar o modem do provedor em Bridge ou DMZ 00:10:02 Atualização do RouterOS e Firmware 00:15:25 Desativar pacotes que não serão utilizados 00:17:20 Renomeando as Interfaces / Interface pwr-line 00:19:15 Configurando a rede LAN / Bridge 00:22:47 DHCP Server Configuração passo a passo em detalhes 00:29:14 Fixar IP do host em DHCP Leases 00:31:24 NAT Masquerade 00:34:51 Criando Usuários e Grupos de Acesso ao Roteador MikroTik 00:42:24 PPPoE Client ( Link de Internet ) 00:46:04 Ativando Link Dedicado 00:48:49 Interface List no MikroTik 00:51:40 IP Service 00:56:15 Firewall 01:05:58 QOS PCQ 01:08:55 Configurando Wireless no MikroTik 01:14:02 Wifi Visitantes 01:18:30 LOG no MikroTik 01:20:31 Backup do MikroTik Script e .Backup Winbox 64-bit https://mt.lv/winbox64 Winbox 32-bit https://mt.lv/winbox #mikrotik #dominandomikrotik http://bit.ly/cursogratuitomikrotik Se você quer começar aprender MikroTik do zero tenho um curso 100% gratuito no link acima. 👇 Se faz sentido? https://bit.ly/3oxR1Yy ACOMPANHE O LEONARDO VIEIRA: 👇 Anchor: https://anchor.fm/leovieira Deezer: https://www.deezer.com/br/show/3728657 Spotify: https://open.spotify.com/show/677EuwZKpLWBgf4CyAPniB Youtube: https://www.youtube.com/c/LeoMikrotik Facebook: https://facebook.com/leonardo.mikrotik Instagram: https://instagram.com/leonardovieira.com.br #consultoria #mikrotik #tecnologiadainformação Política de Comentários do Canal: 1. Ao comentar você concorda e permite que o texto, nome de perfil e imagem de perfil, possam ser usados para ilustrar e compor conteúdo em vídeos e postagens aqui deste canal ou sites nossos, sem custo ou ônus para o criador; 2. Estas regras são retroativas e se aplicam a todo o canal, em qualquer vídeo que tenha comentários públicos. 3. Se o comentário for excluído (pelo perfil que comentou ou pelo administrador do canal), mas já tiver sido usado e exibido em algum vídeo do canal, o conteúdo em vídeo NÃO será excluído.