|
|
|
|
|
|
by d00bianista
2504 days ago
|
|
|
Mikrotik has recently made bridging much saner, which makes their portfolio complete for datacenter use and pretty close on bridging users in the access layer. Their CCR-series is very much bang per buck if L4-filtering is enough, which should be enough in today's world of end-to-end encrypted communications. The CRS3xx-series as stated has become much saner with changes to bridging and with most features implemented are also worth the cost. The upside with affordable devices and the licensing model they have, make it possible to keep cold spares available in case of disaster. It does however make sense to study the management interfaces and disable all but SSH and HTTPS in order to minimize attack surface. |
|
|
I used to test changes (when duties allowed) with nmap, and several times I showed experienced engineers that they had left a service open to the WAN by mistake! When a network is in the hands of general engineers, like it often is in the SME space, I like Watchguard firewalls. Very good defaults, helpful os.
I can imagine in a datacenter where you have network specialists, and robust working procedures Mikrotik could work well.
I use Unifi for Wifi, and have used their routers for a dedicated guest wifi network. For switches I know nothing other than HP, but don't see a lot of issues, especially with the Aruba kit.