The Mikrotik runs all this, including the wifi AP. My understanding at the moment is that we have several VLANS set up in school - students, teachers, admin staff, wifi. The suppliers have been in trying to make it play nice with the Mikrotik router but so far they have failed, my blood pressure has risen and that is about it. It has just sat there unusued for a year or more. Roll on 12 months, IT guy has exited stage left (can't even begin to list the chaos that was uncovered), new IT guy comes in, and lots of things unravel, the main one being that the fortinet 200E was never set up. Having used Fortinet before I know that it just works well, particularly in school environments I agreed as long as it worked with the fortinet and I didn't have to worry about it.
It is very important that you use the same PCC classifiers and values that you do in mangle as in NAT so that they hash to the same value.About 18 months ago, we upgraded the school network, I insisted that we had Fortinet in to run our web filtering and firewall, but our IT guy (long gone) had to have a microtik router to manage the network and wireless AP, I don't know why, but it was a must have.
The best way to do this is by using NAT rules to redirect people transparently to your proxy, so they aren't even aware that they are using it. Then you have to start using the transparent proxy on the link that you want. Add action=mark-connection chain=prerouting connection-state=new disabled=no new-connection-mark=outside1_connection passthrough=yes per-connection-classifier=both-addresses:3/0 src-address-list=Local_NAT_NetworkĪdd action=mark-connection chain=prerouting connection-state=new disabled=no new-connection-mark=outside1_connection passthrough=yes per-connection-classifier=both-addresses:3/1 src-address-list=Local_NAT_NetworkĪdd action=mark-connection chain=prerouting connection-state=new disabled=yes new-connection-mark=outside2_connection passthrough=yes per-connection-classifier=both-addresses:3/2 src-address-list=Local_NAT_NetworkĪdd action=mark-routing chain=prerouting connection-mark=outside1_connection disabled=no new-routing-mark=to_outside1 passthrough=yes src-address-list=Local_NAT_NetworkĪdd action=mark-routing chain=prerouting connection-mark=outside2_connection disabled=no new-routing-mark=to_outside2 passthrough=yes src-address-list=Local_NAT_Network
0 kommentar(er)
