MikroTik training is ideal for anyone working with networks, from ISP engineers and corporate administrators to wireless technicians, IT consultants, and security professionals. It equips them to design, secure, and optimize networks using RouterOS and RouterBOARD devices. Students and new IT professionals gain essential foundational skills, while small businesses benefit by learning to manage their own routers effectively. Because MikroTik is widely used for routing, bandwidth control, PPPoE, BGP, MPLS, and WiFi, certified professionals are highly valuable across ISP and enterprise environments.
| Title | Details |
|---|---|
| Course + Exam Fee | ৳ 4,000 |
| Total Modules | 12 |
| Course Duration | 16 Hours |
| Total Session | 8 |
| Class Duration | 2 Hours |
RouterOS security model
Types of attacks targeting MikroTik (botnets, brute force, exploits)
RouterOS update policies & long-term vs stable channels
Hardening management interfaces (WinBox, WebFig, SSH, API)
Secure passwords, 2FA, key-based login
Lab:
Secure a default RouterOS installation
Disable weak services and enforce secure access
Connection tracking internals
Prerouting, forward, input, output, postrouting
RAW table vs filter table distinctions
FastTrack – performance vs security considerations
Whitelist/blacklist models
Lab:
Build a clean and efficient firewall from scratch
Block common scanning attempts (Nmap, SYN flood)
Layer-7 usage and limitations
Address-lists (dynamic/static)
Port knocking implementation
Dynamic defense against brute force attacks
ICMP security, DoS mitigation, connection limits
Lab:
Create automated brute-force blocking using scripts
Build advanced filter chains with multiple address lists
Source NAT vs Destination NAT best practices
Hairpin NAT for internal service access
Hardened port-forwarding techniques
Preventing open-relay situations
Lab:
Securely expose a web server using DNAT
Apply rate limits to protect NAT’d hosts
IKEv1 and IKEv2
Main mode vs aggressive mode
Hashes, ciphers, DH groups
Phase 1 (ISAKMP) & Phase 2 (IPsec SA)
Tunnel mode vs transport mode
Lab:
Debug IPsec negotiation failures
Compare security of different crypto proposals
IKEv2 preferred modern configuration
Best practice for SA lifetimes and rekeying
Handling NAT-Traversal
Dual-WAN redundancy with IPsec
Lab:
Configure site-to-site IPsec between 2 routerOS systems
Implement failover IPsec using recursive routing
Mode Config
EAP, Certificates, RSA keys
Integrating with Windows/macOS/iOS/Android clients
User quarantine & conditional access
Lab:
Build an IKEv2 EAP remote access VPN
Restrict access using firewall + address lists
Creating CA and issuing certificates
Key usage, SAN, expiration
TLS for Hotspot, API, WinBox, HTTPS
Lab:
Build your own CA on RouterOS
Deploy certificates in an IPsec remote-access VPN
Bridge filters and protection from L2 attacks
DHCP spoofing defense
MAC server restrictions
WPA3, SAE, Enterprise EAP
Wireless client isolation
Lab:
Secure a wireless network with WPA2-EAP
Detect and block rogue DHCP servers
GRE/IPIP over IPsec
EOIP with IPsec
WireGuard basics (if RouterOS v7+)
Lab:
GRE over IPsec tunnel for routing
WireGuard secure tunnel deployment
Syslog integration
Traffic analysis tools
Detecting botnet behaviors
SIEM integration basics
Lab:
Export logs to syslog
Trigger alerts for suspect traffic
Basic MikroTik scripting language
Automated dynamic address lists
Scheduled tasks for threat cleanup
Lab:
Auto-block repeated attackers
Auto-renew certificates, rotate IPsec keys
