K

Control Plane

In this guide, we'll show you how to set up and configure control plane policies for your devices.

Default Policy

When you sign up for MikroCloud, a default CPF policy is automtically created. This default policy includes pre-configured settings that ensure basic protection and mangement access.

Input Rule:Description:
Trusted Networks:Common private networks (e.g., 10.0.0.0/8, 192.168.0.0./16 and 172.16.0.0/12) are pre-set as trusted.
IP Services:Essential management services like Winbox, API, and SSH are pre-enabled with default ports.
Custom input Rules:Enabled by default, which means that your own rules will be prioritized before our drop rules will be added below your custom input rules.

This default policy provides an immediate layer of protection and manacement access, which can be furter customized as needed.

An IP address of 154.66.115.255/32 is added by default, this is MikroCloud's managemengt IP address and any API calls and configurations will be sent from this IP Address, thus why it is trusted by default.

Creating a CPF Policy:

To create a new CPF Policy:

Step 1: Navigate to the Control Plane Policy Page

  1. From your dashboard, navigate to the Control Plane page, which can be found under Policies -> Control Plane.

picture 4

  1. When you are on the Control Plane Policy page, click on the + Add Policy button to begin creating a new policy.

picture 3

Step 2: Configure your Policy:

You can now give your policy a name.

  1. Underneath the Trusted Networks section, you can add or remove custom IP addresses or CIDR ranges.

picture 5

  1. Underneath the Custon Input Rules section, you can either prioritize your firewall input rules (Toggle should be ON), or you can prioritize our drop rules (Toggle in OFF Position.) before your own.

picture 6

  1. Underneath the IP Services section, you can select your own preferred ports for the services offered from the MikroTik device.

picture 7

For MikroCloud's API to function correctly, Winbox, API, and SSH must be enabled.

  1. Underneath the Selected Sites section, you can select the sites for which this policy will apply.
    • You can leave the selected sites empty, if you want to return later and confirm that the settings you selected are correct and preferred.
    • See Editing in order to add sites at a later stage.

picture 8

The settings you configure above, will only apply to the sites you select here.

When done, you can then just click on the Add button in order to create the new policy.

Editing a CPF Policy

Editing an existing CPF Policy is easier than it sounds like.

  1. On the Control Plane Policy page, locate the policy you wish to edit from the list.
  2. Click on the Policy's Name to access its configuration page.
  3. Make any necesssary adjustments.
  4. Any changes made, will be automatically applied and saved, no need for more buttons.

Removing a CPF Policy

  1. On the Control Plane Policy page, locate the policy you wish to remove from the list.
  2. At the top right corner, you will see a trashcan icon.

picture 9

  1. When ready to remove the policy, just click on the trashcan icon.

Was this page helpful?