How to enable secure access via SSH and HTTPS on Mikrotik

🔐 Securing remote access to your MikroTik router is essential to protect your network from unauthorized access and potential threats. While MikroTik offers various ways to manage your router (like Winbox and WebFig), you should enable SSH. Doing so will provide encrypted and secure channels for remote administration. Additionally, enable HTTPS for further protection. SSH is perfect for command-line access, while HTTPS encrypts web-based GUI management.

Steps: Enable SSH and HTTPS on MikroTik

This guide will walk you through the steps to enable SSH and HTTPS access on your MikroTik router. It explains how to use both Winbox and the CLI.

🔍 Prerequisites

• MikroTik RouterOS (preferably updated to latest version)
• Admin access via Winbox or terminal
• Basic networking knowledge

🖥️ Enable SSH Access

Option A: Using Winbox

1. Open Winbox and log in to your router.
2. Go to IP → Services.
3. Find the SSH service in the list.
4. Make sure it’s enabled (check the checkbox).
5. (Optional but recommended) Change the default port from 22 to something higher (e.g., 2222) to reduce automated attack attempts.
6. Apply IP address restrictions by setting Available From to trusted IPs only (e.g., 192.168.88.0/24 or your public IP).

Click on SSH, it will pop up the tab to edit the port

Option B: Using CLI

/ip service enable ssh
/ip service set ssh port=2222 address=192.168.88.0/24

🌐 Enable HTTPS (Secure Web Access)

Option A: Using Winbox

1. Go to IP → Services.
2. Find www-ssl (this is the HTTPS service).
3. Make sure it’s enabled.
4. (Optional) Change the port from 443 to another secure port (e.g., 8443).
5. Restrict access using the Available From field.

Click on WWW-SSL, it will pop up the tab and you can change to new port

Note: If www-ssl is missing, your router may not have an SSL certificate installed. You can create a self-signed certificate:

1. Go to System → Certificates.
2. Click Add to generate a new certificate:
   • Name: myCert
   • Common Name: router.local or your domain/IP
3. Sign the certificate.
4. Set it as the SSL certificate under IP → Services → www-ssl.

Option B: Using CLI

/ip service enable www-ssl
/ip service set www-ssl port=8443 address=192.168.88.0/24

# Create and sign self-signed certificate if needed
/certificate add name=myCert common-name=router.local key-usage=key-cert, tls-server
/certificate sign myCert
/ip service set www-ssl certificate=myCert

🛡️ Best Practices

• Disable unused services like Telnet or FTP: /ip service disable telnet /ip service disable ftp
• Use strong passwords and consider using public key authentication for SSH.
• Limit access to known/trusted IP addresses using the Available From field.
• Regularly update RouterOS for security patches.

Final Thoughts

Enabling SSH and HTTPS access on your MikroTik router ensures secure and encrypted communication. This is especially important when managing devices remotely. With these protocols in place and unnecessary services disabled, your network’s control plane becomes significantly more secure. Learn more about how to remotely access Mikrotik Router via SSH and HTTPS to test after you have been enabled.

🔗 Tip: If you’re upgrading your MikroTik router, consider secure remote access for multiple sites. Check out our recommended devices on our Amazon affiliate store. Your purchase supports our site at no extra cost to you!

Product Review: TP-Link TL-SG2428P

The TP-Link TL-SG2428P is a sophisticated managed PoE switch designed for small to medium-sized businesses and home networking enthusiasts. Manufactured by TP-Link, a well-known leader in networking equipment, this switch falls under the category of gigabit smart managed switches. It is tailored for users who want to enhance their network with Power over Ethernet (PoE) capabilities. This makes it ideal for connecting devices like IP cameras, access points, and VoIP phones.

Appearance and Build Quality

The TL-SG2428P features a sleek, modern design with a durable metal chassis that ensures longevity and stability. The switch is a standard 1U size, fitting perfectly into the majority of server racks. Its front panel showcases 28 Gigabit Ethernet ports. Twenty-four of them support PoE+, which allows for efficient power delivery alongside data transmission.

The inclusion of 4 SFP slots at the rear provides versatility for high-speed connections and fiber optics. The overall aesthetic is professional, making it suitable for both office environments and home networking setups.

Key Features and Specifications

• PoE Configuration: 24× PoE+ (802.3at/af) ports, delivering up to 30W per port and a total PoE power budget of 250W.
• Integrated Omada SDN: Seamless integration with the Omada Software Controller for centralized management.
• Cloud Access: Remote management capabilities through the Omada app, enabling control from anywhere.
• Advanced Security Features: Supports VLAN, ACL, DoS defense, DHCP Snooping, and 802.1X radius authentication.
• Traffic Prioritization: L2/L3/L4 QoS, IGMP Snooping, Link Aggregation, and Flow Control for enhanced performance.
• Warranty: Backed by a 5-year warranty and free technical support.

Experience and Use Cases

Setting up the TP-Link TL-SG2428P was straightforward, especially for users familiar with network switches. The integration with the Omada Software Controller made it easy to manage multiple devices from a single interface.

In a home lab environment, this switch performed exceptionally well, providing stable connections without drops, even under heavy load. VLAN configuration was straightforward, allowing me to segment my network for better security and performance.

In a small business scenario, this switch becomes invaluable. Using it alongside TP-Link EAP access points helped me eliminate the clutter caused by multiple PoE injectors. This created a cleaner and more organized network rack. The ability to prioritize traffic was particularly advantageous for VoIP communications, ensuring high-quality call quality.

Pros and Cons

Pros

• Robust PoE support with a high power budget.
• Seamless integration with the Omada SDN platform.
• Advanced security features for network protection.
• Reliable performance with no frequent connection drops.
• Excellent build quality that ensures durability.
• Comprehensive management options via cloud access.

Cons

• Initial setup may be complex for users unfamiliar with managed switches.
• Higher cost compared to non-managed switches, which may not be justified for basic home use.
• Some advanced features require proper knowledge to configure effectively.

Conclusion

Overall, the TP-Link TL-SG2428P is a powerful, feature-rich switch that excels in both small business and advanced home networking environments. It has robust PoE capabilities. The convenience of the Omada SDN integration makes it an excellent choice.

It is perfect for users looking to build a reliable and efficient network. Some users may experience a learning curve. However, the benefits far outweigh the drawbacks. This switch is a worthy investment for those serious about their networking needs.