I have the following router, which is RB750Gr3.
I have a fibre broadband coming to the premises, which comes with a subnet mask of /27. What I am trying to achieve is to use the RB750Gr3 to split the broadband across three different firewalls.
My ISP router would be connected to ETH1 and each subsequent firewall representing a separate customer would be connected to the next available port, meaning Firewall 1 would go to ETH2, Firewall 2 would go to ETH3, etc.. Each firewall would have its own dedicated public IP address from my /27 ISP subnet, and I would not use NAT at all.
I am also trying to use this mini project as a great place to explore the MT world and learn more about their products. With that being said, I would like to ask for your advice regarding the following things below:
1. I thought it would be nice to isolate all three independent firewalls at Layer2 by implementing VLANs. Would you recommend using bridge VLAN filtering, or perhaps shall I try to implement any other approach? With bridge VLAN filtering I would basically create an untagged VLAN per each port to isolate all firewalls.
2. If using a bridge, should WAN interface be out of the bridge or should it be a part of it?
3. I also want to assign ETH5 as a management port, so if using a bridge, should I remove ETH5 from the bridge, or shall I just create another untagged VLAN on this port, solely for the management purpose?
4. Does using a bridge affect the performance of the router or shall I just utilise a switch chip, since this model of MikroTik includes one?
I would like to kindly ask for your understanding as I am new to MikroTik and I have already spent, so much time exploring YouTube, Google and MikroTik Wiki, but we all know how it all can be vague and strange at the first time.
I look forward to hearing back from you soon.