Primeiro Commit - Backup Mikrotik

2025-12-08 12:05:06 -03:00
commit c1182721ac
20 changed files with 7443 additions and 0 deletions
--- a/CGNAT02/05-12-2025.CGNAT_FIX02.backup
+++ b/CGNAT02/05-12-2025.CGNAT_FIX02.backup
--- a/CGNAT02/05-12-2025.CGNAT_FIX02.rsc
+++ b/CGNAT02/05-12-2025.CGNAT_FIX02.rsc
--- a/CGNAT02/05-12-2025.NAT02-CCR2004.backup
+++ b/CGNAT02/05-12-2025.NAT02-CCR2004.backup
--- a/CGNAT02/05-12-2025.NAT02-CCR2004.rsc
+++ b/CGNAT02/05-12-2025.NAT02-CCR2004.rsc
@@ -0,0 +1,468 @@
+# 2025-12-05 12:34:34 by RouterOS 7.20.5
+# software id = R71A-HA5S
+#
+# model = CCR2004-16G-2S+
+# serial number = HG809N0C8R9
+/interface ethernet
+set [ find default-name=ether1 ] disabled=yes
+set [ find default-name=ether2 ] disabled=yes
+set [ find default-name=ether3 ] disabled=yes
+set [ find default-name=ether4 ] disabled=yes
+set [ find default-name=ether5 ] disabled=yes
+set [ find default-name=ether6 ] disabled=yes
+set [ find default-name=ether7 ] disabled=yes
+set [ find default-name=ether8 ] disabled=yes
+set [ find default-name=ether9 ] disabled=yes
+set [ find default-name=ether10 ] disabled=yes
+set [ find default-name=ether11 ] disabled=yes
+set [ find default-name=ether12 ] disabled=yes
+set [ find default-name=ether13 ] disabled=yes
+set [ find default-name=ether14 ] disabled=yes
+set [ find default-name=ether15 ] disabled=yes
+set [ find default-name=ether16 ] disabled=yes
+set [ find default-name=sfp-sfpplus2 ] disabled=yes
+/interface vlan
+add interface=sfp-sfpplus1 name=0024-GERENCIA-L2 vlan-id=24
+add interface=sfp-sfpplus1 name=0042-Servicos-IPv4 vlan-id=42
+add interface=sfp-sfpplus1 name=0124-GERENCIA-L3 vlan-id=124
+add interface=sfp-sfpplus1 name=0620-Servicos-IPv6 vlan-id=620
+add interface=sfp-sfpplus1 name=2142-OSPF_B1 vlan-id=2142
+add interface=sfp-sfpplus1 name=2242-OSPF_B2 vlan-id=2242
+add interface=sfp-sfpplus1 name=2602-IPv4-HEXA vlan-id=2602
+add interface=sfp-sfpplus1 name=vlan1441-itx-sw-hw-04 vlan-id=1441
+/interface list
+add exclude=all include=static name=ospf-interfaces
+/interface lte apn
+set [ find default=yes ] ip-type=ipv4 use-network-apn=no
+/ip pool
+add name=pool1 ranges=198.18.0.5-198.18.0.8
+/ip smb users
+set [ find default=yes ] disabled=yes
+/ipv6 pool
+add name=pool-enlace prefix=2804:47e4:8000:1::1c/126 prefix-length=128
+/port
+set 0 name=serial0
+/ppp profile
+add change-tcp-mss=no local-address=10.0.24.33 name=L2TP remote-address=pool1 \
+    use-compression=no use-encryption=yes use-upnp=no
+/routing id
+add disabled=no id=10.0.24.33 name=OSPF select-dynamic-id=only-static
+/routing ospf instance
+add disabled=no name=ospf originate-default=never out-filter-chain=OSPF-OUT \
+    redistribute=connected,static router-id=OSPF routing-table=main
+add disabled=no name=ospfv3 originate-default=never out-filter-chain=\
+    OSPFv3-OUT redistribute=connected router-id=OSPF version=3
+/routing ospf area
+add disabled=no instance=ospf name=ospf-area-0
+add disabled=no instance=ospfv3 name=ospfv3-area-0
+/snmp community
+set [ find default=yes ] addresses=10.0.0.0/8 name=ctcorp-lan
+/system logging action
+add name=Gray remote=10.0.24.69 remote-log-format=syslog src-address=\
+    10.0.24.33 target=remote
+/ip smb
+set enabled=no
+/ip firewall connection tracking
+set enabled=yes udp-timeout=10s
+/ip neighbor discovery-settings
+set discover-interface-list=all
+/ip settings
+set max-neighbor-entries=8192
+/ipv6 settings
+set max-neighbor-entries=8192 soft-max-neighbor-entries=8191
+/interface l2tp-server server
+set allow-fast-path=yes authentication=chap,mschap1,mschap2 default-profile=\
+    L2TP enabled=yes keepalive-timeout=60 l2tpv3-ether-interface-list=all \
+    max-mru=1480 max-mtu=1480 one-session-per-host=yes use-ipsec=yes
+/interface list member
+add interface=2142-OSPF_B1 list=ospf-interfaces
+add interface=2242-OSPF_B2 list=ospf-interfaces
+/interface ovpn-server server
+add mac-address=FE:6F:8A:36:83:70 name=ovpn-server1
+/ip address
+add address=10.0.24.33/24 interface=0024-GERENCIA-L2 network=10.0.24.0
+add address=10.1.21.42/30 interface=2142-OSPF_B1 network=10.1.21.40
+add address=10.1.22.42/30 interface=2242-OSPF_B2 network=10.1.22.40
+add address=45.228.246.97/27 comment="### 246.97 - Gateway-042" interface=\
+    0042-Servicos-IPv4 network=45.228.246.96
+add address=10.1.24.33/24 interface=0124-GERENCIA-L3 network=10.1.24.0
+add address=45.228.246.31 interface=lo network=45.228.246.31
+add address=45.228.246.16 interface=lo network=45.228.246.16
+add address=10.0.5.9/30 interface=vlan1441-itx-sw-hw-04 network=10.0.5.8
+add address=45.228.246.64 comment=IPv4-pub-NAT-HEXA interface=lo network=\
+    45.228.246.64
+add address=10.95.200.1/24 comment=IPv4-priv-NAT-HEXA interface=\
+    2602-IPv4-HEXA network=10.95.200.0
+/ip cloud
+set update-time=no
+/ip dns
+set servers=45.228.246.122,45.228.244.121
+/ip firewall address-list
+add address=45.228.244.4 list=CONFIAVEIS
+add address=45.228.246.4 list=CONFIAVEIS
+add address=10.1.24.0/24 list=CONFIAVEIS
+add address=10.0.24.0/24 list=CONFIAVEIS
+add address=10.25.0.0/18 list=CONFIAVEIS
+add address=45.228.244.8/29 list=CONFIAVEIS
+add address=45.228.244.96/27 list=CONFIAVEIS
+add address=45.228.246.96/27 list=CONFIAVEIS
+add address=100.64.0.0/10 list=CONFIAVEIS
+add address=10.64.69.0/30 list=CONFIAVEIS
+add address=45.228.244.121 list=DNS-SERVERs
+add address=45.228.246.122 list=DNS-SERVERs
+add address=45.228.244.101 list=DNS-SERVERs
+add address=45.228.246.102 list=DNS-SERVERs
+add address=45.228.246.100 list=DNS-SERVERs
+add address=45.228.244.8/29 list=0030-SERVIDORES
+add address=45.228.244.96/27 list=SERVIDORES
+add address=45.228.246.96/27 list=SERVIDORES
+add address=10.25.0.25 list=GeniACS
+add address=45.228.246.105 list=GeniACS
+add address=45.228.245.0/24 list=ACS-CPEs
+add address=45.228.247.0/24 list=ACS-CPEs
+add address=10.25.0.0/18 list=ACS-CPEs
+add address=198.18.0.8 list=POOL-GERENCIA
+add address=198.18.0.7 list=POOL-GERENCIA
+add address=198.18.0.6 list=POOL-GERENCIA
+add address=198.18.0.5 list=POOL-GERENCIA
+add address=10.0.24.0/24 list=LOCAL-VPN-NAT
+add address=198.18.0.4/30 list=LOCAL-VPN-NAT
+add address=45.228.244.0/22 list=BLOCO-FIX
+add address=45.228.244.4 list=ACPT-INPUT
+add address=10.1.24.0/24 list=ACPT-INPUT
+add address=45.228.246.4 list=ACPT-INPUT
+add address=10.0.24.0/24 list=ACPT-INPUT
+add address=10.1.21.32/30 list=ACPT-INPUT
+add address=10.1.22.32/30 list=ACPT-INPUT
+add address=10.25.0.0/18 list=ACPT-INPUT
+add address=45.228.244.8/29 list=ACPT-INPUT
+add address=45.228.244.96/27 list=ACPT-INPUT
+add address=10.0.5.4/30 list=ACPT-INPUT
+add address=45.228.244.96/27 list=zabbix-agent
+add address=45.228.246.96/27 list=zabbix-agent
+add address=45.228.244.101 list=CWPs
+add address=45.228.246.102 list=CWPs
+add address=10.95.200.0/24 list=LAN-HEXA
+/ip firewall filter
+add action=fasttrack-connection chain=forward connection-state=\
+    established,related hw-offload=yes
+add action=accept chain=forward connection-state=established,related
+add action=accept chain=forward comment="Permit - ICMP Protocol" disabled=yes \
+    protocol=icmp
+add action=accept chain=forward comment="Permit - DNS REVERSO" disabled=yes \
+    dst-address=45.228.246.100 dst-port=53 protocol=tcp
+add action=accept chain=forward comment="Permit - DNS REVERSO" disabled=yes \
+    dst-address=45.228.246.100 dst-port=53 protocol=udp
+add action=accept chain=forward comment="Permit - acs - 7547 tcp" disabled=\
+    yes dst-address=45.228.246.105 dst-port=7547 protocol=tcp
+add action=accept chain=forward comment="Permit - Upload SRC" disabled=yes \
+    src-address-list=CONFIAVEIS
+add action=accept chain=forward comment="Permit - DNS (TCP)" disabled=yes \
+    dst-address-list=DNS-SERVERs dst-port=53 protocol=tcp src-address-list=\
+    CONFIAVEIS
+add action=accept chain=forward comment="Permit - DNS (UDP)" disabled=yes \
+    dst-address-list=DNS-SERVERs dst-port=53 protocol=udp src-address-list=\
+    CONFIAVEIS
+add action=accept chain=forward comment="Permit - NTPSec (UDP)" disabled=yes \
+    dst-address-list=DNS-SERVERs dst-port=123 protocol=udp src-address-list=\
+    CONFIAVEIS
+add action=accept chain=forward comment="Permit - HTTPs (TCP)" disabled=yes \
+    dst-address-list=SERVIDORES dst-port=80,443 protocol=tcp
+add action=accept chain=forward comment="Permit - HTTPs (UDP)" disabled=yes \
+    dst-address-list=SERVIDORES dst-port=80,443 protocol=udp
+add action=accept chain=forward comment="Permit - Servicos (TCP)" disabled=\
+    yes dst-address-list=SERVIDORES dst-port=3000,3001,8443,8080 protocol=tcp
+add action=accept chain=forward comment="Permit - Servicos (UDP)" disabled=\
+    yes dst-address-list=SERVIDORES dst-port=3000,3001,8443,8080 protocol=udp
+add action=accept chain=forward comment="Permit - Servicos" disabled=yes \
+    dst-address-list=SERVIDORES src-address-list=SERVIDORES
+add action=accept chain=forward comment="Permit - Radios" disabled=yes \
+    in-interface=*16
+add action=accept chain=forward comment="Permit - Radios" disabled=yes \
+    out-interface=*16
+add action=accept chain=forward comment="Permit - OpaSuite (exception)" \
+    disabled=yes dst-address=45.228.246.98
+add action=accept chain=input comment="Permit - Estab and Related" \
+    connection-state=established,related disabled=yes
+add action=accept chain=input comment="Permit - ICMP" disabled=yes protocol=\
+    icmp
+add action=accept chain=input comment="Permit - OSPF Protocol" disabled=yes \
+    in-interface-list=ospf-interfaces protocol=ospf
+add action=accept chain=input comment="Permit - IPsec Ports" disabled=yes \
+    dst-port=500,1701,4500 protocol=udp
+add action=accept chain=input comment="Permit - IPsec Protocol" disabled=yes \
+    protocol=ipsec-esp
+add action=accept chain=input comment="Permit - L2TP Protocol" disabled=yes \
+    protocol=l2tp
+add action=accept chain=input comment="Permit - Winbox Service" disabled=yes \
+    dst-port=8292 protocol=tcp src-address-list=ACPT-INPUT
+add action=accept chain=input comment="Permit - Trusted" disabled=yes \
+    src-address-list=ACPT-INPUT
+add action=accept chain=forward disabled=yes dst-address-list=CWPs
+add action=drop chain=forward disabled=yes log-prefix=drop-all-
+add action=drop chain=input disabled=yes
+/ip firewall nat
+add action=src-nat chain=srcnat comment=\
+    "NAT DA VPN PARA ACESSO A GERENCIA 10.0.24.0/24" disabled=yes \
+    dst-address=10.0.24.0/24 src-address-list=POOL-GERENCIA to-addresses=\
+    10.0.24.33
+add action=src-nat chain=srcnat comment="SRC-NAT-HEXA  - 45.228.246.64" \
+    src-address-list=LAN-HEXA to-addresses=45.228.246.64
+add action=src-nat chain=srcnat comment="DEFAULT NAT - 246.31" dst-address=\
+    !10.0.0.0/8 dst-address-list=!SERVIDORES protocol=!ospf src-address=\
+    10.0.24.0/24 to-addresses=45.228.246.31
+add action=src-nat chain=srcnat comment="## regra UPDATE" disabled=yes \
+    dst-address-list=!POOL-GERENCIA protocol=!ospf to-addresses=45.228.246.31
+/ip firewall service-port
+set ftp disabled=yes
+set tftp disabled=yes
+set h323 disabled=yes
+set sip disabled=yes
+set pptp disabled=yes
+/ip ipsec profile
+set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
+/ip route
+add blackhole comment="## Rota em Blackhole" disabled=no distance=255 \
+    dst-address=45.228.246.64/27 gateway="" pref-src="" routing-table=main \
+    scope=30 suppress-hw-offload=no target-scope=10
+add blackhole comment="## Rota em Blackhole" disabled=no distance=255 \
+    dst-address=45.228.246.16/28 gateway="" pref-src="" routing-table=main \
+    scope=30 suppress-hw-offload=no target-scope=10
+add disabled=no distance=210 dst-address=0.0.0.0/0 gateway=10.1.22.41 \
+    pref-src="" routing-table=main scope=20 suppress-hw-offload=no \
+    target-scope=10
+/ipv6 route
+add disabled=no distance=200 dst-address=::/0 gateway=2804:47e4:8000:1::21 \
+    routing-table=main scope=30 target-scope=10
+add disabled=yes distance=20 dst-address=::/0 gateway=2804:47e4:8000:1::19 \
+    routing-table=main scope=30 suppress-hw-offload=no target-scope=10
+/ip service
+set ftp disabled=yes
+set ssh disabled=yes
+set telnet disabled=yes
+set www disabled=yes
+set winbox address=45.228.244.0/22,10.0.0.0/8,198.18.0.0/30,2804:47e4::/32 \
+    port=8292
+set api disabled=yes
+set api-ssl disabled=yes
+/ip smb shares
+set [ find default=yes ] directory=/pub
+/ip traffic-flow
+set active-flow-timeout=5m cache-entries=64k interfaces=2142-OSPF_B1
+/ip traffic-flow target
+add dst-address=10.0.24.128 port=9996 src-address=10.0.24.24 version=5
+add dst-address=10.0.24.128 port=9996 src-address=10.0.24.24 version=5
+/ip upnp
+set enabled=yes
+/ip upnp interfaces
+add interface=*16 type=internal
+add interface=2142-OSPF_B1 type=external
+/ipv6 address
+add address=2804:47e4:8002::33 advertise=no comment=\
+    "# Desativar o Advertase  e depois desativar ND |  BUG com Firewall" \
+    interface=0620-Servicos-IPv6
+add address=2804:47e4:8000:1::22/126 advertise=no interface=2242-OSPF_B2
+add address=2804:47e4:0:1::22/126 advertise=no interface=2142-OSPF_B1
+add address=2804:47e4:8000:1::1a/126 advertise=no disabled=yes interface=\
+    2602-IPv4-HEXA
+add address=2804:47e4:8002:2601::33 advertise=no comment="## LAN SAGE" \
+    disabled=yes interface=lo
+/ipv6 firewall address-list
+add address=2804:47e4::/32 list=FIX-MeuBloco
+add address=2804:47e4:1::/64 list=AL-ACPT-SERVICOS
+add address=2804:47e4:1::141/128 list=ACL-hosepdage
+add address=2804:47e4:8002::142/128 list=ACL-hosepdage
+add address=2804:47e4:1::125/128 list=ACL-hosepdage
+add address=2804:47e4:8002::/64 list=AL-ACPT-SERVICOS
+add address=2804:47e4:1::122/128 list=ACL-hosepdage
+add address=2804:47e4::/32 list=CONFIAVEIS
+add address=2804:47e4:8002::/64 list=SERVIDORES
+add address=2804:47e4:1::/64 list=SERVIDORES
+add address=2804:47e4:1::120/128 list=DNS-SERVER
+add address=2804:47e4:8002::124/128 list=DNS-SERVER
+add address=2804:47e4:0:1::22/128 list=INPUT-OSPFv3
+add address=2804:47e4:8000:1::22/128 list=INPUT-OSPFv3
+add address=2804:47e4:8002::7777/128 list=ACL-hosepdage
+add address=2804:47e4:8002::230/128 list=DNS-SERVER
+add address=2804:47e4:8002::110/128 list=ACL-hosepdage
+add address=2804:47e4:8002::228/128 list=ACL-hosepdage
+add address=2804:47e4:8002::145/128 list=ACL-hosepdage
+add address=2804:47e4:8002::15/128 disabled=yes list=ACL-hosepdage
+add address=2804:47e4:1::141/128 list=CWPs
+add address=2804:47e4:8002::142/128 list=CWPs
+/ipv6 firewall filter
+add action=accept chain=input comment=ICMPV6 protocol=icmpv6
+add action=accept chain=forward comment="Permit - Established, related" \
+    connection-state=established,related
+add action=accept chain=forward comment="Permit - ICMPv6" protocol=icmpv6
+add action=accept chain=input comment="Permit - input - estab, related" \
+    connection-state=established,related
+add action=accept chain=input comment="Permit - OSPFv3" in-interface-list=\
+    ospf-interfaces protocol=ospf
+add action=accept chain=input comment="Permit - Link Local" src-address=\
+    fe80::/10
+add action=accept chain=forward comment="Permit - Upload" src-address-list=\
+    FIX-MeuBloco
+add action=accept chain=forward comment="Permit - All (excecao)" \
+    dst-address-list=ACL-hosepdage
+add action=accept chain=forward comment=IXC dst-address=\
+    2804:47e4:8002::15/128 dst-port=80,443 protocol=tcp
+add action=accept chain=forward comment=IXC dst-address=\
+    2804:47e4:8002::15/128 dst-port=80,443 protocol=udp
+add action=accept chain=forward comment="Permit - REVERSO" dst-address=\
+    2804:47e4:8002::230/128 dst-port=53 protocol=udp
+add action=accept chain=forward comment="Permit - REVERSO" dst-address=\
+    2804:47e4:8002::230/128 dst-port=53 protocol=tcp
+add action=accept chain=forward comment="Permit - Servicos (all)" \
+    dst-address-list=AL-ACPT-SERVICOS src-address-list=AL-ACPT-SERVICOS
+add action=accept chain=forward comment="Permit - DNS (udp)" \
+    dst-address-list=DNS-SERVER dst-port=53 protocol=udp src-address-list=\
+    FIX-MeuBloco
+add action=accept chain=forward comment="Permit - DNS (tcp)" \
+    dst-address-list=DNS-SERVER dst-port=53 protocol=tcp src-address-list=\
+    FIX-MeuBloco
+add action=accept chain=forward comment="Permit - WebServer (udp)" \
+    dst-address-list=SERVIDORES dst-port=443,3000,3001,8080,8443,8880 \
+    protocol=udp
+add action=accept chain=forward comment="Permit - WebServer (tcp)" \
+    dst-address-list=SERVIDORES dst-port=443,3000,3001,8080,8443,8880 \
+    protocol=tcp
+add action=accept chain=input comment="Permit - Winbox" dst-port=8292 \
+    protocol=tcp src-address-list=FIX-MeuBloco
+add action=accept chain=input comment="Permit - SSH" dst-port=9022 protocol=\
+    tcp src-address-list=FIX-MeuBloco
+add action=accept chain=input comment="Permit - SSH" dst-address=\
+    2804:47e4:8002::f120/128 dst-port=9022 protocol=tcp
+add action=accept chain=forward comment="Permit - CWP" dst-address-list=CWPs
+add action=drop chain=input comment=drop-input
+add action=drop chain=forward comment="drop - All" log-prefix=dropv6-
+/ipv6 nd
+set [ find default=yes ] advertise-dns=no disabled=yes \
+    managed-address-configuration=yes other-configuration=yes ra-preference=\
+    low
+add advertise-dns=no interface=0620-Servicos-IPv6 \
+    managed-address-configuration=yes
+add advertise-dns=no interface=2142-OSPF_B1 managed-address-configuration=yes
+add advertise-dns=no interface=2242-OSPF_B2 managed-address-configuration=yes
+/ppp secret
+add name=andrefix profile=L2TP service=l2tp
+add name=danielfix profile=L2TP service=l2tp
+add name=otaviofix profile=L2TP service=l2tp
+/radius
+add address=10.0.24.24 disabled=yes require-message-auth=no service=login \
+    timeout=300ms
+add address=10.0.24.24 disabled=yes require-message-auth=no service=login \
+    timeout=300ms
+/routing bfd configuration
+add disabled=yes interfaces=all min-rx=200us min-tx=200us multiplier=5
+add disabled=yes interfaces=all min-rx=200us min-tx=200us multiplier=5
+/routing filter rule
+add chain=OSPF-OUT disabled=no rule=\
+    "if (dst in 45.228.246.96/27 && dst-len >  27) {reject} else {accept}"
+add chain=OSPF-OUT disabled=no rule=\
+    "if (dst in 45.228.246.64/27 && dst-len >  27) {reject} else {accept}"
+add chain=OSPF-OUT disabled=no rule=\
+    "if (dst in 45.228.246.16/28 && dst-len >  28) {reject} else {accept}"
+add chain=OSPFv3-OUT disabled=no rule=\
+    "if (dst in 2804:47e4:8002::/48 && dst-len >  48) {reject} else {accept}"
+/routing ospf area range
+add area=ospf-area-0 disabled=no prefix=45.228.246.96/27
+add area=ospfv3-area-0 disabled=no prefix=2804:47e4:8002::/64
+add area=ospf-area-0 disabled=no prefix=45.228.246.64/27
+/routing ospf interface-template
+add area=ospf-area-0 auth=md5 auth-id=1 cost=20 disabled=no interfaces=\
+    2242-OSPF_B2 networks=10.1.22.40/30 priority=1 type=ptp
+add area=ospf-area-0 auth=md5 auth-id=1 cost=100 disabled=no interfaces=\
+    2142-OSPF_B1 networks=10.1.21.40/30 priority=1 type=ptp
+add area=ospfv3-area-0 cost=20 disabled=no interfaces=2242-OSPF_B2 networks=\
+    2804:47e4:8000:1::22/126 priority=1 type=ptp
+add area=ospfv3-area-0 cost=100 disabled=no interfaces=2142-OSPF_B1 networks=\
+    2804:47e4:0:1::22/126 priority=1 type=ptp
+add area=ospf-area-0 disabled=no interfaces=all passive
+add area=ospfv3-area-0 disabled=no interfaces=all passive
+/snmp
+set contact="FIX FIBRA" enabled=yes location=\
+    "\"R. Antonio Dias Adorno, 375,Diadema,SP,BR\"" trap-version=2
+/system clock
+set time-zone-name=America/Sao_Paulo
+/system identity
+set name=NAT02-CCR2004
+/system logging
+add action=echo disabled=yes prefix=snmp_ topics=debug,snmp
+add action=Gray disabled=yes prefix=snmp_ topics=debug,snmp
+add action=Gray prefix=CRI topics=critical
+add action=Gray prefix=BK topics=backup
+add action=Gray prefix=INFO topics=info
+add action=Gray prefix=WARM topics=warning
+/system note
+set show-at-login=no
+/system ntp client
+set enabled=yes
+/system ntp client servers
+add address=10.0.24.120
+add address=10.0.24.124
+/system routerboard settings
+set enter-setup-on=delete-key
+/system scheduler
+add comment="Crodar dia 25/01 as 3 da manha" name=Atualizacao on-event=\
+    "/system reboot" policy=reboot start-date=2025-03-11 start-time=03:00:00
+/system script
+add dont-require-permissions=no name=backupSFTP owner=otaviofix policy=\
+    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
+    log warning \"***************************************\"\
+    \n#Conexao SFTP\
+    \n\
+    \n:global host 10.1.24.137\
+    \n:global usuario backups\
+    \n:global senha backups@fixfibra2@\
+    \n:global diretorio /SFTP/backups/mikrotik/router/CGNAT02\
+    \n\
+    \n#Pega o nome do Router\
+    \n\
+    \n:global identifica [/system identity get name]\
+    \n\
+    \n#Gera data no formato AAAA-MM-DD\
+    \n\
+    \n:global data [/system clock get date]\
+    \n:global ano [:pick \$data 0 4]\
+    \n:global mes [:pick \$data 5 7]\
+    \n:global dia [:pick \$data 8 10]\
+    \n\
+    \n:log info \"Gerando backup: \$dia-\$mes-\$ano.\$identifica.backup\";\
+    \n/system backup save name=\"\$dia-\$mes-\$ano.\$identifica\";\
+    \n:log info \"Gerando export: \$dia-\$mes-\$ano.\$identifica.rsc\";\
+    \n/export file=\"\$dia-\$mes-\$ano.\$identifica\"\
+    \n:log info \"Processando...\";\
+    \n:delay 5s\
+    \n\
+    \n:log info \"Conectando SFTP Server...\";\
+    \n:log info \"Enviando Backup [\$dia-\$mes-\$ano.\$identifica.backup] ...\
+    \";\
+    \n/tool fetch address=\$host src-path=\"\$dia-\$mes-\$ano.\$identifica.bac\
+    kup\" user=\"\$usuario\" password=\"\$senha\" port=9022 upload=yes mode=sf\
+    tp dst-path=\"\$diretorio/\$dia-\$mes-\$ano.\$identifica.backup\"\
+    \n:log info \"Enviando Export [\$dia-\$mes-\$ano.\$identifica.rsc] ...\";\
+    \n/tool fetch address=\$host src-path=\"\$dia-\$mes-\$ano.\$identifica.rsc\
+    \" user=\"\$usuario\" password=\"\$senha\" port=9022 upload=yes mode=sftp \
+    dst-path=\"\$diretorio/\$dia-\$mes-\$ano.\$identifica.rsc\"\
+    \n:delay 1\
+    \n\
+    \n:log info \"Backup enviado com sucesso...\";\
+    \n:log info \"Removendo arquivos...\";\
+    \n/file remove \"\$dia-\$mes-\$ano.\$identifica.backup\"\
+    \n/file remove \"\$dia-\$mes-\$ano.\$identifica.rsc\"\
+    \n:log info \"Rotina de backup finalizada...\";\
+    \n:log warning \"***************************************\";\
+    \n"
+/tool bandwidth-server
+set enabled=no
+/tool mac-server
+set allowed-interface-list=none
+/tool mac-server mac-winbox
+set allowed-interface-list=none
+/tool mac-server ping
+set enabled=no
+/tool romon
+set enabled=yes
+/user aaa
+set use-radius=yes