// service line · Active
RedCyfer Systems
Network security, firewall design, and infrastructure consulting for businesses that have outgrown a consumer router but don't have — or want — an in-house network team. The routers, the rules, and the reasoning behind them.
Talk through your network> What this covers
Firewalls & network security
Purpose-built firewall rule chains — input, forward, and output — with connection tracking, sane NAT, and mangle rules where they earn their keep. Not a box of defaults; a policy you can read and I can explain.
VLAN & segmentation design
Separate networks for work traffic, guest, IoT, and management, so a compromised smart plug can't see your accounting machine. Segmentation planned around how your business actually operates.
Site-to-site & remote-access VPN
WireGuard, IPSec, OpenVPN, or SSTP to link offices, reach cloud resources, or get staff in securely — routed properly, not bolted on.
Routing for multi-site growth
BGP and OSPF when you outgrow static routes — multiple locations, cloud VPCs, and failover paths that hold together as you add sites.
Hybrid cloud & on-prem
Connecting AWS to the gear in your closet — the kind of hybrid environment I run day in, day out. VPN concentration, routing, and the security boundary between them.
Automation & monitoring
RouterOS scripting for automated responses, plus SNMP/API integration so the network can feed dashboards and trigger actions instead of sitting dark.
> Why MikroTik first
MikroTik / RouterOS is my default recommendation for SMB firewall and routing: the price-to-capability ratio is hard to beat, and you get full CLI and scripting control instead of a locked-down appliance. It runs the same rule chains, VPNs, and routing protocols the big vendors charge a premium for.
That said — vendor choice follows your needs, not my preference. I also work with pfSense/OPNsense, Ubiquiti, Fortinet, Palo Alto, Cisco, and WatchGuard, and if you've already standardized on one of those, I'll work within it and tell you honestly where it helps or hurts. The goal is a network that's secure, documented, and something you can actually reason about — regardless of the badge on the box.