Introduction

This guide details the process of integrating your prepared MikroTik router (configured as per the Initial Configuration guide) with the Altostrat SDX platform. Completing these steps establishes a secure connection between your hardware and Altostrat, enabling monitoring, management, and the application of Altostrat’s SDN and security services.

Detailed Step-by-Step Integration Guide

1. Access the Altostrat Portal and Navigate to Sites

  1. Log in to the Altostrat SDX portal at https://sdx.altostrat.app.
  2. Navigate to the Sites section using the main menu. This area lists all locations/devices currently integrated with your account.

2. Create a Site Representation in Altostrat

  1. Click the + Add button to create a new logical representation for your physical router or location within Altostrat SDX.

Creating a “Site” in Altostrat generates a unique identifier and a container for the device’s configuration, policies, logs, and monitoring data within the platform. This conceptually relates to creating a site resource via the API (e.g., POST /site (API Docs)).

3. Initiate the Router Integration (Express Deploy)

  1. Once the site is created, navigate to its overview page. Click the Add Router button (or similar) to start the “Express Deploy” process.
  2. This workflow securely generates the necessary commands to link your physical MikroTik hardware to this logical site representation in Altostrat SDX.

4. Select and Review Control Plane Policy

  1. You may be prompted to select an initial Control Plane Policy for the device (or the default policy might be automatically selected). This policy governs basic management access and firewall settings. (Learn More).

If only the default policy exists, this step might be skipped automatically.

  1. Review the settings associated with the selected Control Plane Policy that will be applied during onboarding.

5. Accept Settings and Generate Bootstrap Command

  1. Preview any initial configuration settings derived from the Control Plane policy (e.g., firewall rules, initial VPN parameters).
  1. Click Accept to confirm. This triggers the generation of a unique, secure Bootstrap Command.

6. Copy the Generated Bootstrap Command

  1. Altostrat SDX will display the one-time Bootstrap Command.
  2. Copy this entire command to your clipboard. It contains a secure token linking it to this specific site onboarding process.

This command typically instructs the router to securely fetch an initial script from an Altostrat endpoint, using a temporary Runbook token for authentication (Conceptually related to GET /{id} using a RunbookToken (API Docs)).

7. Execute the Bootstrap Command on Your MikroTik Device

  1. Access your MikroTik router’s command line interface (CLI) using Winbox (New Terminal) or SSH.
  2. Paste the entire Bootstrap Command copied from the Altostrat portal into the terminal and press Enter.
  3. Wait for the script to execute. This may take a few moments.

What the Bootstrap Command Does:

  • Downloads initial adoption scripts from Altostrat.
  • Authenticates the device using the embedded secure token.
  • Sends device hardware/software information back to Altostrat to complete the adoption process (Conceptually related to POST /adopt/{id} (API Docs)).
  • Establishes the persistent, secure Management VPN tunnel to Altostrat.
  • Installs a scheduler on the router for periodic check-ins (heartbeats) and job polling (Conceptually uses POST /poll (API Docs)).

8. Confirm Router Integration and Online Status

  1. Return to the Sites page in the Altostrat SDX portal.
  2. Refresh the page after a minute or two. Verify that your newly added router is listed and its status shows as Online.

An Online status indicates the router successfully completed the bootstrap process, established the Management VPN, and is sending regular heartbeat signals to Altostrat.

  1. Troubleshooting: If the router shows as Offline or doesn’t appear:
  • Verify the router still has internet connectivity (Step 4 in Initial Configuration).
  • Ensure the full bootstrap command was copied and executed correctly.
  • Check the Altostrat Orchestration Logs for this site for any error messages related to the adoption process.
  • Confirm firewall rules on intermediate networks aren’t blocking the Management VPN connection (TCP port 8443 outbound).

You have now successfully integrated your MikroTik router with Altostrat SDX. The device is ready for monitoring, and you can begin applying Altostrat’s network and security services, such as Threat Feeds or WAN Failover, through policies assigned to this site.