← Back to Blog
Automation 2026-03-28 · 6 min read

How to Run Scripts Across 100+ MikroTik Devices at Once

When you need to update a firewall rule, change DNS servers, or push a security patch across your MikroTik network, doing it device-by-device through WinBox is not realistic at scale. Here's how WISPs manage bulk script execution safely.

The Manual Way (And Why It Breaks)

Most WISPs start with SSH scripts or WinBox batch — opening multiple WinBox sessions or writing bash scripts that loop through device IPs. This works until:

  • A device is unreachable and the script hangs
  • You accidentally push a wrong config and need to roll back
  • You can't tell which devices succeeded and which failed
  • Different device groups need different scripts (tower vs. CPE vs. core router)

A Better Approach: Grouped Execution

The key principle is: group your devices by role, then execute scripts per group.

Typical groups for a SA WISP:

  • Tower APs — sector radios and access points at tower sites
  • Backhauls — point-to-point links between towers
  • CPEs — customer premises equipment
  • Core Routers — main routers, DHCP servers, PPPoE concentrators

Common Bulk Operations

Here are scripts SA WISPs commonly push across their networks:

Update DNS Servers

/ip dns set servers=1.1.1.1,8.8.8.8

Block Known Malware Ports

/ip firewall filter add chain=forward protocol=tcp dst-port=445 action=drop comment="Block SMB"
/ip firewall filter add chain=forward protocol=tcp dst-port=135-139 action=drop comment="Block NetBIOS"

Set NTP Server

/system ntp client set enabled=yes servers=za.pool.ntp.org

Safety Rules for Bulk Execution

  1. Always back up first — trigger a full config backup of all target devices before any bulk change
  2. Test on one device — run the script on a single non-critical device first
  3. Use device groups — push to tower APs first, verify, then CPEs. Never push to everything simultaneously
  4. Check results — after execution, verify the script applied correctly by spot-checking 3-5 devices
  5. Keep an audit log — know who pushed what script, when, and to which devices

Doing This in Connexa

Connexa's Task Scheduler lets you:

  • Write RouterOS scripts in the web UI
  • Select target devices by group (tower, CPE, custom groups)
  • Execute with one click and see real-time results per device
  • Automatic backup before execution (optional but recommended)
  • Full audit trail of every script execution

No SSH loops, no bash scripts, no guessing which devices succeeded.

Ready to try Connexa?

Start monitoring your network in minutes. Free trial — no credit card required.

Start Free Trial