Peplink Balance User Manual Peplink Products: Flex module Mini Peplink Balance Firmware 8.0.2 March 2020 https://www.peplink.
Table of Contents Introduction and Scope 7 Glossary 7 Product Features 9 Advanced Feature Summary Drop-in Mode and LAN Bypass: Transparent Deployment QoS: Clearer VoIP Per-User Bandwidth Control High Availability via VRRP USB Modem and Android Tethering Built-In Remote User VPN Support LACP NIC Bonding 13 FlexModules Mini 17 Installation Preparation Constructing the Network 22 Basic Configuration Connecting to the Web Admin Interface Configuration with the Setup Wizard 23 Network Tab WAN Healt
IPsec VPN Outbound Policy Inbound Access Servers Services DNS Settings NAT Mappings MediaFast Setting Up MediaFast Content Caching Viewing MediaFast Statistics Prefetch Schedule ContentHub Configure a website to be published from the ContentHub Configure an application to be published from the ContentHub MDM Settings Docker Captive Portal QoS User Groups Bandwidth Control Application Prioritization for Custom Application DSL/Cable Optimization Firewall Access Rules Intrusion Detection and DoS Prevention Con
L2TP with IPsec OpenVPN PPTP Authentication Methods Misc.
Schedule Email Notification Event Log SNMP InControl Configuration Feature Add-ons Reboot Tools Ping Traceroute Wake-on-LAN WAN Analysis CLI (Command Line) Support 170 171 173 173 176 177 178 178 179 179 179 180 180 184 Status Tab Status Device Active Sessions Client List WINS Clients OSPF & RIPv2 MediaFast SpeedFusion Status Event Log Device Event Log IPsec Event Log Bandwidth Real-Time Hourly Daily Monthly Harrington Industrial Plastics PLUSS https://www.peplink.
https://www.peplink.
Introduction and Scope Peplink Balance routers provide link aggregation and load balancing across multiple WAN connections. We develop products and technologies that can help you build SD-WAN networks with unbreakable connection resilience, unmatched deployment flexibility, and intuitive ease of use. Our product and technology focus has always been on WAN virtualization and the intelligent use of multiple WAN links at the same time to increase reliability and bandwidth whilst reducing costs.
IP LAN MAC Address Internet Protocol Local Area Network Media Access Control Address MTU Maximum Transmission Unit MSS Maximum Segment Size NAT Network Address Translation PPPoE QoS SNMP Point to Point Protocol over Ethernet Quality of Service Simple Network Management Protocol TCP Transmission Control Protocol UDP User Datagram Protocol VPN Virtual Private Network VRF Virtual Routing and Forwarding VRRP Virtual Router Redundancy Protocol WAN Wide Area Network WINS Windows Internet Na
2 Product Features Peplink Balance Series products enable all LAN users to share broadband Internet connections and provide advanced features to enhance Internet access.
X.
Outbound (LAN to WAN) firewall rules Inbound (WAN to LAN) firewall rules per WAN connection Intrusion detection and prevention Specification of NAT mappings Web blocking Application blocking Time-based scheduling Outbound firewall rules can be defined by destination domain name Captive Portal Social Wi-Fi Hotspot Support Splash screen of open networks, login page for secure networks Customizable built-in captive portal Supports linking to outside page for captive portal Other Supported Features Easy-to-us
WINS client list UPnP / NAT-PMP Event log is persistent across reboots IPv6 support Support for USB tethering on Android phones https://www.peplink.
3 Advanced Feature Summary 3.1 Drop-in Mode and LAN Bypass: Transparent Deployment As your organization grows, it needs more bandwidth. But modifying your network would require effort better spent elsewhere. In Drop-in Mode, you can conveniently install your Peplink router without making any changes to your network. And if the Peplink router loses power for any reason, LAN Bypass will safely and automatically bypass the Peplink router to resume your original network connection. 3.
3.3 Per-User Bandwidth Control With per-user bandwidth control, you can define bandwidth control policies for up to 3 groups of users to prevent network congestion. Define groups by IP address and subnet, and set bandwidth limits for every user in the group. 3.4 High Availability via VRRP When your organization has a corporate requirement demanding the highest availability with no single point of failure, you can deploy two Peplink routers in High Availability mode.
3.5 USB Modem and Android Tethering For increased WAN diversity, plug in a USB LTE modem as backup. Peplink routers are compatible with over 200 modem types. You can also tether to smartphones running Android 4.1.X and above. 3.6 Built-In Remote User VPN Support Use OpenVPN or L2TP with IPsec to safely and conveniently connect remote clients to your private network. L2TP with IPsec is supported by most devices, but legacy devices can also connect using PPTP.
3.7 LACP NIC Bonding Use 802.3ad to combine multiple LAN connections into a virtual LAN connection. This virtual connection has higher throughput and redundancy in case any single link fails. https://www.peplink.
4 FlexModules Mini 1x LTE-A Module (EXM-MINI-1LTEA) Interface 1x Embedded LTE-A Cellular Modems with Redundant SIM Slots Antenna Connectors 2x SMA Cellular Antenna Connectors 300Mbps/50Mbps (CAT-6) 600Mbps/150Mbps (CAT-12) Downlink/Uplink Datarate Power Consumption 20W Weight Product Code 0.83 pounds / 375 grams Carrier https://www.peplink.
EXM-MINI-1LTEA-W Worldwide / CAT-6 1 B1, B2, B3, B4, B5, B7, B8 , B12, B1, B2, B3, B4, B13, B20, B25, B26, B29, B30, B41 B5, B8 EXM-MINI-1LTEA-P Asia Pacific /CAT-6 1 B1, B3, B5, B7, B8, B18, B19, B21, B28, B38, B39, B40, B41 B1, B5, B6, B8, B9, B19, B39 EXM-MINI-1LTEA-R America / FirstNet / CAT-12 1 B1, B2, B3, B4, B5, B7, B8, B9, B12, B13, B14, B18, B19, B20, B26, B29, B30, B32, B41, B42, B43, B46, B48, B66 B1, B2, B4, B5, B6, B8, B9, B19 1 B1, B2, B3, B4, B5, B7, B8, B9, B12, B13, B18, B19, B
1x LTE-A Module (EXM-MINI-1GLTE-G) Interface 1x Embedded LTE-A Cellular Modems with Redundant SIM Slots Antenna Connectors 4x SMA Cellular Antenna Connectors Downlink/Uplink Datarate 1.2 Gbps/150 Mbps (CAT-18) Power Consumption 20W Weight Product Code 0.83 pounds (375 grams) Carrier https://www.peplink.
EXM-MINI-1GLTE-G Global / CAT-18 1 B1, B3, B25(B2), B66(B4), B26(B5/B18/B19), B7, B8, B12(17), B13, B14 , B20, B28, B29, B30, B32, B71, B38, B39, B40, B41, B42, B43, B46, B48 B1, B2, B4, B5(B19), B8 How to use? FlexModule Mini is a expandable module of Balance 20X. Step1: Remove the screw on the plane of the expansion module slot. Step 2: Insert the FlexModule Mini to the slot. https://www.peplink.
Step 3: Screw on the screw and fix the module. https://www.peplink.
5 Installation The following section details connecting the Peplink Balance to your network: 5.
6 Basic Configuration 6.1 Connecting to the Web Admin Interface Start a web browser on a computer that is connected with the Peplink Balance through the LAN. To connect to the web admin of the Peplink Balance, enter the following LAN IP address in the address field of the web browser: https://192.168.1.1 (This is the default LAN IP address of the Peplink Balance.) Enter the following to access the web admin interface.
The Save button causes the changes to be saved. Configuration changes (e.g., WAN, LAN, admin settings, etc.) take effect after clicking the Apply Changes button on each page’s top-right corner. 6.2 Configuration with the Setup Wizard The Setup Wizard simplifies the task of configuring WAN connection(s) by guiding the configuration process step-by-step. To begin, click Setup Wizard after connecting to the web admin interface. Click Next >> to begin.
If drop-in mode is going to be configured, the setup wizard will move on to Drop-in Settings. If you are not using drop-in mode, select the connection method for the WAN connection(s) from the following screen: https://www.peplink.
Depending on the selection of connection type, further configuration may be needed. For example, PPPoE and static IP require additional settings for the selected WAN port. Please refer to Section 13, Configuring the WAN Interface(s) for details on setting up DHCP, static IP, and PPPoE. If Mobile Internet Connection is checked, the setup wizard will move on to Operator Settings. If Custom Mobile Operator Settings is selected, APN parameters are required.
Choose the time zone of your country/region. Check the box Show all to display all time zone options. Check in the following screen to make sure all settings have been configured correctly, and then click “Save Settings” to confirm. After finishing the last step in the setup wizard, click Apply Changes on the page header to allow the configuration changes to take effect. https://www.peplink.
7 Network Tab 7.1 WAN From Network>WAN, choose a WAN connection by clicking it. You can also enable IPv6 support in this section WAN Connection Settings (Ethernet) Clicking an Ethernet WAN connection will result in the following screen: https://www.peplink.
WAN Connection Settings WAN Connection Name Enable Enter a name to represent this WAN connection. This setting enables the WAN connection. If schedules have been defined, you will be able to select a schedule to apply to the connection. There are five possible connection methods for Ethernet WAN: DHCP Static IP PPPoE L2TP GRE Connection Method The connection method and details are determined by, and can be obtained from the ISP. See the following sections for details on each connection method.
Download Bandwidth This field refers to the maximum download speed. Default weight control for outbound traffic will be adjusted according to this value. WAN Connection Settings (Cellular) Clicking an Ethernet WAN connection will result in the following screens: https://www.peplink.
Connection Settings WAN Connection Name Enable Routing Mode Subnet Selection Indicate a name you wish to give this WAN connection Click the checkbox to toggle the on and off state of this connection. This option allows you to select the routing method to be used in routing IP frames via the WAN connection. The mode can be either NAT (Network Address Translation) or IP Forwarding. In the case if you need to choose IP Forwarding for your scenario. Click the IP Forwarding.
Cellular Settings SIM Card Indicate which SIM card this cellular WAN will use. Only applies to cellular WAN with redundant SIM cards. Preferred SIM Card If both cards were enabled on the above field, then you can designate the priority of the SIM card slots here. LTE/3G This drop-down menu allows restricting cellular to particular band. Click the the selection of specific bands. https://www.peplink.
Optimal Network Discovery Cellular WAsN by default will only handover from 3G to LTE network when there is no active data traffic, enable this option will make it run the handover procedures after fallback to 3G for a defined effective period, even this may interrupt the connectivity for a short while. Band Selection When set to Auto, band selection allows for automatically connecting to available, supported bands (frequencies) .
Signal Threshold Settings If signal threshold is defined, this connection will be treated as down when a weaker than threshold signal is determined. The following values are used by the threshold scale: To define the threshold manually using specific signal strength values, please click on the question Mark and the following field will be visible. WAN Connection Settings (Common) The remaining WAN-related settings are common to both Ethernet and cellular WAN https://www.peplink.
Physical Interface Settings This is the port speed of the WAN connection. It should be set to the same speed as the connected device in case of any port negotiation problems. Speed When a static speed is set, you may choose whether to advertise its speed to the peer device or not. Advertise Speed is selected by default. You can choose not to advertise the port speed if the port has difficulty in negotiating with the peer device.
VLAN Check the box to assign a VLAN to the interface. DHCP Settings Hostname (Optional) If your service provider's DHCP server requires you to supply a hostname value upon acquiring an IP address, you may enter the value here. If your service provider does not provide you with a hostname, you can safely bypass this option. Each ISP may provide a set of DNS servers for DNS lookups. This setting specifies the DNS (Domain Name System) servers to be used when a DNS lookup is routed through this connection.
Health Check Settings To ensure traffic is routed to healthy WAN connections only, the Peplink Balance can periodically check the health of each WAN connection. Health Check settings for each WAN connection can be independently configured via Network>Interfaces>WAN>*Connection name*>Health Check Settings. Enable Health Check by selecting PING, DNS Lookup, or HTTP from the Health Check Method drop-down menu. Health Check Settings Method This setting specifies the health check method for the WAN connection.
DNS lookups will be issued to test connectivity with target DNS servers. The connection will be treated as up if DNS responses are received from one or both of the servers, regardless of whether the result was positive or negative. Health Check DNS Servers This field allows you to specify two DNS hosts’ IP addresses with which connectivity is to be tested via DNS Lookup.
Other Health Check Settings Timeout This setting specifies the timeout in seconds for ping/DNS lookup requests. The default timeout is 5 seconds. Health Check Interval This setting specifies the time interval in seconds between ping or DNS lookup requests. The default health check interval is 5 seconds. Health Check Retries This setting specifies the number of consecutive ping/DNS lookup timeouts after which the Peplink Balance will treat the corresponding WAN connection as down.
Bandwidth Allowance Monitor Settings Bandwidth Allowance Monitor Action Start Day Monthly Allowance If Email Notification is enabled, you will be notified by email when usage hits 75% and 95% of the monthly allowance. If Disconnect when usage hits 100% of monthly allowance is checked, this WAN connection will be disconnected automatically when the usage hits the monthly allowance.
Additional Public IP Settings Additional Public IP Settings IP Address List IP Address List represents the list of fixed Internet IP addresses assigned by the ISP in the event that more than one Internet IP address is assigned to this WAN connection. Enter the fixed Internet IP addresses and the corresponding subnet mask, and then click the Down Arrow button to populate IP address entries to the IP Address List.
If your desired provider is not listed, you may check with DNS-O-Matic. This service supports updating 30 other dynamic DNS service providers. (Note: Peplink is not affiliated with DNS-O-Matic.) https://www.peplink.
Dynamic DNS Settings Service Provider This setting specifies the dynamic DNS service provider to be used for the WAN. Supported providers are: changeip.com dyndns.org no-ip.org tzo.com DNS-O-Matic Others… support custom Dynamic DNS servers by entering its URL. Works with any service compatible with DynDNS API. Select Disabled to disable this feature. User ID / User / Email This setting specifies the registered user name for the dynamic DNS service.
WAN’s IP address did not change. 7.2 LAN 7.2.1 Network Settings LAN interface settings are located at Network>LAN>Network Settings. Navigating to that page will show the following dashboard: This represents the LAN interfaces that are active on your router (including VLAN). A grey “X” means that the VLAN is used in other settings and cannot be deleted. You can find which settings are using the VLAN by hovering over the grey “X”. Alternatively, a red “X” means that there are no settings using the VLAN.
Network Settings Name VLAN ID Enter a name for the LAN. Enter a number for your VLAN. Inter-VLAN routing Check this box to enable routing between virtual LANs. Layer 2 PepVPN Bridging PepVPN Profiles to Bridge The remote network of the selected PepVPN profiles will be bridged with this local LAN, creating a Layer 2 PepVPN, they will be connected and operate like a single LAN, and any broadcast or multicast packets will be sent over the VPN.
If you choose to override IP address when the VPN is connected, the device will not act as a router, and most Layer 3 routing functions will cease to work. DHCP Option 82 Click on the question Mark if you want to enable DHCP Option 82. This allows the device to inject Option 82 with Router Name information before forwarding the DHCP Request packet to a PepVPN peer, such that the DHCP Server can identify where the request originates from.
built-in DNS server address (i.e., LAN IP address) will be offered. WINS Servers BOOTP Extended DHCP Option DHCP Reservation This option allows you to optionally specify a Windows Internet Name Service (WINS) server. You may choose to use the built-in WINS server or external WINS servers. When this unit is connected using SpeedFusionTM, other VPN peers can share this unit's built-in WINS server by entering this unit's LAN IP address in their DHCP WINS Server setting.
DHCP Relay Settings DHCP Relay Enter the address of the DHCP server here. DHCP requests will be relayed to it. DHCP Server IP Address DHCP requests from the LAN are relayed to the entered DHCP server. For active-passive DHCP server configurations, enter active and passive DHCP server IPs into the DHCP Server 1 and DHCP Server 2 fields. DHCP Option 82 This feature includes device information as relay agent for the attached client when forwarding DHCP requests from a DHCP client to a DHCP server.
In case of a network address conflict with remote peers (i.e. PepVPN / IPsec VPN / IP Forwarding WAN are considered as remote connections), you can define Virtual Network Mapping to resolve it. Note: OSPF & RIPv2 settings should be updated as well to avoid advertising conflicted network. For further details on virtual network mapping watch this video: https://youtu.
DNS Proxy Settings Enable To enable the DNS proxy feature, check this box, and then set up the feature at Network>LAN>DNS Proxy Settings. A DNS proxy server can be enabled to serve DNS requests originating from LAN/PPTP/SpeedFusionTM peers. Requests are forwarded to the DNS servers/resolvers defined for each WAN connection. DNS Caching This field is to enable DNS caching on the built-in DNS proxy server.
TTL manually, click A . Click to create a new record. Click to remove a record. Domain Lookup Policy DNS proxy will look up the domain names defined here using only the specified connections. DNS ResolversA Check the box to enable the WINS server. A list of WINS clients will be displayed at Network>LAN>DNS Proxy Settings>DNS Resolvers. This field specifies which DNS resolvers will receive forwarded DNS requests.
Enable drop-in mode using the Setup Wizard. After enabling this feature and selecting the WAN for dropin mode, various settings, including the WAN's connection method and IP address, will be automatically updated. When drop-in mode is enabled, the LAN and the WAN for drop-in mode ports will be bridged. Traffic between the LAN hosts and WAN router will be forwarded between the devices. In this case, the hosts on both sides will not notice any IP or MAC address changes.
Drop-in Mode Settings Enable Drop-in mode eases the installation of the Peplink Balance on a live network between the existing firewall and router, such that no configuration changes are required on existing equipment. Check the box to enable the drop-in mode feature. Please refer to Section 12, Drop-in Mode for details. WAN for DropIn Mode Select the WAN port to be used for drop-in mode. If WAN 1 with LAN Bypass is selected, the high availability feature will be disabled automatically.
address when hosts on the WAN access services served on this device (e.g., web admin accesses from WAN, DNS server, etc.) WAN Default Gateway WAN DNS Servers A Enter the WAN router's IP address in this field. If there are more hosts in addition to the router on the WAN segment, click the button next to “WAN Default Gateway” and check the I have other host(s) on WAN segment box and enter the IP address of the hosts that need to access LAN devices or be accessed by others.
7.3 VPN 7.3.1 SpeedFusion Peplink Balance SpeedFusionTM Bandwidth Bonding is our patented technology that enables our SD-WAN routers to bond multiple Internet connections to increase site-to-site bandwidth and reliability. SpeedFusion securely connects one or more branch offices to your company's main headquarters or to other branches. The data, voice, and video communications between these locations are kept confidential across the public Internet.
SpeedFusion Profiles This table displays all defined profiles. Click the New Profile button to create a new profile for making a VPN connection to a remote unit via available WAN connections. Each pair of VPN connection requires its own profile. The local LAN subnet and subnets behind the LAN (defined under Static Route on the LAN Settings page) will be advertised to the VPN. All VPN members will be able to route to local subnets.
After updating the local ID, click Save to store your changes. Link Failure Detection The bonded VPN can detect routing failures on the path between two sites over each WAN connection. Failed WAN connections will not be used to route VPN traffic. Health check packets are sent to the remote unit to detect any failure. The more frequently checks are sent, the shorter the detection time, although more bandwidth will be consumed.
A list of defined SpeedFusion connection profiles and a Link Failure Detection Time option will be shown. Click the New Profile button to create a new VPN connection profile for making a VPN connection to a remote Peplink Balance via the available WAN connections. Each profile is for making a VPN connection with one remote Peplink Balance. PepVPN Profile Settings This field is for specifying a name to represent this profile.
Authentication Remote ID / Pre-shared Key Select from By Remote ID Only, Preshared Key, or X.509 to specify the method the Peplink Balance will use to authenticate peers. When selecting By Remote ID Only, be sure to enter a unique peer ID number in the Remote ID field. This optional field becomes available when Remote ID / Pre-shared Key is selected as the Peplink Balance’s VPN Authentication method, as explained above. Pre-shared Key defines the pre-shared key used for this particular VPN connection.
While using PepVPN, utilize multiple WAN links to reduce the impact of packet loss and get the lowest possible latency at the expense of extra bandwidth consumption. This is suitable for streaming applications where the average bitrate requirement is much lower than the WAN's available bandwidth. WAN SmoothingA Off - Disable WAN Smoothing. Normal - The total bandwidth consumption will be at most 2x of the original data traffic.
user sets up multiple IPsec profiles for his multi-WAN environment and WAN1 is connected and healthy, IPsec traffic will go through this link. However, should unforeseen problems (e.g.,unplugged cables or ISP problems) cause WAN1 to go down, our IPsec implementation will make use of WAN2 and WAN3 for failover. Peplink also published a whitepaper about Speedfusion which can be downloaded from the following url: http://download.peplink.com/resources/whitepaper-speedfusion-and-best-practices-2019.pdf 7.3.
https://www.peplink.
IPsec VPN Settings Name This field is for specifying a local name to represent this connection profile. Active When this box is checked, this IPsec VPN connection profile will be enabled. Otherwise, it will be disabled. Connect Upon Disconnection of Check this box and select a WAN to connect to this VPN automatically when the specified WAN is disconnected. To activate this function, click the button next to the “Active” option.
Force UDP Encapsulation For forced UDP encapsulation regardless of NAT-traversal, tick this checkbox. Pre-shared Key This defines the peer authentication pre-shared key used to authenticate this VPN connection. The connection will be up only if the pre-shared keys on each side match. Remote Certificate (pem encoded) Available only when X.509 Certificate is chosen as the Authentication method, this field allows you to paste a valid X.509 certificate.
IPsec Status shows the current connection status of each connection profile and is displayed at Status>IPsec VPN. 7.4 Outbound Policy Outbound policies for managing and load balancing outbound traffic are located at Network>Outbound Policy.
The bottom-most rule is Default. Edit this rule to change the device’s default manner of controlling outbound traffic for all connections that do not match any of the rules above it. Under the Service heading, click Default to change these settings. To rearrange the priority of outbound rules, drag and drop them into the desired sequence. By default, Auto is selected as the Default Rule. You can select Custom to change the algorithm to be used.
New Custom Rule Settings Service Name Enable This setting specifies the name of the outbound traffic rule. This setting specifies whether the outbound traffic rule takes effect. When Enable is checked, the rule takes effect: traffic is matched and actions are taken by the Pepwave router based on the other parameters of the rule. When Enable is unchecked, the rule does not take effect: the Pepwave router disregards the other parameters of the rule.
If Domain Name is chosen and a domain name, such as foobar.com, is entered, any outgoing accesses to foobar.com and *.foobar.com will match this criterion. You may enter a wildcard (.*) at the end of a domain name to match any host with a name having the domain name in the middle. If you enter foobar.*, for example, www.foobar.com, www.foobar.co.jp, or foobar.co.uk will also match. Placing wildcards in any other position is not supported.
This field allows you to configure the default action when all the selected Connections are not available. When No connections are available Drop the Traffic - Traffic will be discarded. Use Any Available Connections - Traffic will be routed to any available Connection, even it is not selected in the list. Fall-through to Next Rule - Traffic will continue to match next Outbound Policy rule just like this rule is inactive. Expert Mode is available on some Pepwave routers for use by advanced users.
The amount of matching traffic that is distributed to a WAN connection is proportional to the weight of the WAN connection relative to the total weight. Use the sliders to change each WAN’s weight. For example, with the following weight settings: Ethernet WAN1: 10 Ethernet WAN2: 10 Wi-Fi WAN: 10 Cellular 1: 10 Cellular 2: 10 USB: 10 Total weight is 60 = (10 +10 + 10 + 10 + 10 + 10). Matching traffic distributed to Ethernet WAN1 is 16.7% = (10 / 60 x 100%.
change. Pepwave routers can be configured to distribute data traffic across multiple WAN connections. Also, the Internet IP depends on the WAN connections over which communication actually takes place. As a result, a LAN client computer behind the Pepwave router may communicate using multiple Internet IP addresses. For example, a LAN client computer behind a Pepwave router with three WAN connections may communicate on the Internet using three different IP addresses.
connection. Algorithm: Priority This setting specifies the priority of the WAN connections used to route the specified network service. The highest priority WAN connection available will always be used for routing the specified type of traffic. A lower priority WAN connection will be used only when all higher priority connections have become unavailable. Starting from Firmware 5.2, outbound traffic can be prioritized to go through SpeedFusion TM connection(s).
Drag and drop to specify the order of WAN connections to be used for routing traffic. Only the highest priority healthy connection that is not in full load will be used. Algorithm: Least Used The traffic matching this rule will be routed through the healthy WAN connection that is selected in Connection and has the most available download bandwidth.
The traffic matching this rule will be routed through the healthy WAN connection that is selected in Connection and has the lowest latency. Latency checking packets are issued periodically to a nearby router of each WAN connection to determine its latency value. The latency of a WAN is the packet round trip time of the WAN connection. Additional network usage may be incurred as a result.
Algorithm : Fastest Response Time The Fastest response Time algorithm works as follows: When a network session is created, the first outgoing packet of that particular session is duplicated to all the available WANs. When the first response is received from a remote server, any further traffic for this session will be routed over that particular WAN connection for the fastest possible response time. If any slower responses are received on other connections afterwards, they will be discarded. 7.
7.5.1 Servers The settings to configure servers on the LAN are located at Network>Inbound Access>Servers. Inbound connections from the Internet will be forwarded to the specified Inbound IP address(es) based on the protocol and port number. When more than one server is defined, requests will be distributed to the servers in the weight ratio specified for each server.
Tip At least one server must be defined before services can be added. To define a new service, click the Add Service button, upon which the following menu appears: Services Settings Enable This setting specifies whether the inbound service rule takes effect. When Yes is selected, the inbound service rule takes effect. If the inbound traffic matches the specified IP protocol and port, action will be taken by the Peplink Balance based on the other parameters of the rule.
After selecting an item from the Protocol Selection Tool drop-down menu, the protocol and the port number will remain manually modifiable. The Port setting specifies the port(s) that correspond to the service, and can be configured to behave in one of the following manners: Any Port, Single Port, Port Range, Port Map, and Range Mapping Any Port: all traffic that is received by the Peplink Balance via the specified protocol is forwarded to the servers specified by the Servers setting.
demo_server_1: 10 demo_server_2: 5 The total weight is 15 = (10 + 5) Matching traffic distributed to demo_server_1:67% = (10 / 15) x 100% Matching traffic distributed to demo_server_2:33% = (5 / 15) x 100% UPnP / NAT-PMP Settings UPnP and NAT-PMP are network protocols which allow a computer connected to the LAN port to automatically configure the router to allow parties on the WAN port to connect to itself. That way, the process of inbound port forwarding becomes automated.
DNS Settings DNS Servers This setting specifies the WAN IP addresses on which the DNS server of the Peplink Balance should listen. If no addresses are selected, the inbound link load balancing feature will be disabled and the Peplink Balance will not respond to DNS requests.
Routing Control by Subnet Database When this function is enabled, the system will check to see if an incoming DNS client is within any WAN's ISP subnet. Only the matched WAN(s)'s IP addresses will be returned. Note that this feature is available only when a subnet database has been defined. Default SOA / NS Click the button to define a default SOA / NS record for all domain names. When defining a default SOA record, Name Server IP Address is optional.
This page is for defining the domain’s SOA, NS, MX, CNAME, A, TXT, and SRV records. Seven tables are presented in this page for defining the five types of records. SOA Records https://www.peplink.
Click on the icon to choose whether to use the pre-defined default SOA record and NS records. If the option Use Default SOA and NS Records is selected, any changes made in the default SOA/NS records will be applied to this domain automatically. Otherwise, select the option Customize SOA Record for this domain to customize this domain's SOA and NS records. This table displays the current SOA record.
field is optional. If the Balance is the authoritative name server of the domain, this field's value should be the WAN connection's name server IP address that is registered in the DNS registrar. If this field is entered, a corresponding A record for the name server will be created automatically. If it is left blank, the A record for the name server must be created manually. E-mail: Defines the e-mail address of the person responsible for this zone. Note: format should be mailbox-name.domain.com, e.g.
When creating an MX record for the domain itself (not a sub-domain), the Host field should be left blank. For each record, Priority and Mail Server name must be entered. Priority typically ranges from 10 to 100. Smaller numbers have a higher priority. After finishing adding MX records, click the Save button. CNAME Records The CNAME Record table shows the domain’s CNAME records. To add a new CNAME record, click the New CNAME Records button in the CNAME Record box.
A record may be automatically added for the SOA records with a name server IP address provided. A Record Host Name This field specifies the A record of this sub-domain to be served by the Peplink Balance. The wildcard character “*” is supported. The IP addresses of “*.domain.name" will be returned for every name ending with ".domain.name" except names that have their own records. TTL This setting specifies the time to live of this record in external DNS caches.
Address(es) by Host Name. The IP addresses listed in each box as default are the Internet IP addresses associated with each of the WAN connections. Static IP addresses that are not associated with any WAN can be entered into the Custom IP list. A PTR record is also created for each custom IP. For WAN connections that operate under drop-in mode, there may be other routable IP addresses in addition to the default IP address.
To add a new TXT record, click the New TXT Record button in the TXT Records box. Click the Edit button to edit the record. The time-to-live value and the TXT record’s value can be entered. Click the Save button to finish. When creating a TXT record for the domain itself (not a sub-domain), the Host field should be left blank. The maximum size of the TXT Value is 255 bytes. After editing the five types of records, you can leave the page by simply going to another section of the web admin interface.
Target: The canonical hostname of the machine providing the service. Port: Enter the TCP or UDP port number on which the service is to be found. Reverse Lookup Zones Reverse lookup zones can be configured in Network>Inbound Access>DNS Settings. Reverse lookup refers to performing a DNS query to find one or more DNS names associated with a given IP address. The DNS stores IP addresses in the form of specially formatted names as pointer (PTR) records using special domains/zones. The zone is in-addr.arpa.
SOA Record You can click the link Click here to define SOA record to create or click on the Name Server field to edit the SOA record. https://www.peplink.
Name Server: Enter the NS record's FQDN server name here. For example: "ns1.mydomain.com" (equivalent to "www.1stdomain.com.") "ns2.mydomain.com." Email, Refresh, Retry, Expire, Min Time, and TTL are entered in the same way as in the forward zone. Please refer to Section 17.3.5 for details. NS Records The NS record of the name server defined in the SOA record is automatically added here. To create a new NS record, click the New NS Records button.
Host field should be left blank. Name Server must be a FQDN. CNAME Records To create a new CNAME record, click the New CNAME Record button. CNAME records are typically used for defining classless reverse lookup zones. Subnetted reverse lookup zones are further described in RFC 2317, "Classless IN-ADDR.ARPA delegation." https://www.peplink.
PTR Records To create a new PTR record, click the New PTR Record button. For Host IP Number field, enter the last integer in the IP address of a PTR record. For example. for the IP address 11.22.33.44, where the reverse lookup zone is 33.22.11.in-arpa.addr, the Host IP Number should be 44. The Points To field defines the host name which the PTR record should be pointed to. It must be a FQDN.
In the Target DNS Server IP Address field, enter the IP address of the DNS server. In the Transfer via…field, choose the connection which you would like to transfer through. Select Next >> to continue. In the blank space, enter the Domain Names (Zones) which you would like to assign the IP address entered in the previous step. Enter one domain name per line. Select Next >> to continue. Important Note If you have entered domain(s) which already exist in your settings, a warning message will appear.
overwrite the existing record or << Back to go back to the previous step. https://www.peplink.
After the zone records process have been fetched, the fetch results would be shown as above. You can view import details by clicking the corresponding hyperlink on the right-hand side. 7.6 NAT Mappings The Peplink Balance allows the IP address mapping of all inbound and outbound NATed traffic to and from an internal client IP address. NAT mappings can be configured at Network>NAT Mappings. To add a rule for NAT mappings, click Add NAT Rule and the following screen will be displayed: https://www.
NAT Mapping Settings LAN Client(s) Address NAT Mapping rules can be defined for a single LAN IP Address, an IP Range, or an IP Network. This refers to the LAN host’s private IP address. The system maps this address to a number of public IP addresses (specified below) in order to facilitate inbound and outbound traffic. This option is only available when IP Address is selected. https://www.peplink.
Range The IP range is a contiguous group of private IP addresses used by the LAN host. The system maps these addresses to a number of public IP addresses (specified below) to facilitate outbound traffic. This option is only available when IP Range is selected. Network The IP network refers to all private IP addresses and ranges managed by the LAN host. The system maps these addresses to a number of public IP addresses (specified below) to facilitate outbound traffic.
MediaFast Enable Domains / IP Addresses Source IP Subnet Click the checkbox to enable MediaFast content caching. Choose to Cache on all domains, or enter domain names and then choose either Whitelist (cache the specified domains only) or Blacklist (do not cache the specified domains). This setting allows caching to be enabled on If "Any" is selected, then caching will apply to all subnets. custom subnets only.
content cachting accessible through https://. In order for Mediafast devices to cache and deliver HTTPS content, every client needs to have the necessary certificates installed*. *See https://forum.peplink.com/t/certificate-installation-for-mediafast-https-caching/ Cache Control Content Type Check these boxes to cache the listed content types or leave boxes unchecked to disable caching for the listed types. Cache Lifetime Settings Enter a file extension, such as JPG or DOC.
Prefetch Schedule Content prefetching allows you to download content on a schedule that you define, which can help to https://www.peplink.
preserve network bandwidth during busy times and keep costs down. To access MediaFast content prefetching settings, select Network > MediaFast > Prefetch Schedule. Prefetch Schedule Settings Name This field displays the name given to the scheduled download. Status Check the status of your scheduled download here. Next Run Time/Last Run Time These fields display the date and time of the next and most recent occurrences of the scheduled download.
To delete a scheduled download, click . Click to begin creating a new scheduled download. Clicking the button will cause the following screen to appear: New Schedule Simply provide the requested information to create your schedule. Clear Web Cache Clear Statistics 7.8 Click to clear all cached content. Note that this action cannot be undone. Click to clear all prefetch and status page statistics.
On an external server configure content (a website or application) that will be synced to the ContentHub; for example a html5 website. To configure a website or application as content follow these steps. Configure a website to be published from the ContentHub This option allows you to sync a website to the Peplink router, this website will then be published with the specified domain from the router itself and makes the content available to the client via the HTTP/HTTPS protocol.
The Active checkbox toggles the activation of the content. For type, select Website. Type HTTP,HTTPS or both Domain/Pat h The contenhub uses this as the domain name for client access (such as http://mytest.com). Source Enter the server details that the content will be downloaded from. Enter your credentials under Username and Password. Period This field determines how often the Router will search for updates to the source content.
Click “Save & Apply Now” to activate the changes. Below is a screenshot after configuration: The content will be synced based on the Period that is configured before. If you want to trigger the sync manually, you can click “ ”. The “Status” column shows the sync progress. When the sync is completed,you’ll see a summary as shown in the screenshot below: To access the content, open a browser in MFA’s client and enter the domain configured before (such as http://mytest.com).
After installing the framework, you can select the type to “Application” and configure the website: https://www.peplink.
The setting is the same as Website type and you can refer to the description in the above section For the Application type, you need to pack your application as below: 1. Implement two bash script files, start.sh and stop.sh in root folder, to start and stop your application. the Mediafast router will only execute start.sh and stop.sh when the corresponding website is enabled and disabled respectively. 2. Compress your application files and the bash script to tar.gz format. 3.
MDM Settings Enable Account Settings Click this checkbox to enable MDM on your router. Click Follow Web Admin Account to allow client devices to use the built-in administrator account when performing MDM. Set Custom to specify a username and password your router will use to log into your client devices. Please refer to the knowledgebase for information about enrolling client devices to MDM: https://forum.peplink.
7.9 Captive Portal The captive portal serves as a gateway that clients have to pass if they wish to access the Internet using your router. To configure, navigate to Network>Captive Portal. Captive Portal Settings https://www.peplink.
Enable Check Enable and then, optionally, select the LANs/VLANs that will use the captive portal. Hostname To customize the portal’s form submission and redirection URL, enter a new URL in this field. To reset the URL to factory settings, click Default. Access Mode Click Open Access to allow clients to freely access your router. Click User Authentication to force your clients to authenticate before accessing your router. Select External Server to use the Captive Portal with a HotSpot system.
Inactive Timeout Allowed Networks Clients will get disconnected when the inactive the configured time is reached. Default 0: no timeout To whitelist a network, enter the domain name / IP address here and click delete an existing network from the list of allowed networks, click the next to the listing. . To button Allowed Clients To whitelist a client, enter the MAC address / IP address here and click . To delete an existing client from the list of allowed clients, click the button next to the listing.
7.10 QoS 7.10.1 User Groups LAN and PPTP clients can be categorized into three user groups - Manager, Staff, and Guest. This menu allows you to define rules and assign client IP addresses or subnets to a user group. You can apply different bandwidth and traffic prioritization policies on each user group in the Bandwidth Control and Application sections. The table is automatically sorted, and the table order signifies the rules' precedence.
rule. Two default rules are predefined and put at the bottom. They are All DHCP reservation clients and Everyone, and they cannot be removed. The All DHCP reservation client represents the LAN clients defined in the DHCP Reservation table on the LAN settings page. Everyone represents all clients that are not defined in any rule above. Click on a rule to change its group.
connection) that each individual Staff and Guest member can consume. No limit can be imposed on individual Managers. By default, download and upload bandwidth limits are set to unlimited (set as 0). 7.10.3 Application You can choose whether to apply the same prioritization settings to all user groups or customize the settings for each group. Three priority levels can be set for application prioritization: High, Normal, and Low.
Category and Application availability will be different across different Peplink Balance models. https://www.peplink.
DSL/Cable Optimization DSL/cable-based WAN connections have lower upload bandwidth and higher download bandwidth. When a DSL/cable circuit's uplink is congested, the download bandwidth will be affected. Users will not be able to download data at full speed until the uplink becomes less congested. DSL/Cable Optimization can relieve such an issue. When it is enabled, the download speed will become less affected by the upload traffic. By default, this feature is enabled. 7.
The inbound firewall settings are located at Network>Firewall>Access Rules. Click Add Rule to display the following window: Inbound / Outbound Firewall Settings Rule Name This setting specifies a name for the firewall rule. https://www.peplink.
Enable This setting specifies whether the firewall rule should take effect. If the box is checked, the firewall rule takes effect. If the traffic matches the specified protocol/IP/port, actions will be taken by Peplink Balance based on the other parameters of the rule. If the box is not checked, the firewall rule does not take effect. The Peplink Balance will disregard the other parameters of the rule. Click the dropdown menu next to the checkbox to place this firewall rule on a time schedule.
Action This setting specifies the action to be taken by the router upon encountering traffic that matches the both of the following: Source IP & port Destination IP & port With the value of Allow for the Action setting, the matching traffic passes through the router (to be routed to the destination). If the value of the Action setting is set to Deny, the matching traffic does not pass through the router (and is discarded).
To change a rule’s priority, simply drag and drop the rule: Hold the left mouse button on the rule. Move it to the desired position. Drop it by releasing the mouse button. To remove a rule, click the button. Rules are matched from top to the bottom. If a connection matches any one of the upper rules, the matching process will stop. If none of the rules match the connection, the Default rule will be applied. The Default rule is Allow for both outbound and inbound access.
o Another Xmas tree o Null scan o SYN/RST o SYN/FIN SYN flood prevention Ping flood attack prevention 7.11.2 Content Blocking https://www.peplink.
Application Blocking Choose applications to be blocked from LAN/PPTP/PepVPN peer clients' access, except for those on the Exempted User Groups or Exempted Subnets defined below. Web Blocking Defines website domain names to be blocked from LAN/PPTP/PepVPN peer clients' access except for https://www.peplink.
those on the Exempted User Groups or Exempted Subnets defined below. If "foobar.com" is entered, any web site with a host name ending in foobar.com will be blocked, e.g. www.foobar.com, foobar.com, etc. However, "myfoobar.com" will not be blocked. You may enter the wild card ".*" at the end of a domain name to block any web site with a host name having the domain name in the middle. If you enter "foobar.*", then "www.foobar.com", "www.foobar.co.jp", or "foobar.co.uk" will be blocked.
OSPF Router ID Area This field determines the ID of the router. By default, this is specified as the LAN IP address. If you want to specify your own ID, enter it in the Custom field. This is an overview of the OSPFv2 areas you have defined. Click on the area name to configure it. To set a new area, click Add. To delete an existing area, click . https://www.peplink.