Peplink Balance 20X User Manual Peplink Products: Balance 20X / B20X / Surf SOHO / Surf SOHO LTE / Surf SOHO LTEA / Balance 20X LTE / Balance 20X LTEA / PismoAC8E / BPL-021X-LTE-US-T / BPL-021X-LTE-E-T / BPL-021X-LTEA-W-T / EXM-MINI-1LTEA-W / EXM-MINI-1LTEA-P / PismoAC8P / PismoAC8 Peplink Balance Firmware 8.0.1 August 2019 Table of Contents https://www.peplink.
Introduction and Scope 1 Glossary 2 Product Features 3 Advanced Feature Summary 3.1 Drop-in Mode and LAN Bypass: Transparent Deployment 3.2 QoS: Clearer VoIP 3.3 Per-User Bandwidth Control 3.4 High Availability via VRRP 3.5 USB Modem and Android Tethering 3.6 Built-In Remote User VPN Support 3.7 LACP NIC Bonding 4 Peplink Balance Overview 4.1 Peplink Balance 20X 5 Installation 5.1 Preparation 5.2 Constructing the Network 6 Basic Configuration 6.1 Connecting to the Web Admin Interface 6.
7.10.2 Bandwidth Control 7.10.3 Application Prioritization for Custom Application DSL/Cable Optimization 7.11 Firewall 7.11.1 Access Rules Intrusion Detection and DoS Prevention 7.11.2 Content Blocking Application Blocking Web Blocking Customized Domains Exempted User Groups Exempted Subnets URL Logging 7.12 OSPF & RIPv2 7.
11.1 System 11.1.1 Admin Security 11.1.2 Firmware Web admin interface : install updates manually The InControl method 11.1.3 Time 11.1.4 Schedule 11.1.5 Email Notification 11.1.6 Event Log 11.1.7 SNMP 11.1.8 InControl 11.1.9 Configuration 11.1.10 Feature Add-ons 11.1.11 Reboot 11.2 Tools 11.3 Ping 11.4 Traceroute 11.5 Wake-on-LAN 11.6 WAN Analysis 11.7 CLI (Command Line) Support 12 Status Tab 12.1 Status 12.1.1 Device 12.1.2 Active Sessions 12.1.3 Client List 12.1.4 WINS Clients 12.1.5 OSPF & RIPv2 12.1.
Introduction and Scope Peplink Balance routers provide link aggregation and load balancing across multiple WAN connections. We develop products and technologies that can help you build SD-WAN networks with unbreakable connection resilience, unmatched deployment flexibility, and intuitive ease of use. Our product and technology focus has always been on WAN virtualization and the intelligent use of multiple WAN links at the same time to increase reliability and bandwidth whilst reducing costs.
1 Glossary The following terms, acronyms, and abbreviations are frequently used in this manual: Term Definition 3G 3rd generation standards for wireless communications (e.g., HSDPA) 4G 4th generation standards for wireless communications (e.g.
VRF Virtual Routing and Forwarding VRRP Virtual Router Redundancy Protocol WAN Wide Area Network WINS Windows Internet Name Service WLAN Wireless Local Area Network 210+ Refers to Peplink Balance 210/310/380/580/710/1350/2500 380+ Refers to Peplink Balance 380/580/710/1350/2500 https://www.peplink.
2 Product Features Peplink Balance Series products enable all LAN users to share broadband Internet connections and provide advanced features to enhance Internet access.
● ● ● ● ● ● ● ● ● ● ● Ability to route traffic to a remote VPN peer Optional pre-shared key setting Layer 2 bridging Layer 2 Peer Isolation SpeedFusionTM throughput, ping, and traceroute tests Built-in L2TP / PPTP / OpenVPN VPN server Authenticate L2TP / PPTP clients using RADIUS and LDAP servers Multi-Site PepVPN Profile IPsec VPN for network-to-network connections L2TP / PPTP and IPsec passthrough Simultaneous L2 & L3 VPN tunnel between the same pair of devices Inbound Traffic Management ● ● TCP/UDP tr
● ● ● ● ● ● Intrusion detection and prevention Specification of NAT mappings Web blocking Application blocking Time-based scheduling Outbound firewall rules can be defined by destination domain name Captive Portal ● ● ● ● Social Wi-Fi Hotspot Support Splash screen of open networks, login page for secure networks Customizable built-in captive portal Supports linking to outside page for captive portal Other Supported Features ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● Easy-to-use web administrat
https://www.peplink.
3 Advanced Feature Summary 3.1 Drop-in Mode and LAN Bypass: Transparent Deployment As your organization grows, it needs more bandwidth. But modifying your network would require effort better spent elsewhere. In Drop-in Mode, you can conveniently install your Peplink router without making any changes to your network. And if the Peplink router loses power for any reason, LAN Bypass will safely and automatically bypass the Peplink router to resume your original network connection. 3.
3.3 Per-User Bandwidth Control With per-user bandwidth control, you can define bandwidth control policies for up to 3 groups of users to prevent network congestion. Define groups by IP address and subnet, and set bandwidth limits for every user in the group. 3.4 High Availability via VRRP When your organization has a corporate requirement demanding the highest availability with no single point of failure, you can deploy two Peplink routers in High Availability mode.
3.5 USB Modem and Android Tethering For increased WAN diversity, plug in a USB LTE modem as backup. Peplink routers are compatible with over 200 modem types. You can also tether to smartphones running Android 4.1.X and above. 3.6 Built-In Remote User VPN Support Use OpenVPN or L2TP with IPsec to safely and conveniently connect remote clients to your private network. L2TP with IPsec is supported by most devices, but legacy devices can also connect using PPTP.
3.7 LACP NIC Bonding Use 802.3ad to combine multiple LAN connections into a virtual LAN connection. This virtual connection has higher throughput and redundancy in case any single link fails. https://www.peplink.
4 Peplink Balance Overview 4.1 Peplink Balance 20X 4.1.1 Panel Appearance https://www.peplink.
4.1.2 LED Indicators The statuses indicated by the front panel LEDs are as follows: Power and Status Indicators Power OFF – Power off Green – Power on OFF – Upgrading firmware Status Red – Booting up or busy Blinking red – Boot up error Green – Ready LAN and WAN Ports Green LED Orange LED Port Type ON – 10 / 100 / 1000 Mbps Blinking – Data is transferring OFF – No data is being transferred or port is not connected Auto MDI/MDI-X ports USB Port USB Ports https://www.peplink.
5 Installation The following section details connecting the Peplink Balance to your network: 5.
6 Basic Configuration 6.1 Connecting to the Web Admin Interface Start a web browser on a computer that is connected with the Peplink Balance through the LAN. To connect to the web admin of the Peplink Balance, enter the following LAN IP address in the address field of the web browser: https://192.168.1.1 (This is the default LAN IP address of the Peplink Balance.) Enter the following to access the web admin interface.
6.2 Configuration with the Setup Wizard The Setup Wizard simplifies the task of configuring WAN connection(s) by guiding the configuration process step-by-step. To begin, click Setup Wizard after connecting to the web admin interface. Click Next >> to begin. Select Yes if you want to set up drop-in mode using the Setup Wizard. Click on the appropriate checkbox(es) to select the WAN connection(s) to be configured.
If drop-in mode is going to be configured, the setup wizard will move on to Drop-in Settings. If you are not using drop-in mode, select the connection method for the WAN connection(s) from the following screen: https://www.peplink.
Depending on the selection of connection type, further configuration may be needed. For example, PPPoE and static IP require additional settings for the selected WAN port. Please refer to Section 13, Configuring the WAN Interface(s) for details on setting up DHCP, static IP, and PPPoE. If Mobile Internet Connection is checked, the setup wizard will move on to Operator Settings. If Custom Mobile Operator Settings is selected, APN parameters are required.
Choose the time zone of your country/region. Check the box Show all to display all time zone options. Check in the following screen to make sure all settings have been configured correctly, and then click “Save Settings” to confirm. After finishing the last step in the setup wizard, click Apply Changes on the page header to allow the configuration changes to take effect. https://www.peplink.
7 Network Tab 7.1 WAN From Network>WAN, choose a WAN connection by clicking it. You can also enable IPv6 support in this section WAN Connection Settings (Ethernet) Clicking an Ethernet WAN connection will result in the following screen: WAN Connection Settings https://www.peplink.
WAN Connection Name Enable Enter a name to represent this WAN connection. This setting enables the WAN connection. If schedules have been defined, you will be able to select a schedule to apply to the connection. There are five possible connection methods for Ethernet WAN: ● ● ● ● ● Connection Method DHCP Static IP PPPoE L2TP GRE The connection method and details are determined by, and can be obtained from the ISP. See the following sections for details on each connection method.
WAN Connection Settings (Cellular) Clicking an Ethernet WAN connection will result in the following screens: Connection Settings WAN Connection Name Enable Indicate a name you wish to give this WAN connection Click the checkbox to toggle the on and off state of this connection. https://www.peplink.
Routing Mode This option allows you to select the routing method to be used in routing IP frames via the WAN connection. The mode can be either NAT (Network Address Translation) or IP Forwarding. In the case if you need to choose IP Forwarding for your scenario. Click the enable IP Forwarding. Subnet Selection button to Choose between: Auto: The subnet mask will be set automatically. Force /31 Subnet: The subnet mask will be set as 255.255.255.254(/31), and the gateway IP address will be recalculated.
Cellular Settings SIM Card Preferred SIM Card LTE/3G Optimal Network Discovery Indicate which SIM card this cellular WAN will use. Only applies to cellular WAN with redundant SIM cards. If both cards were enabled on the above field, then you can designate the priority of the SIM card slots here. This drop-down menu allows restricting cellular to particular band. Click the enable the selection of specific bands.
Band Selection When set to Auto, band selection allows for automatically connecting to available, supported bands (frequencies) . When set to Manual, you can manually select the bands (frequencies) the SIM will connect to. Data Roaming This checkbox enables data roaming on this particular SIM card. When data roaming is enabled this option allows you to select in which countries the SIM has a data connection. The option is configured by using MMC (country) codes.
If signal threshold is defined, this connection will be treated as down when a weaker than threshold signal is determined. The following values are used by the threshold scale: To define the threshold manually using specific signal strength values, please click on the question Mark and the following field will be visible.
Default: Auto MTU This field is for specifying the Maximum Transmission Unit value of the WAN connection. An excessive MTU value can cause file downloads stall shortly after connected. You may consult your ISP for the connection's MTU value. Default value is 1440. This field is for specifying the Maximum Segment Size of the WAN connection. When Auto is selected, MSS will be depended on the MTU value. When Custom is selected, you may enter a value for MSS.
Hostname (Optional) If your service provider's DHCP server requires you to supply a hostname value upon acquiring an IP address, you may enter the value here. If your service provider does not provide you with a hostname, you can safely bypass this option. Each ISP may provide a set of DNS servers for DNS lookups. This setting specifies the DNS (Domain Name System) servers to be used when a DNS lookup is routed through this connection.
Health Check Settings To ensure traffic is routed to healthy WAN connections only, the Peplink Balance can periodically check the health of each WAN connection. Health Check settings for each WAN connection can be independently configured via Network>Interfaces>WAN>*Connection name*>Health Check Settings. Enable Health Check by selecting PING, DNS Lookup, or HTTP from the Health Check Method dropdown menu. Health Check Settings Method This setting specifies the health check method for the WAN connection.
DNS Servers tested via DNS Lookup. If Use first two DNS servers as Health Check DNS Servers is checked, the first two DNS servers will be the DNS lookup targets for checking a connection's health. If the box is not checked, Host 1 must be filled, while a value for Host 2 is optional. If Include public DNS servers is selected and no response is received from all specified DNS servers, DNS lookups will also be issued to some public DNS servers.
Other Health Check Settings This setting specifies the timeout in seconds for ping/DNS lookup requests. The default timeout is 5 seconds. Timeout Health Check Interval This setting specifies the time interval in seconds between ping or DNS lookup requests. The default health check interval is 5 seconds. Health Check Retries This setting specifies the number of consecutive ping/DNS lookup timeouts after which the Peplink Balance will treat the corresponding WAN connection as down.
Bandwidth Allowance Monitor Settings Bandwidth Allowance Monitor Action Start Day Monthly Allowance If Email Notification is enabled, you will be notified by email when usage hits 75% and 95% of the monthly allowance. If Disconnect when usage hits 100% of monthly allowance is checked, this WAN connection will be disconnected automatically when the usage hits the monthly allowance.
Additional Public IP Settings IP Address List IP Address List represents the list of fixed Internet IP addresses assigned by the ISP in the event that more than one Internet IP address is assigned to this WAN connection. Enter the fixed Internet IP addresses and the corresponding subnet mask, and then click the Down Arrow button to populate IP address entries to the IP Address List. Dynamic DNS Settings Peplink Balance routers allow registering domain name relationships to dynamic DNS service providers.
Dynamic DNS Settings Service Provider This setting specifies the dynamic DNS service provider to be used for the WAN. Supported providers are: ● changeip.com ● dyndns.org ● no-ip.org ● tzo.com ● DNS-O-Matic ● Others… support custom Dynamic DNS servers by entering its URL. Works with any service compatible with DynDNS API. Select Disabled to disable this feature.
7.2 LAN 7.2.1 Network Settings LAN interface settings are located at Network>LAN>Network Settings. Navigating to that page will show the following dashboard: This represents the LAN interfaces that are active on your router (including VLAN). A grey “X” means that the VLAN is used in other settings and cannot be deleted. You can find which settings are using the VLAN by hovering over the grey “X”. Alternatively, a red “X” means that there are no settings using the VLAN.
Network Settings Name VLAN ID Enter a name for the LAN. Enter a number for your VLAN. Inter-VLAN routing Check this box to enable routing between virtual LANs. Layer 2 PepVPN Bridging PepVPN Profiles to Bridge The remote network of the selected PepVPN profiles will be bridged with this local LAN, creating a Layer 2 PepVPN, they will be connected and operate like a single LAN, and any broadcast or multicast packets will be sent over the VPN.
DHCP Option 82 Click on the question Mark if you want to enable DHCP Option 82. This allows the device to inject Option 82 with Router Name information before forwarding the DHCP Request packet to a PepVPN peer, such that the DHCP Server can identify where the request originates from.
BOOTP Extended DHCP Option DHCP Reservation Check this box to enable BOOTP on older networks that still require it. In addition to standard DHCP options (e.g., DNS server address, gateway address, subnet mask), you can specify the value of additional extended DHCP options, as defined in RFC 2132. With these extended options enabled, you can pass additional configuration information to LAN hosts. To define an extended DHCP option, click the Add button, choose the option to define and enter its value.
DHCP Relay Settings DHCP Relay Enter the address of the DHCP server here. DHCP requests will be relayed to it. DHCP Server IP Address DHCP requests from the LAN are relayed to the entered DHCP server. For active-passive DHCP server configurations, enter active and passive DHCP server IPs into the DHCP Server 1 and DHCP Server 2 fields. DHCP Option 82 This feature includes device information as relay agent for the attached client when forwarding DHCP requests from a DHCP client to a DHCP server.
are considered as remote connections), you can define Virtual Network Mapping to resolve it. Note: OSPF & RIPv2 settings should be updated as well to avoid advertising conflicted network. See: https://youtu.be/C1FMdZCn3Z8 Virtual Network Mapping One-to-One NAT Many-to-One NAT Every IP Address in the Local Network has a corresponding unique Virtual IP Address for NAT. Traffic originating from the Local Network to remote connections will be SNAT'ed and behave like coming from the defined Virtual Network.
DNS Proxy Settings Enable To enable the DNS proxy feature, check this box, and then set up the feature at Network>LAN>DNS Proxy Settings. A DNS proxy server can be enabled to serve DNS requests originating from LAN/PPTP/SpeedFusionTM peers. Requests are forwarded to the DNS servers/resolvers defined for each WAN connection. DNS Caching This field is to enable DNS caching on the built-in DNS proxy server.
Domain Lookup Policy DNS ResolversA A DNS proxy will look up the domain names defined here using only the specified connections. Check the box to enable the WINS server. A list of WINS clients will be displayed at Network>LAN>DNS Proxy Settings>DNS Resolvers. This field specifies which DNS resolvers will receive forwarded DNS requests. If no WAN/VPN/LAN DNS resolver is selected, all of the WAN’s DNS resolvers will be selected.
Enable drop-in mode using the Setup Wizard. After enabling this feature and selecting the WAN for dropin mode, various settings, including the WAN's connection method and IP address, will be automatically updated. When drop-in mode is enabled, the LAN and the WAN for drop-in mode ports will be bridged. Traffic between the LAN hosts and WAN router will be forwarded between the devices. In this case, the hosts on both sides will not notice any IP or MAC address changes.
Please refer to Section 12, Drop-in Mode for details. WAN for DropIn Mode Select the WAN port to be used for drop-in mode. If WAN 1 with LAN Bypass is selected, the high availability feature will be disabled automatically. Shared Drop-In IPA When this option is enabled, the passthrough IP address will be used to connect to WAN hosts (email notification, remote syslog, etc.).
7.3 VPN 7.3.1 SpeedFusion Peplink Balance SpeedFusionTM Bandwidth Bonding is our patented technology that enables our SD-WAN routers to bond multiple Internet connections to increase site-to-site bandwidth and reliability. SpeedFusion securely connects one or more branch offices to your company's main headquarters or to other branches. The data, voice, and video communications between these locations are kept confidential across the public Internet.
SpeedFusion Profiles This table displays all defined profiles. Click the New Profile button to create a new profile for making a VPN connection to a remote unit via available WAN connections. Each pair of VPN connection requires its own profile. The local LAN subnet and subnets behind the LAN (defined under Static Route on the LAN Settings page) will be advertised to the VPN. All VPN members will be able to route to local subnets.
Link Failure Detection The bonded VPN can detect routing failures on the path between two sites over each WAN connection. Failed WAN connections will not be used to route VPN traffic. Health check packets are sent to the remote unit to detect any failure. The more frequently checks are sent, the shorter the detection time, although more bandwidth will be consumed. When Recommended (default) is selected, a health check packet is sent every five seconds, and the expected detection time is 15 seconds.
A list of defined SpeedFusion connection profiles and a Link Failure Detection Time option will be shown. Click the New Profile button to create a new VPN connection profile for making a VPN connection to a remote Peplink Balance via the available WAN connections. Each profile is for making a VPN connection with one remote Peplink Balance. PepVPN Profile Settings This field is for specifying a name to represent this profile.
session key will be further protected by the pre-shared key. The connection will be up only if the pre-shared keys on each side match. When the peer is running firmware 5.0+, this setting will be ignored. Enter Remote IDs either by typing out each Remote ID and Pre-shared Key, or by pasting a CSV. If you wish to paste a CSV, click the setting. Remote ID/Remote Certificate Allow Shared Remote ID NAT Mode icon next to the “Remote ID / Preshared Key” These optional fields become available when X.
Normal - The total bandwidth consumption will be at most 2x of the original data traffic. Medium - The total bandwidth consumption will be at most 3x of the original data traffic. High - The total bandwidth consumption depends on the number of connected active tunnels. A - Advanced feature, please click the button on the top right-hand corner to activate. To enable Layer 2 Bridging between PepVPN profiles, navigate to Network>LAN>*LAN Profile Name* 8.
7.3.2 IPsec VPN All Peplink products can make multiple IPsec VPN connections with Peplink routers, as well as Cisco and Juniper routers. Note that all LAN subnets and the subnets behind them must be unique. Otherwise, VPN members will not be able to access each other. All data can be routed over the VPN with a selection of encryption standards, such as 3DES, AES-128, and AES-256. To configure, navigate to Network>Interfaces>IPsec VPN.
https://www.peplink.
IPsec VPN Settings Name This field is for specifying a local name to represent this connection profile. Active When this box is checked, this IPsec VPN connection profile will be enabled. Otherwise, it will be disabled. Connect Upon Disconnection of Check this box and select a WAN to connect to this VPN automatically when the specified WAN is disconnected. To activate this function, click the button next to the “Active” option.
Pre-shared Key This defines the peer authentication pre-shared key used to authenticate this VPN connection. The connection will be up only if the pre-shared keys on each side match. Remote Certificate (pem encoded) Available only when X.509 Certificate is chosen as the Authentication method, this field allows you to paste a valid X.509 certificate. Local ID In Main Mode, this field can be left blank.
7.4 Outbound Policy Outbound policies for managing and load balancing outbound traffic are located at Network>Outbound Policy. Click the button beside the Outbound Policy box: A selection menu will appear, giving you the choice between three different Outbound Policy Settings: Outbound Policy Settings High Application Compatibility Outbound traffic from a source LAN device is routed through the same WAN connection regardless of the destination Internet IP address and protocol.
To rearrange the priority of outbound rules, drag and drop them into the desired sequence. By default, Auto is selected as the Default Rule. You can select Custom to change the algorithm to be used. Please refer to the upcoming sections for the details on the available algorithms. To create a custom rule, click Add Rule at the bottom of the table. https://www.peplink.
New Custom Rule Settings Service Name Enable This setting specifies the name of the outbound traffic rule. This setting specifies whether the outbound traffic rule takes effect. When Enable is checked, the rule takes effect: traffic is matched and actions are taken by the Pepwave router based on the other parameters of the rule. When Enable is unchecked, the rule does not take effect: the Pepwave router disregards the other parameters of the rule.
domain name in the middle. If you enter foobar.*, for example, www.foobar.com, www.foobar.co.jp, or foobar.co.uk will also match. Placing wildcards in any other position is not supported. NOTE: if a server has one Internet IP address and multiple server names, and if one of the names is defined here, access to any one of the server names will also match this rule. Protocol and Port Algorithm This setting specifies the IP protocol and port of traffic that matches this rule.
Expert Mode is available on some Pepwave routers for use by advanced users. To enable the feature, click on the help icon and click turn on Expert Modeį In Expert Mode, a new special rule, SpeedFusionTM Routes, is displayed in the Custom Rules table. This rule represents all SpeedFusionTM routes learned from remote VPN peers. By default, this bar is on the top of all custom rules. This position means that traffic for remote VPN subnets will be routed to the corresponding VPN peer.
Total weight is 60 = (10 +10 + 10 + 10 + 10 + 10). Matching traffic distributed to Ethernet WAN1 is 16.7% = (10 / 60 x 100%. Matching traffic distributed to Ethernet WAN2 is 16.7% = (10 / 60) x 100%. Matching traffic distributed to Wi-Fi WAN is 16.7% = (10 / 60) x 100%. Matching traffic distributed to Cellular 1 is 16.7% = (10 / 60) x 100%. Matching traffic distributed to Cellular 2 is 16.7% = (10 / 60) x 100%. Matching traffic distributed to USB is 16.7% = (10 / 60) x 100%.
using the sliders. Algorithm: Enforced This setting specifies the WAN connection usage to be applied on the specified IP protocol and port. This setting is applicable only when Algorithm is set to Enforced. Matching traffic will be routed through the specified WAN connection, regardless of the health check status of the WAN connection. Outbound traffic can be also be enforced to go through a specified SpeedFusionTM connection.
Algorithm: Overflow The traffic matching this rule will be routed through the healthy WAN connection that has the highest priority and is not in full load. When this connection gets saturated, new sessions will be routed to the next healthy WAN connection that is not in full load. Drag and drop to specify the order of WAN connections to be used for routing traffic. Only the highest priority healthy connection that is not in full load will be used.
an IP session is made. Algorithm: Lowest Latency The traffic matching this rule will be routed through the healthy WAN connection that is selected in Connection and has the lowest latency. Latency checking packets are issued periodically to a nearby router of each WAN connection to determine its latency value. The latency of a WAN is the packet round trip time of the WAN connection. Additional network usage may be incurred as a result.
The Fastest response Time algorithm works as follows: When a network session is created, the first outgoing packet of that particular session is duplicated to all the available WANs. When the first response is received from a remote server, any further traffic for this session will be routed over that particular WAN connection for the fastest possible response time. If any slower responses are received on other connections afterwards, they will be discarded. 7.
servers in the weight ratio specified for each server. To define a new server, click Add Server, which displays the following screen: Enter a valid server name and its corresponding LAN IP address. Upon clicking Save after entering required information, the following screen appears. To define additional servers, click Add Server and repeat the above steps. 7.5.2 Services Services are defined at Network>Inbound Access>Services. Tip At least one server must be defined before services can be added.
Services Settings Enable Service Name IP Protocol Port This setting specifies whether the inbound service rule takes effect. When Yes is selected, the inbound service rule takes effect. If the inbound traffic matches the specified IP protocol and port, action will be taken by the Peplink Balance based on the other parameters of the rule. When No is selected, the inbound service rule does not take effect. The Peplink Balance will disregard the other parameters of the rule.
forwarded to the servers specified by the Servers setting. For example, if IP Protocol is set to TCP and Port is set to Any Port, then all TCP traffic will be forwarded to the configured servers. Single Port: traffic that is received by the Peplink Balance via the specified protocol at the specified port is forwarded via the same port to the servers specified by the Servers setting.
connections' default IP address will be forwarded. Check the corresponding box(es) to enable UPnP and/or NAT-PMP. Enable these features only if you trust the computers connected to the LAN ports. When the options are enabled, a table listing all the forwarded ports under these two protocols can be found at Network>Services>UPnP / NAT-PMP. 7.5.3 DNS Settings The built-in DNS server functionality of the Peplink Balance facilitates inbound load balancing.
DNS Servers Zone Transfer This setting specifies the WAN IP addresses on which the DNS server of the Peplink Balance should listen. If no addresses are selected, the inbound link load balancing feature will be disabled and the Peplink Balance will not respond to DNS requests.
This page is for defining the domain’s SOA, NS, MX, CNAME, A, TXT, and SRV records. Seven tables are presented in this page for defining the five types of records. SOA Records https://www.peplink.
Click on the icon to choose whether to use the pre-defined default SOA record and NS records. If the option Use Default SOA and NS Records is selected, any changes made in the default SOA/NS records will be applied to this domain automatically. Otherwise, select the option Customize SOA Record for this domain to customize this domain's SOA and NS records. This table displays the current SOA record.
● ● ● ● ● ● registrar. If this field is entered, a corresponding A record for the name server will be created automatically. If it is left blank, the A record for the name server must be created manually. E-mail: Defines the e-mail address of the person responsible for this zone. Note: format should be mailbox-name.domain.com, e.g., hostmaster.example.com. Refresh: Indicates the length of time (in seconds) when the slave will try to refresh the zone from the master.
When creating an MX record for the domain itself (not a sub-domain), the Host field should be left blank. For each record, Priority and Mail Server name must be entered. Priority typically ranges from 10 to 100. Smaller numbers have a higher a priority. After finishing adding MX records, click the Save button. CNAME Records The CNAME Record table shows the domain’s CNAME records. To add a new CNAME record, click the New CNAME Records button in the CNAME Record box.
A record may be automatically added for the SOA records with a name server IP address provided. A Record Host Name This field specifies the A record of this sub-domain to be served by the Peplink Balance. The wildcard character “*” is supported. The IP addresses of “*.domain.name" will be returned for every name ending with ".domain.name" except names that have their own records. TTL This setting specifies the time to live of this record in external DNS caches.
WAN can be entered into the Custom IP list. A PTR record is also created for each custom IP. For WAN connections that operate under drop-in mode, there may be other routable IP addresses in addition to the default IP address. Therefore, the Peplink Balance allows custom Internet IP addresses to be added manually via filling the text box on the right-hand side and clicking the button. Only the checked IP addresses in the lists are candidates to be returned when responding to a DNS query.
When creating a TXT record for the domain itself (not a sub-domain), the Host field should be left blank. The maximum size of the TXT Value is 255 bytes. After editing the five types of records, you can leave the page by simply going to another section of the web admin interface. SRV Records To add a new SRV record, click the New SRV Record button in the SRV Records box. ● ● ● ● ● Service: The symbolic name of the desired service.
