USER MANUAL Peplink Balance Series Send All Traffic To This featureenables you to prioritize the WAN connections used by this VPN profile. 13.2 IPsec Status IPsec Status shows the current connection status ofeach connection profile and is displayed atStatus > IPsec VPN. http://www.peplink.
USER MANUAL Peplink Balance Series 14 Outbound Policy Management The Peplink Balance canflexibly manage and load balance outbound traffic among WAN connections. Important Note Outbound policy is applied only when more than one WAN connection is active. The settings for managing and load balancing outbound traffic are located at Network> Outbound Policy. Outbound policies for managing and load balancing outbound traffic are located at Network > Outbound Policy>click on http://www.peplink.
USER MANUAL Peplink Balance Series 14.1 Outbound Policy There are three main selections for the outbound traffic policy: High Application Compatibility Normal Application Compatibility Custom Outbound Policy Settings High Application Compatibility Normal Application Compatibility Custom Outbound traffic from a source LAN device is routed through the same WAN connection regardless of the destination Internet IP address and protocol. This option provides the highest application compatibility.
USER MANUAL Peplink Balance Series 14.2 Custom Rules for Outbound Policy Click in the Outbound Policy form.Choose Custom and press the Savebutton.The followingscreen will then be displayed: The bottom-most rule is Default. Edit this rule to change the device’s default manner ofcontrolling outbound traffic for all connections that donot match any of the rules above it. Under the Service he–– ading,Defaultto change thesesettings.
USER MANUAL Peplink Balance Series New Custom Rule Settings Service Name This setting specifies the name of the outbound traffic rule. Enable This setting specifies whether the outbound traffic rule takes effect.When Enable is checked, the rule takes effect: traffic is matched and actions are takenby the Peplink Balance based on the other parameters of the rule.When Enable is unchecked, the rule does not take effect: the PeplinkBalance disregards the other parameters of the rule.
USER MANUAL Peplink Balance Series This setting specifies the behavior of the Peplink Balance for the custom rule. One of the following values can be selected: Algorithm Weighted Balance Persistence Enforced Priority Overflow Least Used (not applicable to Balance 20/30/30 LTE) Lowest Latency (not applicable to Balance 20/30/30 LTE) The upcoming sections detail the listed algorithms.
USER MANUAL Peplink Balance Series address change. The Peplink Balance can be configured to distribute data traffic across multiple WAN connections. Also, the Internet IP depends on the WAN connections over which communication actually takes place. As a result, a LAN client computer behind the Peplink Balance may communicate using multiple Internet IP addresses.
USER MANUAL Peplink Balance Series highest priority WAN connection available will always be used for routing the specified type of traffic. A lower priority WAN connection will be used only when all higher priority connections have become unavailable. Starting from Firmware 5.2, outbound traffic can be prioritized to go through SpeedFusionTMconnection(s). By default, VPN connections are not included in the priority list.
USER MANUAL Peplink Balance Series The traffic matching this rule will be routed through the healthy WAN connection that is selected in Connection and has the lowest latency. Latency checking packets are issued periodically to a nearby router of each WAN connection to determine its latency value. The latency of a WAN is the packet round trip time of the WAN connection. Additional network usage may be incurred as a result.
USER MANUAL Peplink Balance Series 15 Inbound Access Inbound access is also known as inbound port address translation. On NAT WAN connection, all inbound traffic to the server behind the Peplink unit requires inbound access rules. By the custom definition of servers and services for inbound access,Internet users can access the servers behind PeplinkBalance. Advanced configurations allow inbound access to be distributed among multiple servers on the LAN.
USER MANUAL Peplink Balance Series The IP Protocol setting, along with the Port setting, specifies the protocol of the service as TCP, UDP, ICMP, or IP.Traffic that is received by the Peplink Balance via the specified protocol at the specified port(s) is forwarded to the LAN hosts specified by the Servers setting. IP Protocol Please seebelow for details on the Port and Servers settings.
USER MANUAL Peplink Balance Series The settings to configure servers on the LAN are located at Network> Inbound Access > Servers. Inbound connections from the Internet will be forwarded to the specified Inbound IP address(es) based on the protocol and port number.When more than one server is defined, requests will be distributed to the servers in the weight ratio specified for each server.
USER MANUAL Peplink Balance Series 15.3 Inbound Access Services 15.3.1 Definition of Services Services are defined at:Network> Inbound Access > Services Tip At least one server must be definedbefore services can be added. To define a new service, click the Add Servicebutton, upon which the following menu appears: Services Settings This setting specifies whether the inbound service rule takes effect. Enable When Yes is selected, the inbound service rule takes effect.
USER MANUAL Peplink Balance Series Upon choosing a protocol, the Protocol Selection Tool drop-down menu can be used to automatically the Port information of common Internet services (e.g. HTTP, HTTPS, etc.). After selecting an item from the Protocol Selection Tool drop-down menu, the Protocol and the Port number will remain manually modifiable.
USER MANUAL Peplink Balance Series · demo_server_1: 10 · demo_server_2: 5 The total weight is 15 = (10 + 5) Matching traffic distributed to demo_server_1:67% = (10 / 15) x 100% Matching traffic distributed to demo_server_2:33% = (5 / 15) x 100% 15.3.2 UPNP / NAT-PMP SETTINGS UPnP and NAT-PMP are network protocols which allow a computer connected tothe LAN port to automatically configure the router to allow parties on the WAN port to connect to itself.
USER MANUAL Peplink Balance Series DNS Settings This setting specifies the WAN IP addresses on which the DNS server of the Peplink Balance should listen. If no addressesare selected, the Inbound Link Load Balancing feature will be disabled andthe Peplink Balance will not respond to DNS requests.
USER MANUAL Peplink Balance Series the list can be selected by holding CTRL and clicking on the items.) Click Save to save the settings when configuration is complete. This setting specifies the IP address(es) of the secondary DNS server(s)authorized to retrieve zone records from the DNS server of the Peplink Balance. The zone transfer server of the Peplink Balance listens on TCP Port 53.
USER MANUAL Peplink Balance Series “CNAME”records.Add a new record by clicking the New Domain Name button. Click on a domain name to edit. Press to remove a domain name. 15.3.4 Creating DNS Records To create new DNS records for a domain, perform the following steps: From Network> Inbound Access > DNS Settings, click New Domain Namein the Domain Name field.
USER MANUAL Peplink Balance Series 15.3.5 SOARecords Click on the icon to choose whether to use the pre-defined Default SOA Record and NS Records. If the option Use Default SOA and NS Records is selected, any changes made in the Default SOA/NS Records will be applied to this domain automatically. Otherwise, select the option Customize SOA Record for this domain to customize this domain's SOA and NS records. This table displays the current SOA record.
USER MANUAL Peplink Balance Series Retry: Defines the duration (in seconds)between retries if the slave (secondary) fails to contact the master and the Refresh (above) has expired. Expire: Indicates the time (in seconds) when the zone data is no longer authoritative. This option applies to Slave DNS servers only. Min Time: Is the negative caching time which defines the time (in seconds) after an error record is cached.
USER MANUAL Peplink Balance Series For each record, PriorityandMail Server name must be entered.Priority typically ranges from 10 to 100. Smaller numbers have a higher a priority. After finishing adding MX records, click the Save button. 15.3.8 CNAME Records The CNAME Record table shows the domain’s CNAME records. To add a newCNAME record, click theNew CNAME Recordsbutton in the CNAME Record box.
USER MANUAL Peplink Balance Series A record may be automatically added for the SOA records with a Name Server IP Address provided. A Record Host Name This field specifies the A record of this sub-domain to be served by the Peplink Balance. The wildcard character “*” is supported. The IP addresses of “*.domain.name" will be returned for every name ending with ".domain.name" except names that have their own records. This setting specifies the time to live of this record in external DNS caches.
USER MANUAL Peplink Balance Series specified by Host Name. The IP addresses listed in each box asdefault are the Internet IP addresses associated with each of the WAN connections. Static IP addresses that are not associated with any WAN can be entered into the Custom IP list. A PTR record is also created for each Custom IP. For WAN connections that operate under Drop-in mode, there may be other routable IP addresses in addition to the default IP address.
USER MANUAL Peplink Balance Series 15.3.11 TXT Records This table shows the TXT record of the domain name. To add a newTXT record, click theNew TXT Recordbutton in the TXT Records box.Click the Editbutton to edit the record. The time-to-live value and the TXT record’s value can be entered. Click the Save button to finish. When creating a TXT record for the domain itself (not a sub-domain), the Host field should be left blank. The maximum size of the TXT Value is 255 bytes.
USER MANUAL Peplink Balance Series Domain Delegation These are the steps to follow when you host your domain at anISP or domain registrar, and want to delegate a subdomain to be resolved and managed by the Peplink Balance. · Click New Domain Name button to add a domain name.e.g.www.mycompany.com. Click the corresponding domain name to view and edit record details. · Create SOA/NS records named ns1, ns2, etc. The IP addresses are the Balance’s DNS server addresses.
USER MANUAL Peplink Balance Series If ISC BIND 8 or 9 is being utilized in the zone file mycompany.com, then add the following lines: www IN NS balancewan1 www IN NS balancewan2 balancewan1 IN A 202.153.122.108 balancewan2 IN A 67.38.212.18 202.153.122.108 and 67.38.212.18 represent the WAN1 and WAN2 Internet IP addresses of the Peplink Balance, respectively. The values of the IP addresses are fictitious and for illustration only.
USER MANUAL Peplink Balance Series 15.4 Reverse Lookup Zones Reverse lookup Zones can be configured in Network > Inbound Access > DNS Settings. Reverse lookup refers to performing a DNS query to find one or more DNS names associated with a given IP address. The DNS stores IP addresses in the form of specially formatted names as pointer (PTR) records using special domains/zones. The zone is in-addr.arpa.
USER MANUAL Peplink Balance Series 15.4.1 SOA Record You can click the link Click here to define SOA record to create or click on the Name Server field to edit the SOA record. To define a SOA record, fill out the fields:Name Server, Name Server IP Address (optional), Email, Refresh, Retry, Expire, Min Time, and TTL. Name Server: Enter the NS record's FQDN server name here. For example: "ns1.mydomain.com" (equivalent to "www.1stdomain.com.") "ns2.mydomain.com.
USER MANUAL Peplink Balance Series 15.4.3 CNAME Records To create a new CNAME record, click the New CNAME Record button. CNAME records are typically used for defining classless reverse lookup zones. Subnetted reverse lookup zones are further described in RFC 2317, "Classless IN-ADDR.ARPA delegation." 15.4.4 PTR Records To create a new PTR record, click the New PTR Record button. For Host IP Number field, enter the last integer in the IP address of a PTR record. E.g. for the IP address 11.22.33.
USER MANUAL Peplink Balance Series 15.5 DNS Record Import Wizard At the bottom of the DNS Settings page, the link Import records via zone transfer…is used to import DNS record using an Import Wizard. · Select Next>> to continue. · In the Target DNS Server IP Addressfield, enter the IP address of the DNS server. · In the Transfer via…field, choose the connection which you would like to transfer through. · Select Next>>to continue. http://www.peplink.
USER MANUAL Peplink Balance Series · · In the blank space, enter the Domain Names (Zones) which you would like to assign the IP address entered in the previous step. Enter one domain name per line. Select Next>>to continue. Important Note If you have entered domain(s) which already exist in your settings, a warning message will appear. Select Next>>to overwrite the existing record, or <
USER MANUAL Peplink Balance Series After the zone records process have been fetched, the fetch results would be shown as above. You can view import details by clicking the corresponding hyperlink on the right hand side. http://www.peplink.
USER MANUAL Peplink Balance Series http://www.peplink.
USER MANUAL Peplink Balance Series 16 NAT Mappings The Peplink Balance allows the IP address mapping of all inbound and outbound NAT’edtraffic to and from an internal client IP address. NAT Mappings can be configured at:Network>NAT Mappings To add a rule for NAT Mappings, clickAdd NAT Ruleand the following screen will be displayed: NAT Mapping Settings LAN Client(s) NAT Mapping rules can be defined for a single LAN IP Address, an IP Range, or an IP Network.
USER MANUAL Peplink Balance Series Network The IP network refers to all private IP addresses and ranges managed by the LAN host. The system maps these addresses to a number of public IP addresses(specified below) to facilitate outbound traffic. This option is only available when IP Network is selected. Inbound Mappings This setting specifies the WAN connections and corresponding WAN-specific Internet IP addresses on which the system should bind.
USER MANUAL Peplink Balance Series 17 Captive Portal The Captive Portal serves as gateway that clients have to pass if they wish to access the internet using your router. To configure, navigate to Network >Captive Portal to see the following screen: Captive Portal Settings Clicking the edit button trigger a dialogue where you can choose which LAN / VLAN to apply your captive portal. Apply On Click all LAN / VLAN that you wish to apply the captive portal to.
USER MANUAL Peplink Balance Series This authenticates your clients through a LDAP Server. Upon selecting this option, you will see the following fields: LDAP Server Fill in the necessary information to complete your connection to the server and enable authentication. Access Quota Set a time and data cap to each user’s Internet usage. Quota Reset Time This menu determines how your usage quota resets. Setting it to daily will reset it at a specified time every day.
USER MANUAL Peplink Balance Series Portal Customization Logo Image Message Terms & Conditions Custom Landing Page Click the Choose File button to select an logo to use for the built-in portal If you have any additional messages for your users, place it on this field. If you would like to use your own set of terms and conditions, please place it here. If left empty, the built-in portal will display the default terms and conditions. Fill in this field to redirect clients to an external URL.
USER MANUAL Peplink Balance Series QoS 18.1.1 User Groups (Available on Peplink Balance 305 and 380+) LAN and PPTP clients can be categorized into three user groups - Manager, Staff, and Guest.This menu allows you to define rules and assign client IP addresses or subnets to a user group. You can apply different bandwidth and traffic prioritization policies on each user group in the BandwidthControl and Application sections.
USER MANUAL Peplink Balance Series 18.1.2 Bandwidth Control (Group Bandwidth Reservation Available on Peplink Balance 305 and 380+) This section is to define how much minimum bandwidth will be reserved to each user group when a WAN connection is in full load.When this feature is enabled, a slider with two indicators will be shown. You can move the indicators to adjust each group's weighting. The lower part of the table shows the corresponding reserved download and uploads bandwidth value of each connection.
USER MANUAL Peplink Balance Series 18.1.3 Application 18.1.3.1 Application Prioritization You can choose whether to apply the same Prioritization settings to all user groups or customize the settings for each group. Three priority levels can be set for application prioritization: ɥHigh,ʈ Normal, andɧLow. The Peplink Balance can detectvarious application traffics by inspecting the packets' content. Select an application by choosing a supported application, or by defining a custom application manually.
USER MANUAL Peplink Balance Series Categoryand Applicationavailability will be different across different models of Peplink Balance. 18.1.3.3 DSL/Cable Optimization DSL/cable-based WAN connectionshave lower upload bandwidth and higher download bandwidth. When a DSL/cable circuit's uplink is congested, the download bandwidth will be affected. Users will not be able to download data at full speed until the uplink becomes less congested.DSL/Cable Optimization can relieve such an issue.
USER MANUAL Peplink Balance Series 19 Firewall A firewall is a mechanism that selectively filters data traffic between the WAN side (the Internet) and the LAN side of the network.It can protect the local network from potential hacker attacks,access to offensive Web sites, and/or other inappropriate uses.
USER MANUAL Peplink Balance Series The Inbound firewall settings are located at:Network > Firewall> Access Rules Once you click on Add Rule http://www.peplink.com the following window will appear.
USER MANUAL Peplink Balance Series Inbound / Outbound Firewall Settings Rule Name This setting specifies a name for the firewall rule. This setting specifies whether the firewall rule should take effect. Enable If the box is checked, the firewall rule takes effect. If the traffic matches the specified Protocol/IP/Port, actions will be taken by Peplink Balance based on the other parameters of the rule. If the box is not checked, the firewall rule does not take effect.
USER MANUAL Peplink Balance Series · Source IP & Port · Destination IP & Port With the value of Allow for the Action setting, the matching traffic passes through the router (to be routed to the destination). If the value of the Action setting is set to Deny, the matching traffic does not pass through the router (and is discarded). This setting specifies whether or not to log matched firewall events. The logged messages are shown on the page Status > Event Log.
USER MANUAL Peplink Balance Series To changea rule’s priority, simply drag and drop the rule: · Holdthe left mouse button on the rule. · Move it to the desired position. · Drop it by releasing the mouse button. To remove a rule, click the button. Rules are matched from top to the bottom.If a connection matches any one of the upper rules, the matching process will stop. If none of the rules match the connection, the Default rule will be applied.
USER MANUAL Peplink Balance Series 19.1.1.1 Intrusion Detection and DoS Prevention The Balance can detect and prevent intrusions and Denial-of-Service (DoS) attacks from the Internet. To turn on this feature, click , check the Enablecheck box for the Intrusion Detection and DoS Preventionand press the Savebutton. When this feature is enabled, the Balance will detect and prevent the following kinds of intrusions and denial-of-service attacks.
USER MANUAL Peplink Balance Series 19.1.2 Web Blocking (Available on Peplink Balance 305 and 380+) 19.1.2.1 Web Blocking Enter an appropriate website address and Peplink Balance will block and disallow TM LAN/PPTP/SpeedFusion peer clients to access these websites. Exception can be added in the following sections - and . You may enter the wild card ".*" at the end of a domain name to block any web site with a host name having the domain name in the middle. For example, If you enter "foobar.*," then "www.
USER MANUAL Peplink Balance Series 20 OSPF & RIPv2 The Balance Router supports OSPF and RIPv2 dynamic routing protocols. Click the Network tab from the top bar, and click the OSPF & RIPv2 item on the side bar to reach the following menu: OSPF Router ID This field determines the ID of the router. By default, this is specified as the LAN IP address. If you want to specify your own ID, enter it on the Custom field. This is an overview of the OSPF areas you have defined.
