Pepwave MAX and Surf User Manual 16 Inbound Access 16.1 Port Forwarding Service Pepwave routers can act as a firewall that blocks, by default, all inbound access from the Internet. By using port forwarding, Internet users can access servers behind the Pepwave router. Inbound port forwarding rules can be defined at Advanced>Port Forwarding. To define a new service, click Add Service. Port Forwarding Settings Enable This setting specifies whether the inbound service takes effect.
Pepwave MAX and Surf User Manual The Port setting specifies the port(s) that correspond to the service, and can be configured to behave in one of the following manners: Any Port, Single Port, Port Range, Port Map, and Range Mapping Any Port: all traffic that is received by the Pepwave router via the specified protocol is forwarded to the servers specified by the Servers setting. For example, with IP Protocol set to TCP, and Port set to Any Port, all TCP traffic is forwarded to the configured servers.
Pepwave MAX and Surf User Manual 16.1.1 UPnP / NAT-PMP Settings UPnP and NAT-PMP are network protocols which allow a computer connected to the LAN port to automatically configure the router to allow parties on the WAN port to connect to itself. That way, the process of inbound port forwarding becomes automated. When a computer creates a rule using these protocols, the specified TCP/UDP port of all WAN connections' default IP address will be forwarded.
Pepwave MAX and Surf User Manual 17 NAT Mappings NAT mappings allow IP address mapping of all inbound and outbound NAT’dt raffic to and from an internal client IP address. Settings to configure NAT mappings are located at Advanced>NAT Mappings. To add a rule for NAT mappings, click Add NAT Rule. NAT Mapping Settings LAN Client(s) NAT mapping rules can be defined for a single LAN IP Address, an IP Range, or an IP Network. Address This refers to the LAN host’s private IP address.
Pepwave MAX and Surf User Manual Inbound Mappings This setting specifies the WAN connections and corresponding WAN-specific Internet IP addresses on which the system should bind. Any access to the specified WAN connection(s) and IP address(es) will be forwarded to the LAN host. This option is only available when IP Address is selected in the LAN Client(s) field. Note that inbound mapping is not needed for WAN connections in drop-in mode or IP forwarding mode.
Pepwave MAX and Surf User Manual 18 QoS 18.1 User Groups LAN and PPTP clients can be categorized into three user groups: Manager, Staff, and Guest. This menu allows you to define rules and assign client IP addresses or subnets to a user group. You can apply different bandwidth and traffic prioritization policies on each user group in the Bandwidth Control and Application sections (note that the options available here vary by model). The table is automatically sorted by rule precedence.
Pepwave MAX and Surf User Manual 18.2 Bandwidth Control You can define a maximum download speed (over all WAN connections) and upload speed (for each WAN connection) that each individual Staff and Guest member can consume. No limit can be imposed on individual Manager members. By default, download and upload bandwidth limits are set to unlimited (set as 0). 18.3 Application 18.3.
Pepwave MAX and Surf User Manual 18.3.2 Prioritization for Custom Applications Click the Add button to define a custom application. Click the button column to delete the custom application in the corresponding row. in the Action When Supported Applications is selected, the Pepwave router will inspect network traffic and prioritize the selected applications. Alternatively, you can select Custom Applications and define the application by providing the protocol, scope, port number, and DSCP value. 18.3.
Pepwave MAX and Surf User Manual 19 Firewall A firewall is a mechanism that selectively filters data traffic between the WAN side (the Internet) and the LAN side of the network. It can protect the local network from potential hacker attacks, access to offensive websites, and/or other inappropriate uses.
Pepwave MAX and Surf User Manual Click Add Rule to display the following screen: Inbound firewall settings are located at Advanced>Firewall>Access Rules>Inbound Firewall Rules. Click Add Rule to display the following screen: Rules are matched from top to bottom. If a connection matches any one of the upper rules, the matching process will stop. If none of the rules match, the Default rule will be applied. By default, the Default rule is set as Allow for both outbound and inbound access. http://www.
Pepwave MAX and Surf User Manual Inbound / Outbound Firewall Settings Rule Name Enable This setting specifies a name for the firewall rule. This setting specifies whether the firewall rule should take effect. If the box is checked, the firewall rule takes effect. If the traffic matches the specified protocol/IP/port, actions will be taken by the Pepwave router based on the other parameters of the rule. If the box is not checked, the firewall rule does not take effect.
Pepwave MAX and Surf User Manual This setting specifies whether or not to log matched firewall events. The logged messages are shown on the page Status>Event Log. A sample message is as follows: Aug 13 23:47:44 Denied CONN=Ethernet WAN SRC=20.3.2.1 DST=192.168.1.
Pepwave MAX and Surf User Manual 19.1.2 Apply Firewall Rules to PepVpn Traffic When this option is enabled, Outbound Firewall Rules will be applied to PepVPN traffic. To turn on this feature, click , check the Enable check box, and press the Save button. 19.1.3 Intrusion Detection and DoS Prevention Pepwave routers can detect and prevent intrusions and denial-of-service (DoS) attacks from the Internet. To turn on this feature, click , check the Enable check box, and press the Save button.
Pepwave MAX and Surf User Manual 19.2 Content Blocking 19.2.1 Application Blocking Choose applications to be blocked from LAN/PPTP/PepVPN peer clients' access, except for those on the Exempted User Groups or Exempted Subnets defined below. 19.2.2 Web Blocking Defines web site domain names to be blocked from LAN/PPTP/PepVPN peer clients' access except for those on the Exempted User Groups or Exempted Subnets defined below. http://www.pepwave.
Pepwave MAX and Surf User Manual If "foobar.com" is entered, any web site with a host name ending in foobar.com will be blocked, e.g. www.foobar.com, foobar.com, etc. However, "myfoobar.com" will not be blocked. You may enter the wild card ".*" at the end of a domain name to block any web site with a host name having the domain name in the middle. If you enter "foobar.*", then "www.foobar.com", "www.foobar.co.jp", or "foobar.co.uk" will be blocked.
Pepwave MAX and Surf User Manual OSPF Router ID Area This field determines the ID of the router. By default, this is specified as the LAN IP address. If you want to specify your own ID, enter it in the Custom field. This is an overview of the OSPFv2 areas you have defined. Click on the area name to configure it. To set a new area, click Add. To delete an existing area, click . OSPF Settings Area ID Link Type Authentication Interfaces Determine the name of your Area ID to apply to this group.
Pepwave MAX and Surf User Manual To access RIPv2 settings, click . RIPv2 Settings Authentication Interfaces Choose an authentication method, if one is used, from this drop-down menu. Available options are MD5 and Text. Enter the authentication key next to the drop-down menu. Determine which interfaces this group will use to listen to and deliver RIPv2 packets. 19.4 Remote User Access a Networks routed by a Peplink Balance can be remotely accessed via L2TP with IPsec or PPTP.
Pepwave MAX and Surf User Manual Remote User Access Settings Enable Click the checkbox to enable Remote User Access. VPN Type Determine whether remote devices can connect to the Balance using L2TP with IPsec or PPTP. For greater security, we recommend you connect using L2TP with IPsec. Preshared Key Enter your preshared key in the text field. Please note that remote devices will need this preshared key to access the Balance.
Pepwave MAX and Surf User Manual Miscellaneous Settings The miscellaneous settings include configuration for high availability, PPTP server, service forwarding, and service passthrough. 19.5 High Availability Many Pepwave routers support high availability (HA) configurations via an open standard virtual router redundancy protocol (VRRP, RFC 3768). In an HA configuration, two Pepwave routers provide redundancy and failover in a master-slave arrangement.
Pepwave MAX and Surf User Manual You can configure high availability at Advanced>Misc. Settings>High Availability. Interface for Master Router Interface for Slave Router High Availability Enable Checking this box specifies that the Pepwave router is part of a high availability configuration. Group Number This number identifies a pair of Pepwave routers operating in a high availability configuration. The two Pepwave routers in the pair must have the same Group Number value.
Pepwave MAX and Surf User Manual Important Note For Pepwave routers in NAT mode, the virtual IP (VIP) should be set as the default gateway for all hosts on the LAN segment. For example, a firewall sitting behind the Pepwave router should set its default gateway as the virtual IP instead of the IP of the master router. In drop-in mode, no other configuration needs to be set. Please note that the drop-in WAN cannot be configured as a LAN bypass port while it is configured for high availability. http://www.
Pepwave MAX and Surf User Manual 19.6 PPTP Server Pepwave routers feature a built-in PPTP server, which enables remote computers to conveniently and securely access the local network. PPTP server settings are located at Advanced>Misc. Settings>PPTP Server. Check the box to enable PPTP server functionality. All connected PPTP sessions are displayed at Status>Client List. Please refer to Section 22.3 for details. Note that available options vary by model. http://www.pepwave.
Pepwave MAX and Surf User Manual PPTP Server Settings Listen On This setting is for specifying the WAN connection(s) and IP address(es) that the PPTP server should listen on. Authentication This setting is for specifying the user database source for PPTP authentication. Three sources can be selected: Local User Accounts, LDAP Server, or RADIUS Server. Local User Accounts - User accounts are stored in the Pepwave router locally. You can add/modify/delete accounts in the User Accounts table.
Pepwave MAX and Surf User Manual after selecting Enable. Web Proxy Forwarding When this option is enabled, all outgoing connections destined for the proxy server specified in Web Proxy Interception Settings will be intercepted. These connections will be redirected to a specified web proxy server and port number. Web proxy interception settings and proxy server settings for each WAN can be specified after selecting Enable.
Pepwave MAX and Surf User Manual in outbound policy (see Section 14.2). 19.8.2 Web Proxy Forwarding When this feature is enabled, the Pepwave router will intercept all outgoing connections destined for the proxy server specified in Web Proxy Interception Settings, choose a WAN connection with reference to the outbound policy, and then forward them to the specified web proxy server and port number. Redirected server settings for each WAN can be set here.
Pepwave MAX and Surf User Manual 19.9 Service Passthrough Service passthrough settings can be found at Advanced>Misc. Settings>Service Passthrough. Some Internet services need to be specially handled in a multi-WAN environment. Pepwave routers can handle these services such that Internet applications do not notice being behind a multi-WAN router. Settings for service passthrough support are available here. Service Passthrough Support SIP Session initiation protocol, aka SIP, is a voice-over-IP protocol.
Pepwave MAX and Surf User Manual to route the traffic to. 19.10 GPS Forwarding Using the GPS forwarding feature, some Pepwave routers can automatically send GPS reports to a specified server. To set up GPS forwarding, navigate to Advanced>GPS Forwarding. GPS Forwarding Enable Check this box to turn on GPS forwarding. Server Enter the name/IP address of the server that will receive GPS data. Also specify a port number, protocol (UDP or TCP), and a report interval of between 1 and 10 seconds.
Pepwave MAX and Surf User Manual 20 AP Controller The AP controller acts as a centralized controller of Pepwave AP devices. With this feature, users can customize and manage multiple APs from a single Pepwave router interface. Special Note Each Pepwave router can control a limited number of routers without additional cost. To manage more, a Full Edition license is required. Please contact your Authorized Reseller or the Peplink Sales Team for more information and pricing details.
Pepwave MAX and Surf User Manual Current SSID information appears in the SSID section. To edit an existing SSID, click its name in the list. To add a new SSID, click Add. Note that the following settings vary by model. SSID Settings SSID Enable This setting specifies the SSID of the virtual AP to be scanned by Wi-Fi clients. Select Yes to enable the virtual AP. VLAN ID This setting specifies the VLAN ID to be tagged on all outgoing packets generated from this wireless network (i.e.
Pepwave MAX and Surf User Manual This setting specifies the transmit rate to be used for sending multicast network traffic. The selected Protocol and Channel Bonding settings will affect the rate options and values available here. Multicast RateA IGMP Snooping A To allow the Pepwave router to listen to internet group management protocol (IGMP) network traffic, select this option.
Pepwave MAX and Surf User Manual this method, select the appropriate version using the V1/V2 controls. The security level of this method is known to be very high. When WPA/WPA2- Personal is configured, a shared key is used for data encryption and authentication. When using this configuration, the Shared Key option should be enabled. Key length must be between eight and 63 characters (inclusive). The security level of this method is known to be high.
Pepwave MAX and Surf User Manual 20.2 Settings On many Pepwave models, the AP settings screen (AP>Settings) looks similar to the example below: AP Settings AP Profile Name This field specifies the name of this AP profile. SSID These buttons specify which wireless networks will use this AP profile. You can also select the frequencies at which each network will transmit. Please note that the Peplink Balance does not detect whether the AP is capable of transmitting at both frequencies.
Pepwave MAX and Surf User Manual Country follow. • If a North American region is selected, RF channels 1 to 11 will be available and the maximum transmission power will be 26 dBm (400 mW). • If European region is selected, RF channels 1 to 13 will be available. The maximum transmission power will be 20 dBm (100 mW). NOTE: Users are required to choose an option suitable to local laws and regulations. Per FCC regulation, the country selection is not available on all models marketed in US.
Pepwave MAX and Surf User Manual give your AP further instructions. Max number of ClientsA Client Signal Strength ThresholdA Beacon RateA This field determines that maximum signal strength each individual client will receive. The measurment unit is megawatts. This drop-down menu provides the option to send beacons in different transmit bit rates. The bit rates are 1Mbps, 2Mbps, 5.5Mbps, 6Mbps, and 11Mbps. Beacon IntervalA This drop-down menu provides the option to set the time between each beacon send.
Pepwave MAX and Surf User Manual Enable Check the box to allow the Pepwave router to manage the web admin access information of the AP. Web Access Protocol These buttons specify the web access protocol used for accessing the web admin of the AP. The two available options are HTTP and HTTPS. Management Port This field specifies the management port used for accessing the device. HTTP to HTTPS Redirection This option will be available if you have chosen HTTPS as the Web Access Protocol.
Pepwave MAX and Surf User Manual Wi-Fi Radio Settings Operating Country Wi-Fi Antenna This option sets the country whose regulations the Pepwave router follows. Choose from the router's internal or optional external antennas, if so equipped. Important Note Per FCC regulations, the country selection is not available on all models marketed in the US. All US models are fixed to US channels only. Wi-Fi AP Settings Protocol This option allows you to specify whether 802.11b and/or 802.
Pepwave MAX and Surf User Manual Firmware Packs Here, you can manage the firmware of your AP. Clicking on will result in information regarding each firmware pack. To receive new firmware packs, you can click Check for Updates to download new packs, or you can click Manual Upload to manually upload a firmware pack. Click Default to define which firmware pack is default. 21 System Settings 21.1 Admin Security There are two types of user accounts available for accessing the web admin: admin and user.
