Peplink Balance and MediaFast User Manual Peplink Products: 380X/580X/SDX Pro Peplink Balance Firmware 8.1.2 May 2021 https://www.peplink.
Table of Contents Introduction and Scope 8 Glossary 9 Product Comparison Charts Balance Routers (for Small Office / Branch) Balance Routers (for for Enterprise / Headquarters) MediaFast Routers 11 11 12 13 Product Features 14 Advanced Feature Summary Drop-in Mode and LAN Bypass: Transparent Deployment QoS: Clearer VoIP Per-User Bandwidth Control High Availability via VRRP USB Modem and Android Tethering Built-In Remote User VPN Support LACP NIC Bonding KVM Virtualization DPI Engine NetFlow Wi-Fi Air
Peplink Balance 380X/580X Peplink MediaFast 200 Peplink MediaFast 500 Peplink EPX Peplink SDX Peplink SDX Pro 24 24 25 25 25 25 Peplink Balance Overview Peplink Balance One Peplink Balance Two Peplink Balance 20 Peplink Balance 20X Peplink Balance 30 LTE Peplink Balance 30 Pro Peplink Balance 50 Peplink Balance 210 Peplink Balance 305 Peplink Balance 310 Peplink Balance 310X Peplink Balance 310 5G Peplink Balance 310 Fiber 5G Peplink Balance 380 Peplink Balance 380X Peplink Balance 580 Peplink Balance 580
Flex Module Expansion Modules 80 LCD Display Menu 83 Installation Preparation Constructing the Network 84 84 84 Basic Configuration Connecting to the Web Admin Interface Configuration with the Setup Wizard 85 85 86 SpeedFusion Cloud Activate SpeedFusion Cloud Service Enable SpeedFusion Cloud Connect Clients to Cloud Link Wi-Fi to Cloud Optimize Cloud Application 91 91 93 101 102 104 Network Tab WAN Health Check Settings Bandwidth Allowance Monitor Settings Additional Public IP Settings Dynamic DNS
Setting Up MediaFast Content Caching Viewing MediaFast Statistics Prefetch Schedule ContentHub Configure a website to be published from the ContentHub Configure an application to be published from the ContentHub MDM Settings Docker KVM Captive Portal QoS User Groups Bandwidth Control Application Prioritization for Custom Application DSL/Cable Optimization Firewall Access Rules Intrusion Detection and DoS Prevention Content Blocking Application Blocking Web Blocking Customized Domains Exempted User Groups Ex
Certificate Manager Service Forwarding SMTP Forwarding Web Proxy Forwarding DNS Forwarding Custom Service Forwarding Service Passthrough NTP Server Grouped Networks Remote SIM Management SIM Toolkit 219 220 221 222 222 222 223 224 224 226 228 AP Tab AP AP Controller Wireless SSID Wireless Mesh AP > Profiles AP Controller Status Info Access Points (Usage) Wireless SSID Wireless Client Mesh / WDS Nearby Device Event Log Toolbox 230 230 230 231 235 236 240 240 241 244 245 247 248 248 249 System Tab System
InControl Configuration Feature Add-ons Reboot Tools Ping Traceroute Wake-on-LAN WAN Analysis CLI (Command Line) Support 265 266 267 267 267 268 268 269 269 274 Status Tab Status Device Active Sessions Client List WINS Clients OSPF & RIPv2 MediaFast PepVPN / SpeedFusion Status Event Log Device Event Log IPsec Event Log WAN Quality Usage Reports Real-Time Hourly Daily Monthly 275 275 275 277 279 280 280 281 282 287 287 288 288 289 289 290 290 293 Appendix Restoration of Factory Defaults Routing under DHC
https://www.peplink.
Introduction and Scope Peplink Balance routers provide link aggregation and load balancing across multiple WAN connections. We develop products and technologies that can help you build SD-WAN networks with unbreakable connection resilience, unmatched deployment flexibility, and intuitive ease of use. Our product and technology focus has always been on WAN virtualization and the intelligent use of multiple WAN links at the same time to increase reliability and bandwidth whilst reducing costs.
studies detailing the advanced features of the Peplink Balance. 1 Glossary The following terms, acronyms, and abbreviations are frequently used in this manual: Term Definition 3G 3rd generation standards for wireless communications (e.g., HSDPA) 4G 4th generation standards for wireless communications (e.g.
WINS Windows Internet Name Service WLAN Wireless Local Area Network 210+ Refers to Peplink Balance 210/310/380/580/710/1350/2500 380+ Refers to Peplink Balance 380/580/710/1350/2500 https://www.peplink.
2 Product Comparison Charts 2.1 Balance Routers (for Small Office / Branch) 20 Product Code BPL-021 20X 30 LTE 30 PRO BPL-021X-L BPL-031-LT BPL-031-LTE TE EA ONE TWO 210 310X BPL-ONE BPL-TWO BPL-210 BPL-310X Capacity Ethernet WAN Ports 2 (GE) + 1 (GE) 2 (GE) 2 (GE) 2/5 (GE) # 2 (GE) 2 (GE) + 2 (GE) 4 (GE) 4 (GE) 4 (GE) 4 (GE) 8/5 (GE) # 4 (GE) 7 (GE) 9 (GE) Simultaneous Dual-Band 802.
2.2 Balance Routers (for for Enterprise / Headquarters) Product Code 305 310X 380 380X 580 580X 710 1350 2500 BPL-305 BPL-310X BPL-380 BPL-380X BPL-580 BPL-580X BPL-710 BPL-135 BPL-2500 * Capacity Ethernet WAN Ports 3 (GE) 2 (GE) 3 (GE) 3 (GE) 5 (GE) 5 (GE) 7 (GE) 13 (GE) 12 (GE)/4 (GE) & 2 (10G SFP+) * LAN Ports 3 (GE) 9 (GE) 3 (GE) 3 (GE) 3 (GE) 3 (GE) 3 (GE) 3 (GE) 8 (GE)/ 2 (10G SFP+) * Simultaneous Dual-Band 802.
2.3 MediaFast Routers - MediaFast 200 MediaFast 500 MediaFast 750 MFA-200-W MFA-500-B MFA-750-B 5x GE 7x GE Simultaneous Dual-Band 802.11a/b/g/n Access Point - - Embedded 3G/4G LTE - - - USB WAN Modem 1 1 1 8x GE; 802.3af PoE Output 3x GE 3x GE 25-150 300-1000 500-2000 200Mbps 800Mbps 1.
3 Product Features Peplink Balance Series products enable all LAN users to share broadband Internet connections and provide advanced features to enhance Internet access.
VPN ● ● ● ● ● ● ● ● ● ● ● ● ● ● Secure SpeedFusionTM SpeedFusion performance analyzer X.
QoS ● ● ● ● Quality of service for different applications and custom protocols User group classification for different service levels Bandwidth usage control and monitoring on group- and user-level Application prioritization for custom protocols and DSL optimization Firewall ● ● ● ● Outbound (LAN to WAN) firewall rules Inbound (WAN to LAN) firewall rules per WAN connection Intrusion detection and prevention Specification of NAT mappings ● Web blocking ● ● ● Application blocking Time-based scheduling
● ● ● ● ● ● ● ● ● ● ● ● ● Hardware backup via LAN bypass Built-in WINS server Time server synchronization SNMP Email notification Syslog SIP passthrough PPTP packet passthrough Active sessions Active client list WINS client list UPnP / NAT-PMP Event log is persistent across reboots ● IPv6 support ● Support for USB tethering on Android phones https://www.peplink.
4 Advanced Feature Summary 4.1 Drop-in Mode and LAN Bypass: Transparent Deployment As your organization grows, it may require more bandwidth, but modifying your network can be tedious. In Drop-in Mode, you can conveniently install your Peplink router without making any changes to your network. For any reason your Peplink router looses power, the LAN Bypass will safely and automatically bypass the Peplink router to resume your original network connection. 4.
4.3 Per-User Bandwidth Control With per-user bandwidth control, you can define bandwidth control policies for up to 3 groups of users to prevent network congestion. Define groups by IP address and subnet, and set bandwidth limits for every user in the group. 4.4 High Availability via VRRP When your organization has a corporate requirement demanding the highest availability with no single point of failure, you can deploy two Peplink routers in High Availability mode.
4.5 USB Modem and Android Tethering For increased WAN diversity, plug in a USB LTE modem as backup. Peplink routers are compatible with over 200 modem types. You can also tether to smartphones running Android 4.1.X and above. By default, the USB port is “USB Modem” mode. If you need to use it to connect to USB Ethernet Adapter, you need to change it to “USB Ethernet” mode, https://forum.peplink.com/t/can-i-use-ethernet-adapters-on-the-usb-wan/8327 4.
Click here for the full instructions on setting up L2TP with IPsec. Click here for the full instructions on setting up OpenVPN connections 4.7 LACP NIC Bonding Use 802.3ad to combine multiple LAN connections into a virtual LAN connection. This virtual connection has higher throughput and redundancy in case any single link fails. 4.8 KVM Virtualization KVM is a virtualisation module that allows administrators using our routers to host a large range of virtual machines.
4.9 DPI Engine The DPI report written in the updated KB article will show further information on InControl2 through breaking down application categories into subcategories. https://forum.peplink.com/t/updated-ic2-deep-packet-inspection-dpi-reports-and-everything-you-need-to-k now-about-it/29658 4.10 NetFlow NetFlow protocol is used to track network traffic. Tracking information from NetFlow can be sent to the NetFlow collector, which analyzes data and generates reports for review.
5 Package Contents The contents of Peplink Balance product packages are as follows: 5.1 Peplink Balance 380X/580X ● Peplink 380X/580X ● Power cord ● 1 Pair of Mounting Brackets 5.2 ● ● ● ● ● Peplink SDX Pro SDX Pro Base Chassis 1U 19″ Rack-mount Chassis 1x Rubber Foot Pack 2x Power Cords 1x L-mount Set https://www.peplink.
6 Peplink Balance Overview 6.1 Peplink Balance 380X 6.1.1 Panel Appearance 6.1.2 LED Indicators The statuses indicated by the front panel LEDs are as follows: Power and Status Indicators Power LED OFF – Power off https://www.peplink.
GREEN – Power on LAN Port, WAN 1 – 3 Ports Right LED GREEN – 1000 Mbps OFF – 10 / 100 Mbps Solid – Port is connected without traffic Left LED Blinking – Data is transferring OFF – Port is not connected Port Type Auto MDI/MDI-X ports Console and USB Ports Console Port USB Ports Reserved for engineering use For connecting a 4G/3G USB modem 6.1.3 Flex Module Mini 1x LTE-A Module Interface Antenna Connectors https://www.peplink.
Downlink / Uplink Datarate Power Consumption Weight 300Mbps/50Mbps (CAT-6) 600Mbps/150Mbps (CAT-12) 10W 0.83 pounds | 375 grams 1xLTE-A Module Interface Antenna Connectors Downlink / Uplink Datarate Power Consumption Weight 6.2 1x Embedded LTE-A Cellular Modems with Redundant SIM Slots 4x SMA Cellular Antenna Connectors 1.2 Gbps/150 Mbps (CAT-18) 10W 0.83 pounds | 375 grams Peplink Balance 580 6.2.1 Panel Appearance https://www.peplink.
6.2.2 LED Indicators The statuses indicated by the front panel LEDs are as follows: Power and Status Indicators Power LED OFF – Power off GREEN – Power on LAN Port, WAN 1 – 5 Ports ORANGE – 1000 Mbps Right LED GREEN – 100 Mbps OFF – 10 Mbps Solid – Port is connected without traffic Left LED Blinking – Data is transferring OFF – Port is not connected Port Type Auto MDI/MDI-X ports Console and USB Ports Console Port Reserved for engineering use https://www.peplink.
USB Ports 6.3 For connecting a 4G/3G USB modem Peplink Balance 580X 6.3.1 Panel Appearance 6.3.2 LED Indicators The statuses indicated by the front panel LEDs are as follows: Power and Status Indicators https://www.peplink.
Power LED OFF – Power off GREEN – Power on LAN Port, WAN 1 – 5 Ports Right LED GREEN – 1000 Mbps OFF – 10 / 100 Mbps Solid – Port is connected without traffic Left LED Blinking – Data is transferring OFF – Port is not connected Port Type Auto MDI/MDI-X ports Console and USB Ports Console Port USB Ports Reserved for engineering use For connecting a 4G/3G USB modem 6.3.
Connectors Downlink / Uplink Datarate Power Consumption Weight 300Mbps/50Mbps (CAT-6) 600Mbps/150Mbps (CAT-12) 10W 0.83 pounds | 375 grams 1xLTEA Module Interface Antenna Connectors Downlink / Uplink Datarate Power Consumption Weight 6.4 1x Embedded LTE-A Cellular Modems with Redundant SIM Slots 4x SMA Cellular Antenna Connectors 1.2 Gbps/150 Mbps (CAT-18) 10W 0.83 pounds | 375 grams Peplink SDX Pro In addition to the power of the SDX, the SDX Pro offers greater flexibility and functionality.
6.4.1 Main Chassis SDX Pro Main Chassis Power Input AC Input 100V - 240V Power Consumption 140W System* , 420W PoE+ Power Budget Throughput 24 Gbps PepVPN/SpeedFusion Throughput No Encryption: 1 Gbps 256-bit AES: 600 Mbps Dimensions 17.2 x 13.8 x 1.7 inches - 438 x 350 x 44 mm Weight (No Modules) 15.9 pounds - 7.
6.4.3 LED Indicators https://www.peplink.
LED Indicator Power LED OFF – Power off GREEN – Power on WAN Ports Right LED GREEN – 1000 Mbps OFF – 10 Mbps / 100 Mbps or port is not connected Solid – Port is connected without traffic Left LED Blinking – Data is transferring OFF – Port is not connected Port Type Auto MDI/MDI-X ports Console, MGMT & USB Ports Console Port CLI console connection USB Ports For connecting 4G/3G USB modems for additional WAN connections MGMT Port 6.5 Management port Flex Module Expansion Modules https://www.
3x LTE-A Module Interface 3x Embedded LTE-A Cellular Modems with Redundant SIM Slots 6x SMA Cellular Antenna Connectors Antenna Connectors 1x SMA GPS Antenna Connector Power Consumption 20W Weight 0.83 pounds - 375 grams https://www.peplink.
8x GE PoE Module Interface 8x 10/100/1000M Ethernet Ports Capable of PoE+ Power Consumption 15W (105W max. with 802.3at/af PoE+ Output) Weight https://www.peplink.com 1.
4x SFP+ Module Interface 4x SFP+ Ports Power Consumption 11W Weight 0.83 pounds - 375 grams https://www.peplink.
7 LCD Display Menu > HA State: Master/Slave > LAN IP > VIP > System Status > System > Firmware ver. > Serial number > System time > System uptime > CPU load > LAN > Status > IP address > Subnet mask > Link status > WAN1 > WAN2 > WAN3* > VPN status >VPN Profile 1 >VPN Profile 2 >… >VPN Profile n > Link usage > Throughput in > WAN1 > WAN2 > WAN3* > Throughput out > WAN1 > WAN2 > WAN3* > Data Transfered > WAN1 > WAN2 > WAN3* > Maintenance https://www.peplink.
> Reboot > Reboot? (Yes/No) > Factory default > Factory default? (Yes/No) > LAN config > Port speed > LAN > WAN1 > WAN2 > WAN3* (to reboot the unit) (to restore factory defaults) (shows port speed: Auto, 10baseT-FD, 10baseT-HD, 100baseTx-FD, 100baseTx-HD, 1000baseTx-FD) *Layout continues as such for all available WAN ports 8 Installation The following section details connecting the Peplink Balance to your network: 8.
9 Basic Configuration 9.1 Connecting to the Web Admin Interface Start a web browser on a computer that is connected with the Peplink Balance through the LAN. To connect to the web admin of the Peplink Balance, enter the following LAN IP address in the address field of the web browser: https://192.168.1.1 (This is the default LAN IP address of the Peplink Balance.) Enter the following to access the web admin interface.
9.2 Configuration with the Setup Wizard The Setup Wizard simplifies the task of configuring WAN connection(s) by guiding the configuration process step-by-step. To begin, click Setup Wizard after connecting to the web admin interface. Click Next >> to begin. Select Yes if you want to set up drop-in mode using the Setup Wizard. Click on the appropriate checkbox(es) to select the WAN connection(s) to be configured.
If drop-in mode is going to be configured, the setup wizard will move on to Drop-in Settings. https://www.peplink.
If you are not using drop-in mode, select the connection method for the WAN connection(s) from the following screen: Depending on the selection of connection type, further configuration may be needed. For example, PPPoE and static IP require additional settings for the selected WAN port. Please refer to Section 13, Configuring the WAN Interface(s) for details on setting up DHCP, static IP, and PPPoE. If Mobile Internet Connection is checked, the setup wizard will move on to Operator Settings.
Click on the appropriate check box(es) to select the preferred WAN connection(s). Connection(s) not selected in this step will be used as a backup only. Click Next >> to continue. Choose the time zone of your country/region. Check the box Show all to display all time zone options. https://www.peplink.
Check in the following screen to make sure all settings have been configured correctly, and then click “Save Settings” to confirm. After finishing the last step in the setup wizard, click Apply Changes on the page header to allow the configuration changes to take effect. https://www.peplink.
10 SpeedFusion Cloud With Peplink products, your device is able to connect to SpeedFusion Cloud without the use of a second endpoint. This service has wide access to a number of SpeedFusion endpoints hosted from around the world, providing your device with unbreakable connectivity wherever you are.* *SpeedFusion Cloud is supported in firmware version 8.1.0 and above. SpeedFusion Cloud is a subscription basis. SpeedFusion Cloud license can be purchased at https://store.peplink.
Go to activate.speedfusion.com and select the type of SpeedFusion Cloud service, “Via Free 30-days Trial” or “Via Care Plans”, that you would like to activate. Next, register or login to your account. Select the devices that you wish to activate SpeedFusion Cloud on and click ACTIVATE. https://www.peplink.
From System > Features Add-ons, paste the license key into the window and click on Activate once you have received the license key. 10.2 Enable SpeedFusion Cloud Enable SpeedFusion Cloud from SpeedFusion Cloud > Choose Cloud Location. https://www.peplink.
Choose Automatic > Click on the green tick button to confirm the change. Click on Apply Changes to save the change. https://www.peplink.
https://www.peplink.
By default, the router will build a SpeedFusion tunnel to the SpeedFusion Cloud https://www.peplink.
If you are running a latency sensitive service like video streaming or VOIP, a WAN Smoothing sub-tunnel can be created. Navigate to Speedfusion Cloud > Choose a cloud location > SFC. A Speedfusion tunnel configuration window will pop out. Click on the + sign to create the WAN Smoothing sub-tunnel. https://www.peplink.
https://www.peplink.
Click on Save and Apply Changes to save the configuration. Now, the router has 2 Speedfusion tunnels to the Speedfusion Cloud. https://www.peplink.
Create an outbound policy to steer the internet traffic to go into Speedfusion Cloud. Please go to Advanced > Outbound Policy, click on Add Rule to create a new outbound policy. https://www.peplink.
10.3 Connect Clients to Cloud SpeedFusion Cloud provides a convenient way to route the LAN client to the cloud. From SpeedFusion Cloud > Connect Clients to Cloud. https://www.peplink.
Choose a client from the drop down list > Click + > Save > Apply Changes. 10.4 Link Wi-Fi to Cloud SpeedFusion Cloud provides a convenient way to route the Wi-Fi client to the cloud from SpeedFusion Cloud > Link Wi-Fi to Cloud. This option is available for Balance 20X, Balance 30 Pro, and Balance One. https://www.peplink.
Create a new SSID for SpeedFusion Cloud. The new SSID will inherit all settings from one of the existing SSIDs including the Security Policy. Then click Save follow by Apply Changes. SpeedFusion Cloud SSID will be shown on Dashboard. https://www.peplink.
10.5 Optimize Cloud Application Optimize Cloud Application allows you to route Internet traffic through SpeedFusion Cloud based on the application. Go to SpeedFusion Cloud > Optimize Cloud Application. Select a Cloud application to route through SpeedFusion Cloud from the drop down list > Click Save > Apply Changes. Click the SpeedFusion Cloud. https://www.peplink.
11 Network Tab 11.1 WAN From Network > WAN, choose a WAN connection by clicking it. You can also enable IPv6 support in this section https://www.peplink.
WAN Connection Settings (Ethernet) Clicking an Ethernet WAN connection will result in the following screen: WAN Connection Settings WAN Connection Name Enable Enter a name to represent this WAN connection. This setting enables the WAN connection. If schedules have been defined, you will be able to select a schedule to apply to the connection. There are five possible connection methods for Ethernet WAN: Connection Method https://www.peplink.
● GRE The connection method and details are determined by, and can be obtained from the ISP. See the following sections for details on each connection method. DNS server settings can be configured in the corresponding menu for each connection method. Routing Mode This field shows that NAT (network address translation) will be applied to the traffic routed over this WAN connection. IP Forwarding is available when you click the link in the help icon.
This option allows you to configure the WAN connection whether for normal daily usage or as a backup connection only. Connection Priority If Always-on is chosen, the WAN connection will be kept on continuously, regardless of the priority of other WAN connections. If Backup is chosen, the WAN connection will depend on other WAN connections. It will not be used when one or more higher priority dependent WAN connections are connected.
WAN Connection Settings (Cellular) Clicking an Ethernet WAN connection will result in the following screens: WAN Connection Settings WAN Connection Name Enable Routing Mode Indicate a name you wish to give this WAN connection Click the checkbox to toggle the on and off state of this connection. This option allows you to select the routing method to be used in routing IP frames via the WAN connection. The mode can be either NAT (Network Address Translation) or IP Forwarding.
Priority a backup connection only. If Always-on is chosen, the WAN connection will be kept on continuously, regardless of the priority of other WAN connections. If Backup is chosen, the WAN connection will depend on other WAN connections. It will not be used when one or more higher priority dependent WAN connections are connected. Independent from Backup WANs Idle Disconnect Reply to ICMP PING If this is checked, the connection will be working independent from other Backup WAN connections.
Cellular Settings SIM Card Preferred SIM Indicate which SIM card this cellular WAN will use. Only applies to cellular WAN with redundant SIM cards. For routers that support the SIM Injector, you may select the “Use Remote SIM Only” to provision a SIM from a SIM Injector. Further details on the SIM Injector found is available here: https://www.peplink.com/products/sim-injector/. If “Both SIMs” were selected on the above field, then you can designate the priority of the https://www.peplink.
Card SIM card slots here. If “Use Remote SIM Only” is selected in the SIM card section, the Remote SIM Settings will be shown. Remote SIM Settings You may need to enable the remote SIM Host settings in the Remote SIM management, see the section 13.14.7 or Appendix C for more details on FusionSIM. After that, click on “Scan nearby remote SIM server” to show the serial number(s) of the connected SIM Injector(s).
APN / Login / Password / SIM PIN When Auto is selected, the information in these fields will be filled automatically. Select Custom to customize these parameters. The parameter values are determined by and can be obtained from the ISP. Bandwidth Allowance Monitor Check the box Enable to enable bandwidth usage monitoring on this WAN connection for each billing cycle. When this option is not enabled, bandwidth usage of each month is still being tracked but no action will be taken.
To define the threshold manually using specific signal strength values, please click on the question Mark and the following field will be visible. WAN Connection Settings (USB) WAN Connection Settings WAN Connection Name Enable Indicate a name you wish to give this WAN connection This setting enables the WAN connection. If schedules have been defined, you will be able to select a schedule to apply to the connection. Each ISP may provide a set of DNS servers for DNS lookups.
priority of other WAN connections. If Backup is chosen, the WAN connection will depend on other WAN connections. It will not be used when one or more higher priority dependent WAN connections are connected. Standby State Idle Disconnect Reply to ICMP Ping This option allows you to choose whether to remain the connection connected or disconnect it when this WAN connection is no longer in the highest priority and has entered the standby state.
WAN Connection Settings (Common) The remaining WAN-related settings are common to both Ethernet and cellular WAN Physical Interface Settings This is the port speed of the WAN connection. It should be set to the same speed as the connected device in case of any port negotiation problems. Speed When a static speed is set, you may choose whether to advertise its speed to the peer device or not. Advertise Speed is selected by default.
DHCP Settings Hostname (Optional) If your service provider's DHCP server requires you to supply a hostname value upon acquiring an IP address, you may enter the value here. If your service provider does not provide you with a hostname, you can safely bypass this option. Each ISP may provide a set of DNS servers for DNS lookups. This setting specifies the DNS (Domain Name System) servers to be used when a DNS lookup is routed through this connection.
Health Check Settings To ensure traffic is routed to healthy WAN connections only, the Peplink Balance can periodically check the health of each WAN connection. Health Check settings for each WAN connection can be independently Network>Interfaces>WAN>*Connection name*>Health Check Settings. configured via Enable Health Check by selecting PING, DNS Lookup, or HTTP from the Health Check Method drop-down menu.
DNS lookups will be issued to test connectivity with target DNS servers. The connection will be treated as up if DNS responses are received from one or both of the servers, regardless of whether the result was positive or negative. Health Check DNS Servers This field allows you to specify two DNS hosts’ IP addresses with which connectivity is to be tested via DNS Lookup.
Other Health Check Settings Timeout This setting specifies the timeout in seconds for ping/DNS lookup requests. The default timeout is 5 seconds. Health Check Interval This setting specifies the time interval in seconds between ping or DNS lookup requests. The default health check interval is 5 seconds. Health Check Retries This setting specifies the number of consecutive ping/DNS lookup timeouts after which the Peplink Balance will treat the corresponding WAN connection as down.
Bandwidth Allowance Monitor Settings Bandwidth Allowance Monitor Action Start Day Monthly Allowance If Email Notification is enabled, you will be notified by email when usage hits 75% and 95% of the monthly allowance. If Disconnect when usage hits 100% of monthly allowance is checked, this WAN connection will be disconnected automatically when the usage hits the monthly allowance.
Additional Public IP Settings IP Address List IP Address List represents the list of fixed Internet IP addresses assigned by the ISP in the event that more than one Internet IP address is assigned to this WAN connection. Enter the fixed Internet IP addresses and the corresponding subnet mask, and then click the Down Arrow button to populate IP address entries to the IP Address List. Dynamic DNS Settings Peplink Balance routers allow registering domain name relationships to dynamic DNS service providers.
Dynamic DNS Settings Service Provider This setting specifies the dynamic DNS service provider to be used for the WAN. Supported providers are: ● changeip.com ● dyndns.org ● no-ip.org ● tzo.com ● DNS-O-Matic ● Others… support custom Dynamic DNS servers by entering its URL. Works with any service compatible with DynDNS API. Select Disabled to disable this feature. User ID / User / Email This setting specifies the registered user name for the dynamic DNS service.
11.2 LAN 11.2.1 Network Settings LAN interface settings are located at Network>LAN>Network Settings. Navigating to that page will show the following dashboard: This represents the LAN interfaces that are active on your router (including VLAN). A grey “X” means that the VLAN is used in other settings and cannot be deleted. You can find which settings are using the VLAN by hovering over the grey “X”. Alternatively, a red “X” means that there are no settings using the VLAN.
Inter-VLAN routing Check this box to enable routing between virtual LANs. Layer 2 PepVPN Bridging PepVPN Profiles to Bridge The remote network of the selected PepVPN profiles will be bridged with this local LAN, creating a Layer 2 PepVPN, they will be connected and operate like a single LAN, and any broadcast or multicast packets will be sent over the VPN.
DHCP Server Settings DHCP Server DHCP Server Logging IP Range & Subnet Mask When this setting is enabled, the DHCP server automatically assigns an IP address to each computer that is connected via LAN and configured to obtain an IP address via DHCP. The Pepwave router’s DHCP server can prevent IP address collision on the LAN. Enable logging of DHCP events in the eventlog by selecting the checkbox.
enter its value. For values that are in IP address list format, you can enter one IP address per line in the provided text area input control. Each option can be defined once only. DHCP Reservation This setting reserves the assignment of fixed IP addresses for a list of computers on the LAN. The computers to be assigned fixed IP addresses on the LAN are identified by their MAC addresses.
11.2.2 Network Settings (Common Settings) Static Route Settings Static Route This table is for defining static routing rules for the LAN segment. A static route consists of the network address, subnet mask, and gateway address. The address and subnet mask values are in w.x.y.z format. The local LAN subnet and subnets behind the LAN will be advertised to the VPN. Remote routes sent over the VPN will also be accepted. Any VPN member will be able to route to the local subnet. Click to create a new route.
WINS Server Settings Enable Check the box to enable the WINS Server. A list of WINS clients will be displayed at Status>WINS Clients. Enter any needed DNS proxy settings. Once all settings have been entered, click Save to store your changes. DNS Proxy Settings Enable To enable the DNS proxy feature, check this box, and then set up the feature at Network>LAN>DNS Proxy Settings. A DNS proxy server can be enabled to serve DNS requests originating from LAN/PPTP/SpeedFusionTM peers.
feature can improve DNS response time by storing all received DNS results for faster DNS lookup. However, it cannot return the most updated result for frequently updated DNS records. By default, DNS Caching is disabled. Include Google Public DNS Servers Local DNS Records When this option is enabled, the DNS proxy server will forward DNS requests to Google's public DNS servers, in addition to the DNS servers defined in each WAN. This could increase the DNS service's availability.
Drop-In Mode Drop-in mode (or transparent bridging mode) eases the installation of the Peplink Balance on a live network between the firewall and router, such that changes to the settings of existing equipment are not required. The following diagram illustrates drop-in mode setup: Enable drop-in mode using the Setup Wizard. After enabling this feature and selecting the WAN for drop-in mode, various settings, including the WAN's connection method and IP address, will be automatically updated.
Drop-in Mode Settings Enable Drop-in mode eases the installation of the Peplink Balance on a live network between the existing firewall and router, such that no configuration changes are required on existing equipment. Check the box to enable the drop-in mode feature. Please refer to Section 12, Drop-in Mode for details. WAN for Drop-In Mode Select the WAN port to be used for drop-in mode. If WAN 1 with LAN Bypass is selected, the high availability feature will be disabled automatically.
WAN Default Gateway WAN DNS Servers A Enter the WAN router's IP address in this field. If there are more hosts in addition to the router on the WAN segment, click the button next to “WAN Default Gateway” and check the I have other host(s) on WAN segment box and enter the IP address of the hosts that need to access LAN devices or be accessed by others. Enter the selected WAN's corresponding DNS server IP addresses. - Advanced feature, please click the button on the top right-hand corner to activate. 11.
11.3 VPN 11.3.1 SpeedFusion Peplink Balance SpeedFusionTM Bandwidth Bonding is our patented technology that enables our SD-WAN routers to bond multiple Internet connections to increase site-to-site bandwidth and reliability. SpeedFusion securely connects one or more branch offices to your company's main headquarters or to other branches. The data, voice, and video communications between these locations are kept confidential across the public Internet.
This device will be identified by other SpeedFusion Peers by this local ID. The following menus will appear: SpeedFusion Profiles This table displays all defined profiles. Click the New Profile button to create a new profile for making a VPN connection to a remote unit via available WAN connections. Each pair of VPN connection requires its own profile. The local LAN subnet and subnets behind the LAN (defined under Static Route on the LAN Settings page) will be advertised to the VPN.
PepVPN Local ID This feature allows you to change the local ID of a PepVPN connection. Click the connection and the following menu will appear: button to select your After updating the local ID, click Save to store your changes. Link Failure Detection The bonded VPN can detect routing failures on the path between two sites over each WAN connection. Failed WAN connections will not be used to route VPN traffic. Health check packets are sent to the remote unit to detect any failure.
SpeedFusion: Profile Configuration Click the New Profile button, or click one of the existing profiles, and the following menus will appear: A list of defined SpeedFusion connection profiles and a Link Failure Detection Time option will be shown. Click the New Profile button to create a new VPN connection profile for making a VPN connection to a remote Peplink Balance via the available WAN connections. Each profile is for making a VPN connection with one remote Peplink Balance.
Authentication Remote ID / Pre-shared Key Select from By Remote ID Only, Preshared Key, or X.509 to specify the method the Peplink Balance will use to authenticate peers. When selecting By Remote ID Only, be sure to enter a unique peer ID number in the Remote ID field. This optional field becomes available when Remote ID / Pre-shared Key is selected as the Peplink Balance’s VPN Authentication method, as explained above. Pre-shared Key defines the pre-shared key used for this particular VPN connection.
Limit requires the peer to use PepVPN version 4.0.0 or above. Cost Define path cost for this profile. OSPF will determine the best route through the network using the assigned cost. Default: 10 While using PepVPN, utilize multiple WAN links to reduce the impact of packet loss and get the lowest possible latency at the expense of extra bandwidth consumption. This is suitable for streaming applications where the average bitrate requirement is much lower than the WAN's available bandwidth.
WAN Connection Priority If your device supports it, you can specify the priority of WAN connections to be used for making VPN connections. WAN connections set to OFF will never be used. Only available WAN connections with the highest priority will be used. To enable asymmetric connections, connection mapping to remote WANs, cut-off latency, and packet loss suspension time, click the button.
https://www.peplink.
IPsec VPN Settings Name This field is for specifying a local name to represent this connection profile. Active When this box is checked, this IPsec VPN connection profile will be enabled. Otherwise, it will be disabled. Connect Upon Disconnection of Check this box and select a WAN to connect to this VPN automatically when the specified Remote Gateway IP Address / Host Name WAN is disconnected. To activate this function, click the option.
Encapsulation Pre-shared Key This defines the peer authentication pre-shared key used to authenticate this VPN connection. The connection will be up only if the pre-shared keys on each side match. Remote Certificate (pem encoded) Available only when X.509 Certificate is chosen as the Authentication method, this field allows you to paste a valid X.509 certificate. Local ID In Main Mode, this field can be left blank.
IPsec traffic will go through this link. However, should unforeseen problems (e.g.,unplugged cables or ISP problems) cause WAN1 to go down, our IPsec implementation will make use of WAN2 and WAN3 for failover IPsec Status shows the current connection status of each connection profile and is displayed at Status>IPsec VPN. 11.4 Outbound Policy Outbound policies for managing and load balancing outbound traffic are located at Network>Outbound Policy.
Custom Outbound traffic behavior can be managed by defining rules in a custom rule table. A default rule can be defined for connections that cannot be matched with any of the rules. The menu underneath enables you to define Outbound policy rules: The bottom-most rule is Default. Edit this rule to change the device’s default manner of controlling outbound traffic for all connections that do not match any of the rules above it. Under the Service heading, click Default to change these settings.
New Custom Rule Settings Service Name Enable This setting specifies the name of the outbound traffic rule. This setting specifies whether the outbound traffic rule takes effect. When Enable is checked, the rule takes effect: traffic is matched and actions are taken by the Pepwave router based on the other parameters of the rule. When Enable is unchecked, the rule does not take effect: the Pepwave router disregards the other parameters of the rule.
This setting specifies the destination IP address, IP network, Domain name, SpeedFusion Cloud, PepVPN Profile or Grouped network for traffic that matches the rule. Destination If Domain Name is chosen and a domain name, such as foobar.com, is entered, any outgoing accesses to foobar.com and *.foobar.com will match this criterion. You may enter a wildcard (.*) at the end of a domain name to match any host with a name having the domain name in the middle. If you enter foobar.*, for example, www.foobar.
● Fastest Response Time For a full explanation of each Algorithm, please see the following article: https://forum.peplink.com/t/exactly-how-do-peplinks-load-balancing-algorithmns-work/8059 Load Distribution Weight This is to define the outbound traffic weight ratio for each WAN connection. This field allows you to configure the default action when all the selected Connections are not available. When No connections are available Drop the Traffic - Traffic will be discarded.
Algorithm: Weighted Balance This setting specifies the ratio of WAN connection usage to be applied on the specified IP protocol and port. This setting is applicable only when Algorithm is set to Weighted Balance. The amount of matching traffic that is distributed to a WAN connection is proportional to the weight of the WAN connection relative to the total weight. Use the sliders to change each WAN’s weight.
Algorithm: Persistence The configuration of persistent services is the solution to the few situations where link load distribution for Internet services is undesirable. For example, for security reasons, many e-banking and other secure websites terminate the session when the client computer’s Internet IP address changes mid-session. In general, different Internet IP addresses represent different computers.
Algorithm: Enforced This setting specifies the WAN connection usage to be applied on the specified IP protocol and port. This setting is applicable only when Algorithm is set to Enforced. Matching traffic will be routed through the specified WAN connection, regardless of the health check status of the WAN connection. Outbound traffic can also be enforced to go through a specified SpeedFusionTM connection.
Algorithm: Overflow The traffic matching this rule will be routed through the healthy WAN connection that has the highest priority and is not in full load. When this connection gets saturated, new sessions will be routed to the next healthy WAN connection that is not in full load. Drag and drop to specify the order of WAN connections to be used for routing traffic. Only the highest priority healthy connection that is not in full load will be used. https://www.peplink.
Algorithm: Least Used The traffic matching this rule will be routed through the healthy WAN connection that is selected in Connection and has the most available download bandwidth. The available download bandwidth of a WAN connection is calculated from the total download bandwidth specified on the WAN settings page and the current download usage. The available bandwidth and WAN selection is determined every time an IP session is made. https://www.peplink.
Algorithm: Lowest Latency The traffic matching this rule will be routed through the healthy WAN connection that is selected in Connection and has the lowest latency. Latency checking packets are issued periodically to a nearby router of each WAN connection to determine its latency value. The latency of a WAN is the packet round trip time of the WAN connection. Additional network usage may be incurred as a result.
Algorithm : Fastest Response Time The Fastest response Time algorithm works as follows: When a network session is created, the first outgoing packet of that particular session is duplicated to all the available WANs. When the first response is received from a remote server, any further traffic for this session will be routed over that particular WAN connection for the fastest possible response time. If any slower responses are received on other connections afterwards, they will be discarded. 11.
11.5.1 Servers The settings to configure servers on the LAN are located at Network>Inbound Access>Servers. Inbound connections from the Internet will be forwarded to the specified Inbound IP address(es) based on the protocol and port number. When more than one server is defined, requests will be distributed to the servers in the weight ratio specified for each server.
11.5.2 Services Services are defined at Network>Inbound Access>Services. Tip At least one server must be defined before services can be added. To define a new service, click the Add Service button, upon which the following menu appears: Services Settings Enable This setting specifies whether the inbound service rule takes effect. When Yes is selected, the inbound service rule takes effect.
disregard the other parameters of the rule. Service Name This setting identifies the service to the system administrator. Only alphanumeric and the underscore “_” characters are valid. IP Protocol The IP Protocol setting, along with the Port setting, specifies the protocol of the service as TCP, UDP, ICMP, or IP. Inbound traffic that matches the specified IP Protocol and Port(s) will be forwarded to the LAN hosts specified by the Servers setting.
Range Mapping: traffic that is received by Peplink Balance via the specified protocol at the specified port range is forwarded via a different port to the servers specified by the Servers setting. Inbound IP Address(es) This setting specifies the WAN connections and Internet IP address(es) from which the service can be accessed. Included Server(s) This setting specifies the LAN servers that handle requests for the service, and the relative weight values.
IP address for the domain name on the most appropriate healthy WAN connection. It can also act as a generic DNS server for hosting “A”, “CNAME”, “MX”, “TXT” and “NS” records. The settings for defining the DNS records to be hosted by the Peplink Balance are located at Network>Inbound Access>DNS Settings. DNS Settings DNS Servers This setting specifies the WAN IP addresses on which the DNS server of the Peplink Balance should listen.
The zone transfer server of the Peplink Balance listens on TCP port 53. The Peplink Balance serves both the clients that are accessing from the specified IP addresses, and the clients that are accessing its LAN interface. Routing Control by Subnet Database Default SOA / NS When this function is enabled, the system will check to see if an incoming DNS client is within any WAN's ISP subnet. Only the matched WAN(s)'s IP addresses will be returned.
This page is for defining the domain’s SOA, NS, MX, CNAME, A, TXT, and SRV records. Seven tables are presented in this page for defining the five types of records. SOA Records https://www.peplink.
Click on the icon to choose whether to use the pre-defined default SOA record and NS records. If the option Use Default SOA and NS Records is selected, any changes made in the default SOA/NS records will be applied to this domain automatically. Otherwise, select the option Customize SOA Record for this domain to customize this domain's SOA and NS records. This table displays the current SOA record.
this field is optional. If the Balance is the authoritative name server of the domain, this field's value should be the WAN connection's name server IP address that is registered in the DNS registrar. If this field is entered, a corresponding A record for the name server will be created automatically. If it is left blank, the A record for the name server must be created manually. ● E-mail: Defines the e-mail address of the person responsible for this zone. Note: format should be mailbox-name.domain.com, e.
MX Records The MX Record table shows the domain’s MX records. To add a new MX record, click the New MX Records button in the MX Records box. Then the table will expand to look like the following: When creating an MX record for the domain itself (not a sub-domain), the Host field should be left blank. For each record, Priority and Mail Server name must be entered. Priority typically ranges from 10 to 100. Smaller numbers have a higher priority. After finishing adding MX records, click the Save button.
The TTL field tells the time to live of the record in external DNS caches. A Records This table shows the A records of the domain name. To add an A record, click the New A Record button. The following screen will appear: A record may be automatically added for the SOA records with a name server IP address provided. A Record Host Name This field specifies the A record of this sub-domain to be served by the Peplink Balance. The wildcard character “*” is supported. The IP addresses of “*.domain.
Priority Included IP Address(es) This option specifies the priority of different connections. Select the Default option to apply the Default Connection Priority (refer to the table shown on the main DNS settings page) to an A record. To customize priorities, choose the Custom option and a priority selection table will be shown at the bottom.
TXT Records This table shows the TXT record of the domain name. To add a new TXT record, click the New TXT Record button in the TXT Records box. Click the Edit button to edit the record. The time-to-live value and the TXT record’s value can be entered. Click the Save button to finish. When creating a TXT record for the domain itself (not a sub-domain), the Host field should be left blank. The maximum size of the TXT Value is 255 bytes.
SRV Records To add a new SRV record, click the New SRV Record button in the SRV Records box. ● ● ● ● ● Service: The symbolic name of the desired service. Priority: Indicates the priority of the target; the smaller the value, the higher the priority. Weight: A relative weight for records with the same priority. Target: The canonical hostname of the machine providing the service. Port: Enter the TCP or UDP port number on which the service is to be found.
the host name. ● Click the New Reverse Lookup Zone button and enter a reverse lookup zone name. If you are delegated the subnet 11.22.33.0/24, the Zone Name should be 33.22.11.in-arpa.addr. PTR records for 11.22.33.1, 11.22.33.2, ... 11.22.33.254 should be defined in this zone where the host IP numbers are 1, 2, ... 254, respectively. https://www.peplink.
SOA Record You can click the link Click here to define SOA record to create or click on the Name Server field to edit the SOA record. Name Server: Enter the NS record's FQDN server name here. For example: "ns1.mydomain.com" (equivalent to "www.1stdomain.com.") "ns2.mydomain.com." Email, Refresh, Retry, Expire, Min Time, and TTL are entered in the same way as in the forward zone. Please refer to Section 17.3.5 for details. https://www.peplink.
NS Records The NS record of the name server defined in the SOA record is automatically added here. To create a new NS record, click the New NS Records button. When creating an NS record for the reverse lookup zone itself (not a sub-domain or dedicated zone), the Host field should be left blank. Name Server must be a FQDN. CNAME Records To create a new CNAME record, click the New CNAME Record button. CNAME records are typically used for defining classless reverse lookup zones.
PTR Records To create a new PTR record, click the New PTR Record button. For Host IP Number field, enter the last integer in the IP address of a PTR record. For example. for the IP address 11.22.33.44, where the reverse lookup zone is 33.22.11.in-arpa.addr, the Host IP Number should be 44. The Points To field defines the host name which the PTR record should be pointed to. It must be a FQDN.
● In the Target DNS Server IP Address field, enter the IP address of the DNS server. ● In the Transfer via…field, choose the connection which you would like to transfer through. ● Select Next >> to continue. ● In the blank space, enter the Domain Names (Zones) which you would like to assign the IP address entered in the previous step. Enter one domain name per line. ● Select Next >> to continue.
to overwrite the existing record or << Back to go back to the previous step. After the zone records process have been fetched, the fetch results would be shown as above. You can view import details by clicking the corresponding hyperlink on the right-hand side. https://www.peplink.
https://www.peplink.
11.6 NAT Mappings The Peplink Balance allows the IP address mapping of all inbound and outbound NATed traffic to and from an internal client IP address. NAT mappings can be configured at Network>NAT Mappings. To add a rule for NAT mappings, click Add NAT Rule and the following screen will be displayed: NAT Mapping Settings LAN Client(s) https://www.peplink.com NAT Mapping rules can be defined for a single LAN IP Address, an IP Range, or an IP Network.
Address This refers to the LAN host’s private IP address. The system maps this address to a number of public IP addresses (specified below) in order to facilitate inbound and outbound traffic. This option is only available when IP Address is selected. Range The IP range is a contiguous group of private IP addresses used by the LAN host. The system maps these addresses to a number of public IP addresses (specified below) to facilitate outbound traffic.
11.7 MediaFast MediaFast settings can be configured by navigating to Network > MediaFast. Setting Up MediaFast Content Caching To access MediaFast content caching settings, select Network > MediaFast. MediaFast Enable Domains / IP Addresses Source IP Subnet Click the checkbox to enable MediaFast content caching. Choose to Cache on all domains, or enter domain names and then choose either Whitelist (cache the specified domains only) or Blacklist (do not cache the specified domains).
The Secure Content Caching menu operates identically to the MediaFast menu, except it is for secure content cachting accessible through https://. In order for Mediafast devices to cache and deliver HTTPS content, every client needs to have the necessary certificates installed*. *See https://forum.peplink.com/t/certificate-installation-for-mediafast-https-caching/ Cache Control Content Type Check these boxes to cache the listed content types or leave boxes unchecked to disable caching for the listed types.
Viewing MediaFast Statistics To get details on storage and bandwidth usage, select Status>MediaFast. https://www.peplink.
Prefetch Schedule Content prefetching allows you to download content on a schedule that you define, which can help to preserve network bandwidth during busy times and keep costs down. To access MediaFast content prefetching settings, select Network > MediaFast > Prefetch Schedule. Prefetch Schedule Settings Name This field displays the name given to the scheduled download. Status Check the status of your scheduled download here.
To edit a scheduled download, click To delete a scheduled download, click . . Click to begin creating a new scheduled download. Clicking the button will cause the following screen to appear: New Schedule Simply provide the requested information to create your schedule. Clear Web Cache Clear Statistics Click to clear all cached content. Note that this action cannot be undone. Click to clear all prefetch and status page statistics. https://www.peplink.
11.8 ContentHub Integrated into MediaFast-enabled routers, ContentHub allows you to deliver webpages and applications using the local storage on your router. Users will be able to access news, articles, videos, and access your web app, without the need for internet access. ContentHub Storage needs to be configured before content can be uploaded to the ContentHub. Follow the link on the information panel to configure storage. To access ContentHub, navigate to Network > ContentHub and check the Enable box.
Schedule Active Type Protocol Domain/Path Checkbox toggles the activation of the content. This option allows you to select Website or Application HTTP,HTTPS or both The contenhub uses this as the domain name for client access (such as http://mytest.com). Method Only applicable for Application type: Choose between sync or file upload Source Enter the server details that the content will be downloaded from. Enter your credentials under Username and Password.
Click “Save & Apply Now” to activate the changes. Below is a screenshot after configuration: The content will be synced based on the Period that is configured before. If you want to trigger the sync manually, you can click “ The “Status” column shows the sync progress. ”. When the sync is completed,you’ll see a summary as shown in the screenshot below: To access the content, open a browser in MFA’s client and enter the domain configured before (such as http://mytest.com).
https://www.peplink.
After installing the framework, you can select the type to “Application” and configure the website: The setting is the same as Website type and you can refer to the description in the above section For the Application type, you need to pack your application as below: 1. Implement two bash script files, start.sh and stop.sh in root folder, to start and stop your application. the Mediafast router will only execute start.sh and stop.sh when the corresponding website is enabled and disabled respectively. 2.
MDM Settings In addition to performing content caching, MediaFast-enabled routers can also serve as an MDM, administrating to client devices. To access MDM Settings, navigate to Network > MDM Settings: MDM Settings Enable Account Settings Click this checkbox to enable MDM on your router. Click Follow Web Admin Account to allow client devices to use the built-in administrator account when performing MDM. Set Custom to specify a username and password your router will use to log into your client devices.
For detailed configuration instructions please refer to our knowledge base: https://forum.peplink.com/t/how-to-run-a-docker-application-on-a-peplink-mediafast-router/16021 KVM Mediafast enabled routers now support KVM. Users will have to download and install Virtual Machine Manager to manage the KVM virtual machines, through this users are able to virtualise the linux environment. For detailed configuration instructions please refer to our knowledge base: https://forum.peplink.
