i have Balance one without speedfusion licence. i need to connect to Balance 710 site-to-site. is the VPN tunnel will be stable ?or i have to buy speedfusion licence for Balance one device
you don’t need to use speedfusion bonding licence to create a site to site vpn.
The pepVPN connection you can make will use a single wan on the balance one. the stability of that site to site vpn will depend on your wan link quality.
2 Likes
Thanks for your reply…if i connect my Balance one with two WAN links. will i get failover for my VPN tunnel?
If your Balance 710 (which already has SpeedFusion Bonding enabled) has more than one WAN link in use for SF then you will get seamless failover (if a WAN link fails on the B710) between it and your Balance One.
If a WAN link fails on a Balance One, the VPN tunnel wiil be terminated on that WAN link and it can be automatically rebuilt on another healthy WAN link acting as a failover WAN for PepVPN.
1 Like
I am new to using peplink devices and also creating VPNS. as i said before i have balance 710 will be placed in my mean office and balance one for remote sites.
in my head office i have firewall, my question is: where i have to install balance 710? before the firewall or after?
i need also to use two WAN for high availability.
Depends on your network design goals.
If you installed your B710 on the internet side of your firewall, then any device that connects via your firewall to the internet can then use load balancing (if you add more WAN links).
If you want to leave your firewall alone and just get VPN working between your main site and the remote locations then you can install the B710 on the LAN of the firewall (and just port forward through your firewall for VPN traffic).
1 Like
i just receive my balance 710 device. so i need documentation for initial configuration and how to start?
The user manual for the B710 is available here https://download.peplink.com/manual/peplink_balance_and_mediafast_firmware_manual_fw7.pdf
What your initial configuration looks like and where to start will very much depend on your topology. One of the questions above was do your ant the B710 in front of or behind your firewall. That question needs to be answered and we’d need a network diagram of what you have setup currently to be able to assist with any configuration guidance.
1 Like
kindly find attached diagram i will use peplink for only SD-WAN connectivity.
Going to need IP addressing too (don’t share public IPs use a substitute eg x.x.x.x, x.x.y.y etc) and if you’re nervous about sharing internal addressing, swap them for alternatives (eg your 10.0.1.0/24 becomes 192.168.1.0/24 in your diagram).
Also:
- What do LAN clients on the balance one need to access? Is it just the datacentre servers or do they need access to route to devices on the remote MPLS sites also?
- Do you want the B710 to be the internet gateway for your DC via the DC firewall or is there other internet access not shown on the diagram?
- Is there any inbound access required? Any port forwarding to the DC servers?
1 Like
1- need access to MPLS also
2-no B710will not be GW. there is Internet GW
3- i need only apply inbound access and outbound access in the remote branches.
or what you suggest?
also could the access rules apply to the VPN tunnel?
This would be an example of one way to do it. I making up IP addressing since you didn’t provide any.
1 Like
i appreciated you help.
i need to apply outbound access and inbound access rules in the branches behind Balance one to deny or allow access to some servers
OK. you can do that with firewall rules either at the balance 710 or your DC firewall.
1 Like
thank you for your help.
i have two point.
1- is the firewall rules control the PepVPN tunnel traffic?
2- for firmware upgrade i found for Balance 710 two revision , HW1-2 and HW3.
which one i have to upgrade?
With the current configuration, access rules on your DC Firewall can block or allow server access to both SD-WAN and MPLS sites. If you want to block traffic between SD-WAN sites you would do that on the B710.
The HW portion of the firmware relates to the hardware version. If you have bought a new B710 it will be HW3. You can check the HW version on the status page in the web ui of the B710.
1 Like
thank you for your help.
refer to the above diagram, i connected B710 to DC firewall through LAN Interface not as your diagram through WAN2.
and added static routing to LAN network setting.
but still i could not ping DC from the branch nor from the B710
Don’t think it will work configured like like that. if you look at the speedfusion status on the remote device is the static route advertised there?
1 Like
yes advertised