Running a Balance 20. I have two WAN ports configured - WAN1 has three static IP addresses bound to a cable modem, and WAN2 is configured for DHCP on a second modem. WAN1 is my “business connectivity,” while WAN2 is “public wifi.” LAN1 is my business network, bound to WAN1 in outbound policy, and LAN4 is VLAN10, bound to WAN2 in outbound policy.
I have three static IP addresses bound to WAN1 (note these are examples, not my actual IPs):
68.105.28.1 = Primary IP address, used for primary traffic, web browsing, etc.
68.105.28.2 = mail.example.com: used for incoming SMTP connections to spam filter
68.105.28.3 = remote.example.com: used for client VPN connectivity to internal VPN concentrator
Port forwarding is set on the two IPs that need it, mail is flowing in, and my VPN concentrator is functioning as expected. However, I cannot find a way to bind outbound SMTP to 68.105.28.2 - it is running over the primary IP, 68.105.28.1. This is where I’m stuck. Outbound policies appear to allow me to select an interface, not an IP address…
Lots of back-story to assist in giving all the info to what I’m doing, and why I cannot simply use WAN2 - else I would. Any advice would be greatly appreciated! (I know there’s an option to license and activate WAN3, but I’d rather not if possible, everything else is working perfectly!)
@MartinLangmaid
I overlooked that option, thank you. This certainly takes care of my needs in this instance.
For future reference, is there any option to NAT only specific traffic from an IP address? I don’t foresee needing this specifically, but on my old firewalls I would assign ANY traffic to IP1 and SMTP only to IP2. This way, any remote agents, HTTP traffic, etc. used the same IP address, and only mail communication went across the second IP.
No not that I can think of at an IP level. You can of course easily do this at a WAN port level with outbound policies and inbound port forwarding. Since Peplink specialises in multi-WAN multi-provider/ISP traffic management, In Peplinks world all the best WAN traffic flow control capabilities are at the WAN port level rather than the WAN IP level since it is tooled for multi-ISP services…
.
I understand. Thank you for your assistance! Since my primary firewall vendor left the market, I’ve been stuck in a “hole” looking for a suitable replacement. PepLink has been the first viable alternative that I’ve found, and I’m extremely pleased with them - even as I’m stumbling in the interface looking for a few options!
