Can NOT reach WAN GUI

In the last 2 months I’ve had 4 customers who can not reach WAN GUIs.

(I’ll return later and provide more detail to this post - for now here are the basics.)

Router models
Balance 20, HD2, MBX 5g, Bal 380x

Typical WAN config

  1. WAN 1 - Marina Wifi ( or Problematic.
  2. WAN 2 - Satellite ( This has been the least problematic.
  3. Cellular - embedded sim card

Temporary work around

  1. Customer will release the WAN 2 cable, connect it directly to laptop and they are able to reach the GUI for that gateway.
  2. For a day or two the issue is resolved but eventually returns.


  1. From Peplink Dashboard - I can ping the problematic WAN device.
  2. All FW is updated.
  3. Balance 20 has been installed for 3+ years with no issues.
  4. MBX 5g, Bal 380x are obviously recent installs. Issue didn’t present until 3+ weeks after install was completed.
  5. These are marine customers (yacht).
  6. I’ve reviewed the issue with the Marina wifi client manufacturer in depth. All good on their side and they have received similar reports to mine.

In the next 48 hours, I’m going to setup a test bench to replicate the configuration and submit a ticket.

Are you stating that you have configured the device to accept Web Admin Access via WAN port and it is not accepting traffic incoming on the WAN-side? Are you able to work around this by utilizing inControl Remote Web Admin feature? That could negate the requirement for accepting incoming traffic on a wan interface…

Or are you talking about clients of the device not being able to access some sort of “Captive Portal GUI screen” which is part of the upstream connection, thereby preventing traffic through said connection because no one is “accepting/logging-in” the captive portal GUI page… there are solutions to this as well, like disabling health checks.


Thanks for the reply.

I believe the “web admin access port” settings are at default = “Lan only”. I’ve been installing peplink routers for 10 years and haven’t paid attention to this setting.

Correct, the clients on the network are not able to access the “GUI screen” for WAN1 an upstream connection (it is not a captive portal page).

For example;
If you had a BR1 ( handling the cellular connection, that is connected to a WAN1 on a Balance 305 (, a client on the 305 network (192.168.50.x) can ping but can not reach it.

How is the Outbound Policy setup on the devices?

What if you configure the Outbound Policy with a rule for each of the particular upstream device GUI IP destination and enforce those use the specific WAN interface?

The outbound policy on 2/4 are default. The other 2 have a policy to link voip traffic to WAN 2.

I’ll try your recommendation the next time we encounter the issue.

I haven’t set up the test bench yet - but I have tested two client networks (via teamiewer to service laptops at client sites) yesterday and today = no issues.