Deployment scenario in existing Firewall and Peplink Balance Drop in mode with multiple ISP and Publish servers in different WAN connection

Product Discussion Peplink Balance
1

Scenario:

  1. Existing Firewall have multiple servers publish in every WAN connection.
  2. Peplink Balance deployed as Drop in Mode
  3. Branch office has pepwave max as Gateway Mode

Condition:

  1. No changes configuration in Firewall at Head Office if possible.
  2. BO need to access HO LAN and Server network using PEPvpn tunnel and vice versa.

Question:

  1. How outside user can access hosted server in multiple WAN behind firewall when in deployed Peplink Balance in Drop in Mode?
  2. What configuration needed in PEPvpn to access both network between HO (drop in mode) and BO (gateway mode)?

Please check the link below for your reference in network topology.

2

Please refer to the Tips and Tricks and FAQ below to deploy Drop-in.

For building SpeedFusion tunnel between HO and BO, please refer to the Tips and Tricks below.

Please contact local Peplink partner if you need further help of the deployment.

1 Like
3

Hi TK_Liew,

  1. I got it but what will happen to my server that are published on various internet connection since the connection between the firewall and the peplink is only one WAN connection and the rest are connected in Peplink Balance. Please check the link below for your reference network topokogy.
  1. How we can reach HO lan and server network from BO site if the peplink is in Drop in Mode and those network are after the firewall?
4

  1. The firewall uses a single outside interface with a drop-in mode deployment. The other WAN connections will get a NAT from the Peplink to the outside IP address(es) of your firewall. The firewall uses the same default gateway of the primary ISP router.

  2. Two steps are needed for this:

a) LAN static routes are configured in the Balance for the HO internal networks, pointing to the outside interface of the firewall.

b) The Firewall has NAT exemption policies so there is no NAT when source = internal networks and destination = branch office LAN. The NAT exemption policies are also configured for the reverse direction.

1 Like