Hi All,
I have a question regarding Peplink Balance 580 that being deployed at drop-in mode with 3 WAN link connected to it.
From my internal network, I would like to configure different VLAN using different WAN link. I have configured as per screenshot attached that 3 different network using designated WAN.
Please correct me if i’m doing some mistakes on it.
Thank you in advance.
Best regards,
Darrow Ooi
You are using drop-in mode so is there a router or firewall for the internal network? If so, is it doing a NAT for these VLANs? The outbound policy rules will work provided the Balance can see the additional networks/LAN clients. A LAN static route may be needed in the Balance pointing to the inside router for the additional networks.
Good day Ron,
Yes, theres a firewall below the peplink which doing NAT.
Are you suggesting that we should remove the NAT on the firewall, add in
static route on the peplink like 172.16.40.0/23 next hop pointed to the
public IP i configured on firewall?
Thank you
With a drop-in mode deployment you have an advantage of keeping public IP addresses on your firewall. The firewall needs to do a NAT for that scenario and internal networks are not visible to the Peplink.
If the firewall has additional public IPs it may be possible for each internal network to have a unique public IP and the Balance could recognize the source.
Other options are to identify the destination or traffic type instead of the source. You could also deploy the Balance in NAT mode turning off NAT in your firewall. With that deployment LAN static routes get added to the Peplink and internal LAN networks/clients are visible for outbound policy rules to work when identifying the source.
The Balance also has a stateful firewall and it can do VLANs for internal networks so removing the existing firewall may be another option for you.
