I have this setup, and I’m sure that in my country, most setup will be like this, although there are other workarounds a feature to the support this would be best.
Here’s the setup:
ISP-----> Firewall ----> LAN
Setup with Peplink:
ISP —> Peplink (Drop-in) --> Firewall (IP unchanged) --> LAN
The problem is, the ISP here normally provide 1 Static Public IP only, which is in the original setup assigned to the Firewall’s WAN interface.
The Drop-in feature’s main purpose is to allow peplink to be added to the network without changing the existing network but if I add peplink in the picture, Peplink Requires another Public IP assigned to it’s LAN interface, but in this case, there’s no more Public IP available.
- Reconfigure the Firewall to place it in a private network and, disable Drop-in in Peplink, and allow Peplink to do the NATings required.
- Request a bigger IP block from the ISP $$$$
OR we can do as follows:
So here’s my suggestion:
- In Drop in Mode, make the box truly transparent for the Public IP Subnet
- Allow user to use one of the LAN ports on Peplink as “Management LAN” i guess a VLAN might be necessary. This is so that in transparent mode, the peplink can still be reachable but from a different private subnet.
- OR, in Drop-in mode, don’t Make the LAN IP mandatory but make the WAN2/WAN3 IP address Mandatory instead, so if the box is in L2 Mode, it’ll still be reachable from WAN2/WAN3 either directly or over the WAN/Internet.
I hope this makes sense to you guys.
Thanks. Hope to hear your response soon.