Easiest way of disabling a device but maintaining incontrol?

I need some tips on what is the easiest/most convenient way of remotely disabling a device (stop all outbound traffic) while at the same time keeping it active in incontrol and being able to access remote web admin and such?

I dont want to disable a WAN as I will not be able to reach it…

Is it possible to set a outbound rule that drops all traffic from all source to all destinations on all ports? Will incontrol still work? Or firewall rules? Need some tips…

Hello,

I had requested something similar: Stop Routing User traffic

So a big +1 from me.

1 Like

Hi @Wiktor,

I would recommend setting this up in a test environment first, before pushing the setup to remote locations!

  1. Create an outbound policy for “Peplink.com” traffic to use the lowest latency connection (this is required to ensure InControl access works).

  1. Create a second outbound policy BELOW the first, to enforce all other traffic (source Any, Destination Any) to use a non-existing or non-connected WAN - say “Mobile Internet”

This should allow you remote access via IC2, whilst blocking LAN based traffic to all sites other than Peplink.com!

I hope this helps,

Steve

A few years ago we had a customer that didn’t pay their bill and then wouldn’t answer the phone.

I made a custom captive portal that said ‘This Internet Access is Provided by Slingshot6 and has been blocked due to non payment’ with our telephone number and email address.

The captive portal was token based I think and I didn’t generate any tokens so they couldn’t get past it but I had full remote access.

Worked well.

I did the same for a device that was stolen :+1: . And the smart guy put the GPS antenna :man_facepalming:

2 Likes

Good solutions thanks for the info!