Excluding some traffic from SpeedFusion Cloud?

Hi all,

My home has two adults working full time and one remote college student, with lots of zoom meetings. We have two independent ISPs, both about equal in performance (though one has more frequent outages).

I’ve been reading about SpeedFusion Cloud to bond my two connections together, and to quickly failover should one connection fail. This would be great for our work and school traffic. However it appears that there is a data cap on the service, so I would love to be able to exclude some services (like Netflix) from the bonded connection, so I don’t blow through my data cap too quickly. Is something like that possible?

Thank you!


Yes, you can create an Outbound Policy that looks for certain applications or categories of traffic destined to a SpeedFusion tunnel and re-direct it to a different interface or interfaces. I do the same thing to avoid tunneling streaming traffic to my SpeedFusion instance and instead take advantage of my cell networks’ video “optimization” to limit bandwidth usage.

1 Like

Easy to do. You don’t say which router you have but here’s an example from a Balance 305:

Navigate to Network → Outbound Policy and then “tell” the router which traffic you want to go where. In the example I’ve shown the first two lines direct certain traffic to different SFC endpoints; the third line sets T-Mobile as preferred for the computer at but only when using telnet on port 7373. Outbound policy is an extremely powerful capability of Peplink/Pepwave routers.

1 Like

Thank you! I have the Balance 20, and your example helps explain things.

OK! For your purposes the GUI of the B20 and 305 are the same. Take a close look at the various alternatives you have for outbound policies.

1 Like

Thanks again! Are there any shortcuts for recognizing Netflix or Youtube? Or do I just need to put in all the various domains they use? My ASUS wireless router seems to be able to recognize different application traffic, though I’m not sure how they do it.

If you have a collaborative environment then one simple solution is to create two VLANs/SSIDs, one for what you want to send through the SFC, the other not. The the policy rule would be based on the source IP address, sending those on the SFC-bound IP addresses to the SFC, the others, not. Then users can switch from one SSID to the other according to their usage.


1 Like

I think that I’m starting to understand, here is what I did:

  1. I signed up for the free trial of SFC.
  2. I selected a cloud location
  3. I connected one of the clients to the SFC.
  4. Go to Network → Outbound Policy, create a new custom rule for streaming, which indicates that anything going to the supported streaming applications, should instead go on one of my two WANs.

Does that prevent Netflix from burning through my SFC data cap?

Thanks @zegor_mjol, it sounds like I still don’t understand it right.

If I select a “Destination” other than “SpeedFusion Cloud”, then the Protocol menu doesn’t include the “Application” category.

I would like to redirect all streaming applications away from the SFC bonded connection.

The easiest way to isolate streaming traffic is by the devices that you use for streaming. Change Source to the IP or MAC of the device and Destination to Any. Then select where you want the traffic to go using Algorithm. The problem comes up when you want to do streaming on a general computing device, i.e., PC, tablet, etc… In this case you would use Source = Any and Destination = , then the Algorithm. Unfortunately, since the streaming services often send their traffic through several IP/domains, you will have to have a rule for each of them BUT can use an asterisk anywhere except at the beginning of a domain reference to minimize the number of rules required. The most important thing to remember is that the rules are “interpreted” from top to bottom and you must specify Fall Through and Terminate as in this example. You cannot use traffic type to segregate streaming traffic unfortunately since it is more likely https traffic.

1 Like

Thanks @joelbean, alas in my household it’s mostly the same laptops doing Zoom by day and Netflix in the evenings, so device-specific routing won’t help me there.

It appears that I would need a very large number of domain-name rules for all the various streaming services. I’d like to find out if the Protocol → Application setting will work for this (as shown in my previous post). It looks like it might, but I haven’t been able to find any documentation on how the outbound rules work with SpeedFusion Cloud.

All outbound rules work the same to direct traffic. You simply select a LAN link or a VPN link using various algorithms. Think of SpeedFusion Cloud as just another place to send traffic.

1 Like

Specifying outbound rules by source and destination IP address or domain name make sense to me. I guess I’m confused by how SpeedFusion Cloud appears as both a possible “Destination” and also an “Enforced Connection”. What does it mean to specify SFC as both?

When you use the Enforced algorithm, you select maximum one link to enforce.
When you use, for example, Priority algorithm, you can select multiple links in a priority, of which SpeedFusion Cloud is one of them. You can mix and match VPN links and other WAN links for some algorithms based on latency, priority, fastest response, etc…

1 Like


So I have the Pepwave Max Transit Duo and static IP address on my video streaming device (ATEM mini video switcher). I use this to stream weddings, events to YouTube, etc. I have assigned the ATEM client to the speed fusion cloud via Mac address and IP in the speed fusion settings. What benefit would I gain from adding the outbound rule to the ATEM switcher here as well?

I have a lot to learn… any tips would be appreciated.

Using outbound policies you have full control and the ability to build complex stacked traffic flow rules.

If you just want an on or off button to send traffic over a tunnel then you don’t need OB policies.

But if you want to send all traffic over SFC, unless its unavailable, then you want to send it via WAN1 - unless its unhealthy, in which case load balance it over LTE1 and 2, then you need stacked outbound polices.

1 Like

I see. So could I send all traffic to SFC from one device, but then make an outbound policy that says for SFC to use WAN1 first unless its not working, then use LTE 1/2 after that? Or would I experience loss in my stream when it switches over? My use case is maybe not typical as I want to ensure a video stream has the most upload bandwidth possible while also reducing the reliance on the LTE plans if possible to use less data.


You tell your router what WANs to use to connect to SFC in the SFC profile.

If all WANS are in priority 1 then you are using bonding. If you order your WANs by priority then WAN1 could be used for SFC but the LTE could be used if the WAN wasn’t available. This can be hot failover with traffic re routed at a packet level.

You can also add sub tunnels to a SFC connection - this is so you can use different SpeedFusion technologies and settings for different traffic on the same SFC profile. eg, by default use bonding across all links for all traffic, then on tunnel2 for video pprioritise, wan1 then 2 then 3 - so no bonding but hot failover, and limit bandwidth to 10MBps, then tunnel 3 for VoIP use wan smoothing set to high across all WANs.

Once you have the SFC profile and the sub tunnels tweaked to your liking, you use outbound policy to identify the traffic by source or destination variables (IP address, ports, mac address, dns etc) and then direct identified traffic down either the tunnels you have created (with their specific characteristics) or direct over the WAN links you have.

You don’t set this in outbound policy, you set Speedfusion cloud WAN prioritisation it in the SFC profile. When failing over from WAN1 to LTE, failover will be very quick and at a packet level - not a session level (so your stream will remain connected), but you will lose some packets and the latency will change (as LTE is higher latency) so it might be noticeable as video artifacts or as a glitch in the video itself. However most encoding tech copes very well with a couple of mislaid packets so you likely wouldn’t see it.

Fully seamless failover between WANs (or rather the ability to lose a WAN link and not notice when real time data is being used) is what we use WAN smoothing for and is the duplication of all packets across multiple WAN links.

That’s quite typical. There are loads of video broadcasters using Peplink. I suggest you try without wan smoothing and just hot failover first then which means that LTE won’t get used for the video stream unless the wired WAN fails.

1 Like

Thanks Martin!

I’ll have to dig into this after the holiday, but I appreciate your responses very much and look forward to understanding all of these protocols much better than I currently do. What a powerful little device!


WELL, ya’ll got me scratch’n my noggin over this topic.

I have the same idea as @eben

My wife uses Zoom for her workouts. I’d rather NOT have those sessions suck up my SFC data allotment.

So, I’m looking at my Outbound Policies to DIVERT that traffic AWAY from SFC entirely. BUT…As others have stated, the ONLY way you can get the Protocol:Application menu, is to have the Destination set to SFC. This seems exactly what I DON’T want to do.

My other policies have the SFC Tunnels, like Bonding as the priority. But, for this one for Zoom…I’m going to pull ONLY the WAN for Cellular into the Priority.

So, here is my policy…but pretty like @eben’s…soooo go ahead and tell me if this will work or what I’m doing wrong.