How does the built-in firewall work? What is the difference between Local Service firewall and Inbound Firewall rules? I read some older threads and it seems some Peplink services such as Speedfusion VPN may have overridden the Inbound firewall rules so the Local service firewall was created to control Peplink services and give true control over firewall rules? What exactly does the Local service firewall control? Speedfusion VPN? Remote Web Admin? Remote Assistance? Anything else?
Based on my reading, at the very least, the following ports are needed:
speedfusion: udp 4500 & tcp 32015
incontrol: udp 5246
web admin: tcp 443 (although one could disable and rely on remote web admin?)
remote web admin: tcp 5246
remote assistance: tcp 443
I found the list of IPs that Peplink uses for incontrol, remote web admin, and remote assistance. It seems ideally, you’d block ALL traffic, except those IPs and ports? They would be needed both inbound AND outbound or only inbound? I am trying to understand how Peplink devices work whether connections are made INTO the devices or they call home (outbound)?
Finally, how does Speedfusion VPN stay connected? Is there somewhere to designate the Fusionhub as the primary since it has a public/static IP? How can I make sure the MK2 can find it at all times?