Firmware 6.3 update -- virtual pc via vpn won't stay on my fast internet connection


I have a dilemma and need help. I upgraded to the 6.3 firmware a few weeks back AND parallels for Mac did a few maintenance updates. Now I have a problem I can’t fix.

A little background. I have Bal 50 with 1 Verizon LTE line on WAN 4 ( fast, $$ ) and 3 DSL lines on WAN 1-3 ( cheap, slow, fastest I can get is 1.5Mb ). I have a weighted balance rule that runs all network traffic through the dsl lines. I have separate enforced rules to route my and my wife’s macbook pros and my Mac pro enforced by source IP address to the Verizon line. Here are my Outbound polices and my port forwarding polices:

The Mac Pro has 2 NIC cards and 2 IP addresses so I have one for each IP address. The virtual PC is configured using “shared network” for the network connection, as always using a virtual Intel PRO/1000 MT NIC type.

I use Parallels v 11.1.2 on a Mac Pro running v 10.11.1 to run a virtual Window 7 PC. I use that PC with a SonicWALL VPN software client to connect to my work network. I then run two programs, one to view radiology images and a second to do voice dictation across that vpn to our network.

Before the upgrades everything has worked fine with just using the 2 rules to run the MAC pro IP addresses to the Verizon line. I would enable the vpn, start up my viewing program which would immediately run via the verizon fast line. Now, though, this is what happens:

I start Parallels and the PC uses the Verizon line. I start the VPN and if I test IE while the VPN is running , the PC uses the Verizon line. But once I start my two work program that open and pull a huge voice data file down, it switches immediately to the first DSL line on WAN 1 and ceases using the Verizon.

Here is what experimental rules I have thus far tried to fix the problem w/o success:

  1. Wrote a enforced rule using source parallels virtual pc IP
  2. An enforced rule using source parallels virtual pc mac address
  3. an enforced rule using as source the virtual IP address produced by the vpn client
  4. an enforced rule using destination as the IP address that the vpn accesses
  5. an enforced rule using both the virtual VPN source IP and the destination IP of the vpn.

None of these worked. Every single time, as soon as I start up the program, it reaches across the vpn to work network and starts pulling the voice data files via DSL line 1. ( I can tell by watching the realtime bandwidth status screen )

Is there some type of special vpn persistence rule or something I need to write? I am at wits end. This system allows me to provide coverage to my radiology practice after hours from home and in the meantime, I now have to drive into work in the middle of the night each time!

Any help would be appreciated. I realize that his question bridges across several areas, namely Peplink and Parallels virtual PCs, but suspect I am not the only one who loves MACs so much that I prefer to virtualize any needed PC rather than actually purchasing one. I am a physician, not a network specialist, and would appreciate any advice.




Have you enable IPsec NAT-T (Network > Service Passthrough > IPsec NAT-T)? If so, please disable it and try again.

I have a somewhat similar network configuration. I too have a Mac Pro running El Capitan with VMs running on it (4 full-time + 1 on-demand). I use VirtualBox as my hypervisor. One of the full-time VMs hosts a subdomain for our website. I use the PPTP VPN server on our Balance and have two AT&T Microcells behind the Balance which use IPSec VPN connections back to AT&T’s network. My Balance One is running 6.3.

My experience with VirtualBox has been that shared networking can be unreliable at times. I’ve found the VM’s network connection to be much more stable when configured with a bridged connection in the hypervisor and given a static IP.

Have you tried reconfiguring Parallels to use a bridged network connection for that Windows 7 VM? Give it a static IP in your B50 using the MAC address of the Intel virtual network adapter. Finally write an Enforced rule using the VM’s static IP.

I don’t see any “Service Passthrough” option under Network on my Balance 50 running firmware 6.3. Is that perhaps an option only in the higher end models?


Thanks for the advice! I will try this out tonight!


It is available in Balance 50. Please find the screen shot below:-

TK Liew:

Thank you for your patience! It was enabled, I disable it and that fixed my problem. Thank you so very much!!

I don’t recall ever enabling that service. Could it be that the new firmware upgrade caused it to enable?

Once again, thank you so much!


Hi Shadowboxer,

The service was enabled by default. You may compare the configuration on v6.3.0 and v6.2.2 whether is same if needed.