How to limit backup wan traffice in a failover situation

I’m looking to purchase a balance one router but i am afraid it won’t do what I need.

I will have two WANs.

  1. Primary cable modem connection
  2. Backup wireless connection

I only want limited mission critical traffic to failover to the backup wireless connection if the primary fails. Basically I want to create a white list of websites, traffic, etc. specific to the backup WAN.

Is this possible and how would it be setup?

1 Like

Yes, you can do that – perhaps with a few limitations – depending on your requirements. Actually, your use case is quite common.

Search the Forum for discussions of outbound rules, e.g., this posting - Understanding and Configuring Outbound Policy .

It is easy, for example, to instruct the Balance that WAN1 should be used if it is available, but it’s OK to fail-over to WAN2 if WAN1 dies. The “priority” rule could be used and the POP/SMTP ports specified. Or one could use the destination address of the server. And, the “enforced” rule can be employed to ensure that WAN2 is not used - ever – for certain traffic.

If you can accurately specify the target (domain name), source on your LAN (IP or MAC address) or ports, for example, you can easily write a rule to control the routing (or non-routing) of the traffic.

I’m not sure if Peplink has a Balance product demo available on-line. However there IS an on-line demo available of the MAX series at . The rules are developed for the Balance and MAX devices in precisely the same way. If you go to the demo you’ll find the rules at Advanced -> Outbound Policy. The Balance series has the Outbound Policy in a slightly different location but, as I said, the rules operate in the same way. The on-line demo will give you a chance to see how rules can be developed and to determine if they’ll meet your needs. Check it out! (Note: Rules are interpreted from the top down.)


Thank you for the response. I’d like to make sure I’m clear, can you please verify if I’m thinking about this right?

For my scenario which I’m guessing is a common one.

Outbound Policy 1 – Keep the default HTTPS persistence one for secure connections (or do I delete this one since I really only have one WAN so it really doesn’t
do anything?)

Outbound Policy 2 – Priority rule for the main WAN1 connection (all traffic). Basically says all traffic should go over WAN1 if it is up no matter what.

Outbound Policy 3 – Enforced rule for the Cellular backup WAN2 connection. Here is where I’m confused. If I add the source/destination/or ports I only want
to use this than is the router basically using the following logic?

I forgot to ask. In outbound policy 2 below, would I only have WAN1 listed as priority or would I put WAN2 as second priority?

I’m guessing only WAN1 so that the router moves down to policy 3 an only routes the approved (enforced traffic) through WAN2



To achieve what you want I would have a catch all enforced rule at the bottom of the list that says any to any enforced via WAN1.

Then above that I would add priority based rules for each destination (ie dns name or IP address) that were priority rules, WAN1 then WAN2 with terminate sessions on link recovery ticked.

WAN2 then will only get used by traffic going to the whitelist of locations if WAN1 is not available.


So what you’re saying is:

Use priority rule to filter out the traffic you want to use failover WAN

Use enforce rule to ensure all other traffic doesn’t use failover WAN

I think this makes sense to me as it more of a logical waterfall.


You got it - Exactly right.

1 Like