Sorry, if this was not clear.
I am JUST speaking about Peplink-Devices:
HQ has 2 710s as Hub
Branch-offices need to accesss servers in the HQ.
5 branch-offices should be my “test-group” for firmware-updates, etc (each with Peplink balance one)
50 branch-offices are my default-branchoffices (each with Peplink balance one)
50 branch-offices do have some special demands like schedules(each with Peplink balance one)
What is preventing you from running three separate “Star” SpeedFusion groups?
We recently posted about using groups for different security levels, you can also apply this concept with SpeedFusion too.
Lets take your “test-group” (and I’m going to work on the basis you have everything within InControl2):
Create within your organsiation your “test-group”, add one device and ensure it is all setup how you need, then add the remaining four devices
Create another “HQ” group for your 710s, again adding one first and getting all of your setting good before adding the second unit
At the Organisational Level, enable SpeedFusion and then create your first SpeedFusion Star for the “test-group”
Check everything is working as required then repeat the process for the other two setups across the 100 branches.
This is just an overview and your would need to schedule a network outage of your SpeedFusions links to set this up as when you move the SpeedFusion Management from the Balance 710s to InControl2 it is possible InControl2 may overwrite the existing SpeedFusion settings.
We highly recommend working closely with your experienced & trained local Authorised Peplink Partner for specialised assistance in getting this working the way you need, it certainly can be done.
Your local Certified Peplink Partner can help you with a detailed plan to get this done and will be able to bring there expertise into make it work with you. There is also lots of the Peplink team and Peplink Partners here in the forum that are able to guide you also.
Happy to Help,
Thank you for the hint. I only found the possibility to create a PepVPN-Star-Config on group-level - not on Organization-level.
The biggest problem stays: There is no possibility to use all the functions with InControl2 (like sub-tunnels), as they are not fully supported.
And: I cannot mix InControl2 and “manually” added peers. That makes it very unflexible…
Org level profiles that span multiple groups has been a feature for several years now. I know of at least one org that puts it’s fusionhubs in an ‘HQ’ group and several hundred transit devices in a second ‘vehicles’ group.
If, for some odd reason, you’re unable to create an org profile, please create a support ticket. Being able to see the pepvpn management page from group but not org level would normally only occur if your admin rights were restricted to the group level.
Subtunnel support is definitely on the roadmap for the very near future.
IC2 actually DOES support a mixed mode for Star & PtoP topologies where some subset of the endpoints are managed via firmware or a different organization. Please see:
As of the upcoming 2.8.0 version, we’re planning to allow for the ability to have profiles managed from both the firmware and IC2 interfaces. Please see:
(actually, you should already have seen this, as it was a reply to your posting, but it should help anyone else following this thread in future)