Hello @matthias.brogies,
Did you get some help on this?
Have you been able to get your ICVA working?
Have you gone through in detail the ICVA installation guide (we find people often miss information found within, it is worth going through the guide a least a couple of times)?
Question: are the networking edge devices normally operating on the public internet services or wholly within a private intranet (the WANs are on private connection or the SIMs have private APNs)?
If all of your Peplink|Pepwave devices are operating on an internal ICVA, then you just need to have them pointing their InControl setting to that ICVA’s internal network IP. Your ICVA only needs outbound access to the domain and sub-domains of peplink.com for all of the licencing management.
If all of your devices are operating on the public internet, then use a domain name for the private ICVA rather than an IP; this allows for a much easier future ICVA systems relocation if the need ever arises. Your ICVA needs outbound access to the domain and sub-domains of peplink.com for all of the licencing management and inbound on the ports listed for InControl2 (details found here “Overview of ports used by Peplink SD-WAN routers and other Peplink services”) for the network devices to be monitored and managed.
Deploy the solution with the built-in SSL Certificates for all the system. If after correctly following the guides for securely setting up your system (start here “InControl 2 Initial Setup Guide”) and running a full penetration test you find you need to change the SSL Certificates, then do it after all of that, we have yet to find a genuine need to change the SSL Certificates (even in the most secure & sensitive environments) when the various guides on the forum are followed.
You are welcome to reach out to us (you can send a PM) or contact another experience Peplink Partner if you’re still struggling; Please expect that another experienced Peplink Partners that did not supply you the solution or services will charge you a support fee, alternatively you can also create a support request at Peplink Ticketing System if your warranties are still valid and licences are all paid up.
Happy to Help,
Marcus 