This is probably a little vague, but I will start here.
I am starting to work on a project to begin next financial year on having some equipment in the field (SCADA devices) connect back to our head office over some form of VPN such as IPSec.
One potential candidate we might look at is Peplink
The field devices do not move physically, however they are spread over a large area and in some harsh conditions (direct sunlight 40c days are normal in summer) and some central monitoring is critical so see whats up / down etc. The devices need to be rated for field use.
We would require close to 1000 field devices such as a Pepwave Max BR1 4G and possibly extend to as far many as 2000 in the longer term future
Unfortunately our existing firewall is rated to only support 1000 max VPN connections and additionally we want any load from maintaining these connections to be on a separate device
Is there a Peplink Balance model suitable? Seems the 2500 model lists 800 maximum IPSec tunnels
Being regionally based in Australia also means the quality of internet connections we have a sub-optimal, we currently make use of several ADSL 2 Connections and a Telstra Fibre connection 10MB/10MB Is there some way to balance incoming tunnels to be spread across multiple connections to reduce any load.
In addition in event of a complete site internet outage we have a secondary branch office which we could also place a device for incoming connections, the two sites are connected via a dedicated 100KM Wireless Radio link, which is very reliable.
Is Peplink a potential use case? does anyone use similar numbers of devices that size? If anyone could provide references or info it would be very handy thanks
We are weighing up going down the managed Telstra Service which comes at great cost, or a potential cost saving to the business by using Peplink/Other vendor.
You should consider using our SpeedFusion VPN technology instead of IPsec. It is dead simple to set up, uses 256 AES encryption, and can use 2 or more connections to create an “Unbreakable” VPN back to the head office. It is superior to an IPsec solution.
At the head office I recommend the Balance 2500, as this model is very scalable to support up to 4,000 field units.
For the field units, I recommend the rugged MAX HD2-IP67 series. They are built and designed for harsh environments and will last for many years to come.
Just checking the specs so when it says “Number of PepVPN/SpeedFusion Peers is 2” does that mean it can be connected to a max of 2 connections back at the office?
We don’t need alot of bandwidth, however if the unit has one internet connection via say 4g, can it connect back to several connections at head office at the same time, or a 1-1 mapping only between connections using speedfusion
Can you create SpeedFusion profile to failover between different physical sites also?
The number of peers is simply the number of tunnels that can be created and has nothing to do with how many connections you have at the head office. The Balance 2500 supports up to 12 different WAN connections, and the SpeedFusion tunnel can be established using all of them. This way the tunnel will not break if an individual connection fails. This is all very simple to set up in the profile page.
Yes, you could create another SpeedFusion profile to fail over to a different device/location.
I have a 2500 at head office with 4 Internet Connections using static ip addresses
I have a MAX HD2 with 2 internet Connections, 1 via internal 4g and one via WAN port as an example
The MAX HD2 can form 2 maximum tunnels, so could be connected to 2 of the 4 internet connections at the head office one via each of the Max’s connections (4g and wan)
I can then have the MAX HD2 failover to the other 2 connections at the head office incase any of the connections go down.
No. In your case you would create one SpeedFusion tunnel between the MAX HD2 and the Balance 2500 at the head office. This single tunnel will use both of the internet connections on the MAX HD2 and all 4 of the internet connections on the Balance 2500, creating one unbreakable SpeedFusion VPN tunnel. The only way this tunnel could break is if you were to lose both connections on the MAX HD2 or all 4 of the connections on the Balance 2500.
Since the MAX HD2 supports two SpeedFusion peers, you could create another profile to a different Balance 2500 that is physically located somewhere else and failover to this other unit in case the one at the head office fails.
Yes it is Only a single static IP is needed on the Balance side, and the MAX side can use dynamic or private IP addresses. The SpeedFusion tunnel automatically learns all available routes and will use all connections.
It is really awesome technology without any ongoing licensing fees…
Only a single static IP is needed on the Balance side, and the MAX side can use dynamic or private IP addresses. The SpeedFusion tunnel automatically learns all available routes and will use all connections.