Management ACL change


#1

Hello,

we have 62 different units on our incontrol2 portal. We are changing ISP in our customer support offices so our public IPs will be changed.
All of our Balance units need to accept connections from these new IPs and reject the older.
Is there a way we can push this new IPs all in one click?

Please don’t tell us that we need to physically connect to every single Balance…

bye!


#2

Hi,

Yes, I believe it is possible to accomplish this through InControl2. Begin by accessing the InControl2 account at the group level. Then hover over the PEP-VPN / SpeedFusion option and from the drop down, select “Configuration.”

Select the “Enable” check box which is not checked by default. Then select “Add Profile” and define which device you want to act as the “hub” and which devices you want to be peers. During this configuration you can enter the IPs you want associated with the hub, in addition you can select which WANs for each peer you want in the desired priority.

I hope this helps, and saves you some time.


#3

Changing public IP is not an easy task. There is a lot of things we need to take care. In fact, any solution related to one click is not recommended. Let me explain this. Basically, you need to take configuration below if you are changing the public IP.

  1. Are all devices using dynamic or static public IP?

  2. Do you have additional WAN IP (Network > WAN > WAN interface > Additional Public IP Settings) configured on all devices?

  • You need to change this if you have additional IP.
  1. Do you have SpeedFusion/PepVPN configured?
  • You need to change the Remote IP Address either on Hub or Spoke sites.
  1. Do you have IPSec VPN configured?
  • You need to change the Remote Gateway IP Address either on Hub or Spoke sites.
  1. Do you have port forwarding which is using additional WAN IP?

  2. Have you enabled Integrated DNS Server for Inbound Load Balancing?

  3. Do you have NAT mapping which is using additional WAN IP?

  4. Have you enabled PPTP or L2TP/IPSec which using the additional WAN IP?

  5. Have you enable Web Admin access from WAN side which using additional WAN IP.


#4

Wait…

I don’t need to change the public IP address on WANs interfaces.
Today all my units accept https and cli connection from my actual public IP.
I need my units to accept https and cli connections from a new IP address pool that we are activating on our site, cause we are changing our internet connection in our offices.

bye,


#5

I got you now. Unfortunately, there is no way to push this new IPs all in one click. I suggest leverage the Remote Web Admin of InControl2 to change the IP.