Hi. Does anyone know the NAT throughput of the new Balance SDX? The datasheet shows 12Gbps ‘Router’ throughput, but it is unclear what is ‘on’. I am looking for real-world NAT throughput with firewall rules on. I currently have an older Balance 580 running 6.3 but it cannot do over ~ 500Mbps through NAT. My scenario is two 1Gbps WAN connections and I would like to be able to get closer to 1 Gbps to NAT’d users after the Peplink firewall rules. Thoughts? Thanks in advance.
The Old 580 HW1 is only rated at 400Mbps for the router/firewall throughput and so we don’t expect that you will use the old hardware to handle 1Gbps WAN .
Just put it simple for your use case using SDX, you should have no problem to get 1Gbps for using SDX. You can consider the rated throughput for the device is base on stateful firewall throughput with NAT enabled.
2 Likes
That’s helpful.
Does the SDX allow batch import of ACLs?
Does the SDX allow batch editing of blocked IP ranges? i.e. I currently have about 400 DENY rules for various IP Blocks, some as large as /8. Rather than entering one at a time and tediously dragging it within the GUI list which is extremely tedious, it would be great to edit a delimited csv or text file and import it, or at least edit a text list accessible from the GUI. Thanks
1 Like
Hello @Quandary,
Have you looked into using InControl2? InControl2 allows you to import an existing set of Firewall rules from your devices configuration file. You can then edit these at the group level for multiple devices. This one way of migrating some of the configurations between devices.
Alternatively, if you need to migrate say from your Balance 580 to an SDX, you can raise a support ticket with Peplink, they may be able to convert the configuration file for you.
Happy to Help,
Marcus 
1 Like
Hi,
I am familiar with InControl2, however my question was not in relation to migration of existing firewall rules. I am looking for batch creation and editing and importing of a delimited format, one rule per line as follows. Let’s say I wanted to add 200 new DENY rules. This is a hypothetical example:
Name,Enable,WAN_Connection,Protocol,Source Address Type,Source Port,Source IP, Source Mask,Destination Address Type,Destination Port,Destination IP, Destination Mask,Action,EventLog
Deny AFRINIC 41/8,YES,ANY,ANY,NETWORK,41.0.0.0,255.0.0.0/8,ANY,DENY,NO
Deny AFRINIC 45.96-127/11,YES,ANY,ANY,NETWORK,45.96.0.0,255.224.0.0/11,ANY,DENY,NO
Deny RUSSIA 46/8,YES,ANY,ANY,NETWORK,46.0.0.0,255.0.0.0/8,ANY,DENY,NO
Deny_Kazkakhstan_2.132/16,YES,ANY,ANY,NETWORK,42.132.0.0,255.255.0.0/16,ANY,DENY,NO
Deny_TURKEY_31.206/16,YES,ANY,ANY,NETWORK,31.206.0.0,255.255.0.0/16,ANY,DENY,NO
Hello @Quandary
Would you like to create a new post over in the Feature Requests to be able to import a list of firewall rules? This may be something that can be done more easily by the InControl2 team.
Here is some existing Feature Requests along the lines of what you appear to be asking for, you are welcome to put your voice to these also.
At the moment we are unaware of any way to have a list, i.e. saved in a CSV file, that can be uploaded into either the Peplink/Pepwave routers or InControl2 for the creation of firewall rules.
Happy to Help,
Marcus