Hello All,
I have a Peplink Balance 20 with a cable modem on WAN 1 and a Mobile Internet USB device.
During a failure of WAN 1 only one computer on the LAN should be able to access the Internet.
What would be the best way to configure that?
TYIA,
~eric
Interesting, try creating a VLAN just for that one computer on the LAN you want internet to fail over too. Tag that computer with the VLAN and keep Inter-VLAN routing enabled. Then in your outbound policy try this:
Source: Main Network Subnet
Destination: The IP of your computer that you only want to access internet or the VLAN network of that one computer
Protocol: ANY
Port: ANY
Algorithm: Priority
ISP 1
ISP 2 (LTE)
Check the terminate sessions on link recovery
*I’m not sure if that would work but its worth a shot.
*Then as your second outbound policy rule:
Source: IP or network of the 1 computer
Destination: ANY
Protocol: ANY
Algorithm: Persistence
*Again, this is what I would try probably first if I were in your position. In no way shape or form am I saying that this will work.
@tjvoip45, thanks for your suggestions - we always appreciate you being so active on our Forums!
This can actually be accomplished without any VLAN requirement. The first thing you would do is create a DHCP reservation for the one computer and then create two outbound rules:
Source: DHCP reservation IP address
Destination: ANY
Protocol: ANY
Port: ANY
Algorithm: Priority
ISP 1
ISP 2 (LTE)
Check the terminate sessions on link recovery
And then below this rule you would create another one:
Source: ANY
Destination: ANY
Protocol: ANY
Port: ANY
Algorithm: Enforced to WAN1
This rule must be placed below the other rule or it will not work.
I see! I figured it would be something of that nature. That makes sense with the reservation. I don’t understand though in the second outbound policy, why would you enforce the traffic via WAN1 if WAN1 we are assuming is down?
The enforced rule will insure that all other computers/devices will only go out WAN1 and will not be able to fail-over to the USB WAN as he requires. The outbound policy rules are executed firewall-style from top to bottom.
I see now thanks a lot!