Thanks to everyone that attended our PCE 4.0 Training Webinars.
Here is a summary of the Q&A sections.
Session 2
SpeedFusion Cloud
I want to know if Peplink Balance 710 can configure IPsec VPN with A10 Firewall, or if Peplink IPsec VPN is only compatible with Cisco, Juniper and Peplink.
Technically, it should be okay to build IPsec with A10.
The reason why we only show Cisco and Juniper is that they’re very popular network devices.
But if you face any issues to build IPsec with A10, please raise a support ticket here.
Amazon Prime is able to detect VPN and block access. With SpeedFusion of Peplink, can I set up a VPN to the UK on Surf Soho located in Ghana?
Yes, you can. You can set SpeedFusion Cloud in the UK as the host, and set up a VPN between it and your device located in Ghana. But it doesn’t provide you with a local (UK) IP address.
If I use SpeedFusion Cloud, is it possible to watch shows that are available in the UK?
Our new solution “SpeedFusion Cloud Home” will support this feature. Please stay tuned.
Is SpeedFusion Cloud service free to use?
It is a subscription service, but every device has a free trial quota.
With a physical Peplink device, for example, an SDX Pro, how many customers or SpeedFusion connections can this device support?
For the number of concurrent users, it depends on the hardware resources.
The number of recommended users of SDX Pro are around 500~2000.
SD Switch
Can a MAX BR1 Pro 5G be powered by PoE from SD-Switch?
No, it can’t. It doesn’t support this feature.
Is it only STP or also RSTP are supported?
SD Switch supports both STP and RSTP.
Can the SD Switch be managed via CLI as well instead of the only UI?
Yes, it can. SD Switch supports CLI, but you can only obtain and read the data with it.
If you want to change the settings, you will have to do it with Web UI or InControl 2.
Is the syntax of the CLI the same as Cisco IOS?
Please check this document for what Peplink’s CLI can do.
What is the difference between Guest Protect and Firewall?
Guest Protect guards sensitive business data and subnetworks. It can block IP addresses only.
Firewall can be defined by source, destination, and protocol. It can filter the traffic.
What is the difference between Guest Protect and Firewall?
Guest Protect guards sensitive business data and subnetworks. It can block IP addresses only.
Firewall can be defined by source, destination, and protocol. It can filter the traffic.
How about the licenses? Are SD Switch and Enterprise a package including license?
For SD switch, we don’t have other add-on feature keys.
Wi-Fi Series
Does the Wi-Fi Mesh require special SKU hardware or activation key?
Supported models include: AP One AC Mini (hw2), AP One AX, AP One AX Lite.
*No need for an extra key at this moment.
Can I log in to Wi-Fi via azure active directory?
For the Wi-Fi portal, we support LDAP and Radius.
You can enable IAS on AD server.
What roaming protocols do Peplink APs have?
Please check this datasheet.
Firmware Feature Update
In one of the first slides, connections of Port Wi-Fi, VSAT, LTE and 5G were all bonded by SpeedFusion. I understood you should not bond connections that have a large gap between latencies (VSAT ↔ 5G for example). Has this been improved?
We do have another SpeedFusion traffic distribution method in Firmware 8.2.0 - Dynamic Weighted Bonding, which can improve the performance. But if the speed/ latency gap is huge, we will suggest using the slower one as backup.
What is the stratum level of the NTP server?
For MAX series, it supports GPS time. Other series (e.g.: Balance) support time zone only.
Others
Can Peplink staff see the GPS location information of our Peplink mobile devices?
You can enable “Block Peplink” on the InControl 2.
Session 1
PepVPN
Can I configure 2 kinds of VPN mean as PepVPN and IPSec VPN on the same device, for example, Balance 710?
We can configure PepVPN and IPsec on BPL-710 at the same time as long as they point to different destinations.
Can we have more than one local ID to create multiple PepVPN tunnels?
Every device has one unique local ID.
For multiple PepVPN tunnels, we use different VPN profiles to achieve.
Can PepVPN work with CGNAT Internet connections?
Yes, it can. PepVPN will need at least 1 public/ fixed IP to establish a VPN tunnel.
Bandwidth Bonding
Can I bond three 1Gbps links to have a bandwidth of 3Gbps? Can I also bond a 50Mbps WAN link with a 10Mbps cellular link?
First, the SpeedFusion VPN overhead is around 19%, so if you’re looking for VPN with bandwidth equaling to 3Gbps, then the total WAN bandwidth should be bigger than 3.5Gbps.
Second, we used to suggest bonding WANs with similar bandwidth to prevent the whole speed from being dragged by the slower WAN.
If only 1 IP is on the other side, won’t it defeat the purpose of bonding because only 1 link is used?
If the HQ has a big WAN (public/ fixed IP), and the remote side has 2 smaller WANs (able to reach HQ’s WAN), then it is okay to have VPN bonding at the remote side.
WAN Smoothing
Since WAN Smoothing duplicates actual packets, does that mean that if a packet is 1GB, it will use 2GB?
If we configure the WAN Smoothing level as Normal (x2), then yes.
What is the percentage of the overhead (duplicated data) when using WAN Smoothing?
WAN Smoothing redundant data packet level:
- Normal -2x
- Medium - 3x
- High - 4x
- Maximum - it depends on the number of active connected WAN-to-WAN connections
WAN Optimization
Does Peplink supports WAN Optimization?
We support WAN load balance, QoS, bandwidth limit to IP (or group).
Outbound Policy
How do you set the bandwidth cap in the Outbound Policy?
No, we can’t, but we can set 2 different bandwidth limits by IP (or IP groups).
If I am using persistent outbound connections, when it fails, will it switch to another active link? Which one?
We have 3 options “When No Connections are Available”:
- Drop the traffic
- Use any available connections
- Fall through to next rule
What I have 3 ISP lines, A,B,C, my persistence weight will be prior on ISP A with a ratio of 10:0:0. Is there any way that I could let the ISP B to take the persistence load at 0:10:0 should ISP A down, instead of conducting load balance in between ISP B & C?
We can use multiple outbound policies to do it and set [When No Connections are Available] as “fall through to next rule”.
Can we aggregate 2 WAN connections and use it to algorithm?
For SpeedFusion VPN, we can treat it as a virtual WAN and use it in the Outbound Policy.
I found that I can only do SaaS application traffic steering in Peplink Outbound Policy via InControl, but not in box itself. Any reasons?
It will be much easier to let InControl cloud to manage/ trace SaaS server IPs.
You might create them by entering different domains or IPs in multiple rules.
Bandwidth Overflow
Regarding Overflow, if you define a speed for one 100Mbps WAN, and for any reason the provider gives 50Mbps, will the system detect congestion of that WAN at 50Mbps? Or is it related to the WAN speed configured value?
It is related to the WAN port’s upload/ download bandwidth.
Can the lowest latency and Overflow be used at the same time ?
Each rule support 1 algorithm only, but we can use multiple Outbound Policy rules to filter the traffics.
What is the difference between Persistence and Enforced?
Persistence - Traffic coming from the same machine will be persistently routed through the same WAN connection.
Enforced - Traffic will be routed through the specified connection regardless of the connection’s health status.
Fast connection determines the time it takes from source to destination - is this similar to using the ping cmd ?
Yes, it is.
Fastest Response Time - Traffic will be duplicated and sent to all selected healthy connections. The connection with the earliest response will be used to send all further traffic from the session for the fastest possible response time. If there are any slower responses received from other connection afterwards, they will be discarded. As a result, this algorithm selects the most responsive connection on a per session basis.
Drop-in Mode
With drop-in mode, does it mean that I can’t configure drop-in mode if my WAN provider gives me /30 IP? If not, how do I give the firewall a public IP?
We can use “share IP”.
Enable drop-in mode > help button > share IP.
Does drop-in mode support private IPs?
Yes, it does.
InControl 2
If I have two ISP connections, let’s say ISP A and B, and my primary link to the Internet is ISP A, assuming my primary link goes down and ISP B comes on, is there a way that I can be notified?
Email notifications include:
- A new firmware version is available
- Health status changes for any WAN connection
- VPN status changes
- Bandwidth usage has reached 75% of the allowance
- Bandwidth usage has reached 95% of the allowance
Or you can use InControl app to have mobile notifications.
Others
Can I use VRRP with Peplink Balance router and another router from a different brand?
Unfortunately, you can’t.
Are all these features being talked about available on all Peplink routers or just the high-end one? For example, are all these features available in Balance 20X?
The basic functions are the same. You can check the product datasheets or product compare table.
*The big difference is in PepVPN and SpeedFusion (bonding).